Information Disclosure in Cyprus

In accordance with Cyprus Law on disclosure and exchange of information, the restrictions and procedures in relation to Exchange of information are set out below to provide a general picture on the policy of Cyprus on this issue in light of the amendment by the Protocol of the Article 26 of the Double Taxation Agreement (Cyprus-Russia).

Exchange of Information under Art. 26 of the DTA

The purpose of the DTA is to promote international co-operation in tax matters through exchange of information. By implementing Art.26, the states agree to the exchange of information upon request but under certain conditions and upon fulfillment of certain requirements.

The Article 26 does not impose on a contracting state the following obligations:

• to carry out administrative measures at variance with the laws and administrative practice of that or of the other Contracting State;
• to supply information which is not obtainable under the laws or in the normal course of the administration of that or of the other Contracting State;
• to supply information which would disclose any trade, busi¬ness, industrial, commercial or professional secret or trade process, or information the disclosure of which would be contrary to public policy (order public).

The main legislative requirements of disclosure of information contained in the following acts:

• The Assessment and Collection of Taxes Law of 1978 to 1999 (“ACT Law”)
• International Trusts Law (Law No. 69(I)/92)
• Processing of Personal Data (Protection of the Individual) Law, Law 138 (I)/2001
• Prevention and Suppression of Money Laundering Activities Law 188(I)/2007 (“AML Law”)

Let us consider each one in detail.

1. The Assessment and Collection of Taxes Law of 1978 to 1999 (“ACT Law”) deals specifically with the issue of exchange of information which arises as a result of DTA compliance. Section 6 of the ACT Law empowers the Director of the Inland Revenue Department of the Ministry of Finance (“the Director”) to request information from any third party (which may be a bank or other credit institution) in relation to a valid enquiry that has been made by the respective competent authority (the “applicant party”) of the other Contracting State. This power is granted irrespective of any prevailing legislation which provides for confidentiality or other restriction in supplying the said information (i.e. banking secrecy, professional confidentiality – with the exception of lawyer-client confidentiality in the capacity of a lawyer acting as a legal adviser and not in providing any fiduciary services). In accordance with the provisions of this section of the law, the Director may request the books, records or other documents or information which are held or owned by a third party, as considered necessary, in relation to any person, including a company or a partnership that has been dissolved.

Information will only be provided by the tax authorities of Cyprus upon receiving a written request from the competent authority of the other state. The country seeking information must produce a written request, naming and adequately describing the taxable person and the specific bank in question or describing the information requested in sufficient detail. Fishing expeditions are not permitted under Art.26 in any way, or to request information that is unlikely to be relevant to the tax affairs of a given taxpayer. The requesting state should provide the Director with specific details of the reason for the request of information as follows:

• the identity of the person under examination or investigation;
• description of the information sought including its nature and the form in which the applicant Party wishes to receive the information from the Director;
• the tax purpose for which the information is sought;
• grounds for believing that the information requested is held by the Director or is in the possession or control of a person within the Republic of Cyprus;
• to the extent known, the name and address of any person believed to be in possession of the requested information;
• a declaration that the request is in conformity with the law and administrative practices of the applicant Party, that if the requested information was within the jurisdiction of the applicant Party then the competent authority of the applicant Party would be able to obtain the information under the laws of the applicant Party or in the normal course of administrative practice;
• a declaration that the applicant Party has exhausted all means at its disposal within its jurisdiction to obtain the information, except those that would give rise to disproportionate /excessive difficulties.

Notwithstanding any other provisions or conditions set out above, the Director needs to obtain the written consent of the Attorney General before he proceeds with a formal enquiry to a third party and exercising its powers under the law. Such consent is obtained only after a relevant written application by the Director himself and provided that there is justified, well founded suspicion that tax fraud or other international crime has taken place. The Attorney General acts as the legal advisor of the Republic of Cyprus and will not provide such consent unless he is satisfied that all requirements of the law have been met and that the request is under all circumstances appropriate.

Given that section 6 of this law provides that the power of the Director is given irrespective of other legislation on confidentiality or bank secrecy, it is submitted that when a third party is asked to comply with requests from the Director, it will not be held in contravention of any confidentiality or bank secrecy rules.

The Cyprus Parliament passed a number of amendments to the tax and company laws towards the end of 2013. The main aim was to modernize the administrative procedures and in turn to meet the obligations of the government towards the European Commission, the European Central Bank and the International Monetary Fund as a result of its application for financial support. The Assessment and Collection of Taxes Law (197(I)/2012) was introduced, which amends the previous Assessment and Collection of Taxes Law (4/1978) and aims to simplify the exchange of information in relation with the taxation field.

