Home/News/User Verification/KYC Procedure In Cyprus

KYC Procedure In Cyprus

Cyprus is a key financial hub in the EU and Mediterranean that has established a strong regulatory compliance framework to combat money laundering and terrorist financing. At the heart of this Cyprus compliance framework lies the AML and KYC process, a critical measure that financial institutions, fintech firms, and other regulated entities in Cyprus use to verify a customer’s identity and manage risks.

With over 50 international banks and more than 800 entities regulated by the Cyprus Securities and Exchange Commission (CySEC), the country’s financial sector plays a significant role in the economy—contributing approximately €1.6 billion (7% of GDP) in 2022

However, regulatory scrutiny has intensified in recent years. In 2024, CySEC issued fines totalling €2.7 million to firms failing to meet regulatory obligations, with a total of 850 on-site and remote audits, highlighting the importance of robust KYC and AML compliance practices in Cyprus.

Moreover, authorities such as MOKAS (Cyprus’ financial intelligence unit) received 526 Suspicious Activity Reports (SARs), and over 1900 Suspicious Transaction Reports (STRs) in 2022, underscoring the growing emphasis on financial transparency and risk mitigation. 

In this article, we explore the KYC compliance in Cyprus and step-by-step KYC procedures in Cyprus for businesses to ensure compliance in this evolving regulatory landscape.

AML Screening software

We will also explain how KYC software helps you to streamline the ID verification, while AI-powered AML screening helps you to identify high-risk customers on a continuous basis. 

Know Your Customer (KYC) in Cyprus

Know Your Customer (KYC), is a critical process by the financial institutions in Cyprus aimed at verifying the identity of customers and assessing their risk profile to prevent money laundering, terrorist financing, and other financial crimes.

In Cyprus, this process is integral to maintaining the integrity of the financial system, especially given its role as a financial hub in the EU. The objective is to ensure that financial institutions and other obliged entities, such as banks, investment firms, and designated non-financial businesses and professions (DNFBPs), are not used, intentionally or unintentionally, by criminal elements.

Identity verification KYC verification

The KYC process in Cyprus involves verifying a customer’s identity through official documents such as passports, national ID cards, or driver’s licenses. Additionally, businesses may require proof of address, financial history, and details on the source of funds to determine potential risks. KYC is not a one-time process; ongoing monitoring of transactions and customer activity is essential to ensure continued compliance.

The KYC framework in Cyprus is influenced by international standards set by the Financial Action Task Force (FATF), which provides recommendations for anti-money laundering (AML) and counter-terrorist financing (CFT). 

These standards are transposed into EU law through directives, notably the Fourth Anti-Money Laundering Directive (4AMLD) implemented in 2017 and the Fifth Anti-Money Laundering Directive (5AMLD) effective from 2020. Cyprus, as an EU member state, must align its national legislation with these directives, ensuring a harmonized approach across the single market.

KYC Procedures in Cyprus

KYC compliance in Cyprus comprises three essential components, each designed to ensure that businesses can accurately identify their customers, assess potential risks, and maintain ongoing compliance with both local and EU regulatory standards. 

KYC Verification plays a key role in preventing fraud while ensuring that financial institutions and other regulated entities in Cyprus thoroughly verify the identities of their clients and evaluate the risks associated with them.

Below are the three main components of the KYC process in Cyprus.

KYC Verification process

Customer Identification and Verification

The Customer Identification and Verification is the first and most critical step in the KYC compliance process in Malta, ensuring that individuals and businesses are who they claim to be.

Cyprus AML Law Section 61(1) specifies the identification procedures, which include:

  • Identifying and verifying the customer's identity using reliable sources, such as official identity documents (e.g., passport, ID card, driver's license) and electronic ID per Regulation (EU) No 910/2014.
  • Identifying and verifying the beneficial owner, defined as any person holding directly or indirectly more than 25% of the company's shares, or a controlling person if no such owner is identified.
  • Understanding the purpose and intended nature of the business relationship.
  • Conducting ongoing monitoring of transactions and the customer's profile to detect any unusual or suspicious activities.

For individuals, documentary evidence is required for full name, date of birth, address, profession or occupation, and a specimen signature, typically supported by a photograph-bearing official document. 

For companies, additional documents include certificates of incorporation, articles of association, and identification of directors and shareholders.

Verify Individuals and Businesses in Minutes

Binderr KYC solution let you streamline user verification and authentication. Verify IDs with advanced biometric verification, including face match technology and liveness checks, ensuring secure and seamless identity authentication.

Binderr KYB solution enable you to verify businesses in minutes, conduct corporate screening, map ownership structures securely, and verify UBOs. Simplify the business verification process and onboard clients faster with ease.

