Asprofin Bank

LOGIN

1. Purpose, Scope, and Regulatory

Context

1.1 Purpose

This Third-Party Account Opening Disclaimer and Attestation (“the Disclaimer”) has been prepared and issued by Asprofin Bank Corporation (“the Bank”, “Asprofin Bank”, “we”, “our”) as a mandatory regulatory compliance instrument forming an integral component of the Bank’s client onboarding framework. The Disclaimer establishes the Bank’s unequivocal prohibition of account opening by or on behalf of third parties, defines the obligations and warranties of prospective and existing clients, and articulates the legal, regulatory, and operational consequences of non-compliance.

The primary objectives of this Disclaimer are to:

  • Prevent the misuse of the Bank’s products and services for money laundering, terrorist financing, fraud, tax evasion, sanctions circumvention, and other financial crimes facilitated through third-party or nominee account structures.
  • Establish a documented, auditable attestation mechanism that confirms the identity and beneficial ownership of every account holder at the point of onboarding and throughout the customer lifecycle.
  • Ensure full alignment with the Bank’s Anti-Money Laundering and Combating the Financing of Terrorism (“AML/CFT”) programme, including the requirements of the Bank’s Customer Due Diligence (“CDD”), Enhanced Due Diligence (“EDD”), and Know Your Customer (“KYC”) policies.
  • Protect the Bank, its shareholders, employees, and legitimate clients from reputational, regulatory, and financial harm arising from relationships with individuals or entities that seek to obscure beneficial ownership.
  • Safeguard vulnerable customers, particularly those aged 60 and above, from exploitation and abuse through unauthorised third-party account control.

1.2 Scope of Application

This Disclaimer applies universally across all divisions, business units, subsidiaries, branches, representative offices, and correspondent relationships of Asprofin Bank, in every jurisdiction in which the Bank operates or provides financial services. It covers the full spectrum of the Bank’s product and service offerings, including but not limited to:

  • Retail and personal current accounts, savings accounts, and fixed-term deposits
  • Corporate, business, and commercial banking accounts
  • Investment accounts, discretionary and advisory portfolio management accounts, and brokerage accounts
  • Foreign exchange accounts and currency trading platforms
  • Digital banking, electronic money, and prepaid card accounts
  • Payment services accounts, including SEPA and SWIFT-enabled accounts
  • Trust, custodial, escrow, and fiduciary accounts
  • Joint accounts, club accounts, and association accounts
  • Correspondent banking and nostro/vostro accounts
  • Safe deposit box and vault storage facilities
  • Insurance premium and claims administration accounts distributed by the Bank
  • Crypto-asset custody and exchange accounts (where offered)

1.3 Regulatory Context

This Disclaimer has been developed in compliance with, and gives effect to, the following regulatory instruments, guidelines, and industry standards:

  1. European Union Anti-Money Laundering Directives (AMLD4 – Directive 2015/849, AMLD5 – Directive 2018/843, AMLD6 – Directive 2018/1673) and their transposition into the national law of each jurisdiction in which the Bank operates.
  2. Regulation (EU) 2024/1624 on the prevention of the use of the financial system for money laundering or terrorist financing (the “AML Regulation”), where applicable.
  3. Financial Action Task Force (“FATF”) Recommendations, particularly Recommendations 10 (Customer Due Diligence), 24 (Transparency and Beneficial Ownership of Legal Persons), and 25 (Transparency and Beneficial Ownership of Legal Arrangements).
  4. European Banking Authority (“EBA”) Guidelines on Customer Due Diligence and Money Laundering and Terrorist Financing Risk Factors (EBA/GL/2021/02).
  5. Central Bank of Cyprus (“CBC”) Directive on the Prevention and Suppression of Money Laundering and Terrorist Financing, as amended.
  6. Wolfsberg Group Correspondent Banking Due Diligence Questionnaire and Anti-Money Laundering Principles.
  7. Basel Committee on Banking Supervision (“BCBS”) Guidelines on Sound Management of Risks related to Money Laundering and Financing of Terrorism.
  8. General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection legislation.
  9. Payment Services Directive 2 (EU) 2015/2366 (“PSD2”) and Strong Customer Authentication (“SCA”) requirements.
  10. Markets in Financial Instruments Directive II (EU) 2014/65 (“MiFID II”) suitability and appropriateness assessments.

The Bank monitors legislative and regulatory developments on a continuous basis and reserves the right to update this Disclaimer at any time to reflect changes in the legal, regulatory, or supervisory landscape.

1.4 Effective Date and Supersession

This Disclaimer is effective as of 1 May 2026 and supersedes all prior versions of the Bank’s Third-Party Account Opening Disclaimer, including Version 3.0 dated February 2025. All references in other Bank policies, procedures, or client-facing documents to prior versions of this Disclaimer shall be read as references to this current version.

2. Definitions and Interpretation

For the purposes of this Disclaimer, the following terms shall have the meanings ascribed below. Where a term is not defined in this section, it shall have the meaning assigned to it in the Bank’s AML/CFT Policy Manual, Client Terms and Conditions, or the applicable regulatory framework.

“Account” means any deposit, current, savings, investment, trading, payment, custodial, escrow, fiduciary, or other account (however described) opened, maintained, or operated with or through Asprofin Bank, whether in a single currency or multiple currencies, and whether held in the name of a natural person or a legal entity.

