Who It’s For
- Teams that need consistent KYC procedures (CDD/EDD/SDD)
- Businesses onboarding cross-border clients with bank and auditor standards
- Operators who want clear triggers, refresh cycles, and approvals
Compliance support for 700+ Cyprus entities. CySEC ASP License 135/196. Response within four business hours.
What You Get
- KYC outline and risk tiers (CDD/EDD/SDD)
- Procedures manual with thresholds, routing, and evidence standards
- Template pack: checklists, approval memos, SoW/SoF forms, and UBO mapping guide
- Exceptions and assumptions register and a change log
- Refresh calendar and roles/RACI summary
Process
- Scope: customer types, jurisdictions, products, and current practice.
- Design: draft CDD/EDD/SDD steps, evidence levels, and approvals.
- Integrate: add sanctions/PEP/adverse media steps and escalation notes.
- Pilot: test sample files, refine thresholds, and finalise templates.
- Publish: version control, sign-offs, and user distribution.
- Review: set review dates and registers for audits.
KYC Levels & Evidence (Guide)
| Level / Scenario | Identification | Ownership & Control | Screening | Approvals & Refresh |
|---|---|---|---|---|
| Simplified Due Diligence (SDD) | Basic ID and address (certification if required) | Basic confirmation | Sanctions/PEP baseline | Line manager sign-off; 36-month refresh |
| Customer Due Diligence (CDD) | Verified IDs for client and signatories; PoA ≤3–6 months | Shareholder/BO registers; org chart; ≥25% UBOs | Sanctions/PEP + adverse media | Compliance approval; 24-month refresh |
| Enhanced Due Diligence (EDD) | Certified IDs; notarisation/legalisation if required | Full UBO tracing; SoW/SoF with evidence | Expanded adverse media sources | MLRO sign-off; 12-month refresh |
| Trigger Event (change/negative news) | Re-confirm affected identities | Update ownership where relevant | Targeted re-screening | Out-of-cycle review and memo |
This is a guide only. Your policy and counterpart requirements set final thresholds.
Case Study
Risk-Based KYC Review on an Introduced Client (Anonymised)
Scenario: Corporate client introduced by a professional intermediary (anonymised)
The file was introduced through a third party, but the KYC still had to stand on its own evidence. The goal was to confirm ownership, source of funds/wealth, and screening results using documented thresholds and approvals.
MegaServe applied the CDD flow: verify key persons, trace UBOs across layers, run screening checks, and build a clear SoW/SoF narrative with supporting documents. Gaps were escalated using the approvals matrix and recorded in the exceptions register.
Result: the client was onboarded at EDD tier with documented ownership across three intermediate layers and a signed-off SoW/SoF narrative; the file passed a subsequent bank review without follow-up questions, and the approval conditions were scheduled into the 12-month refresh cycle.
Requirements (Inputs Checklist)
| Policy Inputs | Systems & Tools | Governance |
|---|---|---|
| Customer types, jurisdictions, products, and risk appetite | Screening tools and list coverage; VDR structure | Approval matrix and exception policy |
| Current templates and regulator/counterparty requirements | Certification/legalisation rules; client master fields available | Retention policy, privacy notices, and access controls |
| Existing risk scoring approach (if any) | Workflow tooling (if used) and audit log expectations | Change control owner and review cadence |
Share sensitive materials via VDR only. We provide an index and permissions model at kickoff.
Controls & Quality
- Dual control for EDD approvals and exceptions
- Role-based permissions and access register
- Document control: versioning and change log
- QA sampling with corrective actions tracked to closure
- Audit trail of decisions, approvers, and timestamps
Risk & Regulatory Context
- Bank account restrictions: banks routinely freeze or close accounts where KYC files are incomplete or outdated — this is the most common operational consequence of poor KYC.
- Regulatory findings: CySEC and other supervisors test KYC quality during inspections; material deficiencies can result in remediation orders, fines, or licence conditions.
- Introduced clients: reliance on third-party introductions does not remove your obligation to hold your own KYC evidence — the file must stand alone under scrutiny.
- Stale files: KYC that is not refreshed on schedule becomes a liability during audits and bank reviews, even if the original onboarding was clean.
FAQs
Are the procedures templates or tailored?
Tailored. We align to your policy, jurisdictions, products, and counterpart expectations.
Do you provide legal or regulatory advice?
No. We document and structure procedures based on your advisors’ guidance and applicable rules.
How often should KYC be refreshed?
Usually by risk tier (for example 12/24/36 months) and on trigger events. Your policy sets the exact timing.
Can procedures integrate with screening and onboarding?
Yes. We link screening steps, onboarding files, approvals, and bank pack requirements.
Who approves exceptions?
Per your approval matrix (for example Compliance or MLRO for EDD). We document the rationale in the exceptions register.
What does KYC mean and why is it required in Cyprus?
KYC (Know Your Client) is the process of verifying who your client is, who controls them, and where their funds come from. It is required under Cyprus and EU anti-money laundering law for regulated firms, corporate service providers, and any business that needs to satisfy bank onboarding or audit standards. We help you build KYC procedures that your team can follow consistently and that produce audit-ready files.
How do you price KYC procedures work?
We offer a fixed-fee package for the full build (scoping, CDD/EDD/SDD design, pilot, templates, procedures manual, and RACI) with scope agreed in writing up-front. Ongoing refresh work and periodic reviews can be scoped as retainers or per-file fees. Tailoring for multiple product lines or jurisdictions is priced as additional modules. We provide a clear written quote after the scoping call with no hidden charges.
See also
Client Onboarding Assistance · Client Screening · AML Procedures & Manuals
Other Jurisdictions (on request)
Where required, we coordinate KYC procedures and documentation through vetted associates in selected jurisdictions.