Peer Review Report Phase 2 Implementation of The Standard in Practice

GLOBAL FORUM ON TRANSPARENCY AND EXCHANGE OF INFORMATION FOR TAX PURPOSES
Peer Review Report Phase 2 Implementation of the Standard in Practice

CYPRUS
Global Forum on Transparency and Exchange of Information for Tax Purposes Peer Reviews: Cyprus 2013
PHASE 2: IMPLEMENTATION OF THE STANDARD IN PRACTICE
November 2013 (reflecting the legal and regulatory framework as at August 2013)
This work is published on the responsibility of the Secretary-General of the OECD. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the OECD or of the governments of its member countries or those of the Global Forum on Transparency and Exchange of Information for Tax Purposes. This document and any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area.
Please cite this publication as: OECD (2013), Global Forum on Transparency and Exchange of Information for Tax Purposes Peer Reviews: Cyprus 2013: Phase 2: Implementation of the Standard in Practice, OECD Publishing. http://dx.doi.org/10.1787/9789264205482-en
ISBN 978-92-64-20547-5 (print) ISBN 978-92-64-20548-2 (PDF)
Series: Global Forum on Transparency and Exchange of Information for Tax Purposes Peer Reviews ISSN 2219-4681 (print) ISSN 2219-469X (online)
Corrigenda to OECD publications may be found on line at: www.oecd.org/publishing/corrigenda.
OECD 2013
You can copy, download or print OECD content for your own use, and you can include excerpts from OECD publications, databases and multimedia products in your own documents, presentations, blogs, websites and teaching materials, provided that suitable acknowledgment of OECD as source and copyright owner is given. All requests for public or commercial use and translation rights should be submitted to rights@oecd.org. Requests for permission to photocopy portions of this material for public or commercial use shall be addressed directly to the Copyright Clearance Center (CCC) at info@copyright.com or the Centre franais dexploitation du droit de copie (CFC) at contact@cfcopies.com.
TABLE OF CONTENTS 3
Table of Contents
About the Global Forum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Information and methodology used for the peer review of Cyprus. . . . . . . . . . . .11 Overview of Cyprus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Recent developments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Compliance with the Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 A. Availability of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 A.1 Ownership and identity information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 A.2 Accounting records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 A.3 Banking information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 B. Access to Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 B.1 Competent Authoritys ability to obtain and provide information . . . . . . . . 55 B.2 Notification requirements and rights and safeguards . . . . . . . . . . . . . . . . . . 69 C. Exchanging information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C.1 Exchange of information mechanisms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C.2 Exchange of information mechanisms with all relevant partners . . . . . . . . . C.3 Confidentiality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C.4 Rights and safeguards of taxpayers and third parties . . . . . . . . . . . . . . . . . . C.5 Timeliness of responses to requests for information. . . . . . . . . . . . . . . . . . . 71 72 80 82 85 86
PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013
4 TABLE OF CONTENTS Summary of Determinations and Factors Underlying Recommendations. . . . 95 Annex 1: Jurisdictions Response to the Review Report . . . . . . . . . . . . . . . . . .101 Annex 2: List of All Exchange-of-Information Mechanisms in Force . . . . . . .103 Annex 3: List of All Laws, Regulations and Other Material Consulted. . . . . 107 Annex 4: Persons Interviewed During the On-site Visit . . . . . . . . . . . . . . . . . 109
ABOUT THE GLOBAL FORUM 5
About the Global Forum

The Global Forum on Transparency and Exchange of Information for Tax Purposes is the multilateral framework within which work in the area of tax transparency and exchange of information is carried out by over 120 jurisdictions, which participate in the Global Forum on an equal footing. The Global Forum is charged with in-depth monitoring and peer review of the implementation of the international standards of transparency and exchange of information for tax purposes. These standards are primarily reflected in the 2002 OECD Model Agreement on Exchange of Information on Tax Matters and its commentary, and in Article 26 of the OECD Model Tax Convention on Income and on Capital and its commentary as updated in 2004. The standards have also been incorporated into the UN Model Tax Convention. The standards provide for international exchange on request of foreseeably relevant information for the administration or enforcement of the domestic tax laws of a requesting party. Fishing expeditions are not authorised but all foreseeably relevant information must be provided, including bank information and information held by fiduciaries, regardless of the existence of a domestic tax interest. All members of the Global Forum, as well as jurisdictions identified by the Global Forum as relevant to its work, are being reviewed. This process is undertaken in two phases. Phase 1 reviews assess the quality of a jurisdictions legal and regulatory framework for the exchange of information, while Phase 2 reviews look at the practical implementation of that framework. Some Global Forum members are undergoing combined Phase 1 and Phase 2 reviews. The Global Forum has also put in place a process for supplementary reports to follow-up on recommendations, as well as for the ongoing monitoring of jurisdictions following the conclusion of a review. The ultimate goal is to help jurisdictions to effectively implement the international standards of transparency and exchange of information for tax purposes. All review reports are published once adopted by the Global Forum. For more information on the work of the Global Forum on Transparency and Exchange of Information for Tax Purposes, and for copies of the published review reports, please refer to www.oecd.org/tax/transparency and www.eoi-tax.org.
EXECUTIVE SUMMARY 7
Executive Summary
1. This report summarises the legal and regulatory framework for transparency and exchange of information in Cyprus 1, 2, as well as the practical implementation of that framework. The international standard which is set out in the Global Forums Terms of Reference to Monitor and Review Progress Towards Transparency and Exchange of Information, is concerned with the availability of relevant information within a jurisdiction, the competent authoritys ability to gain timely access to that information, and in turn, whether that information can be effectively exchanged with its exchange of information (EOI) partners. 2. The economy of Cyprus is mainly driven by the services sector, which accounts for more than 80% of its gross domestic product. The economy is internationally orientated, resulting in relatively high foreign direct investment flows. Cyprus has a fully developed tax system including an income tax and a value added tax. In 2004, Cyprus joined the European Union. Relevant entities include companies, partnerships, trusts and cooper3. ative societies. Companies and cooperative societies are required to maintain a register of members and the list of members must be furnished to the authorities on a regular basis. Public companies could issue share warrants to bearer until December 2012, by which date this possibility was restricted to public companies listed on a regulated market. Partnerships must be registered with the authorities and details of each partner must be provided upon registration. Subsequent changes must also be registered. Cyprus legal and
1. Note by Turkey: The information in this document with reference to Cyprus relates to the southern part of the Island. There is no single authority representing both Turkish and Greek Cypriot people on the Island. Turkey recognises the Turkish Republic of Northern Cyprus (TRNC). Until a lasting and equitable solution is found within the context of the United Nations, Turkey shall preserve its position concerning the Cyprus issue. Note by all the European Union Member States of the OECD and the European Union: The Republic of Cyprus is recognised by all members of the United Nations with the exception of Turkey. The information in this document relates to the area under the effective control of the Government of the Republic of Cyprus.
2.
8 EXECUTIVE SUMMARY
regulatory framework therefore requires that ownership and identity information on companies, partnerships and cooperative societies is available. 4. Since 21 December 2012, all trustees are under a clear obligation to have information available on the other trustees, settlors and beneficiaries. As this requirement has only been recently introduced, Cyprus should closely monitor its practical implementation. In respect of accounting records, tax law, as well as commercial laws, 5. contain a general obligation on relevant entities and arrangements to keep such records. Tax law also requires all relevant entities and arrangements to keep underlying documentation and to keep documentation for a period of at least six years. However, as comprehensive obligations in respect of certain trusts and companies incorporated in Cyprus but managed and controlled abroad have only been introduced by the end of 2012 and in July 2013, Cyprus should monitor the practical implementation of these newly introduced rules. 6. Some clear legal obligations have only been introduced in 2012 or 2013 and were not in force during the three-year review period. This is in particular the case in respect of the obligation to keep full identity information on trusts (although it is noted that such information was not requested from Cyprus) and obligations to keep accounting records for certain entities. In addition, compliance with some important obligations is low and no or insufficient monitoring and enforcement takes place. This is in particular the case in respect of the obligation for companies to file an annual return to the Registrar (which should contain up-to-date ownership information), with only an average of 23% of the returns filed over the period 2008-12. The low compliance rate of filing annual returns with the Registrar may have resulted in Cyprus not exchanging up-to-date information, since this is the primary source used by the Cypriot authorities for obtaining ownership information on companies and partnerships. Compliance with general tax law obligations, such as registering and submitting annual tax returns, is also not high. A number of peers have commented that accounting information was 7. not provided in the three-year review period because it was not available. This was generally in cases where a person had not complied with its obligations to submit its tax return(s) and/or the annual returns to the Registrar. Cyprus should ensure that accounting records are being kept by all relevant entities and arrangements. 8. All records pertaining to the accounts as well as to related financial and transactional information are required to be kept by Cypriot banks under AML/CFT legislation. Regular inspections by the supervisory authorities as well as the experience that information requested from a bank could be obtained and exchanged, confirm that this information is generally available with the banks.
EXECUTIVE SUMMARY 9
9. The International Tax Affairs Division (ITAD) is responsible for handling EOI requests. There are powers to obtain information that were specifically designed for information exchange purposes, which have in practice only been used where information must be obtained directly from a bank and would be used only where information needs to be obtained from third parties. In other cases, i.e. where information must be obtained from Cypriot taxpayers, the Cypriot competent authority uses its domestic access powers. Cyprus has not sought information from third parties other than banks during the three-year review period. Where bank information was requested, the information was directly obtained from a bank in only 11 out of the 150 cases. These practices may have contributed to unnecessary delays in obtaining the information. It is recommended that Cyprus uses its information gathering powers to obtain information from all potential information holders, including directly from banks, where appropriate. In addition, Cyprus domestic access powers include search and seizure powers and penalties for non-compliance, but these compulsory powers have not been used effectively by Cyprus in all cases, in particular with respect to bank information. 10. The former practice of the Cypriot competent authority not to approach the taxpayer for information before that taxpayer had submitted its income tax return(s) for the year(s) the information sought by the requesting jurisdiction related to, even in cases where no direct relationship between the tax return and the information sought existed, has also led to unnecessary delays in obtaining the information. Since the end of 2011, this practice has been discontinued so that information can be obtained from the taxpayer irrespective of whether the tax return has been submitted or not. Cyprus should monitor the practical implementation of its revised policy in respect of obtaining information from Cypriot taxpayers. 11. Cyprus has an exchange of information relationship with 53 jurisdictions through a network of DTCs and Council Directive 2011/16/EU. These mechanisms generally contain sufficient provisions to enable Cyprus to exchange all relevant information. In March 2012, Cyprus stated that it is ready to negotiate exchange of information agreements regardless of form, including TIEAs, without any conditions. Nevertheless, delays between eight months and three years have been reported by Global Forum members before receiving firm commitment from Cyprus to start negotiations. It is recommended that Cyprus enters into agreements for exchange of information (regardless of their form) with all relevant partners, meaning those partners who are interested in entering into an information exchange arrangement with it. 12. In the three-year review period (1 July 2009-30 June 2012), Cyprus received a total of 929 requests for information from more than 30 partner jurisdictions. Almost 80% of the requests were responded to after more than
10 EXECUTIVE SUMMARY
180 days or had not been fully responded to as at March 2013. According to the Cypriot authorities, of the requests which had not been fully responded to as at March 2013, partial replies have been sent in 62.5% of the cases, which is 230 out of the 368 requests. This means that of the 929 requests received, 60% has been provided with a final response. In 25% of the cases a partial reply was sent, and the remaining 15% of the cases had not been responded to at all as at March 2013. Peers have reported that they have not received responses to a significant number of queries even after two years or more, and the likelihood of the information still being useful to the requesting jurisdiction, or in some cases even the likelihood of the information being obtained and exchanged may be considered low. While Cyprus considers these cases still pending, these statistics show that timely responses have not been provided in a significant number of cases. Cyprus should ensure that it responds to EOI requests in a complete and timely manner. 13. One reason for the delay in responding is the lack of sufficient staff to handle EOI requests. Recently, additional staff were hired by ITAD and allocated to deal with the backlog of outstanding requests. Nevertheless, Cyprus should monitor that the resources allocated to its competent authority are sufficient to deal with all incoming EOI requests. 14. Cyprus has been assigned a rating 3 for each of the 10 essential elements as well as an overall rating. The ratings for the essential elements are based on the analysis in the text of the report, taking into account the Phase 1 determinations and any recommendations made in respect of Cyprus legal and regulatory framework and the effectiveness of its exchange of information in practice. On this basis, Cyprus has been assigned the following ratings: Compliant for elements A.3, B.2, C.1, C.3 and C.4, Largely Compliant for element C.2, Partially Compliant for elements A.1 and C.5, and Non-Compliant for elements A.2 and B.1. In view of the ratings for each of the essential elements taken in their entirety, the overall rating for Cyprus is Non-Compliant. 15. A follow up report on the steps undertaken by Cyprus to answer the recommendations made in this report should be provided to the PRG within twelve months after the adoption of this report. Such follow up report should include references to the practical implementation of recently introduced legislation as described in this report as well as developments in respect of response times by Cyprus to EOI requests received.
3.
This report reflects the legal and regulatory framework as at the date indicated on page 1 of this publication. Any material changes to the circumstances affecting the ratings may be included in Annex 1 to this report.
INTRODUCTION 11
Introduction
Information and methodology used for the peer review of Cyprus

