Case Document 92-2 Filed 01/17/17 Page 27 of 89 ?gl??mww?w??l ?6-113? Lul?ki nu? *vww?mwm PoRr?f . I . ?it! 'v ?u a Va?? The business model of FBME to attract customers relies mainly on approved business introducers or ?referred agents? (not eligible third persons) as well aw personal conacts of the bank's owners. In many cases there is no direct contact with he customersathch impedes the verification of their identity, especially their busmgg?ss and rIskIprofle The said i . business introducers or referred agents receiVe fees fo?pntroducmg custorgers to the bank - as well as a 10% fee on certain customer transactions. . ?g ?x . ?g 13$th Currently the bank maintains business relationshIps WIth 44?1-II-approved business introducers and 43 Referred agents. It should be not?gawthat onsite examination of 2011the bank reassessed and terminated with 361 such persons. Between 2009 and 2014, the bank paid apprOXImate%$58 mI%ons in fees to the abovementioned persons for the introduction of customers to the banktw" 6g 3213- According to the general all banks carried out in March 2013 by the CBC AML Unit, it was noted?thaff22% depositors are companies incorporated in 4* non EU- countries and 16% of total depositors are foreign politically exposed persons. Moreover, it was noted th?g?apprommately 9% of total lending was granted to foreign . . . politically exposed?persons It? The recent onsite examination carried out at the premises of the bank together with PrIcewaterhouseCoopers revealed a number of weaknesses in relation to 136$ng and by the bank for?the prevention of money laundering and terrorist ?nancing. In particular it was noted that the bank failed to comply. prima facie, with certain articles of the Prevention and Suppression of Money Laundering Activities Laws of 2007 -2013 (?the AML Law") and the Directive issued by the Central Bank of Cyprus ?fbr the prevention of money laundering and terrOrist The bank failed to identify the risks emanating from high risk jurisdictions which still have strategic de?ciencies (as identi?ed by the Financial Action Task Force), and Case Document 92-2 Filed 01/17/17 Page 28 of 89 CENTRAL BANK OF @3173 EUROSYSTEM to introduce appropriate measures (ie introduce adequate and effective policies and procedures) so that the risks from the use of their services for the purposes of money laundering and terrorist financing is appropriately considered and managed. ?A'number of customers use/used the address of the bank in the messages for the transfer of funds. From information extracted from customers? files it was noted that the bank failed to Consider or examine the reasons as to which the customers requested Such a service. Moreover, it was noted that the bank failed to take? into account-t ?risk pro?le of the - customer or whether the country of incorporation/operations of the customer was a high risk jurisdiction. In light of the above, it appears that article 58(d) of the AML Law was breached since the bank failed to adequately identify, assess and manage the risks emanating from those customers who requested the "hold mail? service. In addition to the above, the bank failed to comply with EU Regulation 1781/2006 on information on the payer accompanying . ,transfers of funds. The purpose of this regulatiOn is the full traceability of transfers of funds Which may be paItICUIarly important and valuable todl in the preVention, investigatIOn and detection of money laundering or of the financing of terrorism. In addition, the lack of provision of the said information involves money laundering risks and particularly terrorism ?nancing risk since it enhances anonymity. In addition to the abOve, it was noted that certain customers reqUested the bank to include its address On certain transactions, a fact whiCh . reinforces the suspicion. that the above action took place to conceal the traceability of certain transactions or to enhance anonymity. Consequently, the said procedure follOwed by the bank, hindered, prima facie. the transmission of information on the payer throughout the payment chain length, and probably prevented the compliance checks of other banking institutions. In relation to the effective implementation of due diligence measures On customers, it . was noted that in the case of Onexim Group/23 companies) the bank failed to comply I With article 81 of the AML Law and paragraphs 109-112Aof the CBC DirectiVe in relation to the identi?cation of the ultimate bene?cial owner. In particular, it was noted that in 23 companies the ultimate beneficial owner were persons acting as front men in favour of a Russian politically exposed person. The bank?s MLCO admitted that the bank was aware of the above and hid the-U80 i?nview of the fact-Mr Prokhorov was a presidential-candidate in Russia. It should be noted that article 68((2) of the AML Law provides that in theevent- that the customer of a person engaged in'?nancial or other business activities, or a person who is authorised to act on behalf of the customer, or a third person according to paragraph of subsection (2) of section 67, on whom the person engaged in financial or otherbusiness activities relies for the performance of the procedures for customer identification and due diligence measures, knowingly provides false or misleading evidence or information for the 2 Case Document 92-2 Filed 01/17/17 Page 29 of 89 CENTRAL BANK OF CYPRUS eunosysrem? identity of the customer or of the ultimate beneficial owner or provides false or forged identification documents, is guilty of the offence and, in case of conviction, is subject to imprisonment not exceeding 2 years or to a pecuniary penalty both of these penalties. In addition to the above, it was observed that, in many cases, customers? business profile was not suf?ciently comprehensive as some important information was missing from customers? files ownership/group structure, detailed description of activities, sources of funds and o'utgoing transfers, financial information on?the grOup that?the company may be a part of as well as information regarding the country of incorporation of the parent company, subsidiary companies and associate companies and their main activities). Generally, it Was noted that certaininformation about customers? business pro?le provided by the business introducer or the customer himself is not challenged or not further investigated. by the bank; .- . Moreover, weaknesses Were also identi?ed in business relationships with high risk . customers. One of the most important deficiencies identi?ed was the inability of the bank to finalise the review procedure. In particular it was noted that up to June 2014, 405 customers? ?les . (or 34%) out of the 1183 were revieWed. The review procedure has been completed only for 3% of customers. It Should be recalled that high risk customers should be revieWed at least annually. In relation to normal cU?stomers, Only 26. 59% (2340 customers? files out of the 8801) of customers? ?les have been reviewed and only 2.61% (230 customers? ?les) of those, the procedure has been completed. This means that for a big number of customers' additional information and/or documentation is needed in order to update their business and risk pro?le. Moreover it was noted that the period needed to finalise the review procedure is . 6- 7 months. However, the above mentioned statistics revealed that in many cases the said procedure Is never ?nalised In relation to the monitoring of transactions six scenarios are incorporated into the MANTAS AML System for detecting potentially suspicious activity transactions. The said six scenarios cover funds transfers between customers and external parties, transactions of high risk customers; transactions reiated to~high risk connterpart?iesias- identified Rapid movement at funds, Large depreciation of account value and Large reportable transactions. In this connection. a. number of weaknesses. were identified which eliminate the effective monitoring and investigation of transactions. In particular it was noted that MANTAS alerts are investigated by members of the Compliance Department without applying the four-eye principle. Consequently, the risk of closing alerts without being properly investigated is high; (ii) Various parameters Ithresh?olds are incorporated in each 3. CONFIDENTIAL ROC0001290 Case Document 92-2 Filed 01/17/17 Page 30 of 89 CENTRAL BANK OF CYPRUS AseaJesult?ofvthe above, a big number of transactions are excluded from the scenario and thus are not properly investigated; In certain cases the investigation carried out was inadequate as . the investigating of?cer did not Obtained supporting evidence on? the transaction or the of?cer relied only on internet search or obtained a new business profile form from the customer to justify the transaction (iv) Staff from the ComplianCe department suppress alerts for 1 month/3' monthsi6 months/12 months speci?c customers. "Consequently, the system automatically closes .an alert for a speci?c period of time set by the bank of?cer?(months). This procedure in combination with the fact that they do not apply the four-eye principle increases the risk of by-passing the investigation of alerts on purpose; Alerts are not investigated in due time. It was noted that there is a long period of time month) between alert's creation date and the date that the investigation will begin; (vi) . Inadequate monitoring control e. Follow up status remains ?follow up" for' a long period of a time months), inadequate internal Controls in the cases where the customer made multiple partial payments for the same invoice/contract]. (vii) the scenarios do not cover a wide range of customers? transactional behaviour. Article 69. of the AML Law requires credit institutions to apply internal reporting procedUres to MOKAS. It is provided that, the obligation to report to MOKAS includes) also the attempt to execute suspicious transactions. In this connection, it was noted that the MLCO did not file a suspicious activity report to MOKAS for certain customers? suspicious transactions/activity, failing thus to comply with article 27 of the AML Law and also failed to provide an adequate explanation for not doing so, failing thus to comply with Par 18 (ix) of the CBC Directive. Moreover, it was noted that during 2013 and 2014, the bank rejected a number of potential customers who have been accused or found to be . involved inscams or frauds-.or money laundering activities. Such cases werevnot reported to MOKAS,failing thus to comply with article 69 of the AML Law. CONFIDENTIAL ROC0001291 Case Document 92-2 Filed 01/17/17 Page 31 of 89 CENTRAL BANK OF CYPRUS Ilg?tBackaroundunformation Wt?! 3m .. II ,v Bank overview and activities FBME Bank is the successor of the ?Federal Bank of the Middle of the Cayman Islands, which was operating in Cyprus through a branch between 1987 and .2003. FBME is jointly owned by the brothers Ayoub-Farid M. Saab and Fadi M. Saab, of Lebanese nationality. FBME was established in Tanzania in Septemben 2003_and operates under a banking licence granted to it by the Bank of Tanzania. The bank was granted a banking business licence by the Central Bank of Cyprus on 8 September 2003, allowing it to operate' In Cyprus In the form of a branch._ The decision of the bank to move its place of incorporation from the Cayman Islands, where .. it was registered as a brass plate entity, to Tanzania was taken after pressure exerted by the I. Cayman Islands Monetary Authdrity that threatened the bank with supervisory action with I regard to large un- -provided doubthl exposures in the bank?s loan portfolio. In- this regard, in September, 2003 FBME was incOrporated in Tanzania and took over the assets and liabilities as well as the