“Attestation” means the formal, written declaration made by a Client (or its authorised representative) confirming the matters set out in Section 6 of this Disclaimer, in the form prescribed in Annex A.

“Beneficial Owner” means the natural person(s) who ultimately own(s) or control(s) the Client and/or on whose behalf a transaction or activity is being conducted. For legal entities, it includes any natural person who directly or indirectly holds or controls 25% or more of the shares, voting rights, or ownership interest, or who otherwise exercises ultimate effective control over the entity. For trusts and similar legal arrangements, it includes the settlor, trustee(s), protector (if any), beneficiaries, and any other natural person exercising ultimate effective control.

“Client” means any natural person, legal entity, trust, foundation, partnership, association, unincorporated body, governmental body, or other structure that has entered into, or seeks to enter into, a banking or financial services relationship with Asprofin Bank.

“Control” means the power, directly or indirectly, to direct the management, operations, or policies of an entity or Account, whether through ownership, voting rights, contractual arrangements, agency, power of attorney, or otherwise.

“Nominee” means a person or entity that holds an Account, asset, or interest in its own name on behalf of and for the benefit of another person or entity, where the nominee does not have a genuine economic interest in the Account or asset.

“Onboarding” means the full process by which a prospective Client applies for, is assessed for, and is accepted or declined for Account services with Asprofin Bank, encompassing all due diligence, verification, documentation, risk assessment, and approval steps.

“Power of Attorney (POA)” means a notarised or otherwise duly executed legal instrument by which a natural person (the “principal”) grants authority to another natural person (the “attorney-in-fact” or “agent”) to act on the principal’s behalf in specified matters, within the parameters and limitations defined by the Bank.

“Shell Entity” means a legal entity that has no independent operations, significant assets, employees, or legitimate commercial purpose, and which appears to have been established primarily for the purpose of holding accounts, assets, or interests on behalf of undisclosed beneficial owners.

“Straw Man” means a natural person who fronts for another individual or entity in the opening or operation of an Account, where the straw man has no genuine economic interest in or control over the funds deposited in the Account.

“Third Party” means any natural person, legal entity, or arrangement that is not the Beneficial Owner of an Account and that attempts to open, establish, fund, operate, manage, direct, or control an Account for the benefit of another person or entity without the Bank’s prior written authorisation and in a manner that is inconsistent with the Bank’s AML/CFT policies.

3. Prohibition of Third-Party Account Opening

3.1 Absolute Prohibition

Asprofin Bank maintains an absolute prohibition on the opening of any Account by or on behalf of a Third Party, Nominee, Straw Man, or Shell Entity, except where the Bank has granted prior written authorisation under the limited exceptions set forth in Section 5. This prohibition extends to all stages of the account lifecycle, from initial application through to funding, operation, and closure.

Without limitation, the following activities are expressly prohibited:

  • Opening or attempting to open an Account in the name of a person who is not the true Beneficial Owner of the funds to be deposited.
  • Providing identification documents, personal information, or financial data belonging to another person for the purpose of opening an Account.
  • Acting as an intermediary, facilitator, or agent in the opening of an Account without the Bank’s prior written authorisation and without full disclosure of the beneficial ownership structure.
  • Establishing nominee, trust, or corporate structures for the primary purpose of obscuring beneficial ownership of an Account.
  • Funding an Account with monies belonging to or controlled by a person or entity other than the named account holder, unless the source and nature of such funds have been fully disclosed to and approved by the Bank.
  • Transferring control, management, or operational authority over an Account to a Third Party without the Bank’s prior written consent.
  • Using threats, inducements, coercion, undue influence, or deception to cause another person to open an Account for the Third Party’s benefit.
  • Structuring transactions or account relationships to avoid identification, reporting, or due diligence thresholds.

3.2 Rationale and Risk Analysis

The Bank’s prohibition is founded on a comprehensive risk analysis that identifies third-party account opening as a primary vector for the following categories of financial crime and regulatory risk:

Risk Category

Description

Regulatory Reference

Money Laundering

Third-party accounts facilitate the placement, layering, and integration of proceeds of crime by obscuring the audit trail between the criminal origin of funds and their apparent legitimate ownership.

AMLD4/5/6; FATF Rec. 10; EBA Guidelines

Terrorist Financing

Anonymous or nominee account structures may be used to channel funds to terrorist organisations, foreign fighters, or proliferation networks without detection.

FATF Rec. 5-8; UN Security Council Resolutions

Fraud and Identity Theft

Third-party account opening is a common modus operandi for identity fraud, account takeover, and impersonation schemes.

PSD2 Art. 97; National fraud legislation

Sanctions Evasion

Designated persons and entities may use third parties, nominees, or front companies to access banking services in circumvention of international sanctions regimes.

EU Sanctions Regulations; OFAC; UN sanctions

Tax Evasion

Concealment of beneficial ownership through nominee or shell structures may facilitate tax evasion, unreported offshore holdings, and non-compliance with automatic exchange of information (AEOI) requirements.

CRS/FATCA; DAC6; National tax legislation

Elder Abuse / Exploitation

Vulnerable customers, particularly those aged 60+, may be coerced, manipulated, or deceived into opening accounts for the benefit of exploitative third parties, including family members, carers, or organised criminal groups.