16. The assessment of the legal and regulatory framework of Cyprus was based on the international standards of transparency and exchange of information as described in the Global Forums Terms of Reference, and was prepared using the Methodology for Peer Reviews and Non-Member Reviews. The assessment has been conducted in two stages. The 2012 Phase 1 Report was based on the laws, regulations and exchange of information mechanisms in force or effect as at December 2011, other information, explanations and materials supplied by Cyprus, and information supplied by partner jurisdictions. The Phase 2 assessment is based on the laws, regulations, and exchange 17. of information mechanisms in force or effect as at 9 August 2013, the Cypriot responses to the Phase 2 questionnaire, supplementary questions and other materials supplied by Cyprus, information provided by exchange of information partners, and explanations provided by Cyprus during the on-site visit that took place from 20-22 March 2013 in Nicosia, Cyprus. During the on-site visit, the assessment team met with officials and representatives of the Ministry of Finance (including the Department of Inland Revenue), the Registrar, the Central Bank, the Authority for the Supervision and Development of Cooperative Societies, the Cyprus Securities and Exchange Commission, the Attorney-Generals office, the Cyprus Bar Association and the Institute of Certified Public Accountants of Cyprus (see Annex 4). The following analysis reflects the integrated 2012 Phase 1 and the 2013 18. Phase 2 assessments of the legal and regulatory framework of Cyprus in effect as at 9 August 2013, and the practical implementation and effectiveness of this framework in the three-year review period of 1 July 2009 to 30 June 2012. 19. The Terms of Reference break down the standards of transparency and exchange of information into 10 essential elements and 31 enumerated aspects under three broad categories: (A) availability of information; (B) access to information; and (C) exchanging information. This review assesses Cypruss legal and regulatory framework and the implementation
12 INTRODUCTION
and effectiveness of this framework against these elements and each of the enumerated aspects. In respect of each essential element a determination is made regarding Cypruss legal and regulatory framework that either: (i) the element is in place, (ii) the element is in place but certain aspects of the legal implementation of the element need improvement, or (iii) the element is not in place. These determinations are accompanied by recommendations for improvement where relevant. In addition, to reflect the Phase 2 component, recommendations are made concerning Cypruss practical application of each of the essential elements and a rating of either: (i) compliant, (ii) largely compliant, (iii) partially compliant, or (iv) non-compliant is assigned to each element. An overall rating is also assigned to reflect Cypruss overall level of compliance with the standards. 20. The Phase 1 assessment was conducted by a team which consisted of two expert assessors and a representative of the Global Forum Secretariat: Mr. Duncan Nicol, Director from the Cayman Islands Tax Information Authority; Mr. Philippe Cahanin, Deputy Director in the Large Business Audit Branch of the French Revenue Administration; and Mr. Mikkel Thunnissen from the Global Forum Secretariat. For the Phase 2 assessment Mr. Philippe Cahanin was replaced by Mr. Sidi-Mohamed Zeddoun, also from the Large Business Audit Branch of the French Revenue Administration. 21. The ratings assigned in this report were adopted by the Global Forum in November 2013 as part of a comparative exercise designed to ensure the consistency of the results. An expert team of assessors was selected to propose ratings for a representative subset of 50 jurisdictions. Consequently, the assessment teams that carried out the Phase 1 and Phase 2 reviews were not involved in the assignment of ratings. These ratings have been compared with the ratings assigned to other jurisdictions for each of the essential elements to ensure a consistent and comprehensive approach.
Overview of Cyprus
22. The island of Cyprus is the third largest island in the Mediterranean Sea, located in the Eastern Mediterranean at the crossroads of Europe, Asia and Africa. The population of Cyprus is estimated to be 862 000. 4 Its capital is Nicosia, where about 25% of the population resides. 23. The Cypriot economy has been in a recession since the second half of 2011. The gross domestic product is estimated to be EUR 17.9 billion in 2012. A banking crisis caused the recession to deepen in the first half of 2013. The services sector accounts for more than 80% of the economy. The services sector comprises a variety of economic activities, such as tourism, banking,
4. End 2011 estimate by the Statistical Service of Cyprus, www.cystat.gov.cy.
INTRODUCTION 13
finance and insurance, legal and business consulting and shipping and ship management. Cyprus main trading partner is Greece, with other important trading partners being Germany, Israel, the United Kingdom and Italy. 5 24. Cyprus is a member of the European Union (EU) since 1 May 2004. It also joined the Economic and Monetary Union at that date, and adopted the euro as its national currency on 1 January 2008.
Legal system
25. The basis for Cyprus government structure can be found in its Constitution. Cyprus is a republic with a Presidential system of Government. The President is elected for a five-year term of office. The President appoints the Council of Ministers and together they exercise executive power. Legislative power is exercised by the House of Representatives (unicameral system), the members of which are also elected for five-year terms. 26. The Cypriot legal system is mainly based on common law, but some areas are based on the civil law system. Some laws in force have been inherited from the time Cyprus was a British colony, but most have since been replaced by new legislation. International treaties can be concluded either under a decision of the Council of Ministers (where the treaty deals with certain specified matters, such as a Double Taxation Convention) or on approval by the House of Representatives. It will thereafter have superior force to any municipal law (on the condition of reciprocity) 6, meaning any piece of domestic legislation in Cyprus. Following Cyprus accession to the EU, the Constitution was amended to also give EU law supremacy over the Constitution and national legislation. 27. If mandated by national legislation, matters may be further dealt with in Ministerial Regulations or Regulative Decisions. This subsidiary legislation is then also binding. 28. The judicial power is exercised by the courts. District Courts have jurisdiction to deal with all civil actions at first instance except for matters that fall within the jurisdiction of specialised courts or tribunals. District Courts also have jurisdiction to deal with criminal cases where the maximum punishment for the offence is five years imprisonment or less. Other criminal cases are under the jurisdiction of the Assize Courts. Appeals from all lower courts can be made to the Supreme Court. The Supreme Court may also examine the constitutionality of any law.
5. 6. The data in this paragraph are derived from publications of the Statistical Service of Cyprus, www.cystat.gov.cy. See section 169 of the Constitution of Cyprus.
14 INTRODUCTION
Financial sector
29. The financial sector represents an important part of the Cypriot economy. Financial and insurance activities accounted for approximately 8.4% of its GDP in 2012 7. 30. The financial sector is supervised by several authorities. The main functions of the Central Bank of Cyprus in this regard are to supervise banks, to promote, regulate and oversee the smooth operation of payment and settlement systems and to safeguard the stability of the financial system. The mission of the Cyprus Securities and Exchange Commission is to ensure and safeguard the operation of a fair, orderly efficient and transparent securities market in Cyprus. It is therefore vested with the responsibility and the necessary powers to oversee the operation of Organised Markets, Investment Firms, the Issuers of shares listed on a regulated market, Credit Rating Agencies, Undertakings for Collective Investment in Transferable Securities (UCITS), as well as UCITS Management Companies. Furthermore, separate supervisory authorities exist for cooperative credit institutions, insurance companies and pension funds. 31. All banks must be licensed by the Central Bank and are subject to the Banking Law. The banking sector comprises 41 banks, of which six are locally based banks. Eight others are subsidiaries of foreign banks and the remaining 27 are branches of foreign banks. Almost half of the foreign banks having a subsidiary or branch in Cyprus is based in another EU member state. Most of the other foreign banks are based in the Middle East. In addition, cooperative credit institutions are also involved in banking, taking deposits almost entirely from local people. As at June 2013, 93 cooperative credit institutions are operational. The assets in the total banking sector amounted to approximately EUR 61 billion as at September 2013, having dropped considerably since the start of the recession in 2011 and the Eurozone crisis, which significantly affected the Cypriot banking sector. 32. All providers of financial services, trust services and company services, which include lawyers and tax advisors providing such services, are subject to obligations under AML/CFT legislation. In this regard they must carry out customer due diligence and report any suspicious transactions.
Taxation and international cooperation

33. The current Cypriot tax system is largely the result of a major reform that came into effect on 1 January 2003. The main objectives of this reform were to comply with the EU Code of Conduct for Business Taxation and EU harmonisation rules in order to be able to become an EU member, and also to
7. 2012 estimate by the Statistical Service of Cyprus, www.cystat.gov.cy.
INTRODUCTION 15
execute Cyprus commitment to the OECD following the 1998 OECD report Harmful Tax Competition: An Emerging Global Issue. With the reform the offshore tax regime was abolished and a residence-based tax regime was introduced. 34. Companies which have their effective management and control in Cyprus are subject to income tax from sources within and outside Cyprus in respect of business profits and certain investment income. Income from interest not accruing from ordinary business activities and from dividends is exempt. The income tax rate for companies was raised from 10% to 12.5% as per 1 January 2013. Foreign companies not having their effective management and control in Cyprus are subject to income tax on certain income from sources in Cyprus, such as having a permanent establishment there. A special regime applies in respect of shipping and ship management companies exempting them from tax under certain conditions. Cyprus has one of the largest shipping registries in the world. However, shipping and ship management companies are subject to the same rules as other companies and therefore no specific influence on exchange of information is to be expected. 35. Individuals resident in Cyprus are subject to income tax in respect of the same income as companies, as well as employment income and certain pension income. Rates are progressive with a maximum rate of 35%. Nonresidents (including non-resident partners of a partnership) are taxable on certain income derived from Cyprus. 36. Partnerships are considered tax transparent and tax is levied on the partners directly. Trustees are subject to tax in respect of the income received from the trust property under their control or administration. 37. A special contribution for strengthening the defence of Cyprus is levied on all residents receiving dividend (except most intercompany dividends), interest or rental income. The rates depend on the type of income and vary from 3% on rental income to 30% 8 on interest. 38. Several other taxes are levied, such as a capital gains tax on gains from the disposal of immovable property, a value added tax and stamp duty. 39. Cyprus has had double taxation conventions (DTCs) with its main trading partners since the 1970s. From the 1980s Cyprus has gradually expanded its network of DTCs and it now counts 47 DTCs covering 49 jurisdictions. Its powers to obtain and exchange information under these DTCs are implemented in the Assessment and Collection of Taxes Law. This power is executed by the Director of the Department of Inland Revenue of the Ministry of Finance.
8. Rate as from 29 April 2013, previously the rate was 15%.
16 INTRODUCTION
Recent developments
40. A new Mutual Assistance Directive (EU Council Directive 2011/16/ EU ) was adopted by the European Council on 15 February 2011. Cyprus has amended its domestic legislation to transpose the new Directive into its domestic legislation, which can be applied since 1 January 2013. 41. In 2012 and 2013, Cyprus made a number of changes to its legal and regulatory framework and practice to increase transparency and further comply with the international standard on transparency and exchange of information for tax purposes. All trustees are now under a clear obligation to have information available on the other trustees, settlors and beneficiaries. In addition, accounting record keeping obligations were amended to cover all relevant entities and arrangements. Finally, bilateral agreements have been signed or updated to allow for exchange of tax information in accordance with the international standard. 42. In the beginning of 2013, two additional staff were hired by the International Tax Affairs Division (ITAD) to deal with information exchange requests. Further staff may be allocated to the ITAD if the workload related exchange of information increases.
COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 17
Compliance with the Standards
A. Availability of Information
Overview
43. Effective exchange of information requires the availability of reliable information. In particular, it requires information on the identity of owners and other stakeholders as well as information on the transactions carried out by entities and other organisational structures. Such information may be kept for tax, regulatory, commercial or other reasons. If such information is not kept or the information is not maintained for a reasonable period of time, a jurisdictions competent authority may not be able to obtain and provide it when requested. This section of the report describes and assesses Cyprus legal and regulatory framework on availability of information. It also assesses the implementation and effectiveness of this framework. Availability of ownership and identity information in respect of com44. panies is generally ensured by the requirement to keep an up to date register of members. Companies must also file an annual return to the Registrar with the latest register of members. 45. All public companies could issue share warrants to bearer until December 2012, by which date this possibility was restricted to public companies listed on a regulated market. No share warrants to bearer have been encountered in practice, and 75% of the 594 public companies have already confirmed that they have not issued such warrants. Cyprus is in the process of obtaining similar confirmation from the remaining public companies, and it is recommended that Cyprus takes measures to identify the owners of share warrants to bearer if it is found that any have been issued in the past.
18 COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION

46. Partnerships must be registered with the authorities and details of each partner must be furnished upon registration. Any change in this respect must also be registered, ensuring up to date ownership information on partnerships. Cooperative societies are required to keep an up to date register of members, and a list of members must be provided to the authorities on a regular basis. 47. Since 21 December 2012, all trustees are under a clear obligation to have information available on the other trustees, settlors and beneficiaries. This is in addition to the already existing requirement for trustees under AML/CFT legislation to identify their customer and the beneficial owner, but this requirement only expressly includes the identification of any beneficiaries of at least ten percent of the trust property. As the requirement to keep comprehensive identity information on trusts has only been recently introduced, Cyprus should closely monitor its practical implementation. 48. Enforcement provisions are in place in respect of the relevant obligations to maintain ownership and identity information for all relevant entities and arrangements. However, compliance with some important obligations is low and no or insufficient monitoring and enforcement takes place. This is in particular the case in respect of the obligation for companies to file an annual return to the Registrar (which should contain up-to-date ownership information), with only an average of 23% of the returns filed over the period 2008-12. The low compliance rate of filing annual returns with the Registrar may have resulted in Cyprus not exchanging up-to-date information, since this is the primary source used by the Cypriot authorities for obtaining ownership information on companies and partnerships. In addition, compliance with general tax law obligation, such as registering and submitting annual tax returns, is not high and the enforcement actions taken by Cyprus should be intensified. 49. Tax law, as well as commercial laws, contain a general obligation on relevant entities and arrangements to keep accounting records. Tax law also requires all relevant entities and arrangements to keep underlying documentation and to keep documentation for a period of at least six years. However, as comprehensive obligations in respect of certain trusts and companies incorporated in Cyprus but managed and controlled abroad have only been recently introduced, Cyprus should monitor the practical implementation of these newly introduced rules. 50. A number of peers have commented that accounting information was not provided in the three-year review period because it was not available. This was generally in cases where a person had not complied with its obligations to submit its tax return(s) and/or the annual returns to the Registrar. Cyprus should ensure that accounting records are being kept by all relevant entities and arrangements.
51. The AML/CFT legislation ensures that all records pertaining to the accounts as well as to related financial and transactional information is required to be kept by Cypriot banks. Regular inspections by the supervisory authorities as well as the experience that information requested from a bank could be obtained and exchanged, confirm that this information is generally available with the banks.
A.1 Ownership and identity information

Jurisdictions should ensure that ownership and identity information for all relevant entities and arrangements is available to their competent authorities.
Companies (ToR A.1.1)

52. The Companies Law (CL) is the central piece of legislation governing the establishment of and further arrangements with respect to companies. Under the CL, two types of companies may be incorporated (s. 3(2) CL): Companies limited by shares: the liability of the members of this type of company is limited to the amount unpaid (if any) on their shares. As at 30 June 2013, 273 246 of such companies were registered in Cyprus. Companies limited by guarantee: these companies may or may not have share capital. The liability of the members of this type of company is limited to such amount defined in the memorandum of the company to the companys assets in the event that the company is liquidated. As at 30 June 2013, 307 companies limited by guarantee were registered in Cyprus.
53. A company can further either be a private or a public company. A private company cannot have more than 50 members, must restrict the right to transfer its shares, and is not allowed to invite the public to subscribe for any shares or debentures in the company (s. 29(1) CL). A public company is any company that is not a private company (s. 2(1) CL). As Cyprus is a member of the EU, it is also possible to establish an SE (Societas Europaea), 9 which is a specific type of public company. The rules described below on the availability of ownership information apply to all companies, unless indicated otherwise. All companies incorporated under the CL are required to have a reg54. istered office in Cyprus (s. 102(1) CL). The location of the registered office and any change in respect thereof shall be notified within 14 days after the
9. See Council Regulation (EC) No. 2157/2001 of 8 October 2001 on the Statute for a European company (SE).

date of incorporation of the company or of the change, to the registrar of companies (s. 102(2) CL). Non-compliance with these provisions can lead to a fine not exceeding EUR 42.72 for every day the non-compliance continues (sections 102(3) and 375(1) CL).
Ownership information held by companies

55. All companies incorporated under the CL are required to keep a register of members (legal ownership). This register should contain the following information (s. 105 CL): (a) the names and addresses of the members; (b) in the case of a company having a share capital, a statement of the amount of shares held by each member and of the amount paid on them; (c) the date on which each person was entered in the register of members; and (d) the date on which any person ceased to be a member. Section 105(2) CL provides that, as the main rule, the register of mem56. bers must be kept at the companys registered office. It is also possible to keep it at another office of the company or, if another person handles the register, the office of that other person. The register must always be kept in Cyprus. In case the register is kept in another location than the companys registered office, the company must notify the registrar of companies of that other location and of any change (s. 105(3) CL). Not keeping a register of members or not notifying the registrar of companies that the register of members is not held at the companys registered office can lead to a fine not exceeding EUR 42.72 for every day the non-compliance continues (sections 105(4) and 375(1) CL). 57. The subscribers of the memorandum of a company shall be entered as members in the register of members (s. 27(1) CL). Transfers of shares shall only be registered by the company upon delivery of a proper instrument of transfer (s. 73 CL), which may take different forms dependent on the articles of association of the company and statutory legislation.
Ownership information held by the authorities

58. All companies incorporated under the CL are required to register their memorandum and articles of association (if any) with the registrar of companies, who will retain and register these documents (s. 14 CL). The memorandum must contain the names of the initial members of the company and the number of shares he/she owns (s. 4(4) CL). Furthermore, any transfer of shares of a private company must be notified to the Registrar within 14 days from entering such transfer in the register of members (s. 113A CL).
Finally, companies must file at least once every year a return to the registrar of companies. In respect of companies having a share capital the return must contain the register of members, including all current and former members and the capital paid up by them (s. 118 and Sixth Schedule CL). Noncompliance with these provisions (except section 113A CL) can lead to a fine not exceeding EUR 42.72 for every day the non-compliance continues (sections 118(3) and 375(1) CL). In respect of companies not having a share capital there is no obligation to include information on its members in the return. In order to register a new company, the first step is to obtain approval 59. for a name from the Registrar. Subsequently, a lawyer would prepare the memorandum and articles of association and files these with the Registrar together with a list of directors and the designation of the registered office. These documents must be accompanied by an affidavit from the lawyer. Once all documents are filed, the Registrar issues a certificate of registration. 60. Since 2012, all registrations can be filed electronically by a lawyer. As at March 2013, more than 500 persons have received training on the use of the electronic filing system. Of the 17 999 new company registrations in 2012, 10% was filed electronically. Representatives of the registered company can obtain an access code for filing subsequent changes and other documents.
Tax law
61. The Cypriot tax authorities maintain the Tax Register. In this respect a provision was introduced in 2010 in the Assessment and Collection of Taxes Law (ACTL). This section 5A provides that a company must submit a notice for registration in the Tax Register and obtain a tax identification number immediately after its incorporation. Any company that was not registered before the introduction of section 5A ACTL, had the obligation to register not later than 30 June 2011. 62. Upon registration in the Tax Register a company must submit a designated form to which the memorandum of the company must be attached. As noted above, the memorandum contains the names of the initial members of the company and the number of shares he/she owns. Any person not complying with these obligations is liable on conviction to a fine not exceeding EUR 17 for every day the non-compliance continues or to imprisonment for a term not exceeding twelve months, or both (s. 50(1) ACTL). In practice, registration is usually handled by an accountant or auditor as part of the services it provides to newly incorporated companies. 63. In addition, the annual income tax return requires that the company indicates whether a change of ownership has occurred. This requires companies to maintain information about their shareholders in order to meet their tax obligations. In addition to all companies that are tax resident, in