operations of. the ?Federal Bank of the Middle East Ltd? of the I Cayman Islands FBME operates a network 'of four branches in Tanzania but the bulk of its activities are "carriedodt by its Cyprus branches. Currently, FBME maintains two branches in Cyprus, in Nicosia and "in Limassol, and employs 204 persons. Since 1993 it has maintained a Representative Office in Moscow. The Cyprus branches primarily deal with non residents legal persons and the majority of its clientele originate from BVI, Seychelles, Belize and Cyprus. The majority of UBOs of such legal persons originate from Russia, Ukraine, other former CIS countries and the UK. The main activities of the Cyprus branches of FBME are customer deposits and 'money transfers, loans and advances and fiduciary transactions. In addition, the bank is able to issue the full range of card products from VISA and MasterCard, through its specialised card solutions subsidiary FBME Card Services which was licensed by the CBC as a payment institution, and upgraded its?cence ?to that of an e-money institution in Febzuary 2014.. Financial' highlights of BME may be found in Appendix 1. Bank?s Risk Profile The business model of FBME to attract customers relies mainly on approved business introducers or ?referred agents? (not eligible third person who introduce FBME to customers) 5 CONFIDENTIAL Case Document 92-2 Filed 01/17/17 Page 32 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM maiority-of?caseS?there?is no direct contact with the customers, which impedes the verification of their identity, especially 'their business and risk profile. The said business introducers or referred agents receive a flat fee for the introduction of their customers, a fee for the interest paid to the customer or to the bank (loans). Fees are also paid for all outgoing payments, letter of credits issued, credit arrangements and cards issued. The following statistics were given by the bank in 'relatiOn to business introducers and Referred Agent's:~ CURENT AGENTS Audit/Accountancy 147 119 13 2.818.928 HIGH 10 9 I 4 . - 23.634 NORMAL 137. . A 110 9? 2.795.294 Fiduciary NORMAL '?Financial Services NORMAL - 3 - - - "0 Legal Professional 172 127 10 903.498 HIGH 15 13 2 147.330 NORMAL 157 114 8 756.168 Trust/Corporate Service Provider - 117 98 16 1.581.841 HIGH 23 23 7 871.311 . NORMAL . 710.530 Wealth Management _4 . 1 1 I - 2.793 NORMAL 1 ?1 2.793 asww?mam .059?! CONFIDENTIAL Case Document 92-2 Filed 01/17/17 Page 33 of 89 CENTRAL BANK OF CYPRU 9 EUROSYSTEM UN: 55%? yk?ii-?T? Her ?33132: Qw??catyx?m 1 km - ?ne-L Skm?gu ??gl?lumbe ic?l?i? 1M f? BELGIUM 1 BULGARIA . 3 BVI 1 CYPRUS I 271 CZECH REPUBLIC 4 DENMARK - . ., 5 5 TRANCE . 1' I. GIBRALTAR . I A A . . 11 HONGKONG 2 HUNGARY 11 IRELAND A 3 ISLE OF MAN LATVIA . 1 LIECHTENSTEIN. LITHUANIA -- LUXEMBOURG . NETHERLANDS I POLAND -- ROMANIA SWITZERLAND . . . . a it: not Sum Of Total NO. Count Of. of Total Sum of Total . . Accounts Mokas Commission . REFERRED AGENT TOTAL Introduced Reports Paid . t. No NO Nov . . Audit/Accountancy . 1 35 - 7.360 Bookeeper/Accountant 1 5 A, 0 Consultancy 10 218 97.936 Cysec regulated- -Trust/Corporate Service Provider 1 31? 13.931 Financial Consultant 2 34 1 19.563 :Financial Services 4 101 275.545 Legal Professional 11 825 ?1 603.871 Pending Cysec (Vertrauen Holding-Ltd - - Trust/Corporate Service Provider 1 . 1? 0 Trust/COrporate Service Provider 11 469 3 204.025 . (Other) 7 *1 .807 Grand Total 42 1726 . 5 1.224.038 7 CONFIDENTIAL ROC0001294 Case Document 92-2 Filed 01/17/17 Page 34 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM DE-ACTIVATED BUSINESS AGENTS Coun "in; 1' .. W: 11$ ?Com?mIss?r?jPaid 13?3? 1-76 1 639. 078 BUSINESS INTRODUCERS .185 . 554.215 REFERRED AGENTS No] AVAILABLE .1 ?fW?f \gi??i'Tmi According to the general. diagnostic review of all banks carried out in March 2013 by the . Unit. it was noted that 22% of depositors are companies incorporated in non EU- -countries and 16%. of total depositors are foreign politically exposed persons. Moreover, it was noted that approximatelyl9% of total lending was granted to foreign politically expoSed persons. . Regarding the ?quality? of customers introduced by'third'persons itis Worth noting that during I . 2013 and 2014 approximately'180 introduced customers (?potential customers?), were rejected by the bank for the reasons listed below. In 13 cases, rejected customers reapplied to the bank under a different name in order to establish a business relationship, which raises questions and concerns as to reasons why those rejected customers insist to open an account with them. 0 Negative information On the customer, director, beneficial owner etc Was identi?ed (ie I Director prOhibited to act as such by another supervisory authority, indicted charges, related with scams and fraud) . Customer was not licensed or regulated, by a competent authority (ie investment company)"; 0 Unwanted activitIes provided by the customer unwanted county of incorporation (ie arms trading) . Unclear activities provided by the customer and/or the customer is not cooperating to provide additional information. CONFIDENTIAL ROC0001295 Case Document 92-2 Filed 01/17/17 Page 35 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM In addition to the above, it is worth noting _that during 2013 and 2014 more than 100 business relationships were terminated for the reasons listed below: 0 hecustomer was involved in possible fraud or money laundering. . Activities of customers did not match with the declared ones or the cUstomers were involved in activities not accepted by the bank. . The customers did not cooperate to provide additional information requested . Negative information on the customer was identified . The company was dissolved or correspondent bank requested FBME to investigate further certain business relationships 7 During 2013 and 2014, FBME filed 54 suspicious reports to MOKAS. Most cases reported to MOKAS related to negative information about the customer or due .to possible fraudulent . transactions. According to information obtained from the Supervision Department, diachronically, FBME {has been exhibiting various deviations from its obligations as they emanate from the Business of Credit Institutions Law and the Directives issued by the CBC. Speci?cally, the current outstanding regulatory Issues relate to asset quality concerns, a possible violation of the Business of Credit Institutions Law and non compliance with prudential regulations. It should be recalled that by a letter dated 4/11/2013 the CBC informed FBME of the prima 'facie failure to comply with certain provisions of the Decrees issued by_ the Minister of . Finance on the restrictive measures on transactions. The explanations smeitted'were . - considered unsatisfactory and the CBC imposed an administrative fine of ?652.320 which is 0 equivalent to 0.5% of the amount of breaches. I In addition, there is a major concern on corporate governance and the internal control - system: 'nparticular, hands of the two owners of the bank, who, at the same time, are expected to_, perform a supervisory role over the activities of the bank?s executive management through their participation in the bank?sBoard of'Directors. In this respect, it has atso been observed that banking risks are assumed without aiways applying the requisite risk management procedures but largely at the direction of the bank?s. owners.? CONFIDENTIAL ROC0001296 Case Document 92-2 Filed 01/17/17 Page 36 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM bank failed to comply with the following provisions of the Prevention and Suppression of Money Laundering Activities Law and the Directive issued by the Central Bank of Cyprus under the said Law: . . Reliedton non-eligible third parties for customer due diligence (CVDD) purposes. . Failed to assess a number of third parties on whom reliance wasplaced for CDD purposes The bank failed to obtain adequate information for the construction of a number of customers? business pro?le . -.. The bank entered into business relationships with three companies which provided investment services without being authorised to do so by a Competent authority. 0 5 The bank repeatedly failed to complete the updating process 5of customer's identi?cation documents as per CBC Directive requirements. In this regard, on 15 November 2010, the CBC imposed a ?ne of ?80. 000 to the bank due to the aforementioned failures. last AML onsite examination was conducted in September520115. During the Said onsite examination, a number of weaknesses were identi?ed and a warning letter was sent to the bank requesting it to take corrective measures. In particular, it was established that the bank relied on a number of non eligible third persons for customer identi?cation purposes and maintained ?clients? accounts" in their name. In addition to the above, it was established that In a number of cases the construction of customers? business pro?le was inadequate 5 the review procedures were not effectively implemented, and the scope and depth of onsite examinations performed by the Internal Auditor and the money laundering compliance officer were not suf?cient. WEWWEW 556117015" 5 . - in March 20135, FBME commissioned KPMG Cyprus to carry out an 55AMI. Audit review at the Cyprus branch, with the cooperation, of KPMG Germany, so as to. evaluate. the extent to which policies and practices are compliant with the EU AML Directive as well as the Cypriot regulatory framework. KPMG concluded that some weaknesses were identified but basically ful?ls the requirements as set out by the Cyprus regulator and is in principle in compliance with EU 10 ROC0001297 Case Document 92-2 Filed 01/17/17 Page 37 of 89 CENTRAL BANK OF CYPRUS standards?. In addition, KPMG concludes that the existing older customer base, should be subject to a risk-based review, in order to ensure full AML compliance in accordance with the present regulatory requirements. It is worth mentioning that in the said report the folloWing limitations were highlighted by KPMG: KPMG has not reviewed the processes and potential MLfl' risks associated with prepaid cards and credit cards which are provided by the Bank's subsidiary FBME Card Services; It was agreed that the assessment of the extent to which suspicious 'andlor unusual activities/transactions may have passed through the bank or any assessment of whether criminal funds have passed through the accounts, was out ofscope. provided by the bank were assumed to be complete and accurate. The bank has not submitted a full list of all customers, so that a full review of potential legacy risk In relation to. existing customers could not be performed. I The ?ndings within the repOrt relied solely on the information made available to them. by the bank thrbugh documentatibn, and interviews. Data extracts BuSiness relationships which Were terminated In 2010 and 2011 (in total 4597) due to custOmers? reluctance to update their KYC information/documentation were not subject to 3 review. It is obvious that the limitations were such that they diminished the value of the report to a desk exercise purely addressing policies and procedures, and ensured that the underlying fundamental issues relating to the client base are not recognised. No Issues were raised In the management letter' In relation to compliance Issues. However, it should be noted that during the onsite examination it was established that the bank?s external auditor also acts as a business introducer thus giving rise to a seriousxoncemastocon?ictof interest. - .?ir?mta?? 1.55 WNW CONFIDENTIAL The major ?ndings of the Internal Auditor during 2012 &2013 were the followmg . AML monitoring procedures are adequate and properly followed by the bank Compliance gained access to card processing system. lA recommended areas of enhancement 11 ROC0001298 Case Document 92-2 Filed 01/17/17 Page 38 of 89 CENTRAL BANK OF CYPRUS . Process incomplete. A solution was agreed and implemented as of first quarter of 2013. 