New Central Bank of Cyprus AML Directive: A shift towards Proportional Compliance

The Central Bank of Cyprus (“CBC”) has updated its anti-money laundering and counter-terrorist financing (AML/CFT) regulatory framework through the adoption of a revamped AML Directive (Κ.Δ.Π. 120/2025), entering into force on 2 June 2025. This Directive reflects Cyprus’ ongoing efforts to maintain a robust regulatory system, while improving the practical implementation of compliance obligations for financial institutions and their clients.

What’s New: Risk-Based, Accessible, and Digital

At the heart of the Directive lies a reaffirmation of the risk-based approach in how financial institutions manage customer due diligence and ongoing monitoring. Key reforms include:

• Tiered Customer Reviews: Financial institutions may now tailor their review frequency and scope based on the assessed risk level of each client. This means lower-risk customers — such as pensioners receiving fixed, verifiable incomes — may be subject to less frequent and less burdensome review processes. Enhanced due diligence remains mandatory for higher-risk clients, including politically exposed persons (PEPs) and customers from high-risk jurisdictions.
• Simplified Documentation Procedures: In the context of customer reviews, financial institutions can now accept plain copies of documentation in lieu of originals, making such processes more convenient. Additionally, financial institutions may rely on existing verified information already held in their records for ongoing customer due diligence, minimising repeated requests to customers for the same data.
• Alternative Verification Options for Vulnerable Clients: Provisions have been added to support vulnerable clients, such as individuals with disabilities or health conditions. These clients may now verify their identity through personalised alternative means — a pragmatic change with tangible impact on financial inclusion.
• Digital and Third-Party Verification Channels: The Directive explicitly supports the use of digital documents and allows certifications by trusted third parties, such as government bodies. This opens the door for more streamlined, technology-enabled client onboarding and monitoring processes.

What This Means in Practice

These reforms are not simply technical adjustments — they reflect a meaningful cultural shift in how compliance is approached in Cyprus.

Financial institutions are now encouraged to apply resources proportionately, focusing investigative energy where risk is highest. This should result in reduced friction for low-risk clients, enhanced accessibility to financial services and more efficient use of compliance personnel.

Importantly, the Directive prevents financial institutions from using AML obligations as a reason to unreasonably deny or delay banking access to entire categories of clients who, prima facie present higher-risk AML profiles, and obliges them to consider alternative means for mitigating any relevant risk, prior to proceeding with an outright denial of service or termination of banking relationship. As such, it supports broader financial inclusion, while maintaining rigorous control over systemic risk.

A Balanced and Credible Jurisdiction

The CBC has indicated that this change does not constitute a relaxation of standards. Instead, it reflects a recalibration—ensuring that stringent compliance remains in place where it is needed most, while routine processes are simplified for clients who present demonstrably low risk.

From a policy perspective, the CBC’s move is aligned with broader EU-level and international trends, which favour effective, intelligence-driven AML regimes over rigid, box-ticking compliance. It also bolsters Cyprus’ reputation as a responsible financial centre that values both security and service efficiency.

Financial institutions will now need to review and revise their internal policies, update client communication protocols, and invest in digital infrastructure to implement the Directive effectively.

At Chrysostomides we remain available to assist clients in understanding how the Directive may affect their banking relationships and to provide guidance in addressing any related compliance or documentation requirements as they arise.

The full text of the new Directive (in Greek) can be accessed here, whereas the accompanying announcement by the Central Bank of Cyprus (also in Greek) can be accessed here.