December 2012 a clear legal obligation was introduced for all companies incorporated in Cyprus but being regarded as a non-resident for tax purposes (i.e. where they are managed and controlled abroad) to submit a tax return on an annual basis (s. 5(2) ACTL). 64. Tax returns that are filed on paper must be submitted at the latest by 31 December of the year following the tax year. When filed electronically, which is generally the case for companies subject to the obligation to file the return electronically under section 12B ACTL, an extension of three months is given.
Ownership information held by service providers

65. Section 2(1) of the Prevention and Suppression of Money Laundering and Terrorist Financing Law (PSMLTFL) includes the provision of company services, such as the formation of companies and the provision of a registered office, in the definition of other business, which means that any person providing such services is subject to certain obligations under the PSMLTFL. Consequently, company service providers are required to carry out customer due diligence (CDD) when establishing a business relationship (s. 60(a) PSMLTFL), and identify their customer and the beneficial owner in accordance with section 61 PSMLTFL. 66. The term beneficial owner is also defined in section 2(1) PSMLTFL. In respect of a corporate entity the beneficial owner shall at least include: (i) the natural person or natural persons who ultimately own or control a legal entity through direct or indirect ownership or control of a sufficient percentage of the shares or voting rights in that legal entity, including through bearer share holdings, a percentage of 10% plus one share be deemed sufficient to meet this criterion; and (ii) the natural person or natural persons who otherwise exercise control over the management of a legal entity. 67. The obligation to identify the beneficial owner includes the express obligation to identify at least the ultimate owners of at least ten percent of the company, which may not necessarily oblige the service provider to identify all owners. It should be noted that full ownership information on the legal owners is available through the register of members that the company is required to maintain (see above). Documentation in respect of the CDD carried out must be maintained by the service provider for at least five years after the end of its business relationship with the person for whom they act (s. 68 PSMLTFL). Failure to carry out CDD or to maintain the documentation for at least five years can lead to an administrative fine of up to EUR 200 000 and, in case the failure continues, a fine of up to EUR 1 000 for each day
the failure continues (s. 59(6)(a)(ii) PSMLTFL). It is also possible to amend, suspend or revoke the license of a person, where applicable (s. 59(6)(a)(iii) PSMLTFL). 68. In practice, company formation services and other services to companies are mainly provided by lawyers and accountants. The monitoring of their compliance with the above mentioned obligations of the PSMLTFL is the responsibility of the Cyprus Bar Association and the Institute of Certified Public Accountants respectively (s. 59(2) PSMLTFL). Both authorities have an active program of monitoring including on-site visits (see further A.1.6). As at December 2012, there were approximately 1500 law firms, and a total of 2 442 practising lawyers (either in one of the law firms or sole practitioners). ICPAC reported 845 practising members as at December 2012. 69. In December 2012, the Law Regulating Companies Providing Administrative Services and Related Matters (Administrative Services Law) was introduced to further regulate the provision of company and trust administration services. Under this law, companies may be licensed to provide services to companies, such as providing directors and registered office addresses. The Cyprus Securities and Exchange Commission (CySEC) issues the licenses and is responsible for the supervision of the licensees, both for regulatory and AML/CFT purposes. As at July 2013, 314 intentions to apply for a license were received by CySEC, and 160 formal applications. The authorities expect that the number of licenses that will be issued lies around 160. Other than the companies licensed under the Administrative Services 70. Law, only lawyers and accountants regulated by the Cyprus Bar Association and the Institute of Certified Public Accountants respectively are allowed to perform company and trust administration services (s. 5(1) Administrative Services Law). They remain under the supervision of these authorities.
Foreign companies
71. Any foreign company that establishes a place of business in Cyprus must register at the registrar of companies (s. 347 CL). This registration process does not include the furnishing of ownership information. 72. However, section 5A(1) ACTL requires all companies to register in the Tax Register immediately after their registration under the CL. As at 31 December 2012, 1 744 foreign companies were registered with the tax authorities. Registration in the Tax Register does not require the furnishing of ownership information, but such information may be provided by submitting the memorandum of the company; it would then depend on the law of the jurisdiction where the company was incorporated whether its memorandum contains ownership information. Registration in the Tax Register is further required in respect of foreign companies being managed and controlled in

Cyprus, as they are considered tax resident in Cyprus (s. 2 Income Tax Law) and are therefore subject to income tax in respect of their worldwide income (s. 5(1) Income Tax Law). 73. Section 5 ACTL requires every company subject to Cypriot income tax to submit an annual income tax return. This includes foreign companies being managed and controlled in Cyprus and foreign companies having a fixed place of business (permanent establishment) in Cyprus (s. 5 Income Tax Law). Any person not complying with these obligations is liable on conviction to a fine not exceeding EUR 17 for every day the non-compliance continues or to imprisonment for a term not exceeding twelve months, or both (s. 50(1) ACTL). 74. The annual income tax return requires that a company (including foreign companies) always indicates whether any change of ownership has occurred, irrespective of whether the owners are individuals or corporate vehicles. This is relevant because tax losses may only be carried forward if no change of ownership occurs in any three-year period (s. 13(1)(a) Income Tax Law). For this purpose there is a change of ownership (i) if a person acquires more than half of the ordinary share capital, or (ii) if two or more persons jointly or severally acquire at least 5% of the ordinary share capital so that in all together they acquire more than half of the ordinary share capital (s. 13(2) Income Tax Law). In addition, tax losses may also be offset to other group companies (s. 13(5) Income Tax Law). 75. Based on the above, foreign companies being tax resident in Cyprus or having a fixed place of business in Cyprus need to maintain information about their shareholders in order to meet their tax obligations, i.e. filing proper income tax returns indicating whether a change of ownership has occurred. Such information must be maintained in particular to assess whether tax losses may be carried forward or offset to other group companies, and to assess whether other entities are considered part of the same group.
Nominees
76. The business of acting (or arranging for another person to act) as a nominee shareholder for another person is considered to be other business under section 2(1) PSMLTFL. Consequently, persons acting by way of business as a nominee shareholder are required to carry out customer due diligence (CDD) when establishing a business relationship (s. 60(a) PSMLTFL), and identify the person(s) for whom they act as a legal owner in accordance with section 61 PSMLTFL. Documentation in respect of the CDD carried out must be maintained by the nominee for at least five years after the end of its business relationship with the person for whom they act (s. 68 PSMLTFL).
Failure to carry out CDD or to maintain the documentation for at least five years can lead to an administrative fine of up to EUR 200 000 and, in case the failure continues, a fine of up to EUR 1 000 for each day the failure continues (s. 59(6)(a)(ii) PSMLTFL). 77. In addition, section 50(d) of the Partnerships and Business Names Law (PBNL) prescribes the registration of every partnership, individual or corporation having a place of business in Cyprus and carrying on that business wholly or mainly as a nominee. Such registration includes submitting the name of every person on whose behalf the business is carried on (s. 53(1) PBNL). Any person failing to register as a nominee is liable on summary conviction to a fine not exceeding EUR 5.13 for every day the failure continues, and the Court shall order that the information must be furnished to the registrar (s. 61 PBNL). A person wilfully furnishing false information is liable to a fine not exceeding EUR 85.43 or to imprisonment for a term not exceeding two years, or both (s. 63 PBNL). In practice, no nominees are registered under the PBNL and such registration is not enforced. All professional nominees are covered by the PSMLTFL and are supervised by the relevant authorities which monitor compliance with the obligations contained in the PSMLTFL. 78. Persons acting as a nominee shareholder by way of business have been and are still covered by the obligation to keep identity information of the person(s) for whom they act as a legal owner under the PSMLTFL. Since December 2012, only lawyers and accountants supervised by the Cyprus Bar Association and the Institute of Certified Public Accountants respectively, or persons licensed under the Administrative Services Law and supervised by CySEC can provide the service of holding the share capital of legal persons (s. 4(1)(b)(iii) and s. 5 Administrative Services Law). Any other person providing this service, by way of business or not, commits an offence and is liable to a fine not exceeding EUR 350 000 or to imprisonment for a term not exceeding five years, or both (s. 26(1) Administrative Services Law). In case other persons currently provide services as a nominee shareholder, they either must obtain a license or transfer these services to an authorised person (s. 11(4) Administrative Services Law).
Conclusion and practice

79. All companies incorporated under the CL are required to keep a register of members. In addition, the registrar of companies keeps a register of all companies and the information available includes ownership information where the company has a share capital. The Cypriot tax authorities also maintain a register on these companies, but this register does not contain updated ownership information. Foreign companies must be registered when establishing a place of business in Cyprus or when they are managed and controlled in Cyprus. Such foreign companies then also must meet tax

obligations, requiring them to maintain information about their shareholders. Nominees acting by way of business must identify the person(s) for whom they act as a legal owner under AML/CFT legislation. Since December 2012 non-professionals are not allowed to act as a nominee shareholder. 80. Ownership information has been requested in more than 400 EOI requests in the three-year review period. Although it is not exactly known in how many cases this related to companies, the peer input suggests that in the vast majority of cases ownership information was requested on companies. Most peers have indicated that the information was exchanged, although often with delays. In addition, some peers have commented that company ownership information was not (yet) provided. In a number of these cases requests have been pending for two years or more (see C.5.1 for the overall statistics), and the likelihood of the information being obtained and exchanged in these cases may therefore be considered low.
Bearer shares (ToR A.1.2)

81. Membership (being a shareholder) of a company is limited to the subscribers of the memorandum, whose names shall be entered in the register of members, and every other person who agrees to become a member and whose name is entered in the register of members (s. 27 CL). It is therefore not possible to own shares in a company without having the name entered in the register of members, thus bearer shares as such do not exist in Cyprus. 82. However, section 81 CL provides that a company limited by shares that is listed on a regulated market may, if so authorised by its articles of association, issue share warrants to bearer. Such share warrants are issued with respect to any fully paid-up share and entitles the bearer thereof to the shares specified. It also may provide for the payment of the future dividends by means of coupons or otherwise. The bearer of a share warrant may, if the articles of association of the company so provide, be deemed to be a member of that company (s. 107(5) CL). Upon delivery of the warrant, the bearer will receive the shares specified and the warrant is cancelled (s. 81(3) CL). These characteristics mean that share warrants to bearer may present the same (tax) risks as bearer shares. 83. The register of members of the company must contain (i) the fact that the warrant is issued, (ii) a statement of the shares included in the warrant, and (iii) the date of the issue of the warrant (s. 107(1) CL). In addition, the owners of share warrants to bearer in a company that is listed on a regulated market must notify the company as well as the Cyprus Securities and Exchange Commission whenever the (potential) voting rights attached to their securities reach, exceed or fall below 5%, 10%, 15%, 20%, 25%, 30%, 50% or 75% of the total voting rights in the company (s. 31 Law Providing for
Transparency Requirements in relation to Information about Issuers whose Securities are Admitted to Trading on a Regulated Market). In all cases where the Cypriot competent authority can obtain ownership information with respect to publicly traded companies without giving rise to disproportionate difficulties, such as where this information is available with the Cyprus Securities and Exchange Commission, it is required to do so. 10 84. The limitation of the possibility to issue share warrants to bearer to companies listed on a regulated market was introduced in December 2012. Before, all public companies could issue share warrants to bearer, and no mechanism was in place to identify the owners of such warrants. The Cypriot authorities have not encountered any share warrants to bearer in practice. However, as there is no mandatory reporting of such issuance it cannot be excluded that share warrants to bearer were issued before December 2012, which are still valid. 85. As at September 2013, there were 594 public companies registered, representing 0.2% of the total number of companies registered in Cyprus. Of these, 113 are registered at the Cyprus Stock Exchange. The Cypriot authorities have written to all public companies (including the companies listed on the Cyprus Stock Exchange) asking whether they have issued share warrants to bearer in the past. To date, the Cypriot authorities have received confirmation from approximately 75% of these companies that they have not issued share warrants to bearer. Many of the remaining public companies (approximately 140) are dormant. The Cypriot authorities are still working on getting a response from these companies, for example by contacting them directly by phone. Nevertheless, it is recommended that Cyprus should monitor the remaining responses and take measures to identify the owners of share warrants to bearer, if any have been issued in the past.
Partnerships (ToR A.1.3)

86. Partnerships are governed by the PBNL. A partnership is defined as the relation which subsists between persons carrying on a business in common with a view of profit (s. 5(1) PBNL). Two types of partnerships can be distinguished: General partnership: every partner is liable jointly with the other partner(s) for all debts and obligations of the partnership incurred while he/she is a partner (s. 12 PBNL).
10.
The obligation to identify the owners in the case of publicly traded companies does not apply unless such information can be obtained without giving rise to disproportionate difficulties (Model Agreement on Exchange of Information on Tax Matters, Article 5(4)(b)).

Limited partnership: consisting of one or more general partners, who are liable for all debts and obligations of the partnership, and one or more limited partners contributing capital, who are liable for the debts and obligations of the partnership to the extent of the amount of capital contributed (s. 47(2) PBNL).
87. There is no fixed procedure for establishing a partnership. All partnerships, whether general or limited, carrying on business in Cyprus must be registered (s. 50(a) PBNL). Also, every limited partnership (whether carrying on a business or not) formed under the PBNL must be registered. Failure to do so results in the limited partners being deemed general partners and thus the partnership is considered to be a general partnership (s. 48 PBNL). As at May 2013, a total of 6 079 partnerships were registered with the Registrar. 88. Section 51 PBNL requires that the registration of a partnership at the registrar of partnerships takes place within one month of the date of the partnerships establishment. The following particulars must be submitted upon registration: (a) the name of the partnership; (b) the general nature of the business; (c) the principal place of the business; (d) the full name, any former names, nationality, residence and other business occupation (if any) of each of the individuals who are partners, whether general or limited, and the corporate name and registered or principal office of every corporation which is a partner; (e) the term, if any, for which the partnership is entered into, and the date of its commencement; (f) a statement, if such is the case, that the partnership is limited; (g) the sum contributed by each limited partner and how this is paid (in cash or otherwise); and (h) the names of the general partners who are authorised to administer the affairs of the partnership, to manage it and to sign for it. 89. Whenever a change occurs in any of the particulars registered, the registrar of partnerships must be notified of this change within seven days of the date of such change (s. 54(1) PBNL). The registration requirement and the obligation to submit any change ensure the availability of ownership information in respect of all limited partnerships formed under Cypriot law and of all partnerships carrying on a business in Cyprus. Any person failing to register a partnership or a change in the particulars is liable on summary conviction to a fine not exceeding EUR 5.13 for every day the failure continues, and the
Court shall order that the information must be furnished to the registrar of partnerships (s. 61 PBNL). A person wilfully furnishing false information is liable to a fine not exceeding EUR 85.43 or to imprisonment for a term not exceeding two years, or both (s. 63 PBNL). 90. Partnerships are registered by using a procedure similar to the one for companies. First, approval for a name must be obtained from the Registrar. Subsequently, a form containing all the details listed in paragraph 89 must be filed. Any person can register a partnership, although an electronic registration, which was introduced in 2012, can only be filed by a lawyer. Once all documents are filed, the Registrar issues a certificate of registration. 91. Starting from 2012, certain partnerships must file annual returns to the Registrar with up-to-date information regarding the registered particulars (s. 64A PBNL). Partnerships subject to this obligation include mainly those partnerships that have a company and/or a partnership as a general partner, and comprise approximately 13% of the partnerships registered in Cyprus.
Tax law
92. Partnerships are considered transparent for tax purposes, which means that the partners are taxed separately for their share in the partnerships income (s. 7(1)(a) ACTL). Nonetheless, the tax authorities have the discretionary power to ask one of the partners resident in Cyprus to make and deliver a return of the object of the tax of the partnership for any year (s. 7(1)(b) ACTL). Such return must then contain the names and addresses of the other partners together with the amount of the share to which each partner was entitled. Where there is no partner resident in Cyprus, the return may be required to be made by a representative (e.g. attorney) of the partnership who is resident in Cyprus (s. 7(2) ACTL). Any person not complying with these obligations is liable on conviction to a fine not exceeding EUR 17 for every day the non-compliance continues or to imprisonment for a term not exceeding twelve months, or both (s. 50(1) ACTL). This means that where a partnership return has been submitted upon request by the tax authorities, full ownership information for the relevant year is available directly within the tax authorities.