0 Various issues in relation to amendments of clients? status - A control was implemented as of March 2013.. . Mantas scenario was nOt functioning properly . KYC procedures: weaknesses were identified but noticed considerable improvement. 0 Approved third parties? ?les Were reviewed 1 andrr??etho?iiol my. agarme in Mrs: w: an: v: The onsite examination started on 17 June 2014 together with PricewaterhouseCoopers, with the aim to examine and assess the level of compliance of FBME with the procedures . and controls for the prevention of money laundering and terrorist ?nancing as stipulated in . Part of the Prevention and SuppreSSion of Money Laundering Activities LaWs of 2007 -I 2013 (?the AML Law") and the Directive issued by the Central Bank of Cyprus for the prevention of money laundering and terrorist ?nancing in December2013 according to section 59(4) of the Law (?the CBC Directive?). ?The said onsite examination covered the following programmes. Corporate Governance and Risk ASseSSment. (ii) Policies and procedures in relation to the prevention of money laundering AML Unit (Duties of the Money Laundering Compliance Officer) (iv) Internal Control Functions (duties of the internal Auditor) 9 Compliance/AML System Customer identi?cation and Due DiligenceProcedures(CDD) (including Politically Exposed Persons, and Trusts) (vii) Reliance on third parties (Business l?ntroducers) for customer identi?cation and due diligence purposes EU Regulation 178-1l2006 on information on the payer accompanying transfers of funds. (Electronic unds. Transfers) (ix) RepOrting, of Transactions Education and Training of Employees In order to assess the effective implementation of procedures, the team applied a risk based approachfocusing mainly on high risk customers such as PEPs, client accounts, 12 CONFIDENTIAL ROC0001299 Case Document 92-2 Filed 01/17/17 Page 39 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM companies with bearer shares and customers ?with bank. Moreover, a large number of customers assessed as normal risk were reviewed, to examine the adequacy of due diligence measures applied. In assessing .the effeCtive implementation of CDD including the monitoring of transactions, a sample of .200 customers? ?les and their transactions were reviewed. FIndIn? ?g - . . xi Mum; m1.? Jaime? The following weaknesses/de?ciencies and areas of concern were identi?ed during the II it?? wit - . .. . onsite examination: 1. Risk Management Systems . Risk identi?cation, assessment and mitigation Article 58 of the AML Law requires, inter-alia, credit institutions to apply adequate and appropriate systems and procedures in relation to internal control, risk assessment and risk management In order to preVent money laundering and terrorist ?nancing; An effective risk management system, as per paragraph 27 of the CBC Directive, requires, inter-alia, the identi?cation and assesSment of money laundering and terroriSt ?nancing risks emanating from specific customers, pro'dUCts, services and geographic areas of operation of the credit institution and of its customers. In addition, it requires the management and mitigation of the assessed risk by the application of appropriate and effective policies and procedures and controls. Article 64(2) of the Law requires credit institutions to apply enhanced and additional customer due diligence measures in all instances which due to their nature entail a higher I risk of money laundering or-terrorist ?nancing. In this connection, paragraph 4.14.2.9 Ofthe CBC Directive requires credit institution, inter-alia, to exercise additional monitoring procedures and pay special attention to business relationships and transactions with persons, inCIudIng companies and?tinancial Institutions, from countries which do not apply or ?ieyapplyinadequately the EATF Recommendations. On the basis a?the resutts of the review by the International Co-operatien Review Group (ICRG), jurisdictions may be publicly identi?ed in one of the two FATF public documents that are issued three times a year The ?rst public document, the Public Statement, identi?es: 13 CONFIDENTIAL ROC0001300 Case Document 92-2 Filed 01/17/17 Page 40 of 89 CENTRAL BANK OF CYPRUS i -1) apply 2) Jurisdictions with strategic deficiencies that have not made suf?cient progress in addressing the deficiencies or have not committed to an action plan developed with the FATF to address the deficiencies. In the second FATF public document, ?Improving Global Compliance: On- ?gaing Process?, the FATF identifies juriSdictions with strategic deficiencies that I have provided a high- level political commitment to address the de?ciencies through implementation of an action plan developed with the FATF. my this connection, it was noted that the MLCO marked jurisdictions as high risk those ?whose I nameappears only in the first'public document of-the FATF. No other?form of assessment has been carried but on any other jurisdictions. in relation to the seCond public document of the FATF, it Was noted that on 4/3/2013 the MLCO sent an email to the staff informing them that the FATF for the ?rst time has published a separate list of countries which have certain de?Ciencies and have provided the FAFT with a high level political cOmmitment to ?implement an action plan to address those deficiencies. ln additiOn, she stated that this does: 9/15 'not form part of the High- -Risk Approach Policy of the bank and the staff Is just requeSted to tread with Caution and exerCise vigilance when processing new account applications involving those countries. In light of the above, it was noted that the bank failed to identify the risks emanating from high risk jurisdictions who still have strategic deficiencies, and failed tointroduce appropriate measures (ie introduce adequate and effective policies and . procedures) so that the risks for the, purposes of money laundering and terrorist ?nancing. from the use of their services are'appropriately considered and managed. For example, customers residing/registered in countries with strategic de?ciencies such as Kenya 0r Tanzania were classi?ed as Normal Risk customers, failing thus to apply enhanced due diligence measures at the on boarding and during the business relationship . (ii) Hold mail services it was noted that a number of customers use Or usedthe address of the bank in the swift messages for the transfer of funds. From "infOrmation extracted from customers? fiies it was noted that the bank facilitated whilst it failed to consider or examine the motivations or reasons as to' which these customers requested such a service. Moreover, it was noted that the bank failed to take into account the risk profile of the customer or whether 14 CONFIDENTIAL 301 Case Document 92-2 Filed 01/17/17 Page 41 of 89 CENTRAL BANK OF CYPRUS Indicatively, it is mentioned that 75% of the companies are incorporated in offshore centres (Belize, BVI, Seychelles, Panama), 16% are Cypriot companies and only 95% are registered in European countries. Regarding the ultimate beneficial owners of legal entities it was noted that 525% are Russians, 10% British, 10% from former CIS countries and 4% lsraelis and Lebanese. In light of the above, it appears that article 58(d) of the AML Law was breached since the bank failed to adequately identify, assess and manage the risks emanating from those customers who requested the hold mail service. In addition to, the above, the bank willingly breached the provisions of EU Regulation 1781/2006 on information on the payer accompanying transfers of_ funds. Details regarding these weaknesses can be 1.1 found in Section 7 of this report. v, - Risk Assessment-Repert~ The Risk Assessment Report is in need of improvement as it does not contain information crucial to athird wants to assess-the risks borne by .the branch. During-the . interview it appeared that the _a methodology andran understanding?of the risks posed to the bank from an AMLiperSpective as well as the eXisting" risk mitigation mea-SUres? including their adequaCy and ef?ciency. However?this is not reflected in the risk assessment document as His an essential document for Compliance, auditors and regulators and it is at the heart of a sound AML prevention strategy. It is not clear from the risk assessment why countries, products, activities, etc. have a certain risk level, i.e. the rationale behind it. Also, it . does not present an evaluation of the risk scenarios to depict the distribution of risk within . the bank. This is not backed up by data, e.g. statistical/cases/results of controls/etc. The document is not detailed especially when it comes to describing the existing risk mitigation measures inclUding their adeouacyvand ef?ciency, as well as details of the risk mitigation measures that will need to be implemented. Fotlowing the CBC ?ndings of the-'last onsite examinations-in 2011, the Comptiance? Department took over tbe..functions of Account- Opening Unit, Quarterly audit of new. accounts and Review Unit, in order to overcome the weaknesses identi?ed by the CBC and to ensure that the bank complies with the regulatory framework. During the onsite examination the work performed by the Compliance Department was assessed and a number .of weaknesses Were identified in the procedures applied by the Quarterly Audit unit of new accounts, Rescreening of PEPs, Review Unit, and. monitoring of 15 CONFIDENTIAL . ROC0001302 Case Document 92-2 Filed 01/17/17 Page 42 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM accounts. _Details_regarding of Accounts are found under Section 4 ?Customer Due Diligence- Updating/Review", of this report. (I) Quarteny Audit of 10% of new accounts According to existing procedures, a dedicated officer from theCompliance Department reviewslauditsvt?% of all new customers: accounts opened every quarter-by?the Account Opening Unit. The latter operates under the Compliance Department. During the onsiteI inspection, it was noted that the reviews for quarters 3 and 4 of 2013 were completed but no I reSponse or follow-ups to actions taken were received from the Account opening Unit on weaknesses identi?ed by the Quarterly Audit Unit. In addition, it was noted that no list of pending items existed for .easy follow-up on such cases, which raises concerns on the . qu'alityand effectiveness and completeness of the work performed Moreover, it was noted that in the Compliance procedures? manual it is stated that ?Senior compliance of?cer prepares a document summarising the results and if required and/or if a trend in de?ciencies is identified an action plan is put together and agreed with the MLCO and communicated accordingly to the Compliance Approval team?. However, during the onsite inspection, the bank failed to provide us with such document (iI) Screening for PEPs . According to article 64(i)(c) of the AML Law credit institutions must have appropriate risk- based procedures to determine whether the customer or the bene?cial owner is a PEP. In addition, the law requires the senior management approval for establishing business relationships with such customers, or continuing the aforementioned relationships or continuing the relationship with existing. customers which in the mean time have become . PIEPs. . In this respect, paragraph 149 of the CBC Directive requires credit institutions to have in place reliable commercial electronic database for PEPs and in case of companies, legal entities anda rangements, the proceduresshould-eim?at verifying whether?te?be'ne?ciat owners, authorised signatories, directors and persons authorised to act on behalf of the . company are PEPs. Moreover, when establishing a business relationship with a customer (natural or legal) and. subsequently it is ascertained that the person(s) involved are or have become PEPs, then the approval of the credit institution?s senior management sh0uld be obtained for continuing the operations of the business relationship. In this respect, paragraph of the CBC Directive speci?cally reqUires credit institutions to have systems in place to filter on a regular basis, and not less frequently than once a month, their customers and the physical persons related to them, for such cases. 