The Central Bank of Cyprus (CBC) new Anti-Money Laundering and Counter Financing of Terrorism (AML/CTF) Directive took effect on June 2, 2025, reinforcing the country’s commitment to financial integrity and regulatory alignment with EU standards and international best practices.
All entities supervised by the CBC – banks, payment and electronic money institutions, currency exchange offices, leasing companies, and credit management firms – must comply with no exemptions.
Key changes: The directive introduces more flexible customer due diligence processes, allows alternative verification methods for vulnerable customers, and enables the use of digital documents and third-party certifications. Customers will benefit from simpler, tech-enabled procedures like remote ID verification, acceptance of e-documents, and reuse of existing data – ensuring stronger security with greater convenience.
Key components include rules for internal governance, the specific roles and duties of the Anti-Money Laundering Compliance Officer, and rigorous procedures for customer identification, risk assessment, and enhanced due diligence. The directive mandates a risk-based approach to managing and mitigating financial crime risks, detailing requirements for handling various customer types, complex transactions, and relationships with agents or crypto-asset service providers, alongside protocols for reporting suspicious activities to the financial intelligence unit (MOKAS).
What Your Obliged Entity Must Do Now: A 5-Step Action Plan
Understanding the changes is the first step; implementing them is the next critical one. Here is our recommended action plan to navigate this transition smoothly and effectively.
Step 1: Conduct a Comprehensive Gap Analysis
Begin with a thorough review of your existing AML/CTF policies, procedures, and controls against the new directive’s articles. Identify where your current framework falls short, particularly regarding beneficial ownership verification, CASP dealings, and technological capabilities.
Step 2: Upgrade Your Risk Assessment
Your Enterprise-Wide Risk Assessment (EWRA) is the cornerstone of your compliance program. It must be reviewed and updated to reflect the new risk categories, especially those related to innovative technologies and complex group structures.
Step 3: Invest in and Integrate Advanced RegTech
Evaluate your current transaction monitoring and screening systems. Are they rule-based and prone to false positives, or do they leverage AI for adaptive learning?
Step 4: Enhance Training and Foster a Culture of Compliance
Your staff and senior management need to be trained on the nuances of the new directive. Training should be tailored, going beyond basic awareness to cover specific scenarios like identifying new high-risk factors and understanding the capabilities of your new RegTech tools. Empower your Board with specialized training to fulfill their heightened governance role.
Step 5: Strengthen Third-Party Due Diligence
Review all contracts and due diligence processes for your intermediaries, agents, and partners. Implement a centralized, risk-based model for ongoing monitoring of these relationships, ensuring you have the contractual right to audit and the operational capability to enforce compliance standards.
How We Can Help
The 2025 CBC directive presents a significant challenge, but you don’t have to face it alone. Our team is already well-versed in the new requirements and is ready to partner with you to:
- Perform a detailed Gap Analysis and provide a prioritized remediation roadmap.
- Develop and implement updated AML/CTF manuals, policies, and procedures.
- Provide specialized training for your Board, Management, and staff.
- Conduct independent reviews of your third-party risk management framework.
Staying ahead of regulatory change is not just about avoiding penalties, it’s about securing your business’s future.