Customer Due Diligence (CDD) in Cyprus

CDD is a fundamental part of the KYC procedure in Cyprus (Section 63), evaluating customer risks related to money laundering or terrorism financing. Businesses collect essential information such as a customer's full name, address, and date of birth, verifying these details through independent and reliable sources.

As part of CDD, organizations must screen customers against various databases, including global sanctions lists, PEP watchlists, and adverse media reports. This ensures that businesses in Cyprus do not engage with individuals or entities involved in illicit activities or listed under international regulatory restrictions.

For low-risk clients, simplified CDD may be applied, meaning reduced verification measures while still maintaining monitoring for unusual activities.

Simplified Due Diligence (Section 63): Applied to low-risk relationships or transactions, with reduced verification requirements, but still requiring monitoring for unusual activities. Factors for lower risk include public companies, public administrations, and low-risk geographical areas, as per Annex II of the law.

Read more: What is Customer Due Diligence (CDD)?

Enhanced Due Diligence (EDD) in Cyprus

When a customer poses a higher risk, Enhanced Due Diligence (EDD) is required as part of KYC procedures in Cyprus.

Enhanced Due Diligence (Section 64) is required for high-risk scenarios, such as customers from high-risk third countries, cross-border correspondent relationships with third-country institutions, and politically exposed persons (PEPs), entities on sanctions lists, or individuals flagged in adverse media reports.

EDD involves gathering additional information to build a more detailed risk profile. This includes:

  • Obtaining extra information on the customer, beneficial owner, and purpose of the relationship.
  • Establishing the source of wealth and funds.
  • Obtaining senior management approval.
  • Enhanced ongoing monitoring.

For PEPs, Cypriot financial institutions must implement robust risk management systems and continue monitoring the account for a 12-month post-PEP period, particularly for close family members and associates.

Read more: What is Enhanced Due Diligence (EDD)?

Comparative Table: CDD vs. EDD in Cyprus

To illustrate the differences, the following table compares CDD and EDD processes in the context of screening for PEPs, sanctions, watchlists, and adverse media:

Aspect Customer Due Diligence (CDD) Enhanced Due Diligence (EDD)
Purpose Verify identity and assess basic risk Mitigate high-risk scenarios, deeper investigation
Application All customers, standard onboarding High-risk customers, e.g., PEPs, high-risk countries
PEP Screening Basic check against PEP lists Detailed scrutiny, source of wealth, political connections
Sanctions/Watchlists Initial screening against EU and global lists Thorough checks, continuous monitoring, ownership analysis
Adverse Media Basic negative news check Extensive media screening, AI analysis for reputational risk
Regulatory Basis EU 4AMLD/5AMLD, Cyprus AML Law 2007 Same, with additional measures for high risk
Frequency At onboarding, periodic updates Ongoing, triggered by risk changes or suspicious activity

Read More: Difference Between CDD and EDD

Ongoing Monitoring

KYC procedures in Cyprus don't end with initial verification, ongoing monitoring ensures risks are managed throughout the customer relationship. This step includes:

  • Continuously reviewing transactions to detect unusual or suspicious patterns.
  • Updating customer information (e.g., identity documents, address, beneficial ownership) periodically.
  • Reassessing risk levels if circumstances change (e.g., a customer becomes a PEP or is linked to adverse media).
  • Conducting additional screenings or EDD if new risks emerge.

Ongoing monitoring, required under section 61(1)(d) of the Cyprus AML Law, ensures compliance adapts to evolving customer behavior and global risk factors.

KYC Solution in Cyprus

Binderr offers innovative solutions to enhance client onboarding and regulatory compliance processes. Their platform is designed to streamline compliance procedures, making it easier for businesses to meet regulatory requirements efficiently. Binderr's services include:​

  • Biometric ID Verification: Binderr enables businesses to verify users through biometric identification methods, including facial recognition technology and liveness detection, ensuring that the individual is physically present during the verification process.​
  • Screening Against PEP, Watchlists, and Sanctions: The platform automatically screens users against various databases, including PEP lists, watchlists, and sanctions lists, to identify potential risks and ensure compliance with AML regulations.​
  • Risk Profiling: Binderr allows businesses to create risk profiles for users, categorizing them into low, medium, or high-risk levels based on the organization's risk appetite.​
  • Ongoing Monitoring: The platform provides real-time alerts and periodic checks to monitor user activities continuously, enabling businesses to detect and respond to any suspicious behavior promptly.​

By leveraging Binderr's comprehensive KYC solutions, businesses in Malta can enhance their CDD and EDD processes, ensuring compliance with regulatory standards while effectively managing risks associated with financial crimes.

KYC in Cyprus: A Risk-Based Approach

Companies in Cyprus follow a Risk-Based Approach (RBA), where entities are required to categorise customers into risk levels—low, medium, or high, which dictate the level of due diligence required.