FCA FG21/1; EBA Consumer Protection Guidelines

Corruption and Bribery

Politically Exposed Persons (PEPs) and their associates may use third-party account structures to conceal the proceeds of corruption, bribery, and misappropriation of public funds.

FATF Rec. 12; UNCAC; National PEP legislation

Market Abuse

Third-party accounts may be used to conduct insider trading, market manipulation, or wash trading in financial instruments without detection by surveillance systems.

MAR (EU) 596/2014; MiFID II

3.3 Application to Digital and Remote Onboarding

The prohibition set forth in this Section applies with equal force to accounts opened through the Bank’s digital and remote onboarding channels, including online applications, mobile banking enrolment, video identification processes, and electronic signature platforms. The Bank recognises that digital channels may present heightened risks of third-party interference, identity fraud, and remote coercion, and has implemented the following additional safeguards:

  • Liveness detection and biometric verification during video identification to confirm the physical presence and identity of the applicant.
  • Device fingerprinting and geolocation analysis to detect shared device usage, VPN masking, or unusual access patterns inconsistent with the applicant’s stated location.
  • Behavioural analytics during the online application process to identify patterns suggestive of coaching, scripting, or remote desktop control by a third party.
  • Mandatory telephone callback to a verified phone number in the applicant’s name before activation of the Account.
  • Enhanced document verification using optical character recognition (OCR), forgery detection algorithms, and cross-referencing against government-issued document databases where available.

4. Client Attestation Requirements

4.1 Mandatory Attestation at Onboarding

Every prospective Client must execute the Third-Party Account Opening Attestation (Annex A) as a mandatory prerequisite to account opening. The Attestation must be completed in the Client’s own hand (or electronically with qualified electronic signature where permitted by applicable law) and must not be completed by a Third Party, agent, or representative on the Client’s behalf, except where a legally valid and Bank-approved Power of Attorney or court order is in effect.

By executing the Attestation, the Client irrevocably warrants, represents, and undertakes to Asprofin Bank as follows:

  1. The Client is the sole and true Beneficial Owner of the Account(s) being opened, or, in the case of a legal entity, the Client is duly authorised by the entity’s governing body to open and operate the Account, and all Beneficial Owners have been fully disclosed to the Bank.
  2. No Third Party, Nominee, Straw Man, or other person has instructed, directed, solicited, coached, coerced, incentivised, or otherwise caused the Client to open the Account for the purpose of disguising, concealing, or misrepresenting the true ownership or control of funds.
  3. The Client has not entered into, and will not enter into, any agreement, arrangement, understanding, or scheme (whether formal or informal, written or oral) with any Third Party that would grant or purport to grant such Third Party effective control, management authority, signatory rights, or economic interest in the Account or the funds deposited therein, without the Bank’s prior written consent.
  4. All identification documents, personal information, financial data, source of funds declarations, and other materials provided to the Bank in connection with the Account opening are genuine, accurate, complete, and up-to-date, and belong exclusively to the Client (or, in the case of a legal entity, to the entity and its disclosed Beneficial Owners).
  5. The Client has not been convicted of, charged with, or is currently under investigation for any offence relating to money laundering, terrorist financing, fraud, bribery, corruption, tax evasion, sanctions violations, or any other financial crime, unless such matters have been fully disclosed to the Bank in writing.
  6. The Client understands and acknowledges that the provision of false, misleading, incomplete, or materially inaccurate information in this Attestation may constitute a criminal offence under the laws of the relevant jurisdiction(s) and may result in immediate account freezing, closure, regulatory reporting, and referral to law enforcement authorities.
  7. The Client undertakes to notify Asprofin Bank promptly and in writing if any of the warranties, representations, or undertakings contained in this Attestation cease to be true, accurate, or complete at any time during the Account relationship.
  8. The Client consents to the Bank conducting ongoing monitoring, due diligence, and verification of the Account and the Client’s activities in accordance with the Bank’s AML/CFT policies and applicable law.

4.2 Attestation for Legal Entities, Trusts, and Partnerships

Where the Client is a legal entity, trust, partnership, foundation, or other non-natural person, the following additional attestation requirements apply:

  1. The person executing the Attestation on behalf of the entity must produce evidence of their authority to bind the entity, including a board resolution, partnership agreement, trust deed, or equivalent constitutional document.
  2. All Beneficial Owners (as defined by the applicable 25% threshold or, where the Bank applies a lower threshold based on risk, at the lower threshold) must be identified, verified, and documented in accordance with the Bank’s CDD procedures.
  3. The entity’s ownership and control structure must be fully disclosed, including all intermediate holding companies, trusts, partnerships, and other entities in the chain of ownership, up to and including the ultimate Beneficial Owner(s).
  4. Where the entity is a trust, the settlor, all trustees, the protector (if any), the beneficiaries (or the class of beneficiaries), and any other person exercising effective control must be identified and verified.
  5. The Bank reserves the right to decline to open an Account for any entity whose ownership or control structure is, in the Bank’s sole judgment, unduly complex, opaque, or inconsistent with the entity’s stated business purpose.

