“The Risk-Based Supervision Guidelines”
We would like to draw your attention to Circular C252 issued by Cyprus Securities and Exchange Commission (hereafter the ‘CySEC’) on 21 December 2017, in regards to the Guidelines published on 7 April 2017 by the Joint Committee of the three European Supervisory Authorities (EBA, EIOPA and ESMA – hereinafter the ‘ESAs’), on the characteristics of a risk-based approach to anti-money laundering and terrorist financing (hereinafter the ‘AML/CFT’) supervision and the steps to be taken when conducting supervision on a risk-sensitive basis – ‘The Risk-Based Supervision Guidelines’.
The CySEC wishes to inform the Regulated Entities that the Risk-Based Supervision Guidelines, which are based on a mandate in Article 48(10) of Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (hereinafter the ‘4th AML Directive’), are addressed to National Competent Authorities (hereinafter the ‘NCAs’) responsible for supervising credit and financial institutions’ compliance with applicable AML/CFT obligations. The guidelines define the characteristics of a risk-based approach to AML/CFT supervision and set out what NCAs should do to ensure that their allocation of supervisory resources is proportionate to the level of money laundering and terrorist financing risk associated with credit and financial institutions in their sector. The aim of the guidelines is to create both a common understanding of the Risk-Based Supervision (hereinafter the ‘RBS’) and to establish consistent and effective supervisory practices across EU.
In the Risk-Based Supervision Guidelines, the RBS is characterised as an ongoing and cyclical process that includes the following four steps:
- The identification of ML/TF risk factors, whereby competent authorities obtain information on both domestic and foreign ML/TF threats affecting the relevant markets;
- The risk assessment, whereby competent authorities use this information to obtain a holistic view of the ML/TF risk associated with each credit or financial institution (hereinafter the ‘firm’), or group of firms, including the inherent risk to which the firm or group of firms is exposed and the risk limiting factors a firm or group of firms have in place;
- The allocation of AML/CFT supervisory resource based on this risk assessment, which includes decisions about the focus, depth, duration and frequency of on‐site and off‐site activities and supervisory staffing needs, including technical expertise; and
- Monitoring and review to ensure the risk assessment and associated allocation of supervisory resource remains up to date and relevant.
It is noted that the Risk-Based Supervision Guidelines will apply from 7 April 2018 and CySEC will incorporate them into its RBS Framework as appropriate in the relevant AML/CFT risk-based supervision process.
We remain at your disposal for any further clarifications you may require.