16 CONFIDENTIAL ROC0001303 Case Document 92-2 Filed 01/17/17 Page 43 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM -1 In. in the bank?s banking system, but kept manually in an excel worksheet. The said excel worksheet is ?ltered against the database to identify any matches. It should be 'noted that the query to match names is based on 100% match. Any matches are then investigated to verify whether the name of the person who appears in as a PEP is indeed the same person found In their clientele. Unfortunately the said tasks (ie to keep the names of beneficial owners in an excel and perform the ?ltering) "are done manually with an increased risk of humanerror. Furthermore, it is simple. to manipulate the said list in order to avoid carrying out checks on selected customers persons. In addition, the fact that the query to match names is based on 100% match (without any flexibility),increases the risk of not properly identifying customers who are . PEPs or subsequently become PEPs and thus failing to apply enhanced: due diligence measures as required by the AML Law and theCBC-Directive. - 3. Internal A ?t Department The internal Audit Department carried out a number of. audits at the bank as per CBC Directive A number of weakneSses were identified during the said audits (please refer to Section Vl of this report) the majority of which are in line with CBC findings. However, it is noted that the most serious findings were not identified (su'ch as UBQ masking by the MLCO, systematic breach of Regulation 17.81/2006) During the remainder of 2014, the Internal Auditor will review the adequacy of the new AML procedures introduced during 2013, as well as the adequacy and effective implementation of Risk assessment carried out in 2013-2014. . 7 - 4. Customer Due Diligence - Updating/Reviews Articles 58 and 60 of the AML Law require banks to apply, inter-alia, adequate and appropriate systems and. procedures for the ascertainment and veri?cation of their customers? identify and bene?cial owners and to. exercise due diligenCe. In line with paragraph 4.11 of the CBC Directive and article 61 of the AML Law, banks should, prior to establishing a business relationship, obtain and assess.- information on its purpose and intended nature in all cases. More speci?cally, they should develop a comprehensive pro?ie of the customer in order to identify and assess the risks associated with the business relationship and to provide a meaningful basis for the monitoring of tranSacttons. in this regard, the following weaknesses were identified: Identi?cation of the? ultimate beneficial owner 17 CONFIDENTIAL Case Document 92-2 Filed 01/17/17 Page 44 of 89 CENTRAL BANK OF CYPRUS 109?112 of the CBC Directive in relation to the identification of a big number of companies which belong to the Russian PEP Mikhail Prokhorov. In particular, it was noted that in 23 companies the ultimate bene?cial owner were persons acting as from men in favour of the said Russian person. The persons who acted as are listed in Appendix The bank?s MLCO admitted that the bank was aware of the above fact and hid the U80 in View?_of the fact Mr Prokhorov-was-a presidential candidate in Russia. DUring?2013, the bank begun to update its records and customers? ?les. In addition to the above, it should be noted that article 68(c) of the AML Law provides that in the event'that the customer. of a person engaged in financial or other business. activities, or at persOn who is authorised to act on behalf of the cuStomer, Or a third r, person according to paragraph of subsection (2) of section 67, on Whom the person engaged in ?nancial or other business activities relies for the performance of the procedures for customer identification and due diligence measures, knowingly provides false or misleading evidence or information for the identity of the customer or of the ultimate bene?cial owner or provides false or forged identification docUments, is guilty of - the offenCe and, in case of conViction, is subject to imprisonment not exceeding 2 years or to a pecuniary penalty of up to ?100 000 or to both of these penalties. (ii) Construction of a Customer?s Business Pro?le CONFIDENTIAL It was observed that, in many cases, customers' business profile was not suf?ciently comprehensive as?some important information was missing from customers? files ownership/group structure, detailed description of activities, sources of funds and outgoing transfers, ?nancial information on the group that the company may we part of as well as information regarding the country of incorporation of the parent company, subsidiarycompanies and associate companies and their main activities). Generally, it was noted that certain information about customers: business profile" provrd?ed by the business inttoducer. or the. customer or not ?irtberjnvestigated by the bank. In some cases the bank's forms/checklists were not signed or dated. In some cases, the four eyes principle was not applied Indicative examples of the aforegoinggwas found in the business relatiOnships of Delfina International ltd, ?Lucino Investments ltd, Velcrown ltd, Yellow Sunrise?Tradingl and consulting, Eveta Bestrade'Ltd, Florinia, MorlandiGroup, Glascom, Tredwell Marketing Ltd, Primo Holdings Ltd, Winner Production Limited, Avalon Corporate '18 ROC0001305 Case Document 92-2 Filed 01/17/17 Page 45 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL Services Limited, Boward Construction Ltd, Avicta Limited, Sherkom Ltd, Language-Link Ltd, Hailington Ltd, Classic Elements Corp., Edenbridge Directors Ltd, Shinc Shipping Limited, Rydale International Holdings - Limited, Hamilton Hargreaves Llc, Oriental Pharmaceutical Group Limited, Lazet Logistic Group-Ltd, International Investment Finance, Valery Kogan, Scandec Incorporated, Kelada Investment Group Ltd, Sunrise Business Services Ltd, M.D.Software (072373),Roman Consultancy (058989); Fortress Business-Services (403824), Semira Ltd, Vermania?Ltd, Fortress Incorporation Ltd, Honeywell Holding Ltd, Betempire Corporation Ltd, Wincom Ltd, Sovereign Management Legal S. A., Bailey Ventures Ltd, Cumulus Ltd. In addition to the above, the following weaknesses were identified: 1. Information collected on business activities of customers was inadequate/brief or too general for a number of clients. For example, the folloWing descriptions of activities were provided: Software deveIOprnent, Management Consultants, Holding Of investments, Sale and Purchase of Securities /Investment and Holdings, etc. Indicative examples of the aforegoing were observed in the ?les of M. D. Software Ltd, Alexey Vinogradov, Paul Kenneth Davies, Lazet Logistic Group Mediafine Trading Ltd, Advantage International Foundation, Valery Kogan, Vladimir Smirnov, . deIt'reSs IncorpOration Honeywell Holding Ltd, Wincom Ltd, Sovereign Management Legal 8. A, Bailey Ventures Ltd, Cumulus Ltd, Huri Holdings Inc-The Huri Trust. 2. Incomplete or no information obtained about the Group structure to which the company belongs to. Indicative examples of the aforegoing were observed in the ?les of NSG Nicosia Software Graphic H0use? Limited, Crossway Commerce Edenbridge Investments Ltd, Shinc Shipping Limited, Adan Services Ltd, Pelegreen Limited. 3. Information on the source of incoming and/or destination of outgoing funds were too general or missing. Indicative examples Of the aforegoing were observed in the ?les of M. D. Software Ltd, Language-Link Ltd, Shinc Shipping Limited, Rydale Oriental Pharmaceutical Group Limited, Lazet Logistic Group Ltd, Valery Kogan, Kelada Investment Group Ltd, Hailington Ltd, Honeywell Holding Ltd, Wincom Ltd, Bailey Ventures Ltd, Cumulus Ltd, VWV Consult BV, Huri Holdings Inc. -The Hurt Trust. 4. The following inforrnatio'n/documentation were found to be missing from customers? 1 ?les: The shares Certi?cate-of the registered shareholder (ie: Mediafine Trading Ltd) 19 ROC0001306 Case Document 92-2 Filed 01/17/17 Page 46 of 89 CENTRAL BANK OF CYPRUS - Software Graphic House Limited, Trident Alliance ,Crossway Commerce SA. _Avalon Corporate Services Limited, Boward Construction ,Edenbridge Directors Ltd, _Hamilton Hargreaves L c Oriental Pharmaceutical Group Limited, Vantouro Co. Ltd, International Investment Finance Ltd, Fortress Incorporation Ltd.) The utility bills for the Veri?cation of Address of the U80 or Authorised signatory 7 '(ie Intesco Holding Ltd, Webconsult Llc, Dubu Consulting Ltd, CrossWay Commerce S.A., M. D. Software Ltd, Classic Elements Corp., Global Trade And Investments Ltd, Edenbridge Directors Ltd, Valery Kogan, Vantouro Co Ltd, Roman Consultancy Ltd, Fortress BusinessServices Ltd, Rosemount Holdings ,Ltd, Intercity Partners Ltd, AfriCan Rescurce' Consulting Limited, Fortress Incorporation Ltd.). A check iof thevcustomers" name or through a public database by for PEPs and negative information. Charalambos Fellas, 'LeWis'CaIcutt M. D. Software Ltd, AVIcta Limited, Alexander Gennadyevich Shishkin - Rquiotech Intl Ltd, Classic Elements Corp. ., I Avicta Limited) The Certificate of Directors: (ie VantOuro Co. Ltd, InternationaIInvestment Finance Ltd, Roman Consultancy Ltd, Manicon International Limited (069703) - The Declaration of Founder (ie Advantage International Foundation) - The Board of Directors Resolution for the operations of theaccount: (ie Classic Elements Corp) (iiz) Procedures for High-Risk Customers CONFIDENTIAL In addition to the weaknesses mentioned above in relation to the construction of the business profile, the bank failed to apply adequate enhanced due diligence procedures in a number of business relationships In partiwlar the. following weaknesses were observed: 1) Enhanced Due Diligence measures for high risk customers Article 64(2) of the Law requires credit institutions to apply enhanced and additional due diligence measures in all instances which due to their nature entail a higher risk of money laundering or terrorist ?nancing. Paragraph 124 of the CBC Directive, requires the MLCO 20 ROC0001307 Case Document 92-2 Filed 01/17/17 Page 47 of 89. CENTRAL BANK OF CYPRUS CONFIDENTIAL EUROSYSTEM to act as an- advisor before the review procedure. In this connection, it was noted that the comment/opinion and/or Senior Management approval was missing in a number of?cases of?high risk customers. Indicative examples?of the. aforegoing were observed in the files of. Avicta Limited, 1 Vladimir Smirnov, Shiningstar Investments (Cyprus) Ltd, Bailey Ventures Ltd, Cumulus Ltd, Starwood investments Ltd, Majestic Wealth S.A, Saturn investments Development Ltd, Zest Inc, ACE~AssOciatedl Catering Enterprises: Limited, AttiS?Group Limited, 1 Almovena Management Ltd, Golden West Seed Ltd. 2) Accounts in the names of companies whose shares are in the form of bearer In. relation to ?accounts in the names of companies whose shares are in the form of bearer?, it was noted that the bank failed to apply the following provisions of paragraph . 