This ensures that financial institutions can effectively assess, mitigate, and monitor risks by implementing tailored due diligence measures based on the client’s risk profile.

To develop and maintain customer risk profiles, AML screening solutions are used. Based on the risk level, CDD and EDD are applied to customers. The screening processes for PEPs, sanctions, watchlists, and adverse media are integral to both CDD and EDD, with EDD providing a deeper level of scrutiny. Below is a detailed breakdown:

Politically Exposed Persons (PEPs)

PEPs are individuals who hold or have held prominent public functions and are considered higher risk due to potential involvement in corruption or money laundering. The 4AMLD expanded the definition to include domestic PEPs, requiring enhanced scrutiny. In Cyprus, EDD for PEPs involves:

  • Checking against publicly available PEP lists, as required by 5AMLD, which mandates member states to release functional PEP lists.
  • Additional due diligence to understand political connections, source of wealth, and potential risks, ensuring compliance with AML laws.

Sanctions and Watchlists

Sanctions and watchlists include lists maintained by the EU, such as the EU Consolidated Sanctions List, and international bodies like the Office of Foreign Assets Control (OFAC). Businesses in Cyprus must screen customers against these lists to comply with AML regulations. The process involves:

  • During CDD: Initial screening to ensure the customer is not on any sanctions list, which is mandatory for all customers.
  • During EDD: More thorough checks, especially for high-risk customers, to verify no associations with sanctioned entities or individuals, including applying the EU's 50% rule for ownership.

Watchlist screening is crucial for identifying high-risk individuals or entities involved in criminal activities, and it is part of both CDD and EDD, with EDD requiring continuous monitoring.

Adverse Media

Adverse media refers to negative or unfavourable information about individuals or entities found in public sources like news articles, blogs, and social media, indicating potential involvement in illegal activities. In the AML context:

  • During CDD: Basic adverse media checks may be performed to identify any immediate red flags.
  • During EDD: More extensive adverse media screening is conducted, especially for high-risk customers, to assess reputational and financial risks. This includes using AI tools to analyse unstructured data for negative news, ensuring a holistic risk assessment.

Adverse media screening is not a one-time check but a recurring process, conducted at onboarding, during ongoing monitoring, and in suspicious activity investigations, enhancing AML compliance.

When KYC is Required in Cyprus?

KYC and Customer Due Diligence (CDD) must be applied in the following scenarios, as per section 60:

  • Establishing a business relationship.
  • Occasional transactions of €15,000 or more, whether in a single operation or linked operations.
  • Transfers of funds exceeding €1,000, as mandated by Regulation (EU) 2015/847.
  • When there is suspicion of money laundering or terrorist financing.
  • When there are doubts about the veracity or adequacy of previously obtained customer data.
  • For gambling services or casino transactions of €2,000 or more.
  • For goods trading cash transactions of €10,000 or more.
  • For crypto asset service providers' transactions of €1,000 or more.

These thresholds ensure that significant transactions are scrutinized, aligning with EU and international standards.

The cornerstone of KYC regulations in Cyprus is the Prevention and Suppression of Money Laundering Activities Law of 2007 (Law No. 188(I)/2007), which has been amended to incorporate EU directives and FATF recommendations. This law outlines the obligations for obliged entities to establish AML and KYC procedures. Recent updates include provisions for the Cyprus Beneficial Owner Register, reflecting the implementation of 5AMLD, as noted in translations available up to Law 61(I)/2021 (Cyprus AML Law in English).

Key regulatory bodies include:

  • Central Bank of Cyprus (CBC): Responsible for supervising banks and credit institutions, ensuring compliance with AML/CFT directives, and considering assessments from bodies like the European Banking Authority (EBA) and FATF.
  • Cyprus Securities and Exchange Commission (CYSEC): Regulates investment services and has issued circulars, such as those related to crypto assets, to enhance oversight under EU standards.
  • Unit for Combating Money Laundering (MOKAS): Acts as the Financial Intelligence Unit (FIU), receiving and analyzing suspicious transaction reports (STRs) from financial institutions and DNFBPs, playing a vital role in combating money laundering and terrorist financing.

These bodies work in coordination to enforce compliance, with MOKAS also issuing guidance and training to support obliged entities.

KYC Document Requirements in Cyprus

In Cyprus, KYC document requirements are a critical part of the customer due diligence (CDD) process, mandated by the Prevention and Suppression of Money Laundering Activities Law of 2007 (Law No. 188(I)/2007, as amended). 

These requirements ensure that obliged entities—such as banks, investment firms, and designated non-financial businesses and professions (DNFBPs)—can verify customer identities, assess risks, and prevent financial crimes like money laundering and terrorist financing. 

