News & Developments

ViewView

The EU's Comprehensive Anti-Money Laundering Framework: An In-Depth Analysis

Curious about how we can protect our financial system from illicit activities? The European Union has stepped up to the challenge with a robust and comprehensive anti-money laundering (AML) framework.This article explores the complex web of regulations, directives, and authorities that are the backbone of the EU’s defense against money laundering and terrorist financing. Businesses and financial institutions within the EU are gearing up to navigate this intricate landscape more effectively. Embracing these AML regulations isn't just about compliance – it's about establishing a culture of integrity and responsibility. By staying ahead of these stringent measures, companies not only protect themselves from financial crime but also build stronger trust and credibility in the global market. This framework is not just a requirement; it’s a strategic advantage that ensures sustainable growth and resilience in today's interconnected world. The Pillars of EU's AML Framework The EU's AML framework is built on three crucial pillars: the Anti-Money Laundering Regulation (AMLR), the Anti-Money Laundering Authority (AMLA), and the Anti-Money Laundering Directive (AMLD). Each pillar plays a vital role in preventing the misuse of the financial system for money laundering by corporate entities and through financial transactions. We have  discussed this in previous articles which can be found on Mondaq here and here. Anti-Money Laundering Regulation (AMLR) The AMLR stands as a testament to the EU’s commitment to standardising anti-money laundering measures across its member states. What are the key provisions that make this regulation so pivotal? Risk-Based Approach: Financial institutions must adopt a risk-based approach to identify, assess, and mitigate risks related to money laundering and terrorist financing. This ensures that resources are allocated efficiently, focusing on areas with higher risks. Customer Due Diligence (CDD): Enhanced CDD measures require verifying customer identities, understanding business relationships, and continuously monitoring transactions. Special attention is given to politically exposed persons (PEPs) and high-risk third countries. Beneficial Ownership Transparency: Central registers for beneficial ownership information are mandated, accessible to competent authorities and financial intelligence units (FIUs). This transparency aims to prevent the misuse of corporate structures for illicit purposes. Reporting Obligations: Obliged entities must promptly report any suspicious transactions to FIUs, including transactions that appear unusual or inconsistent with a customer's known profile or business activities. Sanctions and Penalties: Stringent sanctions and penalties for non-compliance underscore the importance of adherence to AML regulations, including administrative fines and potential license withdrawals for severe breaches. Anti-Money Laundering Authority (AMLA) Is it enough to have regulations without effective oversight? The establishment of the AMLA represents a significant leap forward in ensuring the consistent and effective application of AML rules across the EU. Supervisory Role: The AMLA oversees national supervisory authorities, conducting assessments, providing guidance, and coordinating joint supervisory actions. Direct Supervision: For certain high-risk financial institutions, the AMLA has direct supervision and on-site inspection authority, mitigating risks associated with cross-border operations and complex financial structures. Technical Standards and Guidelines: Developing technical standards, guidelines, and recommendations, the AMLA facilitates uniform implementation of AML measures covering CDD, risk assessment, and reporting obligations. Coordination and Cooperation: Enhancing cooperation among national FIUs and relevant authorities, the AMLA promotes information sharing and joint investigations to improve the overall effectiveness of the EU's AML framework. Advisory Role: Advising the European Commission on legislative and policy initiatives, the AMLA ensures that the AML framework remains dynamic and responsive to emerging threats and challenges. Anti-Money Laundering Directive (AMLD) The AMLD complements the AMLR by setting out detailed requirements for member states to implement in their national legislation. How do these directives adapt to the diverse and dynamic nature of financial crimes? Scope of Application: The AMLD applies to a wide range of entities, including financial institutions, legal professionals, real estate agents, and virtual asset service providers (VASPs), ensuring comprehensive coverage of sectors vulnerable to money laundering and terrorist financing. Enhanced Due Diligence (EDD): Mandating EDD measures for high-risk situations, such as transactions involving PEPs or countries with weak AML controls, the directive includes obtaining additional information about customers and the source of funds. Third-Party Reliance: Allowing obliged entities to rely on third parties for CDD measures under certain conditions, the AMLD aims to reduce duplication of efforts and streamline compliance processes. Training and Awareness: Member states must ensure that obliged entities provide regular training on AML obligations and emerging trends, maintaining a high level of vigilance and expertise within the