129 of the CBC Directive . carry out an annual review on the accoUnts? transactions and turhoVer accompanied by a note summarising the results of the review. Indicative . examples of the aforegoing were observed In the files cf Albatross Consulting Ltd, Uzika Services Ltd, Lazet Logistic Group Ltd, Structural Trading Inc, Global I Sdeen LLC, Starkfoods Inc, Strarwood Investments Business One LLC, lWWConsuit or the review carried out in the cases of E.V.A.L. Eastern Valve Alliance Ltd, Blue Way Aviation was inadequate; and/or . obtain from the third person who introduced the customer or the Director a written confirmation that the capital base and the shareholding structure of the?company or that 'of'its holding company, .as the case may be, has not been altered by the issue of new bearer shares or the cancellation of existing ones. Indicative examples of the aforegoing were observed in the ?les of E.V.A.L. Eastern Valve Aim LtdWAlbatrossmConsuitingw Ltd, Uzika Qservices Ltd, Staskfoeds?inc, Vi?ncom LLC, Stanwood investments Ltd. 3) Accounts for Politically Exposed Persons (PEPs) With regard to business relationships established with PEPs the following weaknesses were identi?ed. . In one case, the accounts and the business pro?le of the customers was not .. subject to annual review or the review was inadequate in order to determine 21 ROC0001308 Case Document 92-2 Filed 01/17/17 Page 48 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM whether-teallow?theacco J. ttncont'nueoperati..g, requirements of paragraph 149 (vi) of the CBC Directive (Igor Balenko). . In some cases, the bank failed to prepare a note summarising the results of the review, carried out by the responsible of?cer and submitting it to the. Senior Management for consideration and approval failing thus to comply with paragraph 149 of the CBC Directive. lndicative examples of the aforegoing were observed in the files of Avicta Limited Vladimir Smirnov, Bailey Ventures Ltd, Igor Balenko. . The bank failed to take adequate measures to establish the source of wealth of the PEP as per article 64(1)(c) of the AML Law. lndicative examples of the aforegoing were observed in the files of Valery Kogan, Vladimir Smirnov, Bailey Ventures Ltd. (iv) Misc/assification of risk According to Article 64(2) of the AML Law, banks must apply enhanCed and additional customer due diligence in all instances which, due to their nature,,entail a higher risk of money laUndering or terrorist ?nancing. In this connection, it was noted that cUstomer risk classi?cation is not properly implemented. In some cases, customers were categorised as Normal Risk instead of High Risk failing thus to apply enhanced due diligence measures to reviewing the business relationship annually. Such instances were observed In the business relationships with the following customers: . -. CONFIDENTIAL Valery Kogan(064076): As per PEP Enhanced Due Diligence (dtd 10/06/2014), it is suggested by the CI to remove the customer from high risk PEP and to be classified as Normal Risk. We do not agree with CI's suggestion as the client is closely associated with PEPs e. Dmitry [Notez Adverse publicity (involve in several Russian scandals) according to the webpage haaretz. com (Israel News)]. Larisa Drozdova(400887): The client was indicated as normal risk. At the time of the ?rst review she was ?wrongly- indicated as high risk (her husband is an and then at the last review she was reclassi?ed as normal risk. It should be noted that her husband'is 'stillclassi?ed?ast?gh risk. WGVC Ltd: The customer should have been?classi?ed as high risk due to-the fact that: is part of the same group with Wargaming- (same UBOs) (online gaming) Lionman Energy Ltd: The customer should have been classified. as high risk. (Physical pertoleum trading, consulting on oil re?nery management, on re?ning process optimazationyon oil terminal management, 'bunkering operations-trading, lubricant trading, shipping) 22 ROC0001309 Case Document 92-2 Filed 01/17/17 Page 49 of 89 CENTRAL BANK OF CYPRUS . Joseph Nazih? Karam: The customer should have been a high net worth individual involved in fx trading and other short?term investment trading. Wrongly classified as normal risk while the same person maintains another relationship with 072421 which has been marked by the Bank ashigh risk; . Solitento Ltd: The customer's is one of the main shareholders of Wargaming (online gaming). . CLEDA LTD, MINEWORKS LTD, LEAF TOBACCO A. SA. The said companies belong to or are related with Tatiana Cergueewna Regan (aka Regan. - Koukanova Tatiana) (ex-wife of the PreSident of Angola (1979-1992) ?Jose Antonio Dos Santos'. Tatiana Regan is the ultimate bene?cial owner in a number of companies (Appendix 3) which are trading diamonds in Angola. The above mentioned companies were marked as normal risk, despite the? fact that Ms Tatiana is . categorised as a PEP. Given that Angola is one of the largest experters of diamonds in the world, Where major problems are encountered in the management of national wealth exacerbated by the corruption of public of?cials and lack of security that prevailed throughout the country, and the fact that large funds handled by those companies are transferred to the personal accounts of the above individuals, the said . cuStomers should be classi?ed as high risk, Review/Updating of business and-risk pro?le - It was established that four persons in the Compliance Department are reviewing customers? ?les, giving priority to high risk customers and normal customers whose accounts opened prior to 2010. in this connection, the bank provided a table with statistical information in relation to the progress performed so far. 23 CONFIDENTIAL CONFIDENTIAL Case Document 92-2 Filed 01/17/17 CENTRAL BANK OF CYPRUS HIGH RISK ACCOUNTS 27 June 2014 CLOSED CHANGES PLETED BE TERMINATED :f - ANDING >500 ENDING FOLLOW UP 24 'Fiies Reviewed? 340/0 Page 50 of 89 ROC000131 1 Case Document 92-2 Filed 01/17/17 Page 51 of 89 CENTRAL BANK OF CYPRUS EUROSSESTEM - {if NORMAL RISK ACCOBNTS . REVIEWED IN 2014 27 June 2014 'itiDEX 0920 2011 2912 2013 mm 5271 1277 1409 ?844 "8801 984 143 157 1 1285 151 33 216 358 . 7452 282 Reviewed . 276 1 1,2340 timers?- . .285. 42346 Fiies R?Viewed ?2 22.32% 59% 1.18230 3.05% 2.90% 0.12% 2.61% x2} 5% A 3?1'5? v' It is worth mentioning that only 26.59% '(2340 customers' ?les out of the 8801) ofnormal customers? ?les have been reviewed and only 2.61% (230 customers' ?les) of those, the procedure has been completed. This means that for a .big number of customers, order'tU'UpdateTheir business and risk pro?le. A sample of customers' ?les which went under the review procedure was selected for assessment. in this connection, it was noted? that email communication was sent to Customers but the bank did not include a deadline by req?ueSted information was to be submitted. Consequently, in many cases the customers submitted the information 6~ 7 months later. ?25 CONFIDENTIAL I ROC0001312 Case Document 92-2 Filed 01/17/17 Page 52 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL In order to overcome this weakness the elapsed from customer contact via a tool in excel and customers who do not submit documentation are placed?on Marker 8. Out of the 13 ?les reviewed, only three had markers in place, suggesting that the whole procedure to monitor communication and reviewcompletion is ineffective. This appears to be confirmed by the review statistics cited above where only 3% of normal customers? ?les reviewed appear to be completed. Regarding high risk customers, which according to existing precedures have to be reviewed annually,?it_ was noted that up to June 2014,.405 customers? ?les or 34% out of the 1183, were revieWed; The review procedure has been completed only for 3% of customers. It should be recalled that high risk customers-should be reviewed at least annua?y. Indicative examples of the fact that the bank failed to review the business relationships by due dates were observed in the files of Charalambos Fellas, Webconsult Llc, Shale Impex E.V.A..L Eastern Valve AllianCe Ltd, Blue Way Aviation Ltd, Albatross Consulting Ltd, Uzika Services Ltd, Business Access Pte Ltd, M. D. Software Ltd, Shinc Shipping Limited, Rydale International Holdings Limited, Oriental Pharmaceutical Group . Limited, Gyges Services Limited, Lazet Logistic Group Ltd, Michael John Dewar And/Or?, Margery Victoria Dewar, Media?ne Trading Ltd, International Investment Finance Ltd, Roman COnsuItancy Ltd, Fortress Business Services Manicon International Ltd, Vladimir Smirnov, Sonadec lncorparated, Paul Kenneth Davies, Fair Food LLC, Aspects Ltd, Gencorp Ltd, High Technologies Corp., Global Sdeen LLC, Starkfoods Inc, Trinc Quoc Cuong Private Foundation, Cumulus Ltd, Igor Balenko. In addition to the above, it was notedthat in many cases the bank failed to ?nalise the review/update procedure. For example in some cases it was noted that the bank identified and requested from the customers missing identi?cation documents and/or requested additional clari?cations/explanations in relation to account turnover deviation. However, the bank failed to monitor the outcome of such requests and the prompt submission missing -infmmationldocumentatioa .Such49quest& remained unanswered for a long period of time. Indicative examples of the aforegoing were observed: in the ?les of Lewis Calcutt, Dubu Consulting Ltd, Alexey Vinogradov,Crossway Commerce S.A., Avicta Limited, Classic Elements Corp, Edenbridge Investments Ltd, Vantouro Co. Ltd, Adan Services Ltd, Global Trade And Investments Ltd, Advantage International Foundation, Valery Kogan, Larisa Drozdova, SunrisevBusiness Services Ltd, Intercity Partners Ltd, African Resource Consulting Limited, Circa?M?edia Limited, Kelada Investment Group Ltd, Rosemount Holdings Ltd, Semira Ltd, Fortress IncorporatiOn Ltd, Structural Trading Inc, Trinh Quoc Cuong Private 26 ROC0001313 Case Document 92-2 Filed 01/17/17 Page 53 of 89 CENTRALBANK QF CYPRUS I CONFIDENTIAL EURO SYSTEM Le gla 8.. Paradera Ltd, Wincom LLC, Strawood Investments Ltd, Majestic Wealth S.A., Joseph Nazih Karam Daniele Sfeir-Karam, Huri Holdings Inc-The Huri Trust. In the majority of cases the review procedure concentrated only on the adequacy and updating of customer identification records, ignoring the transactional behaviour of the customer, failing Ibusto.have_ a full- understanding of normal and reasonable account activity of their customers and of their business and risk profile. In addition, in almost half of the sample selected, custom?ers declared turnover differed from the actual one and the bank failed to obtain adequate information/explanations from the customers as to the reasons of such deviation, thus failing to update and complete business/economic and risk pro?le of customer. It should be recalled'that paragraph 167 of the CBC Directive requires credit institutions to introduce and implement adequate automated] electronic management information systems Which will be capable of supplying, on' a timely basis, monitoring of customer accounts and transactions based on the assessed risk of these . accounts and transactions in relation to money laundering or terrorist ?nancing purposes. The monitoring of accounts and transactions must be carried out in relation to specific types of transactions, the business pro?le of the client, by comparing on a regular basis ,4 the. actual movement of the account with the expected tUrnover as declared. When ~iopening the account, as well as with the m0vement of accounts and'the nature. of the transactions conducted by other customers engaged in similar business activities. Signi?cant deviations must be further investigated and the relevant findings recorded in an appropriate memo which should be kept in the customer's file. Indicative examples of the aforegoing were observed in the files of Charalambos Fellas, Lewis Calcutt, Webconsult Llc, Dubu ,ConSUIting Ltd, Shale-Impex Ltd, E.V.A.L. Eastern Valve Alliance Ltd,Blue Way Aviation Ltd, Albatross Consulting Ltd, Uzika Services Ltd, Business Access Pte Ltd, Edenbridge Directors Ltd, Edenbridge Investments Ltd, Shinc ??Snipping?LimIted, Rydale International Holdings Limited',? Oriental Pharmaceuticalbroup Limited, .Gyges Services Limited, Lazet Logistic?