93. All limited partnerships and all partnerships carrying on a business in Cyprus must be registered and upon registration details of all partners must be submitted. Any changes must be notified within seven days. Updated ownership information on partnerships is therefore available in the register. In addition, the tax authorities may request that a tax return for a partnership be made including ownership information on all partners.

94. Peer input suggests that ownership information on partnerships has only been requested in a few cases during the three-year review period. No specific issues were raised regarding the non-availability of such information.
Trusts (ToR A.1.4)

95. Trusts can be created in Cyprus and the trustees are then governed by the Trustee Law and common law. A specific piece of legislation, the International Trust Law (ITL), provides rules for international trusts. A trust is considered an international trust if (s. 2 ITL): (a) the settlor is not a resident in Cyprus during the calendar year prior to the creation of the trust; (b) during the whole duration of the trust at least one trustee is a resident in Cyprus; and (c) no beneficiary other than a charitable institution is a resident in Cyprus during the calendar year prior to the year of creation of the trust. 96. In respect of international trusts the nexus with Cyprus will always be guaranteed by the requirement that at least one trustee must be a resident in Cyprus. For other trusts created under Cypriot law, the same requirement has been introduced in December 2012 under the Administrative Services Law irrespective of whether the trustee is providing its services by way of business or not (s. 5(2) Administrative Services Law). The obligations on trustees to maintain ownership information as described below cover trustees of both international trusts and other trusts.
Ownership information held by trustees and service providers

97. Under section 2(1) PSMLTFL acting as a trustee of an express trust or similar arrangement is specifically considered other business. Consequently, trustees are required to carry out CDD when establishing a business relationship (s. 60(a) PSMLTFL), and identify their customer and the beneficial owner in accordance with section 61 PSMLTFL. Customer is defined as a person aiming to conclude a business relationship or conduct a single operation with another person in financial or other business activities (s. 2(1) PSMLTFL). The term beneficial owner is also defined in section 2(1) PSMLTFL. 98. It is stated that the beneficial owner in respect of a trust shall at least include: (i) where the future beneficiaries have already been determined, the natural person(s) who is the beneficiary of at least ten percent or more of the property of the trust;
(ii) where the individuals that benefit from the trust have not yet been determined, the class of persons in whose main interest the trust is set up or operates; (iii) the natural person(s) who exercises control over ten percent or more of the property of the trust. 99. The obligation to identify the beneficial owner therefore includes the obligation to identify the beneficiaries of at least ten percent of the trust property, but there is no express requirement to identify other beneficiaries. Other trustees may also be identified under this obligation, as they may exercise control over ten percent or more of the trust property. Documentation in respect of the CDD carried out must be maintained by the trustee for at least five years after the end of its business relationship with the person for whom they act (s. 68 PSMLTFL). Failure to carry out CDD or to maintain the documentation for at least five years can lead to an administrative fine of up to EUR 200 000 and, in case the failure continues, a fine of up to EUR 1 000 for each day the failure continues (s. 59(6)(a)(ii) PSMLTFL). 100. The provisions of the PSMLTFL do not expressly require trustees to identify beneficiaries of less than ten percent of the trust property. Also, it is not clear whether the settlors or all other trustees must be identified. Cypriot authorities have issued Guidance Notes for different business groups, which are binding on the basis of section 59(4) PSMLTFL. In the Guidance Notes for banks and lawyers it is stated that where a business relationship is established with a trustee/trust, the identity of the trustees, settlors and beneficiaries should be verified (para. 121 Guidance Note for Banks and para. 4.33 Guidance Note for Lawyers). This means that for trusts having a bank account in Cyprus and/or using the services of a Cypriot lawyer (who may also act as a trustee), ownership information is available with the bank and/or lawyer. However, not all trusts will have a bank account in Cyprus and/or will be using the services of a Cypriot lawyer, and no Guidance Note exists that applies to all trustees. 101. In December 2012, the Administrative Services Law was introduced to further regulate the provision of company and trust services. All persons wishing to provide trust services professionally either need to obtain a license from CySEC under this law or must be a lawyer or accountant regulated by the Cyprus Bar Association or the Institute of the Institute of Certified Public Accountants respectively (s. 5(1) Administrative Services Law). The Administrative Services Law also applies to existing trusts. In case other persons currently provide trust services, they either must obtain a license or transfer these services to an authorised person (s. 11(4) Administrative Services Law). As mentioned under A.1.1 above, it is expected that approximately 160 licenses will be issued by CySEC.

102. Section 3(7) of the Administrative Services Law introduces an obligation on all trustees to have the following information available at all times: (a) the identity of all trustees; (b) the identity of the settlor; (c) the identity of all beneficiaries or information on the class of beneficiaries; (d) the identity of the protector (if applicable); (e) the identity of the fund manager, accountant and tax official (if applicable); and (f) the activities of the trust. Failure to comply with this obligation can result in an administrative 103. fine not exceeding EUR 500 000, and in case of repeated failure the fine can be as high as EUR 1 000 000 (s. 27(1) Administrative Services Law). Compliance with this obligation is mandatory starting from 21 December 2012, even for professional trustees not yet having obtained a license from CySEC (s. 11(1)(c) Administrative Services Law). In addition, the obligation under section 3(7) of the Administrative Services Law specifically applies to persons not otherwise covered by that law, which includes non-professional trustees. All trustees in Cyprus should therefore now have available information on the (other) trustees, settlors and beneficiaries of the trust. Nevertheless, as this requirement has only been recently introduced, Cyprus should closely monitor its practical implementation.
Ownership information held by the authorities

104. Section 50(d) PBNL prescribes the registration of every partnership, individual or corporation having a place of business in Cyprus and carrying on that business wholly or mainly as a trustee. This means that the trustee(s) of any trust carrying on business (including every trade, occupation or profession) in Cyprus must be registered. Such registration includes submitting the name of every person on whose behalf the business is carried on (s. 53(1) PBNL). The PBNL further clarifies that if the business is carried on under any trust and any of the beneficiaries are a class of children or other persons, a description of the class shall be sufficient. It can therefore be concluded that for the purposes of registration under the PBNL, a person on whose behalf the business is carried on means a beneficiary in the case of a trust. An express obligation to also register the settlors and other trustees (if any) is not provided. Any person failing to register as a trustee is liable on summary conviction to a fine not exceeding EUR 5.13 for every day the failure continues, and the Court shall order that the information must be furnished
to the registrar (s. 61 PBNL). A person wilfully furnishing false information is liable to a fine not exceeding EUR 85.43 or to imprisonment for a term not exceeding two years, or both (s. 63 PBNL). Registration under the PBNL is obligatory only for trustees of a trust 105. carrying on business in Cyprus. This requirement does therefore not cover trustees where the trust only holds and manages assets without carrying on a business. In practice, no registrations of trustees under the PBNL have occurred.

106. Since 21 December 2012, all trustees in Cyprus are under a clear obligation to have information available on the other trustees, settlors and beneficiaries. This is in addition to the already existing requirement for trustees under AML/CFT legislation to identify their customer and the beneficial owner, which specifically includes the identification of any beneficiaries of at least ten percent of the trust property and of other trustees exercising control over ten percent or more of the trust property. As the requirement to keep comprehensive identity information on trusts has only been recently introduced, Cyprus should monitor its practical implementation. 107. It is noted that before the introduction of the Administrative Services Law, Cyprus would depend on the AML/CFT legislation and common law obligations (the English principles of equity apply in Cyprus by virtue of section 29 of the Courts of Justice Law) in order to ensure the availability of identity information on trusts. No specific issues have been raised by peers in respect of trusts for the three-year review period. 108. No peers indicated that they had requested identity information regarding trusts in the three-year review period.
Foundations (ToR A.1.5)

109. The Cypriot legal and regulatory framework does not provide for the establishment of foundations.
Other relevant entities and arrangements

110. Under the Cooperative Societies Law (CSL) cooperative societies can be established. Two types of cooperative societies can be distinguished in Cyprus: Cooperative credit institution: these entities are involved in traditional banking, taking deposits almost entirely from local people and granting loans to their members. As at June 2013, 93 cooperative

credit institutions are registered (see also A.3). No new cooperative credit institutions have been registered in the last ten years. Other cooperative societies: these can operate in various sectors of the economy, such as consumer trading of agricultural products and services. As at June 2013, 83 cooperative societies are registered that are not cooperative credit institutions. In the last ten years, only nine new cooperative societies have been registered.
111. Cooperative societies must have at least twelve members, who must be individuals over eighteen years of age and residing or owning immovable property in the (intended) area of operations (s. 8(2) CSL). Alternatively, a cooperative society may also have at least five other cooperative societies as its members (s. 8(4) CSL). The word cooperative has to form part of the name of the cooperative society (s. 8(5) CSL) and only registered societies may trade or carry on a business under any name that includes the word cooperative (s. 55(1) CSL). Hence, all cooperative societies must be registered and they may do so only when they have as their objective to promote the financial interests of their members in accordance with the cooperative principles (s. 6 CSL). For tax purposes, cooperative societies are treated the same as companies, although certain income is exempted from corporate income tax. 112. Registered societies must keep a list of members at their registered address (s. 18 CSL). In addition, section 14 of the Cooperative Societies Regulations (CSR) requires each registered cooperative society to maintain a register of members containing the following details: (a) in respect of individuals: each members name, identity number, age, profession, address and possible shareholding; (b) in respect of cooperative societies: each members name, registration number, address and shareholding; (c) the date on which the name of each member has been recorded to the register; and (d) the date on which the member ceased to be a member and the reason for ceasing to be a member. A list containing the details of new members and persons that ceased 113. to be a member must be submitted to the Commissioner of the Authority for the Supervision of Cooperative Societies every six months (s. 14(2) CSR). Any person failing to do anything required by the CSL or CSR is guilty of an offense and, upon conviction, shall be subject to an initial fine not exceeding EUR 854.30, and for every day the offense continues a further fine not exceeding EUR 42.72 can be imposed (s. 57 CSL).
114. The Authority for the Supervision of Cooperative Societies is responsible for supervising all cooperative societies. On-site inspections are carried out on 50% of all cooperative societies each year. During on-site inspections compliance with the obligations under the CSL are assessed. As the register of members must be submitted to the authorities every six months, compliance with this obligation is monitored on a more regular basis. Where a register is not received, reminders are given by phone or in writing. So far, it has not been necessary to apply the penalty for non-compliance with the obligation to submit the register of members. In addition to the regular provision of the register of members to the authorities, its reliability is also checked during the annual audit of the accounts by the Audit Service of Cooperative Societies (see A.2). 115. To the recollection of the Cypriot competent authority, no requests for ownership information in respect of cooperative societies have been received to date. No peers have reported any issues in respect of cooperative societies related to the three-year review period.
Enforcement provisions to ensure availability of information (ToR A.1.6)

116. Jurisdictions should have in place effective enforcement provisions to ensure the availability of ownership and identity information, one possibility among others being sufficiently strong compulsory powers to access the information. This subsection of the report assesses whether the provisions requiring the availability of information with the public authorities or within the entities reviewed in section A.1 are enforceable and failures are punishable. Questions linked to access are dealt with in Part B.
Legal and regulatory framework

117. Companies and cooperative societies are required to keep a register of members, and submit this register to the registering authorities on a regular basis. For companies, not keeping a register of members or not submitting the register to the Registrar can lead to a fine not exceeding EUR 42.72 for every day the non-compliance continues. In respect of cooperative societies an initial fine not exceeding EUR 854.30 applies, and for every day the offense continues a further fine not exceeding EUR 42.72 can be imposed. 118. Companies must also register their initial members in the Tax Register. Any person not complying with this obligation is liable on conviction to a fine not exceeding EUR 17 for every day the non-compliance continues or to imprisonment for a term not exceeding twelve months, or both. Foreign companies must indicate in their annual tax return whether a change of ownership has occurred. Any person not complying with the

obligations to submit a tax return or providing false information is liable on conviction to a fine not exceeding EUR 17 for every day the non-compliance continues or to imprisonment for a term not exceeding twelve months, or both (s. 50(1) ACTL). In addition, an administrative penalty of EUR 100 can be imposed for failure to register or submit a tax return (s. 50A(1) ACTL). Partnerships must register and upon registration details of each part119. ner must be furnished. Any change in this respect must also be registered. Any person failing to register a partnership or a change in the particulars is liable on summary conviction to a fine not exceeding EUR 5.13 for every day the failure continues, and the Court shall order that the information must be furnished to the registrar of partnerships. A person wilfully furnishing false information to the registrar is liable to a fine not exceeding EUR 85.43 or to imprisonment for a term not exceeding two years, or both. The same penalties apply for nominees having to register because it is their main business to act as a nominee and for trustees of a trust carrying on a business in Cyprus. 120. Trustees and trust administrators are required to collect and maintain certain ownership and identity information regarding the trust under AML/ CFT legislation. Failure to do so can lead to an administrative fine of up to EUR 200 000 and, in case the failure continues, a fine of up to EUR 1 000 for each day the failure continues. It is also possible to amend, suspend or revoke the license of a person, where applicable (s. 59(6)(a)(iii) PSMLTFL). In addition, since 21 December 2012 all trustees in Cyprus must keep comprehensive identity information on all trusts with respect to which they act as a trustee. Failure to comply with this obligation can result in an administrative fine not exceeding EUR 500 000, and in case of repeated failure the fine can amount to EUR 1 000 000 (s. 27(1) Administrative Services Law).
Monitoring and enforcement in practice Registrar for companies and partnerships

121. Companies must keep a register of members and submit this register to the Registrar with its annual return. In addition, any transfer of shares must be filed with the Registrar within 14 days of entering it into the register of members. As no penalty applies for not filing a transfer of shares, the Registrar does not have any means to enforce non-compliance with this obligation. In the years 2010-12 the number of annual filings of a transfer of shares has been stable, and averaged 21 488 per year. 122. The annual return must be filed within 42 days after the annual general meeting of the company. The statistics show that in any of the last ten years no more than 43% of the companies have filed an annual return, and in the last five years (2008-12) on average only 23% of the companies
have filed its annual return. The authorities explained that previously it was standard practice to remind companies to file their annual return, but due to the volume of registrations combined with the limited resources within the Registrar this practice has been abandoned. This has also resulted in the fact that no penalties for not filing an annual return or for not keeping a register of members (which may be checked with filing the annual return) have been applied in recent years. 123. No other means of enforcement of the registration and filing obligations of companies have been used either. Although the policy is to strike a company off the register in case no returns have been filed for five subsequent years, this policy has not been actively pursued in recent years. The non-payment of the annual registration fee of EUR 350 which was introduced in 2011 has also not yet led to strike-off or other enforcement measures. Upon registration, partnerships must provide details of all their part124. ners to the Registrar. Any subsequent changes must be filed within seven days of such change. Penalties for failing to comply with these obligations have not been applied in the three-year review period and no active policy of monitoring is in place. It is noted that since 2012 certain partnerships must file annual returns. However, since the first annual returns are only due in the course of 2013, the effectiveness of this newly introduced obligation could not be assessed.
Tax law obligations

125. All companies incorporated in Cyprus must also be registered with the tax authorities. The tax register is checked once a year with the register of companies, and reminders are sent to the companies that have not yet registered. However, as at 31 December 2012 the difference between the number of registrations with the Registrar and the tax register was significant, as more than 30 000 companies (approximately 11% of the total number of companies registered with the Registrar) were not registered with the tax authorities. 126. In respect of the submission of tax returns, the Cypriot authorities indicated that 35% of the tax returns are filed on time. One year after the initial deadline, approximately 50% of the tax returns are received. The numbers further increase over time. Reminders are sent twice a year by the tax authorities. The long delays mean that information on recent tax years included in the tax returns is not readily available with the tax authorities, which results in the tax authorities having to request such information from the taxpayer when a request for information from another jurisdiction is received, which in turn results in additional time needed to respond to information exchange requests.