industry. Whistleblower Protection: Provisions to protect individuals who report suspicions of money laundering or terrorist financing encourage whistleblowing and support the detection of illicit activities. Record Keeping: Obliged entities must maintain records of CDD information, transaction data, and internal reports for a specified period, crucial for audits, investigations, and compliance reviews. Cooperation with Third Countries: Emphasising cooperation with non-EU countries to combat money laundering and terrorist financing globally, the AMLD includes sharing information, conducting joint investigations, and providing technical assistance. Beneficial Ownership and the 25% Threshold How do we identify the true owners behind complex corporate structures? Beneficial ownership transparency is a critical component of AML regulations, aimed at preventing the misuse of corporate entities for illicit activities. Key Aspects of the 25% Ownership Threshold: Direct and Indirect Ownership: The 25% threshold applies to both direct and indirect ownership, including shares held through intermediaries or complex ownership structures. Transparency and Disclosure: Legal entities must maintain accurate and up-to-date information on their beneficial owners, recorded in central registers accessible to competent authorities and FIUs. Reporting Obligations: Obliged entities must conduct due diligence to identify beneficial owners when establishing business relationships or conducting transactions. Enhanced Due Diligence (EDD): For beneficial owners who are PEPs or from high-risk countries, enhanced due diligence measures must be applied. Legal and Regulatory Implications: Non-compliance with beneficial ownership disclosure requirements can result in significant legal and regulatory consequences, including administrative fines, sanctions, and potential criminal liability. AML in the World of Football What about the world of sports, where enormous financial transactions occur frequently? The AML framework has specific implications for football, where vast sums of money flow through transfers, sponsorships, and other financial activities. Transfer Market Scrutiny: Football clubs are required to conduct thorough due diligence during player transfers to ensure compliance with AML regulations. Sponsorship and Endorsements: Clubs must verify the legitimacy of sponsors and endorsees to prevent money laundering through these channels. Financial Fair Play: The AML regulations support UEFA’s Financial Fair Play regulations, ensuring that clubs operate within their financial means and maintain transparency in their financial dealings. A recent article by our firm’s Tax Consultant & Manager – Compliance Officer, Michael Loizou, analyses this topic in more depth. You can read it on Mondaq here. Although Cyprus has not still officially adopted 6th AMLD, here is a graphic representation of the evolution of the EU Anti-Money Laundering Directives. It illustrates the timeline and progression from the First AMLD in 1991 to the Sixth AMLD in 2021. How do we continue to evolve in the face of new threats? As obliged entities, service providers within the European Union play a crucial role in upholding the robust anti-money laundering (AML) framework set forth by EU regulations. To maintain compliance and better serve their clients, these entities must implement rigorous due diligence procedures, including thorough customer identification, risk assessment, and ongoing monitoring of transactions. By staying informed about the latest directives and regulatory updates, service providers can adapt swiftly to evolving threats and regulatory expectations. This proactive approach not only safeguards against financial crime but also strengthens client relationships by demonstrating a commitment to transparency and security. Moreover, maintaining a high standard of professionalism and ethical conduct not only enhances trust but also positions service providers as reliable partners in the global marketplace. What more can be done to fortify our financial systems? The answer lies in continued innovation, cooperation, and a relentless pursuit of transparency and accountability. Elias Neocleous & Co LLC is dedicated to helping businesses and financial institutions navigate and implement these crucial AML measures within the EU. Our expertise ensures clients remain compliant and well-prepared for evolving regulations, safeguarding their operations and enhancing their market reputation. Authors: Dorina Mastora, Deputy Compliance Officer, and Kyriaki Stinga, Senior Associate
Elias Neocleous & Co LLC - August 29 2025

From Open Banking to Open Finance: The Framework for Financial Data Access (FiDA)