4.3 Periodic Re-Attestation and Trigger Events

Asprofin Bank requires existing Clients to re-execute the Attestation under the following circumstances:

  • During scheduled CDD and EDD reviews (at intervals determined by the Client’s risk rating: annually for high-risk, every two years for medium-risk, and every three years for standard-risk Clients).
  • Following any change in the Client’s Beneficial Ownership structure, controlling persons, authorised signatories, or corporate governance arrangements.
  • Upon the Bank’s detection of unusual, suspicious, or unexplained account activity that may be indicative of undisclosed third-party involvement.
  • In response to regulatory directives, supervisory findings, or changes in applicable AML/CFT law or guidance.
  • When the Client’s risk rating is elevated as a result of transaction monitoring alerts, adverse media screening, or sanctions/PEP screening hits.
  • Following a material change in the Client’s business activities, source of funds, source of wealth, or geographical risk profile.
  • Upon the expiry of any Power of Attorney, legal guardianship, or court order previously registered with the Bank.
  • At any other time at the Bank’s sole discretion.

4.4 Consequences of Failure to Attest

A Client’s failure or refusal to execute the Attestation, or to re-execute the Attestation when required, shall be treated by the Bank as a material non-compliance event. The Bank may, at its sole discretion, take one or more of the following actions:

  • Decline to open the Account or to proceed with the onboarding process.
  • Suspend, restrict, or place limitations on an existing Account (including blocking outgoing payments, restricting cash withdrawals, and disabling digital banking access).
  • Terminate the banking relationship and close the Account, subject to applicable notice periods and regulatory requirements.
  • File a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) with the relevant Financial Intelligence Unit.
  • Report the matter to the relevant supervisory authority.

5. Limited Exceptions and Authorised Third-Party Arrangements

Asprofin Bank recognises that certain legitimate legal, commercial, and personal circumstances may necessitate a degree of third-party involvement in the opening or operation of an Account. However, all such arrangements are subject to the Bank’s prior written approval, enhanced due diligence, and ongoing monitoring. The Bank has absolute discretion to approve, decline, restrict, or revoke any exception at any time.

5.1 Power of Attorney (POA)

Where a Client has duly executed a Power of Attorney in favour of a designated individual, the Bank may permit the attorney-in-fact to operate the Account subject to all of the following conditions being satisfied:

  1. The POA document must be notarised by a qualified notary public and, where required by the Hague Convention on the Abolition of the Requirement of Legalisation for Foreign Public Documents, apostilled. For POAs executed in jurisdictions that are not party to the Hague Convention, the document must be legalised through the appropriate consular or diplomatic channel.
  2. The Bank must independently verify the identity of both the principal and the attorney-in-fact through its standard CDD procedures, including photographic identification, proof of address, and screening against sanctions, PEP, and adverse media databases.
  3. The scope of authority granted under the POA must be clearly defined, specific, and proportionate to the stated purpose. General or unlimited POAs will be accepted only with prior MLRO approval and subject to enhanced monitoring.
  4. The POA must not permit the attorney-in-fact to alter the beneficial ownership of the Account, add new signatories, or transfer the Account to another person or entity without the Bank’s prior written consent.
  5. The Bank must conduct a private interview with the principal (in person or via video) to confirm that the POA was granted voluntarily, without coercion or undue influence, and that the principal understands the scope of authority being granted.
  6. For principals aged 60 and above, the Bank must conduct an enhanced vulnerability assessment and obtain a medical certification of mental capacity where there are any concerns about the principal’s ability to understand and manage their financial affairs.
  7. The Bank reserves the right to restrict, suspend, or revoke POA privileges at any time if there are reasonable grounds to suspect misuse, exploitation, or activity inconsistent with the principal’s interests or the Bank’s policies.
  8. All transactions executed by the attorney-in-fact are subject to enhanced monitoring and must be recorded separately in the Account’s audit trail.

5.2 Legal Guardianship, Court-Appointed Deputies, and Receivership

Accounts may be opened or managed by court-appointed legal guardians, deputies, administrators, receivers, or equivalent fiduciary appointees where required by law or court order. In all such cases, the Bank shall:

  • Require certified, original, or notarised copies of the court order, guardianship decree, deputyship certificate, or equivalent legal instrument.
  • Verify the identity and authority of the appointed person through standard CDD procedures and confirm the scope and duration of their appointment.
  • Conduct EDD on the appointed person, including assessment of potential conflicts of interest, adverse media screening, and verification that the person is not subject to any disqualification or restriction.
  • Monitor all transactions conducted by the appointed person for consistency with the protected person’s interests and the terms of the court order.
  • Report any concerns about the conduct of the appointed person to the relevant supervisory authority or court.

5.3 Corporate, Trust, and Institutional Accounts

For Accounts opened by or on behalf of corporate entities, trusts, partnerships, foundations, or other institutional structures, the Bank requires:

  • Full identification and verification of all Beneficial Owners (at the 25% threshold, or lower where the Bank’s risk assessment warrants), authorised signatories, directors, trustees, and any persons with ultimate control.
  • Disclosure of the complete ownership and control chain, including all intermediate entities, from the Account-holding entity up to the ultimate Beneficial Owner(s).
  • Provision of current constitutional documents (certificate of incorporation, articles of association, trust deed, partnership agreement, foundation charter, etc.) and evidence of good standing.
  • Board resolution or equivalent authority document authorising the opening and operation of the Account and designating the authorised signatories.
  • Prohibition on the use of nominee shareholders, nominee directors, or bearer shares in the ownership or control structure, unless the nominees have been fully disclosed and the underlying beneficial owners independently verified.
  • Prohibition on Accounts held by Shell Entities or entities with no substantive business operations, unless the Bank is satisfied (following enhanced due diligence) that the entity has a legitimate commercial purpose.