(Smut; Ltd, Michael JohnDewar Anler Margery Victoria Dewar, Mediafine Trading Ltd, Vantouro Co. Ltd, International Investment Finance Ltd, Adan Services Ltd, Trade And Investments Ltd, Advantage International Foundation, Valery Kogan, Sunn'se Business Services Ltd, Roman Consultancy Ltd, Fortress Business Services Ltd, Rosemount Holdings Manicon International Ltd, Vladimir smirnov Larisa Drozdova, NSG Nicosia Software Graphic House Limited, Trident Alliance ,Crossway Commerce S.A. ,Concordia 27 all the valid and necessary information for the identi?catibn, analysis and effective. 'Roc0001314 Case Document 92-2 Filed 01/17/17 Page 54 of 89 CENTRAL CYPRUS MD .Software Semira CONFIDENTIAL Ltd, Vermania Ltd, Fortress Incorporation Ltd, Aspects Ltd, Chalbukhan Cyprus ltd, High Technologies Corp., Global Smsden LLC, Bromenso EnterprisesLtd(Dmitryi Palunin), Management Legal Ventures Ltd, Cumulus Ltd, Paradera Ltd, Wincom LLC, Stanwood Investments Ltd, Igor Balenko, Majestic Wealth S.A., Smart Construction Ltd, Solitento Ltd, Business One LLC, WW Consult?BV, Alexander Gennadyevich ShishKInTRusbiotech int Ltd, Padiliano Holdings Limited, Huri Holdings lnc.- The Huri Trust Nataliya Tigipko- Genetron Limited. AMI: IT System' and monitoring of transactions Article 61(t17)(d) of the Law requires persons engaged, in financial .or other business to conduct! ongoing monitoring} of .the- business relationship including scrutiny. of transactions undertaken thrOughout the course'of that relatiOnship? to ensure that. the transactions being conducted are consistent with data and information maintained by the person who carries out ?nancial or other business in respect of the customer, the business and the risk profile Of the cuStomer, including the source of funds as well as ensuring that the documents, data or information held are kept up?to-date Article 58(e) Of theLaw requires credit institutions, inter alia, to apply adequate and appropriate systems and procedures in relation to the detailed examination of any transaction which by its nature may be associated with money laundering or terrorist financing and in particular complex or unusually large transactions and all unusual patterns of transactions which have no apparent economic or visible lawful purpose. An effective on- going monitoring of customers? accounts and transactions, requires. the full understanding of normal and reasonable account activity of their customers as Well as of their business profile and have the means of identifying transactions which fall outside the regular pattern of an account?s activity or to identify complex or unusual transactions or transactions without obvious economic purpose or clear legitimate reason (paragraph 165 of the CBC- Directive). Equally, important is the introduction and implementation of implement adequate automated/ electronic management information systems which will be capable of supplying, on a timely basis, all the valid and necessary information for the identi?cation, analysis and effective monitoring of customer accounts. and transactions (Paragraph 167 of the CBC Directive). 28 Case Document 92-2 Filed 01/17/17 Page 55 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL In monitoring of customers? transactional behaviour and the HOTSCAN System for the real time filtering of inward and outward Swift messages against lists of sanctioned individuals and entities and other internal lists. Regarding MANTAS AML System it was noted that six scenarios are incorporated into the system for detecting potentially suspicious activity transactions. The said six scenarios cover funds transfers between customers and external parties, transactions of high risk customers, transactions related to high risk coUnterparties '(as identi?ed by Rapid movement of funds, Large depreciation of account vaer and Large reportable transactions. In thisc'onnection the following weaknesses were identi?ed which eliminate the effective - monitoring and investigation of transactions: 1. Mantas alerts (scenarios) do not cOVer a wide range of cuStomers? transactional behaviour. MANTAS alerts are investigated by members of the Compliance Department without applying the four-eyes principle. Consequently, the risk of closing alerts .. Without being properly investigated is high. I I 3. Various parameters lthresholds are incorporated in each scenario so that an alert is produced only if these parameters are met (ie the system automatically closes an alert when the thresholds/parameters are not met). For example in the case of Rapid Movement of Funds the following criteria/thresholds are in place: the customer should be high risk, not all jurisdictions are included, the minimum amount shOuId be $250.000 and the minimum percentage ofthe debit transactions amount that sets the lower and upper threshold for the credit - transactiOns mount for alerting on a new focal entity should be 50). As a result of the above a big number of transactions are excluded from the scenario and thus are not properly investigated. 4. Alerts produced by the system usually are based on a number of transactions performed?'by the customers. in this connection, "it was noted that the investigating of?cerrandomty sel?cts-large transactions tc?review in the course of Mantas investigation and not the whole set of transactions which created the alert. I 5. in certain cases the investigation carried cut was inadequate as the investigating officer did not obtain supporting evidenceon the transaction or the of?cer relied 29 ROC0001316 Case Document 92-2 Filed 01/17/17 Page 56 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL EUROSYST EM ?ie for-m fro customer to justify the transaction. 6. Staff from the Compliance. department is able to suppress alerts for 1 month/3 months/6 months/12 months alerts for speci?c customers. Consequently, the system automatically closes an alert for a specific period of time set by the bank of?cer (months). This prOcedure in combination with the fact that they *do not apply the four-eyes principle increases the risk of avoiding the . investigation of-alerts on purpose. 7. .The alerts are not investigated in due time. It was noted that there is along period of time 1 month) between alert's creation date and the date that the investigation will begin. . 8. Inadequate monitoring centrol Follow up status remains follow up for a IOng 7 period of time 3 months), inadequate internal controls in the cases where the customer made multiple partial payments for the same invoice/contract1.? 9. - in some cases, the system wrongly creates duplicate alerts for one transaction, thus creating confusion as to what to investigate/ has been investigated. 10. There are some 2000 open alerts still in the system without being investigated. Such alerts dated batik to March 2013. Although the Compliance department insisted that these were ?false alerts?, a couple of checks revealed the opposite. (ii) Monitoring of transactions The Compliance Department is responsible for the monitoring of transactions including the procedure of investigating the declared turnover which deviates from the real turnover. In this connection it was noted that on a quarterly basis the Compliance department receives a report which indicates which accounts' real turnover deviated from the declared one. According to?the criteria set for the. prodUction of such report, an alert is produced if there is a 100% Upward deviation. The percentage set for such an alert is found to be too high and the. fact that only positive deviations (ie upwards) are of the scope for reviewing and/or updating their business and risk pro?le. Moreover, it was noted that the declared turnover was not based on sound financial decisions but it was set too high in order to avoid such investigations. it is worth noting that the actual- turnover was lower than the declared one in more than half of customers being reviewed. indicative examples of the aforegoing were noted in the following business relationships: Advantagelnternational Foundation 0 Albatross Consulting - AlexeyVinogradov . .t .0 Avicta Limited 30 ROC0001317 Case Document 92-2 Filed 01/17/17 Page 57 of 89 CENTRAL BANK OF CYPRUS -_B!ue_WayAviation CONFIDENTIAL Circa-Media Limited 0 Classic Elements Corp Concordia Corporation - Crossway Commerce S.A. E.V.A.L. Eastern Valve Alliance 0 Edenbridge Investments Fortress Business ServiCes 0 Gyges Services Limited Hailington 0 Hamilton Hargreaves International Investment Finance 0. Kelada Investment Group Language Link 0 MD Software Manicon International 0 Mediafine Trading Mm Sports Promotion Lp ng Nicosia Software Graphic 7 House Limited Oriental Pharmaceutical Group Limited 0 Paul Kenneth Davies Roman Consultancy 0 Rosemount Holdings Rydale International, Holdings Limited - Scandec Incorporated I Shale Impex Shinc Shipping Limited 0? Uz_ika Services Trident Alliance .. Valery Kogan Vantouro Co. Vladimir Smirnov 0 Winner Production Limited Minayma Finance 0 Semira Vermania 0 - Chalbukhan Cyprus Global Bromenso Enterprises (Dmitryi .Palunin) Solitento PadilianoHoIdings Limited Smart Construction V. Business One LLC WW Consult BV - Huri Holdings Inc. - The Huri Trust Alexander Gennadyevich Shishkin - Rusbiotech Intl 0 Nataliya Tigipko - Genetron Limited Shiningstar Investments (Cyprus) 0 Igor Balenko (Ralkom Ltd) Majestic Wealth S.A. WGVC LTD Wincom LLC 31 In addition to the above, it was noted that the Compliance department was far behind from such investigations, as Q1 of 2014 was not yet investigated. With regard to the it-wesvneted?that it~was~not~a+ways~up~to~the~ expected standards. In the majority of cases the bank merely required an updated business pro?te (including a new deciared turnover) to be submitted by the customer without challenging the said information or obtaining ?nancial statements of the customer to justify the increase in turnover. In certain cases, no supporting documentation, was found in relation to specific transactions, or the purpose of the contract was not in line with the declared activities, or the amounts stated on invoices did not match with the speci?c transactions. Indicative examples of the aforegoing were found in the case of Promero, Kontes Entertainment, Seureaship International ltd, 4Revenue Incorporation. ROC0001318 Case Document 92-2 - Filed 01/17/17 Page 58 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL EUROSYSTEM lt an essential aspect of a sound money laundering and terrorist ?nancing risk . management system. A credit institution can effectively manage its risks only if it has a full understanding of normal and reasonable account activity of their custOmers as well as of their business and risk profile and have the means of identifying transactions which fall outside the regular pattern of an account's activity or to identify complex'or unusual' transactions or transactions without obvious economic purpose or clear legitimate reason. Also article 61(1)(d) of the Law requires that Customer identi?cation procedures and customer due diligence measures shall comprise the conduct of ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent . aWith data and information maintained by the person who carries Out ?nancial _or other business in respect of the Customer, the business and the