Directive (EU) 2018/843 of May 2018, on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, entering into force on the 20th January, 2020, requires amongst others:
"1. Member States to put in place centralised automated mechanisms, such as central registries of central electronic data retrieval systems, which allow the identification, in a timely manner, of any natural or legal persons holding or controlling payment accounts and bank accounts identified by IBAN, as defined by Regulation (EU) 260/2012 and safe deposit boxes held by a credit institution within their territory.
2. Member States shall ensure that the information held in the centralised mechanisms referred to in paragraph 1 above, is directly accessible in an immediate and unfiltered manner to national FIUs. The information shall be accessible to national competent authorities for fulfilling their obligations under Directive (EU) 2018/843. Member States shall ensure that any FIU is able to provide information held in the centralised mechanisms referred to in paragraph 1 above to any other FIU in a timely manner according to article 53 of Directive (EU) 2018/843."
Implementing the requirements as set forth in Directive (EU) 2018/843 the Central Bank of Cyprus will implement and maintain the Bank Accounts Register (BAR).
Any supervised institution which maintains payment accounts, accounts identified by an IBAN and safe deposit boxes is obliged to submit the data required by the BAR:
Supervised institutions are required to submit a full file on their first submission (and whenever required by the CBC) and a daily file with any daily changes in their accounts database. It there are no daily changes institutions are required to submit empty files.
- All accounts maintained for a period of up to five years irrespective of the status of the account.
- All safe deposit boxes leased for a period of up to five years.
As per the EU Directive the following information shall be accessible and searchable through the centralised mechanisms:
Additional to the data requirements that need to be maintained and reported to BAR, the AML/CFT Law requires obliged entities to maintain the following documents and information for a period of five years after the end of the business relationship with the customer or after the date of an occasional transaction:
- For the customer-account holder and any person purporting to act on behalf of the customer: the name, complemented by either the other identification data required under the national provisions transposing point (a) of Article 13(1) of Directive (EU) 2018/843 or a unique identification number;
- for the beneficial owner of the customer-account holder: the name, complemented by either the other identification data required under the national provisions transposing point (b) of Article 13(1) or a unique identification number;
- for the Bank or payment account: IBAN and the date of account opening and closing;
- for the safe deposit box: name of the lessee complemented by either the other identification data required under the national provisions transposing Article 13(1) or a unique identification number and the duration of the lease period.
An obliged entity must ensures that all documents referred to above, are promptly and without delay made available to the FIU and the competent Supervisory Authority for the purpose of execution of the duties assigned to them pursuant to the provisions of the AML/CFT Law.
- copies of documents and information required for compliance with the customer due diligence requirements as determined in the said Law;
- relevant evidence and records of transactions which are necessary for the identification of transactions;
- relevant correspondence with customers and other persons with whom a business relationship is maintained.
The BAR Module released under the Register Series of FRCS is a comprehensive solution for managing the Data Reporting and Validation obligations of institutions in relation to the BAR project.
Required data (input) is provided by the reporting institution to the application system. The data is normalised and enriched as necessary to meet the project data requirements. The user then has the option to select whether to produce the Full or Daily Report.
Depending on the selected report type (Full/Daily) the processing is carried out the following outputs are generated:
- Full or Daily BAR XML Instance Files to be submitted to the Regulator;
- XML Schema Validation results;
- BAR Business Validation results;
- Data Reports where the user can review the contents of the XML files in a more readable form.