5.4 Intermediary and Introducer Arrangements

Where a Client is introduced to the Bank by a regulated financial intermediary, broker, or professional adviser, the Bank acknowledges the referral but does not delegate its CDD obligations to the introducer. The Bank shall independently verify the identity and beneficial ownership of every Client, regardless of the source of the introduction, and shall not rely on third-party due diligence unless a formal reliance agreement meeting the requirements of AMLD4 Article 25 is in place.

6. Due Diligence and Verification Framework

6.1 Standard Due Diligence

All prospective Clients are subject to the Bank’s standard CDD procedures at onboarding, which include:

  1. Verification of the Client’s identity through at least two independent, reliable sources (e.g., government-issued photographic identification and proof of current residential address).
  2. Screening of the Client’s name, date of birth, nationality, and other identifying information against global sanctions lists (EU, OFAC, UN, OFSI), PEP databases, and adverse media sources.
  3. Assessment of the Client’s risk profile based on factors including nationality, country of residence, occupation, source of funds, source of wealth, product type, and delivery channel.
  4. Collection and verification of source of funds and, where applicable, source of wealth documentation.
  5. Assessment of the purpose and intended nature of the business relationship.
  6. Third-party attestation (Annex A).

6.2 Enhanced Due Diligence

Enhanced due diligence is applied in all cases where the Bank identifies a higher risk of third-party involvement, beneficial ownership concealment, or other AML/CFT concerns. EDD triggers include:

  • The Client is a PEP, a family member of a PEP, or a known close associate of a PEP.
  • The Client is domiciled in, or the funds originate from, a high-risk or non-cooperative jurisdiction as identified by the FATF, EU, or the Bank’s internal risk methodology.
  • The Account involves complex ownership structures, multiple layers of intermediaries, or nominee arrangements.
  • The Client is introduced by a third party or intermediary.
  • The Client is aged 60 or above and a Third Party is involved in or present during the onboarding process.
  • Adverse media screening reveals derogatory information about the Client or related parties.
  • Transaction monitoring alerts or behavioural analytics flags indicate potential undisclosed third-party involvement.
  • The Client’s source of funds or source of wealth cannot be readily verified or is inconsistent with their stated occupation or business activities.

6.3 Ongoing Monitoring

The Bank’s obligation to prevent third-party account misuse does not end at onboarding. The Bank conducts ongoing monitoring of all Accounts, including:

  • Automated transaction monitoring using rule-based and machine learning models to detect patterns indicative of third-party control, layering, structuring, or fraud.
  • Periodic CDD refreshes at intervals determined by the Client’s risk rating.
  • Continuous screening against updated sanctions, PEP, and adverse media databases.
  • Behavioural analytics to detect changes in account usage patterns that may indicate a change in control or beneficial ownership.
  • Review of Account activity following trigger events such as changes in signatories, contact details, or account parameters.
  • Proactive outreach to Clients where automated systems detect anomalous activity.

7. Consequences of Non-Compliance

7.1 Account-Level Consequences

Where the Bank determines, following investigation, that an Account has been opened or is being operated by or on behalf of a Third Party in violation of this Disclaimer, the Bank may take one or more of the following actions without prior notice to the Client:

  1. Immediate freezing of the Account and all associated sub-accounts, pending completion of the Bank’s investigation.
  2. Blocking of all outgoing transactions, including wire transfers, card payments, standing orders, and direct debits.
  3. Disabling of digital banking access (online banking, mobile banking, telephone banking).
  4. Retention of funds pending investigation, regulatory reporting, and any applicable court order or regulatory direction.
  5. Closure of the Account and termination of the banking relationship, with remaining funds (if any) returned to the Client by cheque or wire transfer to a verified account in the Client’s name, subject to the outcome of any investigation or regulatory process.

7.2 Regulatory Reporting

The Bank is required under applicable AML/CFT legislation to file Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs) with the relevant Financial Intelligence Unit (FIU) in any case where there are reasonable grounds to suspect that an Account has been or is being used for money laundering, terrorist financing, fraud, or other financial crime. The Bank is prohibited by law from informing the Client that a SAR/STR has been filed (tipping off prohibition).

In addition, the Bank shall notify the relevant supervisory authority of any material breach of AML/CFT regulations identified in connection with third-party account opening, in accordance with applicable reporting obligations.

7.3 Civil and Criminal Liability

Clients and Third Parties who participate in, facilitate, or benefit from the opening or operation of Accounts in violation of this Disclaimer may be subject to civil and criminal liability under applicable laws, including but not limited to:

  • Criminal prosecution for money laundering, fraud, forgery, identity theft, or conspiracy under national criminal codes.
  • Civil claims for damages, unjust enrichment, constructive trust, or other equitable remedies.
  • Administrative penalties, fines, and sanctions imposed by regulatory authorities.
  • Asset freezing, confiscation, and forfeiture orders under proceeds of crime legislation.
  • Debarment from future banking relationships with Asprofin Bank and potentially with other institutions that share information through permissible channels.