risk pro?le Of the customer, including the source of funds, as well as ensuring that the documents data or information held are kept up- t?o? date. Reliance on th_ird parties (business intr'oducersl' Business introducers are assessed through the questionnaire prepared by the bank. The - bank Was in the process of reviewing such relationships based on the new requirements set by the CBC. Certification of Documents In some cases it was established that customers' identi?cation documents were not certi?ed or not properly certified as per paragraph 186 of the CBC Directive. Indicative eXamples of the aforegoing were observed in the files of Uzika Services Ltd, D. software Ltd, Language-Link Ltd, ClaSsic Elements Corp Edenbridge Directors Ltd, Scnadec Incorporated, Edenbridge Investments Ltd, Vantouro Co. Ltd, Sunrise Business Seances Ltd, Roman Consultancy Ltd, Fortress Business Services Ltd; Rosemaunt Holdings Ltd, Lewis Calcutt, Albatross Consulting Ltd, Webconsult LLC, Fair Food Llc, Chaibukhan Cyprus Ltd, Honeyweli?Holding Ltd. in 15 cases the client was introduced by a non Approved person. It was also identi?ed that some ATP ceased to be ATP at the Bank. in such cases the bank had to review the business relationships but failed to do so. 32' ROC0001319 Case 1i15-cv-01270-CRC Document 92-2 Filed 01/17/17 Page 59 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL . funds (Electronic Funds Transfers) EUROSYSTEM Other issues reaardina ATPs: . Webconsult LLC (069056): No evidence in the file that customer was introduced. However, it appears from the system that the introducer was intershores Fiduciary Services Ltd, which is neither an ATP nor a referral party (according to excel provided). . Minayma Finance (404678) There is evidence in the ?le that customen was introduced by the Bank's Moscow branch. However, it appears from the system that the introducer was Kremlin Corporation which is a referral party (according to excel provided). 0 Albatross Consulting (403013): No evidence in the file that customer was introduced. However, it appears from the system that the introducer was Gamut Services GMBH, which is neither an ATP nor a referral party (according to excel provided). It shall be noted that Gamut Services GMBH provided a reference letter for the client. I I . I . Vantouro Co. (068589): No evidence in the ?le that customer was introduced. . However, it appears from the system that the introdUcer was Winglobe International SerVices Ltd. Additionally; Winglobe is not included in the List of third parties. . it should be noted that the bank?s external auditor also acts as a business introducer thus giving rise to a serious concern as to conflict of interest. Rewation 1781/2006 - on information on the payer accompanyinltransfers of it was noted-that a number of customers use/used the address of the bank in the messages for transfersof funds. in thishconnection, the bank failed to consider or examine the reasons as to why the customers requested such a service. Moreover, it was noted that the bank failed to consider the risk profile of the customer or whether the country of incorporation/operations of the customer was a high risk jurisdiction. lndicatively; it- is mentioned that 75% of- thecompanies are incorporated in offshore centres (Belize, BVI, Seychelles, Panama), 16% are Cypriot companies. and onIy 9.5% are registered in European countries. Regarding the ultimate bene?cial owners of legal entities it was noted that 525% are Russians, 10%?Briti?sh, 10% from former CIS countries and 4% lsraelis and Lebanese. 33 ROC0001320 Case Document 92-2 Filed 01/17/17 Page 60 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL Theiailureof the Bank toeccompany ?transferscf? fundswith-aeeurateaneWseM information about the payer seems to violate, prima facie, the Council Regulation (EC) No. 1781/2006 of the European Parliament and of the Council on information On the payer accompanying transfers of funds. According to the EU regulation, money transfers should contain information on the payer. Complete information on the payer shall include'the name, address and account number. The? purpose of this regulation is the full traCeability cf transfers of funds which may be I. particularly important and valuable tool in the prevention, investigation and detection. of money laundering or of the financing of terrorism. In addition, the lack of provision of the said information involves money laundering risks and particularly terrorism financing risk since it enhances anonymity. In addition to the above, it was noted that certain customers requested the bank to, include its address on certain transactions, a fact which reinforces the suspiCion that, the above action took place to conceal the traceability of certain transactions or to enhance anonymity. Consequently, the said proCedure follOwed by the bank, intentionally hindered, prima . facie, the transmission of information on the payer throughout the payment chain length, and probably prevented the Compliance checks of other banking institutions. Record Keeping Article 68(1) of the Law requires credit institutions to retain records and keep for a period of at least five years the following documents: Copies of the customer identification eVidence; (ii) the relevant evidence and details Of all business relationships and A I transactions, including documents for the recording of transactions in the accounting books; and correspondencw with customers and other ~persons with whom abusiness relationShip is maintained. As already mentioned-above (Sectioa 4), the bank failed to obtain certain?documents in a number of business relationships, failing thus to comply with article 88 (1) of the AML Law. Staff awareness and traininq Case Document 92-2 Filed 01/17/17 Page 61 of 89 CENTRAL BANK OF CYPRUS adequate and appropriate systems and procedures to make their employees aware with regard to: systems and procedures for the prevention of money laundering and terrorist financing, (ii) the Law, the Directives issued by the competent Supervisory Authority, (iv) the European Union?s Directives with regard the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. Furthermore, Article 58(e) of the Law requires the regular training of staff to recognise and handle transactions and activities suspected to be related with money laundering or terrorist ?nancing activities. in addition, Section 8 of the CBC Directive provides, inter-alia, I that the MLCO is responsible to prepare and implement, on an annual basis, an education and training programme for the staff as required by the AML Law and the CBC Directive. The MLCO is required to evaluate the adequacy of the seminars and the training CONFIDENTIAL provided to the staff and maintain detailed data regarding the. seminars carried out. The structure of the training should defer depending on the duties and responsibilities of the staff. In light of the above, during the onsite inspection the following weaknesses were identi?ed: .0 The MLCO did nothave a consolidated training register for all employees as per paragraph 214 of the CBC Directive. Nevertheless, the Compliance department provided records of the training attended by the staff. it was noted that certain employees did not attend/complete the trainings provided by the Compliance Department in 2012 and 2013. However, no adequae explanations were provided by the MLCO as to the reason why. they did not attend the face to face training! electronic test. 0. 11 individuals from the sample selected did not have any training since February 2012? \in house electronic test). 0' 'Last training received for one individual (namely, Costas Kyriakides, Head of Credit) was in 2010 (Compliance training). 35 Rocoom 322 Case Document 92-2 Filed 01/17/17 Page 62 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM KYC procedures or actual SARs from the Bank. 10. Suspicious transaction reporting CONFIDENTIAL Article 69 of the AML Law requires credit institutions to apply internal reporting procedures to MOKAS. It-is?provided?that, includes .also the attempt to executesuspicious transactions. Also, Article 70 of the AML Law - requires credit institutions to refrain from carrying out transactions which they know or suspect to be related with before they inform MOKAS of their suspicion in' accordance with sections 27 and 69 of the Law. in this connection, a number of internal Suspicious Reports and Suspicious Reports filed with MOKAS was reviewed in order to asSess whether the credit institution? 3 procedures manual for the prevention of money laundering and terrorist ?nancing incorporates the provisions related to the recognition and reporting of suspicious transactions/activities, as foreseen in the AML Law and the CBC Directive, and whether theSe procedures are proVisions are effectively implemented. VDUring the IonSIte examination it was noted that In the following .cases the bank failed to comply with the regulatbry framework: Reference: Date: 30/08/2013 Name'Of Customer: Honys Comrnents: Unauthorized individual (claiming to be an account signatory) attempted fraud- by requesting a payment and presenting invalid signature and email other than the ones stored in Cl's files. The bank did not ?led a SAR to MOKAS in view of the fact that CBC-Findings: lt-appearstha?t the bank failed to'compty with article suspicious activity report to this was a dear attempt of?fraud?. Reference: 16/ 1 2/401440, Date: 30/08/2013 36 ROC0001323 Case Document 92-2 Filed 01/17/17 Page 63 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL Comments: Client as per Cl states works at Qatar and when he arrives in Cyprus he withdraws money for his own expenses. From the transaction it appears that he withdrew cash over ?10.000 at least three times in 2012. Evidence shows that the customer refused'to provide evidence or explanations regarding the purpose of the funds withdrawals. Bank has placed the account under close monitoring CBC Findings: The bank did not file a SAR to MQKAS and no adequate evidence was in ?le in relation to the said decision. No information was found in ?le in relation to the relationship between the company and Petros Laskaratos (person attempted to withdraw cash), the Business activity of the customer, where the source of funds was found etc. It appears that the bank failed to comply with the following articles of the AML Law and the CBC Directive Article 60 provides that Credit institutions must apply customer identification and due diligence measures in the cases When there is a suspicion of regardless of the amount of transaction. Article 61(1) proVides that Customer identi?cation and due diligence shall . comprise, inter?alia, the conduct of ongoing monitoring of the business .. relatiohs'hip including the scrutiny. of transactiOns undertaken throughoutthe course of the business relationship to ensure that the transactions being conducted are consistent with the information in their possession in relation to customer and risk pro?le. (0) Paragraph 57 of the CBC Directive provides that if a customer fails or refuses to submit, within a reasonable timeframe, the required data and identi?cation information for the 'updating of his/her identity and business/economic pro?le and, as a consequence; the credit institution is unable to comply with the customer identification requirements set out in the Law and this Directive, then the credit institution should terminate the business relationship and close all the it?sheuid examine whether it is warranted under the circumstances to submit a report of suspicious transactions/activities to MOKAS. Par 18 (ix) of the CBC Directive provides that if foilowing. the. evatuation of an internal suspicious report, the MLCO decides not to: notify MOKAS then he/she should fully explain the reasons for such a decision on the "Money Laundering Compliance Of?cers Internal Evaluation Report" which should, as already stated, 'be registered and retained on file. 37 ROC0001324 Case Document 92-2 Filed 01/17/17 Page 64 of 89 CENTRAL BANK OF CYPRUS CONFIDENTIAL Date: 13/03/2012 Name of Customer: TOREROS CAPITAL INTERNATIONAL LLC Comments: The client presented a request (March and December 2011) to deposit a letter of credit (for USD 100mln and another instrument of USD 17.5 (possibly fraudulent). The bank states that 'these transactions are not consistent with the company?s business profile thusthe amounts are very high considering the non- account movement'since the acCoUnt opening and the balance of the account. The Bank sent a to the client that they wish to terminate the business relationship. CBC Findings. The bank did not ?le a SAR to MOKAS, failing thus to comply with . article 27 of the AML Law and (ii) Paragraph 18 (ix) which provides that if folloWing - the evaIUation of an internal suspicious report, the MLCO decides not to notify MOKAS then he/she should fully explain the reasons for such a decision on the "Money Laundering Compliance Of?cer's Internal Evaluation Report" which should, as already statedggbe registered) and'retained~ on ?le. 7 Reference: Date: 26/06/2012 Name of Customer: NU TECHNOLOGIES LTD Comments: An internalsuspicious report was submitted due to the fact that the customer made two cash withdrawals ?14. 