127. Although the Cypriot authorities state that reminders will be sent in the second half of 2013 for companies that have not registered with the tax authorities, which will include the imposition of an administrative penalty, the high number of non-registrations together with the low compliance rate for timely filing tax returns point towards more serious structural problems. 128. Partnerships are tax transparent and as such do not have to register with the tax authorities. However, if a partnership employs personnel it has to register as an employer. As at 31 December 2012, 4 310 partnerships were registered as employers with the tax authorities. 129. Besides sending reminders, enforcement of the obligations to register for tax purposes and to submit annual tax returns takes place by imposing an administrative fine of EUR 100, and in case of continuing non-compliance by prosecuting a person before court. As a whole, the tax authorities have imposed a EUR 100 administrative penalty in 31 243 cases in 2012. It is noted that where a company continues the same offence for more than one year, a penalty may be imposed for each year separately. Also, penalties may be imposed on both the company and the responsible director(s). In addition to the imposition of administrative penalties, approximately 2 000 prosecutions are initiated by the tax authorities each year. However, of these prosecutions approximately 30% is settled outside of the court by the taxpayer paying the administrative penalties. No further breakdown of the underlying non-compliance is available, but given the numbers of nonregistration and non-timely submission of the tax returns, the chance of being penalised for non-compliance seems low and the enforcement practice is clearly not dissuasive.
Obligations on service providers

130. Company and trust services in Cyprus are mainly performed by lawyers and accountants. Supervision of these professionals is the responsibility of the Cyprus Bar Association and the Institute of Certified Public Accountants respectively. Both lawyers and accountants are subject to the PSMLTFL and are therefore required to keep certain ownership and identity information on their clients. 131. The Cyprus Bar Association has an active program of conducting on-site inspections which started in 2010. Up until March 2013, 377 on-site inspections have been completed. These include most of the larger law firms with many corporate clients. The rest of the law firms were randomly selected for an on-site inspection, although the Cyprus Bar Association indicated that a risk-based approach to the selection of law firms for on-site inspections is planned to be introduced. During the on-site inspections, a sample of clients
is reviewed for the availability of ownership and identity information as well as other information that must be kept under the PSMLTFL. 132. In respect of non-listed companies, the template due diligence form developed by the CBA provides that a list of both registered and beneficial owners must be kept. For partnerships, the partnership deed should be collected. Where the client is a trust, information on the trustees, settlors and beneficiaries should be kept. The development of this template due diligence form has resulted in the findings that law firms have a high degree of compliance with the PSMLTFL. In ten cases, warning letters were sent, requesting the law firm to rectify the non-compliance found; in all these cases, the law firm has complied with the warning letter. 133. The Institute of Certified Public Accountants has outsourced the monitoring of its members to the Association of Chartered Certified Accountants (ACCA, the main accounting body in the United Kingdom). All ICPAC members are subject to independent monitoring and review through on-site inspections at least once every six years. One of the aspects reviewed during the inspections is the compliance with the PSMLTFL. The authorities indicated that the accountants generally comply with the obligations of the PSMLTFL and it has therefore only been necessary to take disciplinary measures in a few cases as a result of the inspections. 134. With the introduction of the Administrative Services Law in December 2012, only lawyers, accountants and licensed companies are allowed to provide company and trust services as a professional. Lawyers and accountants remain under the supervision of the CBA and ICPAC respectively, including with respect to their compliance with the obligations in the Administrative Services Law. Companies holding a license under the Administrative Services Law will be supervised by CySEC, in terms of their compliance with both the Administrative Services Law and the PSMLTFL. A specific new obligation introduced by the Administrative Services Law is that trustees must keep identity information of all other trustees, settlors and beneficiaries. Monitoring and enforcement of this obligation has commenced early 2013 by the CBA and ICPAC in respect of lawyers and accountants. CySEC will carry out the monitoring and enforcement with respect to licensees under the Administrative Services Law.
Conclusion
135. Enforcement provisions are in place in respect of the relevant obligations to maintain ownership and identity information for all relevant entities and arrangements. In practice, only the obligations on lawyers and accountants under the PSMLTFL to keep ownership and identity information on their clients are sufficiently monitored and complied with. Although there is

no specific obligation under the PSMLTFL to keep full direct ownership and identity information on companies, partnerships and trusts, the practical tools for lawyers developed by the CBA ensure that this information is being kept in most cases. This is particularly relevant in respect of companies, which in practice require a lawyer to be incorporated in Cyprus. Nevertheless, not all entities and arrangements will use or continue to use the services of a Cypriot lawyer, resulting in up-to-date ownership and identity information not necessarily being available with a lawyer in all cases. More importantly, the Cypriot authorities have indicated that they have never asked a lawyer for ownership information following an EOI request (see also B.1). No active monitoring and enforcement is taking place by the Registrar 136. in respect of the obligation on companies to file annual returns. These annual returns must contain up-to-date ownership information and could also be a way to monitor compliance of the obligation on companies to keep a register of members. With compliance rates as low as 23% on average for the years 2008-12 in respect of the filing of annual returns, effective enforcement of this obligation is necessary to ensure the availability of ownership information on companies. Ownership and identity information on companies may be available from sources other than the Registrar as well, most notably the company itself. However, the obligation on companies to keep a register of members is not directly monitored and enforced either and the Cypriot authorities use the database of the Registrar as the primary source to obtain ownership information on companies. This may have resulted in Cyprus not exchanging up-to-date information during the three-year review period, although it must be noted that more than 21 000 transfers of shares are filed with the Registrar on an annual basis, which also updates the ownership information. 137. In addition, no active policy is in place of monitoring the obligation on partnerships to provide up-to-date information to the Registrar on the partners. Although in practice no issues have been reported regarding the availability of ownership information on partnerships during the three-year review period, it is recommended that Cyprus appropriately exercises its monitoring and enforcement powers to support the legal requirements which ensure the availability of ownership and identity information for companies and partnerships. 138. In respect of tax law obligations, some monitoring and enforcement is taking place of the obligations to register and submit tax returns, but the compliance rates are still low. Although ownership and identity information does not have to be provided directly to the tax authorities on a regular basis, reliance may be placed on proper registration and/or submission of tax returns, in particular in respect of foreign companies. Moreover, noncompliance with tax filing obligations combined with non-compliance with the obligation to submit annual returns with the Registrar may have resulted
in Cyprus not exchanging up-to-date information, in particular because the Companies Register is the primary source used by the Cypriot authorities for obtaining ownership information on companies and partnerships. In addition, delays were reported by peers in exchanging ownership information during the three-year review period. It is noted that since April 2011 the tax authorities have direct access to the online database of the Registrar and Cyprus has indicated that the ownership information available from that database is exchanged with minimum delay since that time. Nevertheless, the Cypriot authorities should intensify their efforts to effectively enforce compliance with tax law obligations.
Determination and factors underlying recommendations
Phase 1 determination The element is in place. Phase 2 rating Partially Compliant Factors underlying recommendations Companies and partnerships are required to keep a register of members or partners, and companies and certain partnerships must submit up-to-date ownership information in an annual return to the Registrar. In the period 2008-12, on average only 23% of the companies filed an annual return, and no monitoring and enforcement of this obligation has been carried out. Moreover, the compliance rates of the obligations to register for tax purposes and to submit tax returns are low. Noncompliance with these obligations may have resulted in Cyprus not exchanging up-to-date information, in particular because the Companies Register is the primary source used by the Cypriot authorities for obtaining ownership information on companies and partnerships. Recommendations Cyprus should ensure that its monitoring and enforcement powers are sufficiently exercised in practice to support the legal requirements which ensure the availability of ownership information on companies and partnerships.

Phase 2 rating Partially Compliant Factors underlying recommendations A clear obligation on trustees to have information available on the other trustees, settlors and beneficiaries of the trust(s) with respect to which they act as a trustee, is only in force since 1 January 2013. Recommendations Cyprus should monitor the practical implementation of the recently introduced requirement on trustees to keep comprehensive identity information on trusts.
A.2 Accounting records

Jurisdictions should ensure that reliable accounting records are kept for all relevant entities and arrangements.
139. A condition for exchange of information for tax purposes to be effective is that reliable information, foreseeably relevant to the tax requirements of a requesting jurisdiction, is available, or can be made available, in a timely manner. This requires clear rules regarding the maintenance of accounting records.
General requirements (ToR A.2.1)

140. The directors of a company are responsible for ensuring that proper books of account are kept as deemed necessary for the preparation of financial statements (s. 141(1) CL). Such books of account must give a true and fair view of the state of the companys affairs (financial position) and must explain its transactions (s. 141(2) CL). Furthermore, the directors of a company must ensure that a full set of financial accounts (financial statement) is drawn up in accordance with International Accounting Standards (s. 142(1) and s. 143(2) CL). If a director of a company fails to take all reasonable steps to comply with these obligations, he/she is subject to a fine not exceeding EUR 1 708.60 or to imprisonment not exceeding one year, or both (sections 141(4), 142(4) and 143(5) CL). It is noted that some companies (including all public companies and all private companies not being small sized companies 11) are required to have their financial accounts audited (s. 152A CL). In addition, certain regulated businesses, such as banks, must submit accounting records to the supervising authorities.
11. A company is a small sized company if at least two of the following thresholds are not exceeded: (i) total assets on the balance sheet of EUR 3 417 202, (ii) net turnover of EUR 7 005 246 (iii) 50 employees.
141. Partnerships are required to keep books of account as necessary to exhibit or explain their transactions and financial position, including books containing daily entries in sufficient detail of all cash received and paid and accounts in sufficient detail of all goods sold and purchased (s. 64(1) PBNL). Any person failing to keep proper books of accounts is liable on summary conviction to a fine not exceeding EUR 170.86 or to imprisonment for a term not exceeding one year, or both (s. 64(2) PBNL). Trust laws do not provide for an obligation to keep accounting records, 142. but trustees are covered by tax law and AML/CFT legislation (see below). 143. The accounts of every cooperative society are audited by the Audit Service of Cooperative Societies (s. 19(1) CSL). The obligation for cooperative societies to keep accounting records then follows from the rule that the accounts of every cooperative society must be ready for audit within one (in case of cooperative credit institutions) or three (in other cases) months from the end of the financial year (s. 19(11)(c) CSL). Failure to do so can result in an initial fine not exceeding EUR 854.30, and for every day the offence continues a further fine not exceeding EUR 42.72 (s. 57 CSL). The accounting records of all cooperative societies must be based on the International Accounting Standards (s. 57A(1) CSL). In practice, where the CSL is silent on a matter related to the accounts, the Audit Service of Cooperative Societies applies the provisions of the CL. As with all audits, the accounts are checked against supporting documentation such as vouchers and receipts.
Tax law obligations

144. Obligations to keep accounting records for tax purposes can be found in two places in the ACTL. First, section 30 ACTL requires resident taxpayers, as well as non-resident taxpayers deriving income from Cyprus to keep accounting records. Secondly, section 5(6) ACTL imposes a similar obligation on all persons which have to submit a tax return. These persons include the same group of taxpayers as is already covered by section 30 ACTL, but also include companies incorporated in Cyprus but managed and controlled abroad, which are not tax resident and do not necessarily derive income from Cyprus. Therefore, all relevant entities and arrangements are covered by these tax law obligations. Further details of both provisions are described below. 145. Section 30(1)(b) ACTL requires both resident taxpayers (except employees, and individuals with a turnover of EUR 70 000 or less), as well as non-resident taxpayers deriving income from Cyprus, to keep accounting books and records, on the basis of which they prepare accounts in accordance with accepted accounting principles. These accounts must also be audited by a person having a permit to be appointed auditor of a company under the CL. Any person who fails to keep accounting books and records under the

tax law is liable on conviction to a fine not exceeding EUR 17 for every day the non-compliance continues or to imprisonment for a term not exceeding twelve months, or both (s. 50(1) ACTL). 146. Section 30 ACTL applies to persons that are tax resident in Cyprus or deriving income from Cyprus. This includes all individuals being present in Cyprus for more than 183 days and companies managed and controlled in Cyprus. Although partnerships are considered transparent for tax purposes, they are subject to these record-keeping obligations as well (s. 30(1) ACTL). In addition, trustees are answerable for doing all matters and things required to be done for the assessment and payment of tax in respect of any object under their direction (s. 8 ACTL) and are subject to tax in respect of the trust property (s. 31 Income Tax Law), making them subject to record-keeping requirements in respect of the trust property. 147. Until December 2012, taxpayers only deriving dividends and/or interest and not carrying on a business otherwise were not covered by the obligation to keep books and records under section 30(1) ACTL, although such taxpayers were obliged to file annual tax returns and keep records supporting that return. However, since December 2012 all relevant entities and arrangements being tax resident in Cyprus or deriving income from Cypriot sources are required to keep books and records under this provision. 148. Besides the obligation to keep books and records provided for in section 30(1) ACTL, another general obligation to keep such records can be found in section 5(6) ACTL: (a) Documents which are not stated in the tax return, but support directly or indirectly any amounts or information recorded in the return, shall be preserved by the person responsible for the submission of the return or by a duly authorised person for a period of six years from the end of the year of assessment to which they refer. (b) Without prejudice to paragraph (a), the person who is obliged to submit the return or his legal representative must keep, as referred in the said paragraph, documents which(i) (ii) correctly explain all transactions; enable the determination of the financial position of the person whom the return concerns with reasonable accuracy at any time; and allow the preparation of the financial statements, when there is an obligation to prepare such statements in accordance with the provisions of this Law or of the Companies Law, as this is from time to time amended or replaced. []
(iii)
149. This provision requires all persons who are obliged to submit a tax return which includes persons deriving passive income only, to keep records for tax purposes. Subparagraph (b) was added in July 2013 to clarify what records need to be kept. In addition to all persons who are considered tax resident and which are already covered by the obligation to keep books and records provided for in section 30(1) ACTL, section 5(6) ACTL also applies since December 2012 to all companies incorporated in Cyprus but managed and controlled in another jurisdiction, and now all relevant entities and arrangements are under the obligation to keep accounting records under tax law. It is noted that companies incorporated in Cyprus but managed and controlled in another jurisdiction have also always been subject to the obligation to keep accounting records under the CL. For some of these companies there may not be an obligation to have their accounts audited, namely in case the company does not have Cypriot income (thus not subject to section 30 ACTL) and is a small sized company (thus not subject to section 152A CL).
AML/CFT legislation
150. Under section 68(1)(b) PSMLTFL persons engaged in financial or other business activities (i.e. service providers, including trustees) are required to keep relevant evidential material and details of all transactions, including documents for recording transactions in the accounting books. This would encompass only transactions which the service provider is involved in and is therefore generally not sufficient to cover all relevant books, records and documentation. In respect of trusts it may be expected that the trustee is involved in all transactions carried out by the trust. However, as the requirements under the AML/CFT legislation only pertain to transactions, this does not necessarily enable the financial position of the trust to be determined and allow for financial statements to be prepared.
Underlying documentation (ToR A.2.2)

