We have covered the introduction of the Register for Ultimate Beneficial Owners (UBOs) in Cyprus in several newsfeeds so far.
In summary, every company or any other legal entity incorporated in Cyprus is required to maintain adequate information about its ultimate beneficial owners, which needs to be submitted to the UBO Register (the ‘Register’). The Registrar of Companies has been appointed as the competent authority for the maintenance of the Register. The intention is to provide transparency and a clear picture with regards to who are benefiting from transactions and operations undertaken by an entity.
On 12 March 2021, the Registrar issued a directive (the ‘Directive’) with guidelines regarding the maintenance and operation of the Register, as well as a manual for the system developed for this purpose.
Beneficial owners of companies or other legal entities are defined as the natural persons who ultimately own or control the company or other legal entity and/or the natural person(s) on whose behalf a transaction or activity is conducted. As per the Anti Money Laundering (AML) legislation (the Prevention and Suppression of Money Laundering and Terrorist Financing Law), these are natural persons with a 25 per cent plus 1 share direct or indirect ownership of shares or voting rights, except for publicly listed companies.
The provisions of the governing law do not explicitly refer to the information that should be entered into the register. However, this will be based on the requirements of the relevant EU AML Directives as well as those of the AML legislation and will include, among other:
In case where no natural person can be identified as the UBO based on ownership rights or when there is doubt that the person identified is the UBO, the details of the senior management officials must be submitted, indicating whether the persons are directors in the company or whether they hold another position, by declaring that position.
The provisions do not apply to the following cases:
Furthermore, a UBO, or the company or any other legal entity authorised to act on his/her behalf, has the right to file a written request to the Registrar for non-disclosure of his/her personal details on the grounds of exposure of the UBO to a disproportionate risk of fraud, abduction, extortion, harassment, violence or intimidation or because the UBO is otherwise legally incompetent. Upon review of the request, the Registrar might ask for additional information and must notify the applicant, within 30 days from reaching a decision, whether the request is approved or rejected. In case of approval, the Registrar will not allow a liable entity or member of the public to access all or part of the information about the specific UBO. In case of rejection there is a right of objection within 75 days from the date the decision is communicated to the applicant.
It should be stressed that all information to be included in the Register will be protected by strict data protection regulations and will only be accessed if it is deemed appropriate, judging by the merits of each case.
Access to the Register, during this intermediate stage, is only available to the Competent Supervisory Authorities, the Financial Intelligence Unit, the Customs Department, the Police and the Tax Department, upon request to the Registrar of Companies. Therefore, information in the Register will not be publicly available. At the final stage the information collected will be transferred to a platform to be developed in the second half of 2021. Access to that platform will be based on the provisions of the 5th EU AML Directive (EU 2018/843), thus it will be accessible to any person or organisation that can demonstrate a legitimate interest.
For existing companies a period of 6 months, starting from 16 March 2021, has been granted in order to submit their UBO data to the Register. Entities registered from 16 March 2021 onwards (new entities), have 30 days from the date of their registration to file the required information. Changes in UBO information, must be reported within 14 days from the change.
It is stressed that regardless of the criminal liability or prosecution of any person, fines and penalties may be imposed to entities and their officers in case of non-compliance. The penalty is €200 for the entity and each of its officers plus €100 for every day thereafter for which the default continues, with a maximum of €20.000 for each default.
Companies are urged to commence collecting the mandatory information which must have already been in their possession in accordance with the provisions of the AML legislation.
Seamark can assist companies in assessing the requirements based on their own facts and circumstances, collecting and/or reviewing the relevant information and making sure that this is well submitted to the Register and maintained up to date.