7.4 Cross-Border Cooperation

Asprofin Bank cooperates fully with law enforcement agencies, FIUs, supervisory authorities, and judicial bodies in all jurisdictions in which it operates. The Bank may share information relating to suspected third-party account violations with counterpart institutions and authorities under the terms of applicable mutual legal assistance treaties, memoranda of understanding, and regulatory information-sharing frameworks.

8. Special Provisions for Vulnerable Customers

Asprofin Bank recognises that third-party account opening poses a particularly acute risk to vulnerable customers, including elderly persons, individuals with cognitive impairments, persons under financial duress, and others who may be susceptible to coercion, manipulation, or exploitation. The Bank has implemented the following special provisions:

  1. All customers aged 60 and above are subject to enhanced onboarding procedures, including a mandatory face-to-face or video meeting with a vulnerability-trained onboarding officer, a private conversation to confirm the absence of third-party influence, and a non-clinical cognitive awareness assessment.
  2. Where a Third Party is present during the onboarding or account review process for a customer aged 60 or above, the Bank must conduct a separate, independent conversation with the customer to confirm their wishes, understanding, and voluntariness.
  3. The Bank’s transaction monitoring systems apply lower alert thresholds for customers aged 60 and above, with automatic flagging of new payees, large withdrawals, international transfers, and patterns consistent with known scam typologies.
  4. The Bank maintains a Scam Intervention Protocol (SIP) for vulnerable customers, which includes immediate transaction suspension, structured scam awareness conversations, and escalation to the Fraud Prevention Team and Vulnerability Champion.
  5. Customers classified as vulnerable may be offered the option to nominate a trusted person who will receive copies of account communications and transaction alerts, subject to the Bank’s verification and approval processes.
  6. The Bank’s Vulnerable Customer Policy (a separate document) sets out in detail the comprehensive framework for the identification, classification, support, and protection of vulnerable customers, including age-specific enhanced measures.

9. Data Protection, Privacy, and Information Sharing

All personal data collected, processed, and stored by Asprofin Bank in connection with this Disclaimer, the Attestation, and related due diligence activities shall be handled in strict accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable national data protection legislation.

The Bank processes personal data in connection with this Disclaimer on the following lawful bases: compliance with legal obligations (AML/CFT legislation, tax reporting requirements, regulatory directives); the Bank’s legitimate interests in preventing financial crime and protecting its business and customers; performance of a contract (the Client’s account agreement); and, where required, the Client’s explicit consent.

Clients have the right to access, rectify, erase (subject to legal retention obligations), restrict processing, and port their personal data, in accordance with GDPR Articles 15–20. Requests should be directed to the Bank’s Data Protection Officer (DPO) at [email protected].

The Bank may share Client personal data with the following categories of recipients, where required by law or necessary for the purposes described above: regulatory and supervisory authorities; FIUs and law enforcement agencies; courts and judicial authorities; correspondent banks and payment service providers; external auditors and legal advisers; and group entities within the Asprofin Bank corporate group, in each case subject to appropriate data-sharing agreements and safeguards.

10. Internal Governance and Escalation

10.1 Roles and Responsibilities

Role

Responsibility

Board of Directors

Ultimate oversight of the Bank’s AML/CFT framework and approval of this Disclaimer. Receives quarterly compliance reports.

Chief Risk Officer (CRO)

Senior Management Function holder with delegated responsibility for AML/CFT strategy, including oversight of the third-party account prohibition.

Money Laundering Reporting Officer (MLRO)

Responsible for evaluating and filing SARs/STRs, approving high-risk exceptions, and advising on complex third-party account enquiries.

Head of Compliance

Responsible for the design, implementation, and monitoring of the Bank’s CDD/EDD procedures, including the Attestation process.

Onboarding Officers

Responsible for conducting due diligence, administering the Attestation, identifying third-party involvement indicators, and escalating concerns.

Relationship Managers

Responsible for ongoing client relationship management, periodic re-attestation, and detection of changes in beneficial ownership or third-party involvement.

Vulnerability Champions

Responsible for supporting vulnerable customers during the attestation process and escalating concerns regarding potential exploitation or coercion.

Internal Audit

Responsible for independent assurance over the effectiveness of the Bank’s third-party account prohibition controls.

10.2 Escalation Procedures

When a Bank employee identifies a potential third-party account opening or a breach of this Disclaimer, the following escalation procedures must be followed:

  1. The employee must immediately document the concern, including all relevant facts, observations, and supporting evidence, and suspend further processing of the account application or transaction.
  2. A formal escalation report must be submitted to the Compliance Department within 4 hours for high-risk cases and within 24 hours for standard cases.
  3. The Compliance Department shall conduct a preliminary assessment within 48 hours and determine whether to proceed with EDD, decline the application, restrict the account, or file a SAR/STR.
  4. For cases involving vulnerable customers (particularly those aged 60+), the escalation must also be directed to the Vulnerability Champion for parallel assessment and support.
  5. The MLRO shall be informed of all cases that may require regulatory reporting and shall make the final decision on SAR/STR filing.
  6. All escalation records shall be retained for a minimum period of seven (7) years from the date of the escalation.