000 and ?1 3. 000 within a few days without any supporting information. Reasons- as per Client vacation purpOses and to be taken back to Germany. In view of the fact that the transactions Were below the threshold of ?30.000 the MLCO did not consider it suspicious. CBC?ndings: Wenotedthat the investigation was considered inadequate. In this respect, we consider that the bank failed to comply with 0) paragraph Par 18 (ix) of the CBC Directive which provides that following the evaluation of an internal SAR, the MLCO decides not to notify MOKAS then he/she should fully explain the reaSOn?s for Such a decision on the "Money Laundering Compliance Of?cer's Internal Evaluation Report" which should, as already stated, be registered and retained on file. It should be recalled that Article 60 requires credit institutions to apply customer identi?cation and due diligence measures in the cases when there is a suspicion of F, regardless of 38 ROC0001325 Case Document 92-2 Filed 01/17/17 Page CENTRAL BANK OF EUROSYSTEM the amount of transaction and (ii) Article 61(1) of the MAL Law which requires that I '7 Customer identification and due diligence shall comprise, inter alia, the conduct of I ongoing monitoring of the business relationship including the scrutiny of transactions undertaken throughout the course of the business relationship to ensure that the transactions being conducted are consistent with the information in their possession in relation to customer and risk profile. 2013 and 2014 the bank rejected approximately 180 introduced I customers. Some of these cases were related with persons who have been accused for scams and fraud. Nevertheless, the bank did not file a suspicious report to MOKAS. It should be recalled that article 69 of the AML Law provides that the obligation to report to the Unit includes also the attempt to execute such suspicious transactions. I Il.l r 1 .l W. Conclusion . On the basis of the documents and information collected and reviews and interviews carried I . out during the onsite examination, it appears, prima facie, that FBME is not fully compliant with certain important provisions of Part of the AML Law, the CBC Directive and the Regulation 1781/2006CONFIDENTIAL A Case Document 92-2 Filed 01/17/17 Page 66 of 89 Total Tetal Ioans net of MONEY MARKET FUND Net ?xed assets BSI 6.1 Net ?xed assets BSI 6.2 FINANCIAL DERIVATIVES BSI 7. share not Transit items Drafts and bills Other items Inter-branch Accrued receiVable Dividends receivable CONFIDENTIAL I ISSUED BY MFIS SHARES AND OTHER CENTRAL BANK OF CYPRUS EUROSYSTEM 0 795.8 18 1.599.136.5353 . 0 65.062 22.592.954 4.044.845 257 .364 229.076 0 27.940.727 34.871.054 0 . . 0 1.661.941.1 1.605.081.790- 0 65.076 24.523.551 3.920.086 219.184 0 32.269.741 0 APPENDIX 1 - 1.325;467.457 1.257.976.435 0 65.942? 26.309.948 3.896.492 0 32.114547 0 ROC0001327 Case Document 92-2 Filed 01/17/17 Page 67 of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM Rent receivable on insurance claims 4.056. . 1.828. 1846.62 Deferred tax asset Other . 14.812.003 8.974.401 . . 7.139.335 ?1.739. 1134463 debtsecurities issued MFIs 0 0 0 0 Total BSI 9 1.795.164.148 1.696.958.3536 1.788.514.215 1.491.459.429 PROVISIONS FOR LIABILITIES AND CHARGES BSI 11 1.738353 845.577 398.580 . 2.333.848 DERIVATIVES BSI 12Transit items . '0 . 0 I . . Bills . . - . . Other - . 0 0 0 items - . 20.255.026 18.845.912 12.530.133 Inter-branch 0 0 0 Interest accrued 4.719.771 3.280.106 1.952.754 1.485.285 Rent ble 0 0 0 0 Amounts collected forthe tern held 0 0 0 0 Loans and advances from 0 0 0 Income received in advance 0 0 0 0 Other 1.510.891 1.855.348 2.841.907 3.849.860 Quoted - 0 - 0 0 ca 22.737.608 21.753317 0 0 6.020.694 7.630.527 21.758.050 22.047.476 - 7.632.187 8.633.825 0 0 Reserves Share Premium 0 Revaluation reserves 0 CONFIDENTIAL ROC0001328 Case Document 92-2 Filed 01/17/17 Page 68 of 89 CENTRAL BANK OF CYPRUS Other reserves pea'mv Balance from Current MONEY MARKET FUND CONFIDENTIAL EUROSYSTEM 6.020.694 89. 122. 730 -. 32.413.995 . ISSUED BY MMFS 0 .r 42 7.630.527 104. 526. 468 17.489. 127 0 1 7.632.187 042. 144 9. 820. 335 ., 8.633.825 6. 1 10. 158. 694 12. 594. 722 ?71 0 ROC0001329 Case Document 92-2 Filed 01/17/17 Page 69 Of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM Onexim GROUP APPENDIX 2 . COUNTRY ACC OPENED ACC CLOSED CIF ACCOUNT NAME OF REG. REPRESENTATIVE STATUS INTRODUCER 7 . STATUS GIOURII . . 1 - . 56215 HOLDING CORP BVI KANJ-KEUDIS Mikhail Prokhorov- 20/06/2007 08/02/2010 CLOSED GIOURII . . 7 2 56214 DORSTENVIL CORPORATION BVI Mlkhall Prokhorov 20/06/2007 16/10/2013 CLOSED . - . . High OLEG 3 59059 ILLAGA INVESTMENT HOLDINGS BVI Mikhail Prokhorov 28/07/2008 . OPEN PEP NUZHDIN YIANNIS I . 7 High OLEG 4' 59360 INVESTMENTS LIMITED BVI Mikhall ProkhOrov 11/07/2008 OPEN PEP NUZHDIN . I YIANNIS . . I High . 59351 WILDA INVESTMENTS LIMITED BVI PAPADOPOULOS Mikhail Prokhorov~ . 28/07/2003 OPEN A YIANNIS . . - - High OLEG 6 59362 FLINTIA INVESTMENT HOLDINGS 8er PAPADOPOULOS Mikhail Prokhorov 25/07/2008 OPEN PEP NUZHDIN YIANNIS . . High OLEG 7 5937s DOFFRA CONSULTING LIMITED BVI PAPADOPOULOS Mikhall Prokhorov 25/07/2008 OPEN PEP NUZHDIN GIOURH . . High OLEG 8 62309 GRUNWALL SERVICES CORP. BVI KAMKEUDIS Mlkhall Prokhorov 18/11/2008 OPEN PEP NUZHDIN GIOURII . . High OLEG 9 62299 HEILAN MANAGEMENT INC. KANJKEUDIS Mtkhall Prokhorov 18/11/2008 OPEN PEP NUZHDIN GIOURII . . High OLEG 10 52304 FITTS INVESTMENTS LTD BVI MNJKEUDIS Mikhail Prokhorov 17/11/2008 OPEN PEP NUZHDIN ELENA . High OLENA L. . 11 69830 VFOESTA LIMITED CYPRUS BARBASHEVA Mikhail Prokhorov 07/07/2011 OPEN PEP KUZNYETSOVA GIDURII . . High OLEG 12 69664 ALDIARO HOLDINGS KANJKEUDIS Mikhail Prokhorov 04/07/2011 OPEN PEP NUZHDIN 43 CONFIDENTIAL R000001330 Case Document 92-2 Filed 01/17/17 Page 70 Of 89 CENTRAL BANK OF CYPRUS - GIOURII . . High OLEG 13 69665 ROSEMON INVESTMENTS LTD BVI KANJKEUDIS Mikhail Prokhorov 04/07/2011 OPEN PEP NUZHDIN . . High OLEG 14 69666 SONMENCO SERVICES INC. BVI KANJKEUDIS Mikhail Prokhorov 04/07/2011 OPEN PEP NUZHDIN 4 GIOURII . . High OLEG . 15 69667 LOGAVEL BUSINESS LTD. BVI Mikhail Prokhorov 04/07/2011 OPEN PEP NUZHDIN a - GIOURII . . High . .1 16 60668 FONSEN INVESTMENTS INC BVI KANJKEUDIS Mikhail Prokhorov_ 04/07/2011 OPEN PEP - GUARIK . . OLENA L. 17 69865 WHITFIELD LTD BVI ULAKSIZ OV A Mikhail Prokhorov 10/10/2011 OPEN Normal KUZNYETS OVA GUARIK . . OLENA 18' 69866 LOCOMONDOINVESTMENTS LTD BVI .GULAKSIZOVA Mikhail Prokhorov 10/10/2011 Normal . GUAPIK . . . i OLENA . 19 69867 AMONDAWA HOLDINGS LTD BVI - GU MKSIZOVA Mikhail Prokhorov 10/10/2011 OPEN Normal KUZNYEBWA- - GUARIK . . OLENAL 20 69868 BEDALE HOLDINGS LTD BVI - GULAKSIZOVA Mlkhall ProkhoroV 10/10/2011 OPEN Normal KUZNYETSOVA GUARIK . . OLENA L. 21 69869 CORLEON ALLIANCE LTD BVI GULAKSIZOVA Mikhail Prokhorov 10/10/2011 OPEN Normal KUZNYETSOVA ONEXIM GROUP MANAGEMENT . . High OLENA L. 22 405447 LIMITED BVI Mikhail Prokhorov 10/07/2013 OPEN PEP KUZNYETSOVA 23 057539 ILAR CONSULTING LTD BVI 06/02/2008 OPEN NOrmal SHAKINA 44 CONFIDENTIAL ROC0001331 Case Document 92-2 Filed 01/17/17 Page 71 Of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM APPENDIX 3 CREDIT COUNTRY Acc OPENED - - RISK BALANCE TURNOVER CIF ACCOUNT NAME OF REG. UBO STATUS STATUS 2013 . INTRODUCER . TATIANA REGAN I ., . JUAN MUHSIN AL- ST. SMEDLEY OF ATLAS - HIG . . 1 53956 IAHXON BVI BARAZI 2006 08-08 OPEN EP 213,SINDIKO DOKOLO 2 69496 CLEDA LTD BVI TATIANA REGAN 2011-08-10 OPEN NORMAL 6.536.847,56 0,00 57' SMEDLEY 0? ATLAS - I coasvcs F2 REGAN . . - I - ST. SMEDLEY OF ATLAS 3 67970 NAPAN TRADING LTD BVI 09mm 2011-0247 OPEN HIGH PEP . 1035,85 1.846.533,23 coasvcs F2 - - . JUAN MUHSIN AL- - a 64445 LTD BVI BARAZI, ISABEL 2009-07-24 OPEN HIGH PEP 2.769.787,o1 0,00' OF ATLAS JOSE DOS SANTOS . - EXEM AFRICA ST. SMEDLEY 0F ATLAS 5 59429 ?Mmo BVI SINDIKO DOKOLO 2011-06-17 OPEN HIGH PEP 8.791,77 0,00 F2 6 57706 XMETALS MAURITIUS SINDIKO DOKOLO 2008-04-10 OPEN HIGH PEP 7.589.264,20 4486,19 2:3:33 7 400826 MINEWORKS LTD BVI TATIANA REGAN 2012-01-26 OPEN NORMAL 24.716.39 141.074,77 22:24:33 OF ATLAS JUAN MUHSIN AL- 8 400397 ?zuriEhg'N'NG BAHAMAS BARAZI, ISABEL 2012-02-02 OPEN HIGH PEP 3806,61 3598,72 OF ATLAS JOSE Dos SANTOS - JUAN MUHSIN . 400998 LIMITED BAHAMAS BARAZI, ISABEL 2012-02-02 OPEN HIGH PEP 3771,77 7201,07 JOSE DOS SANTOS 45 ROC0001 332 CONFIDENTIAL Case Document 92-2 Filed 01/17/17 Page 72 Of 89 CENTRAL BANK OF CYPRUS EUROSYSTEM JUAN MUHSIN AL- 10 400999 ANGOLA BAHAMAS BARAZI, ISABEL 2012-0202 OPEN HIGH PEP 5.461,87 3.598.72 23:33:; OF ATLAS JOSE DOS SANTOS - EVERSDEN SERVICES MICHAEL - ST. SMEDLEY 0F ATLAS .11 403871 no I aw WITBRAAD 2012-11-15 OPEN HIGH OTHER 257.134,21 13044739 COR.SVCS F2 FAIRTOUCH I ST. SMEDLEY OF ATLAS 12? 405301 TRADING LIMITED BVI SINDIKA DOKOLO 2013-12-23 OPEN HIGH PEP 15.038.634,45 1138857173 COR.SVCS F2 SIDEMORE - ., - - . SMEDLEY OF ATLAS 13 405302 HOLDINGS LTD BVI SINDIKA DOKOLO 2014-01-17 OPEN HIGH PEP 5.057.579.46 0,00 FZ Acc OPENED CREW COUNTRY RISK BALANCE TURNOVER CIF NAME OF REG UBO STATUS srATus .2013 INTRODUCER Y) . I . 1 401312 LTD DUI JUAN MUHSINAL- 2012-0202 OPEN 245,66 51.36647 0F ATLAS I . OTHER I COR.SVCS F2 BARAZI I - - NAPLES ENTERPRISES JUAN MUHSIN AL- HIGH ST. SMEDLEY OF ATLAS 2 401742 LIMITED BVI BARAZI 2012-03-01 OPEN OTHER 3726,62 764.940.90 OR.SV cs F2 LITTLEFIELD JUAN MUHSIN HIGH ST. SMEDLEY OF ATLAS 3 405359 VENTURES LIMITED BARAZI 2014-04-23 OPEN OTHER 3,726.62 764,940.90 COR.SVCS F2 JUAN MUHSIN AL- HIGH ST. SMEDLEY 0F ATLAS 4 406870 TARWORTH LTD BVI BARAZ. 2009-07-24 OPEN OTHER 6,512,16 0,00 OR. 5v cs F2 JUAN MUHSIN AL- HIGH ST. SMEDLEY OF ATLAS 5 406871 TECHMINA LTD aw BARAZI 2014-04-25 OPEN OTHER 352.496,54 0,00 COR.SV cs F2 MADIMI TATIANA REGAN, JUAN ST. SMEDLEY OF ATLAS 64515 INTERNATIONAL LTD MUHSIN 2009-08-27 OPEN NORMAL 175.791,93 03.34678 COR.SVCS CONFIDENTIAL 46 ROC0001333 Case Document 92-2 Filed 01/17/17 Page 73 of 89 - CENTRAL BANK OF CYPRUS LEAF TOBACCO 7 406958 GREECE CONFIDENTIAL EUROSY ST EM SYNDICATE LOAN PARTICIPATION. THE ARRANGER IS DEUTSCHE BANK. N0 ACTUAL ACCOUNT, ONLY CIF OPENED TO PASS THE ENTRY. THE SYNDICATE LOAN IS PAID TO DEUTSCHE BANK ABD IS REPAID BY THEM OPEN NORMAL 47 's.509.054,16 0,00 NICOSIA BRANCH