Xenia Kalogirou of Elias Neocleous & Co discusses the rise of the concept of Open Finance as incorporated in the Framework for Financial Data Access I) Overview On 28 June 2023, the European Commission (EC) published a set of legislative proposals on payment services; on the much anticipated introduction of a digital euro; and on the sharing of financial data. These proposals aim to modernise the financial sector, align with the ongoing digital transformation, cultivate data-driven innovation and promote a competitive digital ecosystem. Simultaneously, they also seek to safeguard consumers’ interests, ensure fair competition, and bolster security and trust. Apart from the third Payment Services Directive (PSD3) and the Payment Services Regulation (PSR), the legislative proposals included a Framework for Financial Data Access (FiDA), also commonly referred to as the Open Finance Framework (OFF). FiDA is a flagship initiative of the EU Digital Finance strategy, built upon the concept of customers’ permission to share their data. The concept was nurtured under the second Payment Services Directive (PSD2) through the ‘Open Banking’ framework and now incorporated in FiDA. While the current PSD2 has enabled customers to allow Payment Services Providers (PSPs) to access their payment accounts’ data for payment initiation and account information services, FIDA now goes even further and extends the ‘Open Banking’ concept by introducing ‘Open Finance’.  Under this broader perspective, customers will be able to exercise control over their data across all facets of financial services. This is expected to result in the introduction of new types of services, business models and operations while leveraging technology and external data sources. II) Scope In-scope customer data: The scope of customer data (Customer Data) under FiDA includes: mortgage credit agreements, loans and all other accounts which are not yet covered by PSD2 including balance, conditions and transaction details; creditworthiness assessments performed during a loan application process or a request for a credit rating; savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets; suitability and appropriateness assessment data under Markets in Financial Instruments Directive 2014/65/EU (MiFID) and Insurance Distribution Directive (EU) 2016/97 (IDD); non-life insurance products, with the exception of sickness and health insurance products; pension rights in occupational pension schemes and pan-European personal pension products. In-scope entities: FiDA applies to the following entities, with only limited exclusions, when acting as data holders or data users (DA Institutions): Credit institutions Payment institutions, including account information service providers (AISP) and exempted payment institutions under PSD2 Electronic money institutions, including exempted e-money institutions MiFID investment firms MiCA crypto-asset service providers Issuers of asset-referenced tokens Alternative investment fund managers (AIFMs) UCITS management companies Insurance and reinsurance undertakings Insurance intermediaries and ancillary insurance intermediaries Institutions for occupational retirement provision Credit rating agencies Crowdfunding service providers PEPP providers Financial information service providers (FISPs) III) Data Holders Data holders are the financial institutions listed in points (a) to (n) above (Financial Institutions), other than an AISP that collect, store and otherwise process Customer Data and must make available such data to the customer on request or from the data user (i.e. other financial institution) on the customer’s request. This access must be granted based on generally recognised standards. Data holders must provide customers with a permission dashboard to monitor and manage the permissions they provide to data users. The dashboard must provide the customer with an overview of each ongoing permission given to data users such as the name of the data user, the customer account, the purpose of the permission, the categories of data being shared and the period of validity of permission. In addition, the dashboard must allow the customer to withdraw and re-establish permissions given to data users and include a relevant record of withdrawn or expired permissions.  Finally, the dashboard must be “easy to find” in its user interface and provide clear, accurate and easily understandable information. The processing of Customer Data that constitutes personal data must be limited to what is necessary and for retention periods in accordance with the General Data Protection Regulation 2016/679 (GDPR). IV) Data Users and FISP Authorisation Data users are any of the DA Institutions which, following the permission of a customer, have lawful access to Customer Data. This means that only Financial Institutions and authorised FISPs are eligible for data access. The regulation describes the authorisation process for FISPs. FISPs must either be established in an EU Member State or designate a legal representative in the EU. This means that overseas firms that require access to Customer Data in the EU must have a written agreement designating a person based in the EU to act on their behalf. Similar to Open Banking, data users can only access the data with their customers’ permission, and only for the purposes and under the conditions specifically agreed to by the customers. For the purposes of effective management of Customer Data, a data user shall: not process any customer data for purposes other than for performing the service explicitly requested by the customer; respect the confidentiality of trade secrets and intellectual property rights; put in place adequate technical, legal and organisational measures in order to prevent the transfer of or access to non-personal customer data that is unlawful; take necessary measures to ensure an appropriate level of security for the storage, processing and transmission of non-personal customer data; not process customer data for advertising purposes, except for direct marketing; where the data user is part of a group of companies, Customer Data shall only be accessed and processed by the entity