Below is a comprehensive overview of the documents required for individuals and legal entities, based on sections 60-66 of the law and regulatory guidance from the Central Bank of Cyprus (CBC), Cyprus Securities and Exchange Commission (CYSEC), and the Unit for Combating Money Laundering (MOKAS).

For Individuals

When dealing with natural persons, obliged entities must collect and verify the following documents to establish identity and address:

Identity Documents:

  • A valid passport, national identity card, or driver’s license issued by a recognized authority. These must include a photograph, full name, date of birth, nationality, and a unique identification number.
  • Electronic identification (eID) may be accepted if compliant with Regulation (EU) No 910/2014 on electronic identification and trust services.

Proof of Residential Address:

  • A recent utility bill (e.g., electricity, water, or telephone) issued within the last three months.
  • A bank statement or credit card statement from a recognized financial institution, also within the last three months.
  • A government-issued document (e.g., tax certificate or residency permit) confirming the address.

Additional Information:

  • Details of occupation or profession (e.g., employment contract, payslip, or business registration if self-employed).
  • A specimen signature, often collected during account opening or contract signing.

These documents ensure a robust identification process, with originals or certified copies typically required under CBC and CYSEC guidelines.

For companies, partnerships, trusts, or other legal arrangements, the KYC process extends to identifying the entity itself and its beneficial owners (those owning or controlling more than 25% or exercising significant influence). The required documents include:

Entity Identification:

  • Certificate of Incorporation or Registration issued by the Cyprus Registrar of Companies or equivalent authority for foreign entities.
  • Memorandum and Articles of Association (or equivalent constitutional documents).
  • Certificate of Registered Office Address.
  • Certificate of Good Standing (if applicable, particularly for older entities).

Ownership and Control Structure:

  • Register of Shareholders or Members detailing ownership percentages.
  • Register of Directors and Secretary, including their identification documents (as per individual requirements above).
  • Organizational chart or written declaration identifying beneficial owners if ownership is complex (e.g., through nominees or trusts).

Beneficial Owner Verification:

  • Identity documents for each beneficial owner (passport, ID card, proof of address, as per individual requirements).
  • For trusts: Trust deed, identification of settlor, trustee(s), protector (if any), and beneficiaries.

Business Purpose:

  • Business plan, financial statements, or contracts explaining the nature and purpose of the entity’s activities.
  • License or permit if the entity operates in a regulated sector (e.g., financial services, gaming).

Bottom Line

As Cyprus continues to strengthen its position as a financial hub within the EU, the need for stringent KYC compliance in Cyprus is critically required. With increasing regulatory oversight from CySEC and international obligations under FATF and EU AML Directives, businesses operating in Cyprus must implement robust KYC frameworks to prevent financial crimes, safeguard their reputation, and maintain regulatory compliance.

A risk-based approach is essential, requiring businesses to categorise clients into low, medium, or high-risk profiles based on key indicators such as transaction patterns, geographical location, and exposure to politically exposed persons (PEPs). Screening customers against sanctions lists, watchlists, and adverse media is no longer optional—it's a fundamental requirement to ensure financial integrity.

To meet these evolving compliance demands, leveraging advanced KYC solutions is crucial. Binderr offers a cutting-edge platform that simplifies the KYC process in Cyprus. 

With biometric ID verification, face-matching technology, and liveness detection, Binderr enhances identity verification. 

Binders real-time AML screening against PEPs, sanctions, and watchlists ensures businesses stay compliant while minimising fraud risks. Moreover, Binderr enables dynamic risk profiling and continuous monitoring, helping companies maintain a secure and verified customer base.

By integrating AI-powered KYC solutions like Binderr, businesses in Cyprus can ensure compliance while streamlining customer onboarding, reducing risk, and maintaining financial transparency. Stay ahead of regulatory challenges and build trust with a compliance-first approach.

Mohammad Humaid

Article written byMohammad Humaid

Mo is an accomplished content marketer with expertise in Fintech, Blockchain, Web3, and SaaS. His professional journey includes a notable stint at Wise (formerly TransferWise), where he played a key role in expanding the brand's footprint across the European market. Currently, Mo is shaping the vision of Binderr, focusing on simplifying compliance for regulated companies, particularly in the finance, crypto, iGaming, and betting sectors, ensuring they meet regulatory requirements efficiently and effectively.

Recommended

best-kyc-service-providers

6 Best KYC Service Providers of 2025

customer-due-diligence-in-uae

Customer Due Diligence in UAE

kyc-compliance-malta

KYC Compliance in Malta

The future of
professional firms is now

Looking to improve how you operate as a professional firm? Speak to one of our team members to find out how we can help.