Prior to the amendment, the tax authorities were not authorised to disclose information to an overseas tax authority, except under a double tax agreement. Under the new law, tax information can be exchanged between Cyprus and any other country with which it has signed an agreement to exchange tax information. Article 6 of the 1978 law empowered the tax authorities to require any person to make available information, records, books or any other document which they considered necessary to be disclosed under the double tax agreements to which Cyprus is a party. Following the enactment of the amending law, the scope of this power has been widened to allow the tax authorities to require information or documentation to be made available for the purposes of a tax information exchange agreement or in the context of the EU Directive on Administrative Cooperation in the Field of Taxation (2011/16/EC).

Article 6(b) of the 1978 law required the tax authorities to inform persons when they were the subject of any tax investigation process. The amending law allows the authorities to refrain from disclosure if they consider that it might jeopardise the effectiveness of the investigation.

The amending law also introduces a requirement for companies registered, but not tax resident, in Cyprus to submit financial information to the tax authorities in a prescribed form.

2. International Trusts Law (Law No. 69(I)/92)

Section 11 of the International Trusts Law (Law No. 69(I)/92), serves to remind settlors, trustees and beneficiaries that a trust relationship is a highly confidential one, and information should not be disclosed to third parties, unless of course a Cyprus Court orders the information to be disclosed.

Subject to the terms of the instrument creating an international trust and where the court has not issued an order for disclosure, the trustee or any other person, including government officials and officers of the Central Bank of Cyprus, shall not disclose to any person not legally entitled thereto any information or documents which, inter alia, disclose the name of the settlor or any of the beneficiaries or which relate to or form part of the accounts of the international trust.

Notwithstanding the provisions of any other law, a Court in any civil or criminal proceedings may by an order allow the disclosure of the aforementioned information or documents on application by a litigant or by a party in the above civil or criminal proceedings depending on the circumstances. The court shall issue an order in accordance with the aforementioned if it is satisfied that the disclosure of the aforementioned information or documents is of paramount importance to the outcome of the case.

3. Processing of Personal Data (Protection of the Individual) Law, Law 138 (I)/2001

Processing of personal data is permissible under the Law 138 (I)/2001, section 5 in cases where the data subject has expressly consented to such processing, or in the event that there is no such consent obtained where the processing of personal data is necessary for the fulfillment of the obligation of the data controller which is imposed by law or where the processing is necessary for the execution of works of public interest or which falls within the exercise of public authority and has been assigned to the data controller or to a third person.

Section 6 of the Law imposes a general prohibition on the collection and processing of sensitive data (i.e. that relating to criminal prosecutions or sentencing) although it then sets out a number of exceptions to this principal. For instance where the processing is necessary for establishment, exercise or defense of legal claims before Courts or where the processing is necessary for serving national interests or national security, criminological / forensic or correctional policy needs and as long as it is carried out by a service of the Republic of Cyprus or an organization or institution authorized for that purpose by a service of the Republic of Cyprus and concerns the ascertainment of crimes, criminal sentencing, security measures and investigation into major destructions, i.e. natural disasters or large scale destruction caused by terrorist attacks or other criminal activity.

The data subject has the right to object on compelling legitimate grounds relating to his particular situation, to the processing of data relating to him. The objection must be addressed in writing to the data controller and must contain a request for specific action to be taken, such as correction, temporary abstention from use, blocking, and abstention from transmission or erasure. If the data controller fails to reply within fifteen days from the submission of the request or if his reply is unsatisfactory, the data subject has the right to apply to the Data Protection Commissioner and request that his objections are examined. If the Commissioner considers that the objections may be reasonable and there is a risk of serious harm to the data subject as a result of the continuation of processing, the Commissioner can order the immediate suspension of the processing pending a final decision on the objections.

If a public authority, or any other person, such as a legal person of public or private law or an association of persons or natural person, carries out processing of data concerning a data subject aiming, inter alia, at evaluating the data subject’s personality and productivity in his employment, financial solvency, reliability and in general his behavior, the data subject has the right to apply to the competent Court for the issuing of an injunction restraining such processing. The right for interim protection may be satisfied in accordance with the Courts of Justice Law, the Civil Procedure Law or any other law providing for the issue of provisional orders.

The Commissioner’s decisions are subject to recourse as an administrative act before the Supreme Court of Justice under Article 146 of the Constitution of the Republic of Cyprus. Criminal and civil decisions of the Courts are also subject to Appeal to the Supreme Court of Justice.

The data controller has the obligation to compensate a data subject who has suffered damage by reason of violation of any provision of this Law, unless he proves that he is not responsible for the event that caused the damage.