151. Certain requirements to keep underlying documentation were provided for in the tax law for many years. However, these requirements did not cover companies incorporated in Cyprus but managed and controlled in another jurisdiction where they were not required to submit a tax return. In addition, there was only a clear requirement for taxpayers conducting an active business (i.e. not limited to passive investments generating dividend and/or interest income only) to keep invoices and receipts they issued in respect of their transactions and collections. No further guidance existed as to which documentation was to be kept. 152. Recently, changes were made to the Cypriot tax legislation in respect of the obligations to keep accounting records, and in particular underlying

documentation. Section 5(6) ACTL requires all persons who are obliged to submit a tax return to keep documents supporting the information in the tax return. In July 2013, this provision was expanded by the following language: (b) [] It is provided that documents mentioned in this paragraph include underlying documentation (such as contracts and invoices), and shall reflect: (i) the sums of money received and expended, as well as the matters in respect of which the corresponding receipt and corresponding expenditure takes place; (ii) the sales, the purchases and any other transactions; and (iii) the assets and the liabilities of the person whom the return concerns. 153. This language clearly requires that underlying documentation be kept, such as contracts and invoices. 154. Until December 2012, the obligation under section 5(6) ACTL did not necessarily cover companies incorporated in Cyprus but managed and controlled in another jurisdiction as they only may be required to submit a tax return if so requested by the Director of the Department of Inland Revenue. The Cypriot authorities had advised that, as a matter of practice, all companies incorporated in Cyprus and registered at the Registrar of Companies were requested by notice to submit tax returns. As of December 2012, this practice has been transposed into the legal obligation that all companies incorporated in Cyprus but being regarded as a non-resident for tax purposes (i.e. where they are managed and controlled abroad) must submit a tax return on an annual basis (s. 5(2) ACTL). A provision similar to the language introduced in section 5(6) ACTL 155. was also introduced in section 141 CL in July 2013. The specific obligation to keep underlying documentation is therefore now also clearly implemented in the CL, which applies to all companies incorporated in Cyprus.
5-year retention standard (ToR A.2.3)

156. The tax law contains the explicit requirement that the books and records required to be kept must be retained for at least six years 12 (s. 30(2) ACTL). The same applies for the underlying documentation required to be kept for tax purposes (s. 8 ACT Invoices Regulations and s. 5(6) ACTL). All relevant entities and arrangements are subject to obligations under the tax law. In addition, section 141(3) CL was amended in December 2012 to include
12. As per 1 January 2013. Previously, the retention period was seven years.
an express obligation for all companies incorporated in Cyprus to keep the accounting records that must be kept under the CL for six years. Other laws do not contain a minimum retention period. 13

157. The Companies Law, the Partnership and Business Names Law and the Cooperative Societies Law put an obligation on companies, partnerships and cooperative societies respectively to keep accounting books and records in accordance with the standard. Such obligation does also exist under tax law. In addition, tax law requires all relevant entities and arrangements to keep underlying documentation and to keep documentation for a period of at least six years. A specific requirement to keep underlying documentation and to keep accounting records for a period of at least six years also exists in the Companies Law. 158. Some of the clear legal obligations have been introduced only recently. This is the case for the obligation that underlying documentation must be kept, including for companies incorporated in Cyprus but managed and controlled in another jurisdiction, as well as for the clear obligation to keep reliable accounting records on trusts only deriving dividend or interest income. The new obligations have only entered into force in December 2012 and July 2013 and in most cases compliance can only be monitored by the end of 2014 when the tax returns for 2013 are due. Cyprus should monitor the practical implementation of the newly introduced rules. 159. Because of the obligation to keep audited accounts for tax purposes, almost all relevant entities and arrangements must have their accounts audited. The audits are carried out by auditors who are approved under the CL, and in practice these are mostly members of the Institute of Certified Public Accountants of Cyprus (ICPAC), which is recognised by the Council of Ministers as the official accounting body in Cyprus in 2002. As at 31 December 2012, 543 audit firms were registered with ICPAC. All audit firms are subject to independent monitoring and review through on-site inspections by the Association of Chartered Certified Accountants (ACCA, the main accounting body in the United Kingdom) at least once every six years. During the inspections the adherence to accounting and auditing standards is being assessed, as well as the competence of the individual auditors. Both procedural aspects and the quality of the work are reviewed. So far, only few disciplinary measures have been taken as a result of the reviews.
13.
Regulative Decision 441/2007 (paragraph 13(3)) does mention a retention period of at least 10 years for records held by cooperative credit institutions.

160. The accounts of cooperative societies must all be audited by the Audit Service of Cooperative Societies. The principal auditor for each audit as well as most of the audit staff of the Authority for the Supervision of Cooperative Societies are members of ICPAC. Penalties for non-compliance with accounting record keeping obligations by cooperative societies have not been applied; so far, any shortcomings in the accounts could be resolved without the need to apply the penalty. 161. The system of mandatory audits combined with independent review of the auditors ensures that reliable accounting records, supported by underlying documentation, are kept by all persons which have their accounts audited. These audited accounts are in practice either attached to the tax return or used as a basis to fill out certain required fields in the tax return, which must also be done by the auditor. Generally, where taxpayers submit their tax returns their accounting records are also available. Either the tax authorities have the audited accounts in their possession or they are able to easily obtain them from the taxpayer. Separate penalties for not keeping adequate accounting records under tax law are therefore rare. However, general compliance with the obligation to submit the annual tax returns in a timely manner is low, as described under A.1.6 above. Where no tax return is submitted, reliable accounting records may also not be available. 162. Companies and, starting from the financial year 2012, certain partnerships (mainly partnerships that have a company and/or a partnership as a general partner) must also provide financial accounts with their annual return to the Companies Registrar. However, compliance with the obligation to file annual returns with the Registrar is low and no active enforcement is taking place (see also A.1.6), resulting in limited availability of accounting records with the Registrar. 163. Accounting information, either pertaining to specific transactions or comprehensive accounts, has been requested in more than 650 cases during the three-year review period. Of the fifteen peers that have requested accounting information during the three-year review period and provided input to this review, half indicated that accounting information was generally received although mostly with (long) delays. The other half of the peers indicated that accounting information was not fully provided or was not (yet) received at all. Most of these peers pointed out that this was generally in cases where a person had not complied with its obligations to submit its tax return(s) and/or the annual returns to the Registrar. Cypriot authorities should therefore enhance its monitoring and enforcement activities with respect to these general obligations and include checks for the availability of accounting records.

Phase 1 determination The element is in place. Phase 2 rating Non-Compliant Factors underlying recommendations Accounting records have not been available in a number of cases, in particular where the person required to keep the accounting records did not comply with its general obligations to submit tax returns and/or annual returns to the Companies Registrar. Comprehensive accounting record keeping obligations on certain trusts as well as on companies incorporated in Cyprus but managed and controlled in another jurisdiction have only been introduced recently. Recommendations Cyprus should ensure that reliable accounting records, including underlying documentation, are being kept by all relevant entities and arrangements for a period of at least five years. Cyprus should monitor the practical implementation of the recently introduced obligations to keep comprehensive accounting information by certain trusts and companies incorporated in Cyprus but managed and controlled in another jurisdiction.
A.3 Banking information

Banking information should be available for all account-holders.
164. No person is allowed to engage in banking business or in the business of taking deposits in Cyprus unless it is a body corporate holding a valid license for that purpose issued by the Central Bank of Cyprus (s. 3 and s. 4 Banking Law). The Central Bank is the primary regulatory and supervisory body for the Cypriot banking industry. As at May 2013, the Central Bank supervises 41 banks, being six local banks, eight subsidiaries of foreign banks and 27 branches of foreign banks. 165. One of the banks supervised by the Central Bank is the Co-operative Central Bank. Up until 31 July 2013, this bank is responsible for monitoring the 92 affiliated cooperative credit institutions (CCIs) in Cyprus. As per 1 August 2013, the licensing and supervision of all banks, including CCIs, falls under the direct responsibility of the Central Bank. As explained under A.1.5, CCIs are involved in traditional banking, taking deposits almost entirely from local people and granting loans to their members. Their market share of the

total amount of deposits was approximately 20% as at March 2013, and only 1% of these deposits belong to persons that are not resident of Cyprus. The total amount of deposits held by banks in Cyprus was EUR 63.7 billion as at March 2013, showing a drop of 10% since March 2012. 14
Record-keeping requirements (ToR A.3.1)

166. The requirements for banks are primarily laid down in the Banking Law. In respect of banking information, section 15A Banking Law requires all banks to obtain the name, address and number of the official identity card or passport number and its country of issue in respect of all customers. It is also expressly prohibited to open or maintain anonymous or numbered accounts or accounts in names other than those stated in official identity documents (s. 66(2) PSMLTFL). 167. The activities carried out by banks are regarded as financial business under the PSMLTFL, resulting in the obligation to identify their customers by performing CDD (s. 60 PSMLTFL). This also includes scrutinising transactions undertaken, the business and risk profile and, where necessary, the source of funds. Any documents, data or information related to this obligation must be kept up to date (s. 61(1)(d) PSMLTFL). 168. Section 68(1) PSMLTFL requires all persons engaged in financial business to keep records of the following documents: (a) copies of the evidential material of the customer identity; (b) relevant evidential material and details of all business relations and transactions, including documents for recording transactions in the accounting books; and (c) relevant documents of correspondence with the customers and other persons with whom they keep a business relation. 169. These records must be maintained for a period of at least five years after termination of the business relationship (or after the transaction where there is no business relationship, e.g. a one-off transaction) (s. 68(1) PSMLTFL). Failure to carry out CDD or to maintain the documentation for at least five years can lead to an administrative fine of up to EUR 200 000 and, in case the failure continues, a fine of up to EUR 1 000 for each day the failure continues (s. 59(6)(a)(ii) PSMLTFL).
14.
For up-to-date details please refer to www.centralbank.gov.cy.
Availability of banking information in practice

170. The Central Bank has put in place a program of on-site inspections to monitor the compliance of licensed banks with their obligations under the PSMLTFL. At the start of every year, a risk assessment of each bank is made which forms important input in deciding which banks will be subject to an on-site inspection in that year. The risk assessment may be amended throughout the year when significant changes occur. Each year, between one third and half of the banks are selected for an on-site inspection. These inspections take one or more days, depending on the size of the banks business. Foreign branches of Cypriot domestic banks are generally visited once every two to three years. Finally, specific investigatory inspections are carried out if there are indications of non-compliance. 171. During the on-site inspections, the Central Bank takes samples of customer files, which are a mix of high-risk customers and a random selection, to verify whether sufficient identity, transactional and other relevant information is being kept. An inspection report is drawn up by the Central Bank after the on-site, and this is discussed at an exit meeting with the bank. The Central Bank indicated that, in general, banks do have identity and transactional information available. The most common deficiency is found in a wrong application of the exemption to keep certain information in the case of introduced business. Any shortcomings are addressed by either the issuance of a warning letter and/or the application of an administrative fine. In the period 2010-12, a total of 20 warning letters were issued and seven fines were imposed. The action taken by the bank on the shortcomings identified, must be reported and is recorded in a follow-up report. 172. In respect of CCIs, the Authority for Supervision of Cooperative Societies was responsible for supervising compliance by CCIs of their legal obligations up until 31 July 2013. This Authority had direct access to the electronic system used by all CCIs to perform their banking business, which facilitated the off-site supervision. In addition, between 30 and 40 on-site inspections were carried out every year. During these inspections, the Authority reviewed the compliance by the CCIs with all its obligations, including under the PSMLTFL. In 2012, the Authority started to conduct onsite inspections targeted only on the CCIs compliance with the obligations under the PSMLTFL. It carried out 16 of such specific inspections in 2012. As with regular banks, the Authority indicated that compliance by CCIs with their obligations was high. During the years 2010-12, a warning letter was issued in 25 cases, mostly for ignoring indicators for suspicious transactions. In all cases, the CCI has rectified the situation, and so far no penalties had to be applied. As mentioned above, the supervision of CCIs has been transferred to the Central Bank on 1 August 2013, which will integrate the supervision of the CCIs in its existing policy of supervision of banks.

173. In the three-year review period, bank information was requested in almost 150 cases. Most peers indicated that banking information was not or only partially received. This is, however, not related to a lack of availability of the information, as in the cases where information was sought directly from a bank, it was obtained. Recommendations are included under elements B.1 and C.5 in respect of the access to and exchange of bank information.
Conclusion
174. The customer identification obligations and record keeping obligations on all transactions require banking information to be available in Cyprus for all account holders. Compliance by banks in respect of these legal obligations is supervised by the Central Bank (for regular banks) and the Authority for Supervision of Cooperative Banks (for CCIs). Through their inspections, it is found that banks keep the required information on their clients and transactions. This is confirmed by the experience of the Cypriot competent authority, as well as peer input, that banking information was available with banks and could be exchanged upon request. However, it is noted that in many cases where bank information was sought, the Cypriot competent authority did not request this information from the bank, but from another person.
Phase 1 determination The element is in place. Phase 2 rating Compliant
COMPLIANCE WITH THE STANDARDS: ACCESS TO INFORMATION 53
B. Access to Information
Overview
175. A variety of information may be needed in respect of the administration and enforcement of relevant tax laws and jurisdictions should have the authority to access all such information. This includes information held by banks and other financial institutions as well as information concerning the ownership of companies or the identity of interest holders in other persons or entities. This section of the report examines whether Cyprus legal and regulatory framework gives to its competent authority access powers that cover all relevant persons and information, and whether the rights and safeguards that are in place would be compatible with effective exchange of information. It also assesses the effectiveness of this framework in practice. 176. The Director of the Department of Inland Revenue of the Ministry of Finance has sufficient access powers to obtain all relevant information pursuant to an information exchange request. These powers are used by the officers of the International Tax Affairs Division, who handle the EOI requests. Although there are powers to obtain information that were specifically designed for information exchange purposes, these are in practice only used where information must be obtained from a bank. In other cases, the Cypriot competent authority uses its domestic access powers. 177. Until the end of 2011, it was common practice of the Cypriot competent authority not to approach a taxpayer for information before that taxpayer had submitted its income tax return(s) for the year(s) the information sought by the requesting jurisdiction related to, even in cases where no direct relationship between the tax return and the information sought existed. In addition, the competent authority did not try to obtain such information from other persons, such as a lawyer, which may also have had the information. In fact, information has not been sought from third parties other than banks during the three-year review period. Where bank information was requested, the information was directly requested and obtained from a bank in only 11 out of the 150 cases. These practices may have contributed to unnecessary
54 COMPLIANCE WITH THE STANDARDS: ACCESS TO INFORMATION

delays in obtaining the information. It is recommended that Cyprus uses its information gathering powers to obtain information from all potential information holders, including directly from banks, where appropriate. 178. Since the end of 2011, the Cypriot competent authority seeks to obtain information from a taxpayer for EOI purposes where this information does not depend on the submission of an income tax return regardless of whether the income tax return has been filed. Cyprus should monitor the practical implementation of its recently revised policy in respect of obtaining information from Cypriot taxpayers. 179. A power to search buildings and seize documents is provided for in case a person fails to produce the information requested. In addition, penalties (including imprisonment) and administrative fines may be imposed. In practice, many cases have occurred where information has not (yet) been obtained as a result of non-compliance by the taxpayer. This is the case with taxpayers that have not complied with other tax obligations either. Although penalties have been imposed in some instances, the compulsory powers have not been used effectively by Cyprus in all cases, in particular in respect of bank information. 180. Any secrecy obligations, including bank secrecy, are waived when a person is asked to produce information. Attorney-client privilege as defined in the law must, however, be respected. Although this privilege may be broader than the international standard in some cases, it did not have nor is expected to have a significant impact on the effective exchange of information. 181. There is no requirement in Cyprus domestic legislation that the taxpayer under investigation or examination must be notified of a request. However, where information must be obtained from a third party, such as a bank, the person who is requested to produce information must be informed which foreign tax authority has requested the information. An exception to this rule was introduced in December 2012 which provides for an exception to this requirement where the notification may hinder the investigation. In the three-year review period (1 July 2009 30 June 2012), no specific issues have been reported by peers resulting from a notification to the holder of the information stating which jurisdiction had made the request.
B.1 Competent Authoritys ability to obtain and provide information