11. Staff Training and Awareness

Asprofin Bank is committed to ensuring that all staff members are equipped to identify and prevent third-party account opening. The Bank’s training programme includes:

  • Mandatory induction training for all new employees covering the Bank’s AML/CFT framework, the third-party account prohibition, red flag indicators, and the Attestation process.
  • Annual refresher training for all customer-facing staff, compliance staff, and management, including case studies, typology updates, and regulatory developments.
  • Specialist training for onboarding officers on identifying coercion, undue influence, document fraud, and nominee structures.
  • Specialist training for vulnerability champions on recognising and supporting vulnerable customers during the onboarding and attestation process.
  • Competency assessments following all training modules, with a minimum pass rate of 80% required.
  • Remedial training for staff who fail to meet competency standards or who are involved in policy breach incidents.

12. Governing Law, Jurisdiction, and Dispute Resolution

This Disclaimer shall be governed by and construed in accordance with the laws of the Republic of Cyprus, unless the Client’s Account is held with an Asprofin Bank branch or subsidiary in another jurisdiction, in which case the laws of that jurisdiction shall apply. Where there is a conflict between the laws of different jurisdictions, the more restrictive provisions relating to the prohibition of third-party account opening shall prevail.

Any disputes arising out of or in connection with this Disclaimer shall be subject to the exclusive jurisdiction of the competent courts of the Republic of Cyprus (or the jurisdiction of the relevant Asprofin Bank entity), unless otherwise agreed in writing. Nothing in this section shall prevent the Bank from seeking interim or injunctive relief in any court of competent jurisdiction.

The Bank encourages Clients to raise any concerns or complaints through the Bank’s formal complaints process before resorting to litigation. Clients may also refer unresolved complaints to the Financial Ombudsman or equivalent dispute resolution body in the relevant jurisdiction.

13. Amendments, Communications, and Severability

Asprofin Bank reserves the right to amend, update, supplement, or replace this Disclaimer at any time. Amendments shall take effect upon publication on the Bank’s website or upon direct notification to the Client by email, letter, or secure message through the Bank’s digital banking platform. Continued use of any Asprofin Bank Account following the effective date of an amendment shall constitute the Client’s acceptance of the amended terms.

If any provision of this Disclaimer is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be severed from the Disclaimer to the extent of such invalidity, illegality, or unenforceability, and the remaining provisions shall continue in full force and effect.

All notices and communications under this Disclaimer shall be in writing and shall be deemed duly given when delivered personally, sent by registered mail, or transmitted electronically to the contact details registered with the Bank.

Annex A – Third-Party Account Opening Attestation Form

SECTION I: CLIENT IDENTIFICATION

Field

Details

Full Legal Name (as per ID):

  

Former Names / Aliases:

  

Date of Birth:

  

Place of Birth:

  

Nationality / Nationalities:

  

National ID Number:

  

Passport Number and Expiry:

  

Tax Identification Number (TIN):

  

Country of Tax Residence:

  

Residential Address:

  

Correspondence Address (if different):

  

Telephone Number:

  

Email Address:

  

Occupation / Business Activity:

  

Employer / Company Name:

  

SECTION II: ACCOUNT DETAILS

Field

Details

Account Type Requested:

  

Account Currency:

  

Purpose of Account:

  

Expected Monthly Turnover:

  

Source of Initial Deposit:

  

Existing Account Number (if applicable):

  

SECTION III: ATTESTATION

I, the undersigned Client, hereby irrevocably attest, warrant, and represent to Asprofin Bank S.A. as follows:

  1. I am the sole and true Beneficial Owner of the Account(s) identified above, or I am a duly authorised representative of the legal entity for which the Account is being opened, with full legal authority confirmed by the entity’s governing body.
  2. No Third Party has instructed, directed, solicited, coached, coerced, incentivised, or otherwise caused me to open this Account for the purpose of disguising, concealing, or misrepresenting the true ownership or control of funds.
  3. I have not entered into any agreement, arrangement, understanding, or scheme with any Third Party that would grant or purport to grant such Third Party effective control, management authority, signatory rights, or economic interest in this Account or its funds, without the Bank’s prior written consent.
  4. All identification documents, personal information, financial data, and other materials provided to Asprofin Bank are genuine, accurate, complete, up-to-date, and belong exclusively to me.
  5. I have not been convicted of, charged with, or am not currently under investigation for any offence relating to money laundering, terrorist financing, fraud, bribery, corruption, tax evasion, or sanctions violations, unless such matters have been disclosed to the Bank in writing.
  6. I understand that the provision of false, misleading, or materially incomplete information may constitute a criminal offence and may result in account freezing, closure, regulatory reporting, and referral to law enforcement.
  7. I undertake to notify Asprofin Bank promptly and in writing if any of these representations cease to be true or accurate.
  8. I consent to the Bank conducting ongoing monitoring, due diligence, and verification of this Account in accordance with applicable law and the Bank’s policies.