According to section 9 of the Law 138(I)/2011, the transmission of data to third countries is permissible upon receiving the permission of the Commissioner. Such permission is granted only if the Commissioner considers that that country ensures an adequate level of protection. In exceptional cases with the permission of the Commissioner, where the adequate level of protection is not found, the transmission of data is permitted if for instance the transmission is necessary in order to deal with an exceptional necessity for the safeguard of a superior public interest, especially for the performance of agreements of co-operation with the public Authorities of the other country or the transmission is necessary for the establishment, exercise or defense of legal claims before a court.

4. Prevention and Suppression of Money Laundering Activities Law 188(I)/2007 (“AML Law”)

Albeit the AML Law does not directly deal with the DTA on Avoidance of Double Taxation, it affects the confidentiality (i.e. of corporate services companies) and bank secrecy rules upon an order for disclosure under the provisions of this law.

The AML Law is concerned, inter alia, with procedural matters applicable to all kinds of money laundering activity as a criminal offence, ie. Confiscation orders, interim orders (Parts II and III), and other measures, such as orders for the disclosure of information (Part V), or summary inquiry (Part VI).

Without prejudice to the provisions of other laws, in relation to the receipt of information or documents in the course of investigating the possible commission of offences, for the purposes of inquiry in relation to prescribed offences or in relation to inquiry for the determination of proceeds or instrumentalities, the court may, on the application of the investigator of the case, make an order for disclosure under the provisions of Part V of the Law.

The court before which an application for the making of an order for disclosure is submitted, may, if satisfied that the following conditions are fulfilled, make an order for disclosure, addressed to the person who appears to the court to be in possession of the information to which the application relates, calling upon the said person to disclose or produce the said information to the investigator or any other person specified in the order within seven days or within such a longer or shorter period of time as the court may specify in the order if it considers expedient under the circumstances. The conditions referred are that:

• there is a reasonable ground for suspecting that a specified person has committed or has benefited from the commission of a prescribed offence;
• there is reasonable ground for suspecting that the information to which the application relates is likely to be, whether by itself or together with other information, of substantial value to the investigations for the purposes of which the application for disclosure has been submitted;
• the information does not fall within the category of privileged information (communication between an advocate and a client for the purposes of obtaining professional legal advice or legal services and any other information which is not admissible in court for the protection of the public interest under the law in force at the relevant time);
• there is a reasonable ground for believing that it is in the public interest that the information should be produced or disclosed, having regard to:

- the benefit likely to result for the investigation from the disclosure or provision of the said information; and
- the circumstances under which the person in possession of the information holds it.

The order for disclosure -

• may also be made in relation to information which is in the possession of a government officer;
• shall have effect despite any obligation for secrecy or other restriction upon the disclosure of information imposed by law or otherwise;
• shall not confer any right for production or disclosure of information which is privileged.
• It is served only to the person who has in his possession the information referred to in the application.

Any person to whom an order of disclosure is addressed under section 46 of the Law (Conditions for the making of an order for disclosure), shall have an obligation to notify forthwith the investigator about any subsequent change in the information that has already been given under this section. Non-disclosure of information may, considering the circumstances of the case, result to an offence, penalty and/or imprisonment.

It is a defense under section 26 (Part II) of the AML Law in the course of criminal proceedings against a person in respect of assisting another to commit a laundering offence, that this person intended to disclose to a police officer or to the Unit for Combating Money Laundering – MOKAS (the ‘Unit’), this person’s suspicion or belief that an agreement or arrangement related to the proceeds of a predicate offence and that his failure to make the disclosure was based on reasonable grounds (any such disclosure would not be treated as a breach of any restriction on the disclosure of information imposed by contract).

A person against whom criminal proceeding were instituted for the commission of a predicate offence (money laundering offence, financing of Terrorism offence, drug trafficking offence) can bring an action to the court for compensation if it did not result to conviction or upon appeal the conviction is quashed. Court may order compensation to be paid to any if it considers it to be just under the circumstances of the case.

Internal and International Co-operation

A more detailed reference is made below to MOKAS, and its co-operation with other authorities on exchanging information.

The Unit for Combating Money Laundering (MOKAS) is the Financial Intelligence Unit (FIU) of Cyprus. It is the national center for receiving, requesting, analyzing and disseminating disclosures of suspicious transactions reports and other relevant information concerning suspected money laundering and terrorist financing. MOKAS, inter alia, has the power to:

• cooperate and exchange information with other FIUs,
• issue guidance directives and provide training to financial institutions, the Police, professionals and others,
• issue administrative orders for the postponement of transactions,
• Members of the FIU can apply and obtain court orders, ie, disclosure orders, freezing orders, confiscation orders,
• protect the privacy of the information it possesses.