Competent authorities should have the power to obtain and provide information that is the subject of a request under an exchange of information arrangement from any person within their territorial jurisdiction who is in possession or control of such information (irrespective of any legal obligation on such person to maintain the secrecy of the information).
182. Under Cyprus DTCs the Minister of Finance or his authorised representative is the designated competent authority. The Director of the Department of Inland Revenue of the Ministry of Finance (the Director) has been delegated this task. The Director also exercises the powers to obtain information for information exchange purposes. 183. The International Tax Affairs Division (ITAD) handles incoming (and outgoing) exchange of information requests. In addition to the Director, both the Head of the ITAD and all ITAD officers are authorised to sign as competent authority. The ITAD is based within the Ministry of Finance in Nicosia. ITAD officers collect information from companies residing under the Nicosia district directly, while information that must be obtained from other taxpayers is obtained by the district offices. Besides Nicosia, Cyprus has four other district offices: Famagusta, Larnaca, Limassol and Paphos. All district offices have a designated contact person for exchange of information requests. All information that should be collected from other sources (other government authorities, third parties) is directly obtained by the ITAD officers.
Ownership and identity information (ToR B.1.1)

184. The powers to obtain information for tax purposes are provided for in the ACTL. Section 6(9)(a) ACTL provides that the Director may, for the purposes of exchange of information in respect of any person (including a company or partnership dissolved or stricken off and a deceased individual), require and receive in any form from any person books, records or other documents or particulars or information under his control, possession, disposal or jurisdiction. It is further stated that these books, records or other documents or particulars must be supplied, presented, delivered, given or sent with the essential or necessary explanations or clarifications in full satisfaction of the Director (s. 6(10) ACTL). These provisions have a wide scope and prima facie enable the Cypriot authorities to obtain all available information to fulfil its obligations under an information exchange agreement. 185. In practice, section 6(9)(a) ACTL is only used to obtain information from third parties, i.e. independent service providers such as banks and lawyers. During the three-year review period, this occurred only in 11 cases. In all other cases, that is where information must be obtained from a Cypriot

taxpayer, the authorities base their request for information on section 27 ACTL. This provision allows the tax authorities to require any person to furnish them with such particulars as they may require for the purposes of the ACTL with respect to the object of the tax of such person, and to produce any accounts, books or other documents. 186. It is noted that until December 2012 the use of the access powers under section 6(9)(a) ACTL by the Cypriot authorities was restricted to cases where this was necessary to comply with the provisions of DTCs. More general language has been introduced in December 2012, which means that the Cypriot competent authority may now use its access powers in order to comply with any tax information exchange agreement, including TIEAs. 187. Section 6(11) ACTL contains a condition for the Director to use its access powers. These powers may only be used if the competent authority of the requesting state provides the following particulars and information: (a) the identity of the person under examination or investigation; (b) description of the information sought, including its nature and the manner in which it wishes to receive the information from the Director; (c) the tax purpose for which the relevant information is sought; (d) the grounds for believing that the information requested is held by the Director or in the possession or control of a person in Cyprus; (e) to the extent known, the name and address of any person believed to be in possession of the requested information; (f) a statement that the application for obtaining information is in conformity with the law and administrative practice of the applicant state, and if the requested information were within the jurisdiction of the applicant state, its competent authority would be able to obtain the relevant information under its laws or in the course of its administrative practice; and (g) a statement that the applicant state has pursued all means available in its own jurisdiction to obtain the information being sought, except those that would give rise to excessive difficulties. 188. These particulars are the same as provided in Article 5(5) of the Model Tax Information Exchange Agreement and are meant to ensure that the requesting state demonstrates the foreseeable relevance of a request. The condition that these particulars be provided is consistent with the international standard. It is noted that the requirement is found in Cyprus domestic law (only six of Cyprus DTCs contain this specific requirement, see C.1.1)
and therefore may not necessarily be known to the authorities of the requesting states. However, it may be expected that a requesting state sufficiently demonstrates the foreseeable relevance of a request and if not, that the Cypriot authorities will inform their exchange of information partners. 189. In addition, section 6(11) ACTL codifies the reciprocity principle, stating that information shall not be supplied by the Director unless he is satisfied that the requesting state has reciprocal provisions or applies appropriate administrative practices to provide information to Cyprus. This provision is in conformity with the international standard. 190. Another condition for the Director to use its access powers is provided for in section 6(12) ACTL. This provision states that the access powers shall be exercised only after obtaining the written consent of the AttorneyGeneral. In order to obtain such consent, the Director must submit a relevant written request. Cypriot authorities state that the Attorney-General will give his consent when he is satisfied that the prerequisites of section 6(11) ACTL (see above) are met. 191. The procedure of obtaining the written consent of the AttorneyGeneral is in practice only relevant where information needs to be obtained from a third party (such as a bank or a lawyer). For example, where transactional information is requested regarding a transaction with a Cypriot company, such information may be in the possession of both the Cypriot company and its bank in Cyprus. In case Cyprus seeks to obtain the information from the Cypriot company, the competent authority will use the access power provided by section 27 ACTL. In case Cyprus seeks to obtain the information from the bank, the access power of section 6(9) ACTL is used, which includes the requirement of obtaining the written consent of the Attorney-General. In these cases, the competent authority carefully checks whether all of the particulars listed in section 6(11) ACTL are included in the incoming request. Where this is not the case, a clarification is asked from the requesting jurisdiction. The strict implementation of this rule is necessary because the Attorney-General will closely look at whether the prerequisites of section 6(11) ACTL are satisfied. In practice, any clarifications from the requesting jurisdiction are obtained before the Cypriot competent authority makes a submission to the Attorney-General for written approval. As a result, the Attorney-General has not refused to give his written consent in a case in the three-year review period. 192. The process of obtaining the Attorney-Generals written consent generally takes less than one week once a submission is made by the competent authority. As also noted by some peers, some delays may occur where the Cypriot competent authority has to go back to the requesting jurisdiction before obtaining the consent of the Attorney-General to ask for additional information in order to meet the requirements of section 6(11) ACTL.

However, as noted above, these requirements are in accordance with the international standard. In any case, explanations were given by Cyprus to the requesting jurisdictions regarding the particulars to be included in a request for bank information in order to meet the requirements of section 6(11) ACTL. In these cases, delays in other requests made by the same jurisdiction have generally been avoided.
Gathering information in practice

193. All incoming requests of information are dealt with by ITAD officer who is assigned the case. This officer will first check whether the requested information is readily available in the database of the Inland Revenue Department (IRD), to which the ITAD officers have direct access. The IRD database contains tax returns filed, tax assessments issued and tax paid by the taxpayer, as well as general information on that taxpayer, such as its place of residence. 194. Where the information relates to a company or partnership, the case officer will generally also access the information available with the Registrar of Companies. Since April 2011, this process is facilitated by the general access rights granted to all ITAD officers to the information that is available in the online database of the Registrar of Companies. Other government databases that may be accessed by ITAD officers at this point in the process include the databases of the Value Added Tax department, the Land Registry Office and the Social Insurance department. The information gathered through these initial steps should be sent to the requesting jurisdiction within two months of receipt of the request, according to the newly established internal guidelines (see C.5.2). According to the Cypriot authorities, the vast majority of the requests includes information which needs to be obtained from a taxpayer in addition to information which may be available in government databases. 195. Where information needs to be obtained from a taxpayer, there are two possibilities: (i) If the taxpayer is a company and falls under the Nicosia district, where the ITAD is also located, the ITAD officer directly sends a letter to the taxpayer to obtain the information. Around 50% of the incoming requests require information to be obtained from a company in the Nicosia district. (ii) If the taxpayer falls under the responsibility of any of the other districts, or is an individual residing in the Nicosia district, a letter will be sent to a designated contact person in the responsible district office asking him/ her to obtain the relevant information from the taxpayer. A copy of the request is attached to the letter. It is estimated that in approximately 45% of the cases information needs to be obtained through a district office.
196. The taxpayer is generally given 15 days to provide the information. Extension of this period may be granted where the taxpayer requests so. 197. In all cases where information is obtained from a taxpayer, this occurs on the basis of section 27 ACTL, which does not contain any further particular requirements in terms of procedure. In case information needs to be obtained from a third party, such as a bank or a lawyer, the procedure is based on sections 6(9) 6(12) ACTL as described above in this section of the report. In all cases where information must be obtained from a third party, the ITAD officer who is assigned the case is responsible for handling it, which means obtaining written consent from the Attorney-General and subsequently requesting the information from the third party. In the three-year review period, this situation has only occurred where information needed to be obtained from a bank. 198. Until the end of 2011, it was common practice of the Cypriot competent authority not to approach a taxpayer for information before that taxpayer had submitted its income tax return(s) for the year(s) the information sought by the requesting jurisdiction related to. This was the policy in all cases, including where the information sought was not expected to be included in the tax return or where a taxpayer was late with filing its tax return(s). This resulted in unnecessary delays in obtaining the information and is an important reason for the fact that many cases are still pending. In addition, the competent authority did not try to obtain such information from other persons, such as a lawyer, which may also have had the information. Lawyers are generally involved in setting up companies. In this role, lawyers may have information relevant for tax purposes. In general, information has not been sought from service providers other than banks during the three-year review period. It is recommended that Cyprus uses its information gathering powers to obtain information from all potential information holders where appropriate. 199. The policy of not approaching a taxpayer for information before that taxpayer had submitted its income tax return(s), has changed since the end of 2011, and now the Cypriot competent authority seeks to obtain information from a taxpayer for EOI purposes where this information does not depend on the submission of an income tax return regardless of whether the income tax return has been filed. Cyprus reports that this has had a positive impact on the response times to EOI requests, which is confirmed by Cyprus EOI partner which has sent most requests during the three-year review period as well as by the statistics on timeliness (see C.5.1). It is recommended that Cyprus monitors the implementation of its revised policy in respect of obtaining information from its taxpayers.
Bank information
200. For domestic tax purposes a specific provision to obtain bank information exists (s. 6(7) ACTL). Where information must be obtained from a bank for information exchange purposes, the procedure as provided for in sections 6(9) 6(12) ACTL must be used to obtain such information. This provision specifically states that the access powers may be used notwithstanding any obligations for secrecy, including bank secrecy (see also B.1.5). 201. In the three-year review period, bank information has been obtained from both taxpayers and banks. Typically, where the request does not clearly indicate that the requesting jurisdiction would like to receive the information from a bank and the information should also be in the hands of a Cypriot taxpayer in Cyprus, the Cypriot competent authority would ask the taxpayer. Cyprus has indicated that in the vast majority of the cases bank information is requested in respect of a specific transaction or general bank statements and it is requested as one of the pieces of information in an EOI request. Generally, no particular reference is made to a specific bank which might be in possession of this information. The Cypriot competent authority therefore obtains this information from the Cypriot taxpayer which is also the person expected to have the other pieces of information included in the EOI request (such as ownership and accounting information). As a result, of the 150 requests where bank information was requested during the three-year review period, this information was only requested directly from a bank in 11 instances. 202. The Cypriot competent authority indicated that where it is unsuccessful in obtaining the information from the person other than the bank, which would ususally be given 15 days to comply, it exercises its powers to obtain the information from the bank instead. However, many peers have commented that during the three-year review period bank information was not (yet) provided or provided with long delays. This may be partly due to understaffing of the competent authority (see C.5.2) and the practice of not approaching a Cypriot taxpayer to obtain information before it had submitted its tax return (see above under Gathering information in practice). Nevertheless, in general obtaining information from Cypriot taxpayers has not always been successful, while obtaining information directly from a bank has so far always been successful in a timely manner, which is confirmed by peers. In addition, the availability of bank information with the banks is ensured by requirements in the PSMLTFL and monitoring and enforcement of these requirements is carried out, as described under element A.3. Finally, it should be recognised that bank information is of key significance for the exchange of information for tax purposes. The Cypriot authorities have indicated that they are willing to obtain information directly from a bank where they have the necessary information to do so. It is therefore recommended
that Cyprus uses its access powers to obtain bank information directly from a bank in more instances where appropriate. Where bank information needs to be obtained from a Cypriot taxpayer, sufficient compulsory powers should be used in cases where such taxpayer does not provide the information in a timely manner. 203. In some of the cases where bank information has not yet been received, Cyprus asked for clarifications in respect of the foreseeable relevance of (part of) the bank information requested. An assessment of Cyprus policy in respect of asking clarifications in respect of the foreseeable relevance of incoming requests can be found under element C.1.1 of this report.
Conclusion
204. The Cypriot competent authority uses two different access powers to obtain information for EOI purposes. Where information is obtained from Cypriot taxpayers, which is the case in almost all cases, section 27 ACTL is used, which provides general access powers for tax purposes. Where information is obtained from third parties, which has only been done where information was obtained directly from a bank, section 6(9) ACTL is used, which provides access powers specifically for EOI purposes. The use of the latter power includes obtaining the written consent of the Attorney-General, which will check whether all necessary particulars, which are drawn from Article 5(5) of the Model TIEA and in accordance with the international standard, are included in the request. 205. In the three-year review period there were many cases where information has been obtained with (long) delays, and peers reported that they never received the information. This is partly due to the practice of the Cypriot competent authority not to approach a taxpayer for information before that taxpayer had submitted its income tax return(s) for the year(s) the information sought by the requesting jurisdiction related to, even in cases where no direct relationship between the tax return and the information sought existed. In addition, the competent authority did not try to obtain such information from other persons, such as a lawyer, which may also have had the information. Finally, in respect of obtaining bank information this was sought from Cypriot taxpayers in the vast majority of the cases. As this has not always been successful while seeking the information directly from a bank was, Cyprus should use its access powers to obtain bank information directly from a bank in more instances where appropriate.
Accounting records (ToR B.1.2)

206. The powers and practical procedures to obtain information described under the previous subsection (Ownership and identity information) apply equally where accounting information must be obtained.
Use of information gathering measures absent domestic tax interest (ToR B.1.3)
207. The information gathering powers under section 6(9)(a) ACTL specifically refer to them being used in order to be able to comply with the provisions of DTCs or tax information exchange agreements, so they are not subject to Cyprus requiring such information for its own tax purposes. 208. As noted above (B.1.1), in practice the Cypriot competent authority only uses the powers provided for in section 6(9) ACTL where information must be obtained from third parties, which has so far only occurred in the case of information obtained from a bank. In all other cases, section 27 ACTL has been used as a basis to request information. This provision does contain a domestic tax interest, but the Cypriot authorities have so far considered that in all cases the information obtained was also relevant for domestic tax purposes. In any case, should a case occur where information must be obtained from a person other than a than bank where Cyprus would not have a domestic tax interest, the powers provided for in section 6(9) ACTL are always at the disposal of the Cypriot competent authority.
Compulsory powers (ToR B.1.4)

209. Jurisdictions should have in place effective enforcement provisions to compel the production of information. 210. According to section 50(1) ACTL any person refusing, failing or neglecting to furnish any particulars or to perform any duty required to be performed under the ACTL shall be guilty of an offence and shall be liable on conviction to a fine not exceeding EUR 17 for each day the offence continues or to imprisonment for a term not exceeding twelve months, or both. The court may also direct the person convicted to give the particulars as has been required (s. 50(2) ACTL). It is noted that prosecution for an offence under this provision may only be instituted with the consent of the Attorney-General (s. 53 ACTL). 211. In addition, administrative penalties may apply. Any person not complying with a notice to provide information to the Director for information exchange purposes is subject to a fine of EUR 200 where it concerns information on themselves (s. 50A(c) ACTL) and EUR 100 where it concerns information on another person (s. 50A(d) ACTL). However, these penalties
can only be imposed if the Director has given the person at least 60 days to comply. In cases where a shorter time period is given, only the penalties described in the previous paragraph apply. As in practice persons are given only 15 days to comply with a notice to provide information, administrative penalties are not imposed for failure to provide information in exchange of information cases. 212. A search warrant may be issued by a judge if that judge is satisfied that any documents or particulars which should have been produced and have not yet been produced, can be found in any building, except a building of a person who is bound to observe professional secrecy under the Evidence Law (s. 32(1) ACTL). Persons found in the building may be searched and objects may be seized where there is reasonable cause to believe that they should have been produced (s. 32(2) ACTL).
Use of compulsory powers in practice

213. Where a person does not comply with a letter to produce information to the authorities within the time limit set out in that letter, the policy is to send reminders. If the non-compliance continues, a formal letter should be sent indicating that legal measures will be taken if no response is received. In practice, such formal letter is sent after two or three reminders have been sent. A formal letter to a taxpayer is sent by either the district office or by ITAD (if it concerns a company residing in the Nicosia district and does not concern a request for the submission of income tax returns). Every month all district offices send a list of taxpayers that have not complied with the formal letter to the Legal Department of the Ministry of Finance. The Legal Department checks whether all formalities have been met to start a prosecution and if so, requests the consent of the Attorney-General. In practice, the Attorney-General approves all requests within one or two days. Procedures for prosecution are standardised and may take approximately five to nine months, depending on the schedule of the court and the complexity of the case. 214. As a whole, the Legal Department initiates approximately 2 000 prosecutions per year for offences under the tax law. No specific statistics are kept regarding the type of underlying offence, although the Cypriot authorities state that the offences only relate to (i) the non-submission of income tax returns, (ii) the non-submission of financial statements, and/or (iii) the nonsubmission of (other) information. In 2012 ITAD officers, who are directly responsible for obtaining information from companies in the Nicosia district, referred 33 cases to the Nicosia district office requesting for a formal letter to be sent. The Cypriot authorities indicated that most taxpayers comply with the formal letter in order to avoid prosecution. Prosecutions that do go through that are related to exchange of information cases, are initiated on the basis of section 50 ACTL.