of the group that acts as a data user. V) Financial Data Sharing Schemes Data holders and data users will be required to join one or more Financial Data Sharing Scheme (FDSS) which will govern data access to Customer Data in line with FIDA and other EU rules. In addition, those schemes will be mandated to develop common standards for both data and technical interfaces to facilitate customer requests for data sharing. Unlike PSD2 open banking rules, FDSS introduces an important element: the establishment of a model to determine the maximum compensation that a data holder is entitled to charge. This compensation pertains to making data available through an appropriate technical interface for sharing with data users in accordance with common standards. Schemes must also set the contractual liability of its members and establish a dispute resolution regime to resolve disputes among scheme members and membership issues. The European Commission is tasked with setting rules to cover the event that a FDSS is not developed for a category of customer data. In this case, delegated acts would specify the common standards for the data and the technical interfaces allowing customers to request data sharing, the model for determining the maximum compensation that a data holder is entitled to charge for making the data available, and the liability of the entities involved. VI) Industry’s Position In recent years, while some financial institutions opted to merely comply with PSD2, others seized the opportunity to generate additional value for their customers by providing access to financial products and services other than payments using application programming interfaces (APIs). For instance, there are financial institutions developing APIs that allow their “clients across all segments to integrate them in their preferred applications and internal processes to improve financial decision-making and efficiency, but also in consumer applications to offer seamless experiences to their clients and generate new revenue streams for the business” (see The Paypers, Open Finance Report 2023, ING, The Open Banking Ecosystem in Action). Other use cases include the formation of partnerships between banks and data aggregators, as well as the emergence of consortiums with the aim to standardise the data exchange protocols. Consultancy firms have also developed various models to help financial institutions assess their Open Finance maturity. These models aim to highlight both strengths and weaknesses in capabilities, providing insights for exploring new income streams via Open Finance-related APIs. Additionally, they assist in ensuring compliance with FiDA requirements. Due to this evolving landscape, we are witnessing the emergence of advanced payment options like Buy Now, Pay Later and payment request API. Concurrently, new services such as comprehensive financial management, improved personalised services and e-invoicing for insurance, telecommunication, and utility bills, are unlocking and delivering added value to consumers. The continuous growth of Open Finance is largely inevitable. However, the velocity of that growth in individual countries depends on the extent that Open Finance is tailored to specific market considerations. VII) Implementation of FiDA Provisions of the FiDA will apply 24 months after FiDA enters into force, except for those relating to the FDSS and authorisation requirements for FISPs which will apply 6 months earlier. The timeline laid down by the European Commission is very ambitious. Establishing data-sharing agreements, developing and establishing data-sharing schemes and relevant standards, developing the governance structures of schemes, etc., will likely take significantly longer, as demonstrated by the implementation of the PSD2 framework. In order to ensure successful implementation across the financial sector, a more incremental approach would be both realistic and effective taking into consideration the technical complexities, the number of players involved and the significant implementation costs of implementing FIDA. The proposals of the European Commission will be reviewed by the European Parliament and Counsel. The Committee on Economic and Monetary Affairs (ECON) was appointed as the lead Committee to deal with the FiDA proposal. On 13 December 2023, ECON has published a draft report on FiDA by proposing certain amendments related to enhancement of customer trust, promotion of innovation and improvement of interoperability and supervision. This review constitutes only a starting point for ECON’s work on FiDA. Assuming that the texts are agreed upon by the end of 2024 or early 2025, the new regime is anticipated to go into effect in 2026. Author: Xenia Kalogirou, Senior Associate at Elias Neocleous & Co LLC
Elias Neocleous & Co LLC - August 29 2025
Banking

Update 2025 - The Cyprus National Solidarity Fund replenishment scheme

