Who It’s For
- Law firms, corporate service providers, and regulated businesses that need an AML manual staff can follow
- Teams preparing for bank onboarding, audits, or regulator reviews
- Organisations that want consistent CDD/EDD standards with clear escalation steps and records
Compliance support for 700+ Cyprus entities. CySEC ASP License 135/196. Response within four business hours.
What You Get (Deliverables)
- AML framework outline and Business Risk Assessment (BRA) structure (method + heatmap template)
- CDD/EDD/SDD procedures manual with checklists and evidence thresholds
- UBO and Source of Wealth/Source of Funds templates with escalation notes
- SAR/STR playbook with workflow templates and registers (where applicable)
- Training deck, quiz, attendance/attestation logs, and review calendar
- Audit-ready file structure with version and change logs
Process & Typical Timeline
- Baseline: confirm current policy, products, customers, and jurisdictions.
- Design: set the BRA approach, procedures, screening links, and escalation routes.
- Build: manuals, checklists, playbooks, registers, and MI packs.
- Pilot & train: run sample files, tune thresholds, train staff, record attestations.
- Publish: approvals, change log, go-live notes, and review dates.
AML Framework Components
| Component | What We Set | Primary Output | Owner |
|---|---|---|---|
| Risk Assessment (BRA) | Products, customers, channels, geographies, delivery risks | Heatmap, risk register, mitigation plan | MLRO / Compliance |
| Customer Due Diligence | SDD/CDD/EDD criteria and evidence thresholds | Procedures manual + checklists | Compliance / Frontline |
| Screening | List coverage, match thresholds, triage and QA | Policy mapping note + tuning sheet | Compliance / Tool Admin |
| Monitoring & Triggers | Event-based reviews and periodic refresh rules | Trigger list + review calendar | Compliance / Business Owners |
| SAR/STR Handling | Suspicion criteria, drafting guidance, approvals, filing | SAR playbook + templates + register | MLRO |
| Training & Awareness | Role-based modules, frequency, testing | Slides, quiz, attendance/attestation log | MLRO / HR |
| Records & Reporting | Retention, access controls, board/MLRO MI | Retention schedule + MI pack | Compliance / IT |
We align manuals to your policy and counterpart expectations. This page is informational; it is not legal or regulatory advice.
Case Study
AML Framework Refresh for a Cyprus Law Firm (Anonymised)
Client: Cyprus law firm (anonymised)
The firm needed procedures staff could follow, with clear evidence standards and an audit-ready record set aligned to its client base and jurisdictions.
MegaServe mapped the risk profile, structured the AML manual (CDD/EDD, UBO and SoW/SoF evidence rules, screening links, escalation routes), and provided templates (checklists, registers, decision notes). We also supported training materials and an attestations log.
Result: the refreshed framework passed the firm's next annual external audit with no AML findings, the bar association compliance review closed without observations, and the correspondent bank lifted a restriction on new-client onboarding once the updated manual and training records were shared.
Requirements (Inputs Checklist)
| Policy & Risk | Data & Systems | Evidence & History |
|---|---|---|
|
|
|
Sensitive materials should be shared via the VDR only. We provide an index and permission model at kickoff.
Controls & Quality
- Dual control for EDD approvals and SAR decisions, with documented rationale
- Role-based access with least privilege across tools and the VDR
- Version control and change log for manuals and templates
- QA sampling (files, screenings, SARs) with corrective actions tracked
- Audit trail: evidence captures, timestamps, and approvers
Risk & Regulatory Context
- Regulatory penalties: Cyprus authorities can impose significant fines for AML deficiencies, including inadequate procedures, missing risk assessments, or failure to file SARs.
- Bank de-risking: banks and EMIs routinely review clients' AML frameworks; weak procedures can result in account restrictions or termination.
- Reputational exposure: AML failures become public through enforcement actions and media reporting, affecting client relationships and business development.
- Staff accountability: the MLRO and senior management bear personal responsibility for adequate AML controls; documented frameworks protect individuals as well as the firm.
FAQs
Are the AML manuals templates or fully tailored?
Tailored. We start from proven structures and align to your risk appetite, products, jurisdictions, and counterpart expectations.
Do you act as MLRO?
No. We support your MLRO and team with drafting, training, and evidence packs. Final decisions remain with your organisation.
Can you guarantee regulator or bank approval?
No guarantees. We align to policy and guidance, document decisions, and prepare audit-ready files to reduce friction during reviews.
How often should the AML policy and BRA be reviewed?
At least annually or on material change (products, jurisdictions, thresholds). We provide a review calendar and change log.
Can you integrate procedures with screening and onboarding?
Yes. We embed screening and KYC steps, link to onboarding files, and align evidence and approvals across functions.
What should an AML manual include?
At minimum: a business risk assessment, customer due diligence procedures (SDD/CDD/EDD), screening policy, transaction monitoring triggers, SAR/STR handling playbook, staff training programme with attestations, and a records retention schedule. We build all of these as a single integrated framework tailored to your products, customers, and jurisdictions.
How do you price AML framework work?
We offer fixed-fee packages for a full AML framework build (BRA, CDD/EDD manual, SAR playbook, training pack, and registers) with scope agreed in writing. Refresh work (annual reviews, BRA updates, material changes) can be scoped separately or as a retainer. Remediation following an audit or regulator finding is priced based on the gap analysis. We provide a clear written quote after the scoping call with no hidden charges.
See also
Know Your Client (KYC) Procedures · Client Screening Services · Client Onboarding Assistance
Other Jurisdictions (on request)
Where required, we coordinate AML compliance work through vetted associates in selected jurisdictions.