SECTION IV: SIGNATURES

Client Signature:

  

Print Name:

  

Date:

  

Place of Execution:

  

Witnessed By (Bank Officer Name):

  

Officer Title / Department:

  

Officer Signature:

  

Date:

  

Annex B – Risk Classification Matrix

The following matrix defines the Bank’s risk classification for third-party involvement scenarios:

Risk Level

Indicators

Due Diligence

Approval Required

Monitoring

Standard

Client physically present; all documents verified; no third-party involvement indicators; consistent profile

Standard CDD; Attestation (Annex A); sanctions/PEP screening

Onboarding Officer

Standard automated monitoring

Elevated

POA in place; remote onboarding; intermediary referral; complex corporate structure; newly established entity

Enhanced CDD; POA verification; source of funds review; independent beneficial ownership verification

Senior Compliance Officer

Enhanced monitoring with lower thresholds

High

Nominee structures; multi-layered corporate chains; high-risk jurisdiction; PEP involvement; adverse media hits; vulnerable customer with third party present

Full EDD; independent verification; senior management review; site visit (if applicable); medical capacity assessment (if applicable)

MLRO and Head of Compliance

Intensive monitoring; quarterly review; mandatory re-attestation

Prohibited

Clear evidence of third-party account opening; fraudulent documentation; sanctions hit; straw man arrangement; shell entity with no legitimate purpose

Relationship declined; no further processing

N/A

SAR/STR filing; law enforcement referral; account closure (if existing)

Annex C – Red Flag Indicators

The following non-exhaustive list of red flag indicators should alert Bank staff to potential third-party account opening or beneficial ownership concealment:

Onboarding Red Flags:

  • A third party accompanies the applicant and appears to direct, instruct, or answer questions on their behalf.
  • The applicant appears confused about the purpose of the account or the products being applied for.
  • The applicant is unable to provide basic personal information (address, employment, source of funds) without assistance.
  • Identification documents appear altered, counterfeit, or inconsistent with the applicant’s appearance, age, or stated nationality.
  • The applicant provides identification documents that have been recently issued or that are from a jurisdiction with known document integrity issues.
  • The stated source of initial deposit is inconsistent with the applicant’s occupation or known financial profile.
  • The applicant appears nervous, coerced, or reluctant to proceed with the application.
  • The applicant requests that account correspondence be sent to an address other than their stated residential address, without reasonable justification.
  • Multiple applications are received from the same address, IP address, or device within a short period.

Ongoing Red Flags:

  • Sudden change in account usage patterns (volume, frequency, counterparties, geographies) inconsistent with the customer’s known profile.
  • Large or frequent cash deposits or withdrawals, particularly involving round amounts or amounts just below reporting thresholds.
  • Funds received from or sent to unrelated third parties with no apparent commercial rationale.
  • Account used primarily as a pass-through, with funds deposited and quickly transferred out.
  • Customer becomes unresponsive to the Bank’s enquiries or refuses to provide updated CDD documentation.
  • Third party contacts the Bank on the customer’s behalf without valid POA or authorisation.
  • Changes to account signatories, contact details, or authorised representatives shortly after account opening.
  • Payments to or from jurisdictions identified as high-risk for money laundering or terrorist financing.
  • Customer requests products or services that appear inconsistent with their stated needs or financial sophistication.

Annex D – Internal Escalation Flowchart

Step 1: Detection

Bank employee or automated system identifies a potential third-party involvement indicator. Employee documents the concern immediately and pauses further processing.

Step 2: Initial Assessment (Within 4 Hours)

Line manager conducts initial triage. If the concern involves a vulnerable customer (especially aged 60+), the Vulnerability Champion is notified in parallel. Urgent cases (active coercion, document fraud, sanctions hit) are escalated directly to the MLRO.

Step 3: Formal Escalation (Within 24 Hours)

A formal escalation report is submitted to the Compliance Department, containing: the nature of the concern; supporting evidence (documents, screenshots, call recordings, system alerts); the customer’s risk profile and account history; and recommended next steps.

Step 4: Investigation (Within 5 Business Days)

The Compliance Department conducts a full investigation, which may include: enhanced verification of the customer’s identity and beneficial ownership; review of transaction history; interviews with the customer, the referring employee, and any relevant third parties; analysis of device, geolocation, and behavioural data; and engagement with external verification services.

Step 5: Decision and Action

Based on the investigation findings, the Compliance Department (in consultation with the MLRO where applicable) determines the appropriate course of action: proceed with standard or enhanced measures; restrict, freeze, or close the account; file a SAR/STR; and/or refer the matter to law enforcement.

Step 6: Record Keeping and Reporting

All escalation and investigation records are retained for a minimum of seven (7) years. Aggregate escalation data is reported to the VCC quarterly and to the Board annually.

Document Control

Version

Date

Author

Summary of Changes

1.0

January 2024

Compliance Dept.

Initial release of third-party account opening disclaimer.

2.0

September 2024

Compliance Dept.

Enhanced attestation language; added risk classification matrix (Annex B); expanded definitions.

3.0

February 2025

Legal & Compliance

Added escalation procedures (Annex D); expanded vulnerable customer provisions; updated regulatory references.

3.1

May 2026

Legal & Compliance

Comprehensive institutional revision: expanded regulatory context; enhanced due diligence framework; detailed roles and responsibilities; expanded annexes (red flags, escalation flowchart); digital onboarding safeguards; cross-border cooperation provisions.

© 2025 Asprofin Bank. All rights reserved.