The House of Representatives unanimously approved the budget of the National Solidarity Fund for the year 2025. The amount will be used for the implementation of the Partial Replenishment Plan, which concerns persons affected by the resolution measures implemented in the two systemic banking institutions in 2013. The compensations concern haircut depositors and holders of securities. The electronic service "Review Impairment Results of Replenishment Scheme" will be available from 19/6/2025 and time 11:00 a.m.  to 30/9/2025 and can be accessed through the following link: https://national-solidarity-fund-results.service.gov.cy/ Using the same access credentials of Government Portal CY Login (former Ariadne), as those used during application submission during the period from 20/12/2023 to 25/5/2024, through the electronic service "Review Impairment Results of Replenishment Scheme", information is provided on the amounts that were impaired. The results are based on verified data obtained from the Liquidator of the former Popular Bank and the Bank of Cyprus, concerning deposits and securities that were impaired in 2013 due to the implementation of resolution measures applied to the two systemic banks (Bank of Cyprus and Popular Bank). For the cases of affected Natural Persons for whom an impairment amount has been confirmed in at least one Category by the two systemic Banks, is requested to upload their bank account details (IBAN) for the purpose of receiving the replenishment amount, which will be determined based on the conditions of the Replenishment Scheme of the National Solidarity Fund which has been approved by the Council of Ministers. More specifically, based on the approved Scheme for the year 2025: Basis for calculation of partial amount to Beneficiary Natural Persons under the Scheme for the year 2025: Impairment Categories: 4 categories o Impairment of Deposits in Popular Bank, o Impairment of Deposits in Bank of Cyprus, o Impairment of Securities in Popular Bank and o Impairment of Securities in Bank of Cyprus. Maximum Uninsured Amount taken into account per impairment category: €1.000.000. Value of Bank of Cyprus Shares due to impairment: Defined as the product of the number of Bank of Cyprus Shares received due to impairment multiplied by €0,24 which was the opening price of the Bank of Cyprus share on the Stock Exchange on 16/12/2014. Net Loss: Net Loss for the purposes of the Scheme of 2025, and in conjunction with the determination of a maximum uninsured amount taken into account per Impairment Category, is defined as the impairment  due to the implementation of resolution measures in the two systemic Banks, less any value of Bank of Cyprus shares they have received due to the impairment, or any amount they have received from the liquidation of Popular Bank or any amount that has been awarded or paid or any other amount they have received as compensation. Calculation of the Replenishment Amount for the Scheme of year 2025 The replenishment amount for the Scheme of year 2025 is calculated taking into account: ·         Allocation of a replenishment percentage on the Net Loss per Impairment Category, as follows: o   Net Impairment Loss on Deposits in Popular Bank: 10% o   Impairment of Deposits in Bank of Cyprus: 3,61% o   Impairment of Securities in Popular Bank: 10% o   Impairment of Securities in Bank of Cyprus: 10% ·         Maximum Replenishment Amount per Impairment Category per beneficiary natural person: o Impairment of Deposits in Popular Bank: €100.000 o Impairment of Deposits in Bank of Cyprus: €13.032 o Impairment of Securities in Popular Bank: €100.000 o Impairment of Securities in the Bank of Cyprus: €99.760 Maximum cumulative total amount in all Impairment Categories per beneficiary natural person: €100.000 The bank account must be in the name of the affected Natural Person who will receive replenishment under the Scheme. A joint account will also be accepted, provided that the name of the affected Natural Person appears on the bank statement or on a certificate issued by the bank. In the case of a deceased affected Natural Person, the upload of bank account details (IBAN), as well as the submission of the Legal Administrative Document, shall be carried out by the Legal Administrator/Inheritor of the deceased person’s property. The bank account to be provided must be the Legal Administrative Bank Account or Bank Account of Inheritor. Furthermore, through the electronic service "Review Impairment Results of Replenishment Scheme", the affected Natural Persons will have the right to submit an objection in the case of a disagreement. This will allow for the examination of various requests, such as: disagreement with the amounts that were impaired, reassessment of the application due to incorrectly completed fields, submission of additional supporting evidence for the purpose of verifying the amount that was impaired, submission of revised information, etc. Objections submitted will be examined at a later stage. Upon the examination of the objection and any adjustment of the partial replenishment amount to which is entitled, the resulting additional amount based on the revised impairment amounts will be deposited in the bank account provided by the affected Natural Person. For affected Natural Persons who, through the electronic service "Review Impairment Results of Replenishment Scheme", have not been confirmed an impairment amount in any of the Categories, and proceeded to submit an objection/disagreement, and if their objection is accepted and an impairment amount is subsequently verified, will become beneficiaries of the Scheme and bank account details will be requested. The objection examination process will be determined under a separate procedure at a later stage. The plan for 2025 is being implemented. We hope for an equally effective continuation as regards to legal entities. By Xenia Kasapi, senior advocate, E&G Economides LLC.
E & G Economides LLC - July 7 2025