MOKAS, functions under the Attorney General of the Republic of Cyprus and strongly supports international co-operation and to this end priority is given to requests for legal assistance submitted from foreign authorities, through formal rogatory letters and with the exchange of information with the counterparts of other countries. Formal rogatory letters are received by MOKAS via the Ministry of Justice and Public Order.

MOKAS co-operates with foreign counterpart Units and can exchange information with any type of foreign Units, (judicial, police, administrative). The Cyprus FIU signed Memoranda of Understanding with Russian Federation counterpart.

MOKAS, as a law enforcement authority, cooperates and exchanges information with the International Police (INTERPOL) and the European Police (EUROPOL) through their local office which is based at the Police Headquarters in Nicosia.

During investigations, MOKAS may exchange information via the following channels:

• FIU.NET – A network developed by E.U. which is used by E.U. FIUs for the purpose of information exchange.
• Egmont Secure Web – A network for information exchange than can be used by any country around the world which has an FIU member of Egmont Secure Web. There are 121 recognised FIUs around the globe until today.
• A.R.O. (Asset Recovery Office) – A network for communication of the Asset Recovery Offices of E.U. member states. The Council of Ministers has appointed MOKAS as the Cyprus Asset Recovery Office.

The AML Law provides for a mandatory reporting of suspicious transactions to MOKAS and the obligation to take the appropriate preventive measures (e.g. identification of customers, record keeping, mandatory reporting) applied to all persons who are engaged in financial business, including lawyers and accountants. MOKAS may apply to the Court to obtain freezing, confiscation and disclosure orders. In addition, MOKAS is also engaged in policy issues in the area of anti-money laundering measures as well as in various awareness raising and training initiatives on the subject, involving both the public and the private sector. There is close co-operation between the credit and other financial institutions on the one hand and MOKAS on the other, based on the relevant provisions of the Law as well as on guidance notes issued by the supervisory authorities of the financial institutions.

MOKAS recognizes the importance which is placed on the level and quality of cooperation with local bodies which have a decisive role in the fight against money laundering and the financing of terrorism, and for this reason it cooperates constructively with the following bodies and organizations:

• Reporting entities such as financial institutions and professionals
• The Customs and Excise Department
• All Supervisory Authorities: Central Bank of Cyprus, the Authority for the Supervision and Development of Cooperative Societies, the Securities and Exchange Commission, the Commissioner of Insurance, the Council of the Institute of Certified Public Accountants of Cyprus, the Council of the Cyprus Bar Association

The abovementioned Supervisory Authorities are responsible for monitoring the compliance of the members falling under their supervision based on the provisions of the Law as well as the Directives that are regularly issued for the better implementation of the Law. In case a Supervisory Authority has information or believes that a person falling under its supervision is involved in the commission of a money laundering or financing of terrorism offence it must disseminate the information to the Unit-MOKAS.

The Money Laundering Law designates the Central Bank of Cyprus as the Supervisory authority for all persons licensed to carry on banking business in or from within Cyprus as well as for all persons authorized to carry on international financial services activities from within Cyprus (s.59 of the Law). Where the Central Bank of Cyprus is of the opinion that a person falling within its supervisory responsibility has failed to comply with the provisions of the Law, it is under an obligation to refer the matter to the Attorney General. Furthermore, where the Central Bank of Cyprus possesses information and is of the opinion that any person subject to its supervision may have been engaged in a money laundering offence it shall, as soon as is reasonable practicable, transmit the information to MOKAS. The Money Laundering Compliance Officer is the person in charge for notifying MOKAS by filing a written report with MOKAS in case of suspicions and remains the first point of contact with MOKAS throughout the investigation.

In this respect, MOKAS has been established in accordance with the AML Law, being responsible for gathering and evaluating information relevant to laundering offences as well as conducting investigations on alleged laundering offences.

Concluding Remarks

The exchange of information is restricted in various ways by the terms of the agreement itself, and by the domestic laws of the Contracting States. For example, under Article 26.3 of the DTA as amended, Cyprus is not required to supply information not obtainable under its own laws or in the normal course of administration or obtainable by carrying out administrative measures at variance with the laws and administrative practice of Cyprus. Further it is noted that in effect all countries have bank secrecy or confidentiality rules and meeting the standard of Article 26 of the Protocol requires only limited and generally acceptable exceptions to bank secrecy rules and would not undermine the confidence of citizens in the protection of their privacy. There are limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.