Cyprus is undergoing a significant regulatory transformation in 2025, reinforcing its sanctions enforcement mechanisms and modernizing its anti money laundering (AML) laws to address emerging risks, particularly in crypto assets. These changes are reshaping the corporate services, shipping, energy, and financial sectors, and promise to restore confidence in Cyprus as a fully compliant and forward looking jurisdiction.

1. National Sanctions Implementation Unit (NSIU) Launched

To centralize and strengthen sanctions enforcement, Cyprus has established a National Sanctions Implementation Unit (NSIU), which is expected to be fully operational by the end of 2025. The NSIU will investigate violations of national, EU and UN sanctions; process licence or exemption applications; collect and exchange information with domestic and foreign authorities; and impose administrative fines up to €100,000 plus €100/day for ongoing non compliance. Businesses, individuals and entities will have new reporting obligations: awareness of assets of sanctioned persons must be disclosed within two weeks. Designated persons must report all assets they own or control within Cyprus within six weeks of being listed. These requirements are designed to create forward looking transparency and strengthen enforcement.

2. AML Reforms: Crypto Assets & Risk Based Compliance

Simultaneously, Cyprus has passed the Prevention and Suppression of Money Laundering from Illegal Activities (Amendment) (No. 2) Law of 2025, bringing crypto asset service providers (CASPs) under the definition of “financial institutions”. This aligns with EU Regulation 2023/1113 (Transfer of Funds Regulation) and FATF standards, including the travel rule that requires traceability of certain transactions. In parallel, the Central Bank of Cyprus introduced a new AML/CFT Directive (Κ.Δ.Π. 120/2025) that came into force 2 June 2025. Key elements include extending customer due diligence obligations, strict governance mandates for boards and compliance officers, prohibiting full outsourcing of compliance functions, and enabling proportional risk based reviews rather than rigid schedules. These reforms are designed to bring all financial and quasi financial businesses into a more consistent framework.

3. Cuba’s MONEYVAL Report & Ongoing Monitoring Status

Cyprus has been under international monitoring for AML/CTF compliance, particularly from MONEYVAL. In its recent follow up report, Cyprus was found to have improved technical compliance: correspondent banking standards (Recommendation 13) upgraded to “Largely Compliant”. However, some areas like oversight of non profit organisations (Recommendation 8) remain with moderate deficiencies. Cyprus remains on MONEYVAL’s enhanced monitoring list, meaning it must continue to prove progress and address remaining gaps.

Why This Overhaul Matters

• Regulatory Credibility: NSIU gives Cyprus a centralised, visible sanctions authority. For investors, partners, and other jurisdictions, this signals accountability.
• Emerging Risks Covered: With crypto regulation catching up, CASPs will no longer be loopholes in the AML regime; travel rules improve traceability.
• Flexibility and Governance: The new CBC directive shifts toward risk based compliance, which means lower burden for low risk actors, but stricter oversight for higher risk ones.
• International Alignment: These changes align Cyprus with EU and FATF regimes, helping reduce risk of sanctions, reputational damage, and regulatory friction abroad.
• Remaining Work: Areas like charitable/NPO oversight remain vulnerable. Businesses must adapt quickly to new obligations, especially sanction reporting, and ensure internal policies and systems are updated.

What Businesses & Professionals Should Do Now:

• Review corporate compliance frameworks to ensure ability to comply with NSIU obligations and sanctions reporting duties.
• For firms in crypto assets, enhance transaction monitoring, ensure travel rule compliance, KYC/AML are up to standard.
• Boards and senior leadership need to be educated on their new governance roles under the CBC directive.
• Shipping companies, energy sector participants, and infrastructure project developers should assess their exposure to sanctions, supply chain risks, and governance obligations.
• Use audits, internal reviews, and external counsel advice to close gaps in compliance, especially in NPO oversight, correspondent banking, risk assessments.

Cyprus’s ongoing reforms mark a decisive shift: from being perceived sometimes as lagging in aspects of financial integrity to stepping into a leadership role on sanctions implementation, crypto regulation, and risk based AML. For legal, corporate, energy and shipping sectors, the landscape is changing on new standards.

The information provided by AGPLAW | A.G. Paphitis & Co. LLC is for general informational purposes only and should not be construed as professional or formal legal advice. While every effort has been made to ensure the accuracy and reliability of the information contained herein, the author, publisher, or any related parties make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability of the information. In no event will the author, publisher, or any related parties be liable for any loss or damage, including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this document/article. You should not act or refrain from acting based on any information provided above without obtaining legal or other professional advice.