215. According to the Cypriot authorities, the majority of the cases where non-compliance occurs, relate to taxpayers who do not comply with their obligations generally. For example, these taxpayers may not have submitted any tax returns either and/or have not complied with the requirement to provide annual returns to the Companies Registrar. The Cypriot authorities state that a campaign was held in 2011 to improve the collection of information from taxpayers, which reportedly has had a positive impact on compliance. Besides official prosecutions, another instrument available to the tax 216. authorities to compel the production of information is the power of search and seizure. The Cypriot authorities have never used this instrument to obtain information for exchange purposes, and rarely use it for other (domestic) purposes. 217. In the three-year review period, there have been many cases where the taxpayer did not comply with the first letter to produce information, considering the average response time and the number of cases still outstanding (see C.5.1). Follow-up on these letters by the Cypriot authorities has generally been slow, which according to the Cypriot authorities was mainly due to a lack of resources (see C.5.2). Nevertheless, the general level of compliance also does not seem to be high, considering that, for example, tax returns are filed on time in only 35% of the cases. A strict monitoring of compliance and effective use of compulsory powers in exchange of information cases is therefore necessary. In practice, the compulsory powers have not been used effectively in all cases. This may have specifically impacted the obtaining of bank information from Cypriot taxpayers, as this is the type of information of which peers have indicated most that it has not been provided during the three-year review period. 218. As for compulsory powers other than prosecutions through the Legal Department, the instrument of applying an administrative fine cannot be used because it is subject to the condition that the taxpayer must have been given at least 60 days to comply, and in practice a deadline of 15 days is given. This means that in all cases of non-compliance related to exchange of information, penalties can only be applied through a formal prosecution. The process of a formal prosecution is time-consuming, as in practice a formal letter is only sent after two or three reminders (which may in itself already have taken several months), and where the prosecution is actually initiated it can take up to more than a year before the court makes a decision. This leads to delays in obtaining the information, which may then no longer be useful to the requesting jurisdiction. Finally, the instrument of search and seizure has not been used in exchange of information cases, which could be an alternative for a formal prosecution in some cases. 219. In conclusion, it seems that the relatively high level of non-compliance has not effectively been dealt with, and that as a result information has
not been exchanged in a number of cases. Although this may in part be due to a lack of resources, the available compulsory powers have also not been used effectively in all cases. It is therefore recommended that Cyprus uses its compulsory powers more effectively in exchange of information cases, in particular where bank information needs to be obtained from a Cypriot taxpayer.
Secrecy provisions (ToR B.1.5)

220. Section 6(9)(a) ACTL provides that the access powers of the Director to obtain information for information exchange purposes may be used notwithstanding any obligation for secrecy or other restriction for the supply and use of information and particulars provided in any law or otherwise, [] subject to the legal privilege recognised by law. This provision effectively overrides any secrecy obligations on any person under any law, except for legal privilege (see below).
Bank secrecy
221. Bank secrecy is laid down in section 29(1) Banking Law and precludes any person having access to records of the bank in a professional or employment relationship with the bank to divulge any information regarding the account of any individual customer of the bank. However, one of the exceptions to this rule applies where the information is provided to a public officer who is duly authorised under any law to obtain that information (s. 29(2)(d) Banking Law). 222. Powers to obtain information for information exchange purposes are provided in section 6(9)(a) ACTL (see B.1.1). This provision specifically states that such powers may be used notwithstanding any obligations for secrecy, including bank privilege. This means that any public officer requesting information from a bank under this provision is duly authorised, and bank secrecy does not provide a valid reason for not providing the information. In the three-year review period, no bank has declined to provide information claiming that this information was covered by secrecy obligations.
Legal privilege (attorney-client privilege)

223. Legal privilege in Cyprus is implemented through the Advocates Code of Conduct Regulations (ACCR) issued by the Cyprus Bar Association (CBA). The CBA has this power under section 24(1) of the Advocates Law. Any rules made by the CBA under this provision shall be published in the Official Gazette of Cyprus and shall thereupon be binding on all practising advocates (s. 24(2) Advocates Law).

224. Section 13(1) ACCR states that professional secrecy (i.e. legal privilege) is recognised as the fundamental and primary right and obligation of advocates, and it must be protected by the courts and any public authority. Section 13(3) contains the core of the legal privilege: Advocates must, without any time limitation, respect the secrecy of all confidential information or evidence which has come to their knowledge in the course of their professional activity. 225. Two limitations to legal privilege apply according to the quoted definition. First, it pertains only to confidential information, which would exclude information that cannot reasonably be expected to be kept secret, such as information provided by the client to its attorney in the presence of third parties from being privileged (see, for example, Article 7(3) of the Model TIEA and its Commentary). 226. The second limitation is that information is only covered by legal privilege where it has come to the knowledge of the attorney in the course of his/her professional activity. The term professional activity is not defined as such, but section 2 Advocates Law does contain a definition of the phrase practising as an advocate. The following activities are included in the definition: Appearing before any Court to conduct any proceedings on behalf of any person or Cyprus, including preparing or perusing any pleading on behalf of a client. Registering trademarks or patents and appearing before any administering authority for these purposes. Drawing up, reviewing or amending any Memorandum or Articles of Association of a company of any form, or any application, report, statement, affidavit, decision or other document pertaining to the incorporation, registration, organisation, reorganisation or dissolution of any legal entity. Registering ships and drawing all documents referring to the incorporation, transfer, alteration or abolition of all rights on a ship as well as appearing before the competent authority for this purpose. Giving opinions on all legal matters submitted to the advocate. Drawing up or perusing any document filed in Court for administration purposes under the Administration of Estates Law.
227. It is clear that if an advocate takes up a different role altogether, such as a trustee, agent or nominee, any communications and information are not covered by legal privilege. However, the above list does include
activities other than the giving of legal advice or activities related to existing or contemplated legal proceedings, most notably the activities regarding the incorporation, reorganisation or winding up of companies or other legal entities. Information coming to the knowledge of an advocate in this respect may be relevant for tax information exchange purposes and seems to be covered by legal privilege as it can be considered a professional activity of an advocate. It should be noted that most of this information seems to be in connection with drawing up and registering official documents, of which it is likely that they are available in public registers or otherwise could not be considered confidential. Nevertheless, it is recommended that Cyprus amends its laws so that advocates can only invoke legal privilege in respect of information that would reveal confidential communications where these are (i) produced for the seeking or providing of legal advice or (ii) produced for the purposes of use in existing or contemplated legal proceedings. 228. The Cyprus Bar Association confirmed that there may be documentation covered by legal privilege which is not information produced (i) for the seeking or providing of legal advice or (ii) for the purposes of use in existing or contemplated legal proceedings. However, this is expected to be of a limited scope; for example, it was also indicated that a register of members of a company should not be covered by legal privilege, as this is information that must also be disclosed to the Registrar of Companies on an annual basis. 229. In the three-year review period, Cyprus has not requested any information from a lawyer in connection with an exchange of information request. The normal practice is to always go to the taxpayer and not its lawyer. Also, in no cases it was specifically requested by the requesting jurisdiction to obtain information from a lawyer. Consequently, the limited gap identified in Cyprus legal and regulatory framework in respect of legal privilege did not have a significant impact on the effective exchange of information during the three-year review period. If information is going to be obtained from lawyers in the future, Cyprus should monitor whether legal privilege forms an impediment for effective exchange of information.
Phase 1 determination The element is in place.

Phase 2 rating Non-Compliant Factors underlying recommendations Until the end of 2011, it was the practice of the Cypriot competent authority not to approach a taxpayer for information before that taxpayer had submitted its income tax return(s) for the year(s) the information sought by the requesting jurisdiction related to, even in cases where no direct relationship between the tax return and the information sought existed. This has led to unnecessary delays in obtaining the information. Since the end of 2011, the Cypriot competent authority will try to obtain information from a taxpayer for EOI purposes where this information does not depend on the submission of an income tax return regardless of whether the income tax return has been filed. The Cypriot competent authority did not use its specific information gathering powers to obtain information from third parties other than banks, i.e. service providers such as lawyers, which may have had the information requested. In addition, these specific information gathering powers, which include the written consent of the Attorney-General, have been used to obtain information from a bank directly in only a limited number of cases. This may have contributed to delays in responding to EOI requests. Recommendations Cyprus should monitor the practical implementation of its recently revised policy in respect of obtaining information from Cypriot taxpayers.
Cyprus should use its information gathering powers to obtain information from all potential information holders, including directly from banks and other third parties, where appropriate.
Phase 2 rating Non-Compliant Factors underlying recommendations The relatively high level of noncompliance by Cypriot taxpayers in responding to letters to provide information has not effectively been dealt with in terms of an effective use of the available compulsory powers. This may have specifically impacted the obtaining of bank information from Cypriot taxpayers. Recommendations Cyprus should exercise its compulsory powers more effectively in exchange of information cases where information is not produced, in particular in respect of bank information.
B.2 Notification requirements and rights and safeguards

The rights and safeguards (e.g. notification, appeal rights) that apply to persons in the requested jurisdiction should be compatible with effective exchange of information.
230. Rights and safeguards should not unduly prevent or delay effective exchange of information. For instance, notification rules should permit exceptions from prior notification (e.g. in cases in which the information request is of a very urgent nature or the notification is likely to undermine the chance of success of the investigation conducted by the requesting jurisdiction).
Not unduly prevent or delay exchange of information (ToR B.2.1)

231. There is no requirement in Cyprus domestic legislation that the taxpayer under investigation or examination must be notified of a request. Under the regular procedure to obtain information based on section 27 ACTL, as described under B.1.1, the Cypriot tax authorities simply send a letter to the perceived holder of the information (a Cypriot taxpayer) requesting the information to be provided. No template letter is used. The Cypriot authorities indicated that the letter does not contain more than the information sought and the time limit within which it should be provided. Where the letter is sent by a district office, it is also mentioned that the original request came from the ITAD. 232. Where information must be obtained from a third party, which in practice only occurred where information needed to be obtained from a bank, the starting point is that the person who is asked to produce the information must be informed which foreign tax authority had requested the information (s. 6(9)(b) ACTL). However, section 6(9)(b) ACTL was amended in December

2012 and now provides for an exception to this requirement where this notification may hinder the investigation. 233. The Cypriot authorities indicated that they would use the recently introduced exception in section 6(9)(b) ACTL in cases where the requesting jurisdiction indicates that the case is sensitive. As no experience exists yet with applying the exception, it is recommended that Cyprus monitors its practical implementation. 234. In the three-year review period, no specific issues have been reported by peers resulting from a notification to the holder of the information stating which jurisdiction had made the request.
COMPLIANCE WITH THE STANDARDS: EXCHANGING INFORMATION 71
C. Exchanging information
Overview
235. Jurisdictions generally cannot exchange information for tax purposes unless they have a legal basis or mechanism for doing so. In Cyprus, the legal authority to exchange information derives from its DTCs and other exchange of information mechanisms, as soon as they are given effect under domestic law. This section of the report examines whether Cyprus has a network of information exchange agreements that would allow it to achieve effective exchange of information in practice. 236. Cyprus has an exchange of information relationship with 53 jurisdictions through a network of DTCs and Council Directive 2011/16/EU. These mechanisms generally contain sufficient provisions to enable Cyprus to exchange all relevant information. 237. Cyprus has signed agreements which allow for exchange of information to the international standard with a variety of relevant partners, including its four main trading partners. In March 2012, Cyprus stated that it is ready to negotiate exchange of information agreements regardless of the form without any conditions, including TIEAs. Nevertheless, some delays have been experienced in responding to all pending requests for negotiations. It is recommended that Cyprus enters into agreements for exchange of information (regardless of their form) with all relevant partners, meaning those partners who are interested in entering into an information exchange arrangement with it. 238. The confidentiality of information exchanged with Cyprus is protected by obligations implemented in the information exchange agreements, complemented by domestic legislation which provides for tax officials to keep information secret and confidential. Breach of this confidentiality obligation may lead to the tax official(s) concerned to be disciplined. In practice, information related to EOI requests is only accessible by persons involved in handling the requests, and no issues have been raised with respect to the confidentiality of information.
72 COMPLIANCE WITH THE STANDARDS: EXCHANGING INFORMATION

239. Cyprus agreements ensure that the contracting parties are not obliged to provide information which would disclose any trade, business, industrial, commercial or professional secret or trade process, or information the disclosure of which would be contrary to public policy. In the three-year review period (1 July 2009 30 June 2012), Cyprus 240. received a total of 929 requests for information from more than 30 partner jurisdictions. Almost 80% of the requests were responded to after more than 180 days or are still pending, with the latter applying to more than a third of the requests. Cyprus reports that in 62.5% of the pending cases a partial response was provided, and that final responses are being prepared. One main reason for the delay in responding is the lack of sufficient staff to handle EOI requests, but other factors identified in this report, in particular under element B.1, may have also contributed to the delays. Cyprus should ensure that it responds to EOI requests in a complete and timely manner. 241. Additional staff members have recently been allocated to the ITAD. Nevertheless, Cyprus should monitor that the resources allocated to its competent authority are sufficient to deal with all incoming EOI requests.
C.1 Exchange of information mechanisms

Exchange of information mechanisms should allow for effective exchange of information.
242. Cyprus has an exchange of information relationship with 53 jurisdictions. With 23 jurisdictions, information can be exchanged either through a DTC or through Council Directive 2011/16/EU. Of the other exchange of information relationships, 26 are only through a DTC 15, and four through Council Directive 2011/16/EU only (see Annex 2). This section of the report explores whether these mechanisms allow Cyprus to effectively exchange information. 243. The responsibility for negotiating international tax agreements lies with the Ministry of Finance. The Head of the ITAD is also involved and is
15. The DTC with the former Union of Soviet Socialist Republics still applies to Tajikistan, Turkmenistan and Ukraine (a new DTC with Ukraine has recently been concluded). Although Cyprus is willing to apply this DTC in respect of Azerbaijan, Kyrgyzstan and Uzbekistan as well, it seems that these jurisdictions do not apply this DTC in practice (see www.ibfd.org). As Cyprus applies the principle of reciprocity (see also B.1.1), the relationship with these jurisdictions is not further considered in this report. The DTC with the former Socialist Federal Republic of Yugoslavia still applies to Montenegro and Serbia.
usually present at the negotiations. Before the negotiations commence, input is requested from representatives of the legal profession and accountants. For DTCs, Cyprus policy is to propose an exchange of information provision in accordance with Article 26 of the OECD Model Tax Convention as amended in 2005. In addition, Cyprus proposes a provision stating the conditions that should be met by the requesting jurisdiction to demonstrate the foreseeable relevance of the request. This provision is the same as Article 5(5) of the Model Tax Information Exchange Agreement. 244. Although Cyprus has not yet concluded any TIEAs, it has amended its domestic law in December 2012 to enable it to obtain and exchange information under TIEAs as well (see also B.1.1). 245. As an EU member state, Cyprus also exchanges information under various multilateral mechanisms, including the Council Directive 2011/16/EU of 15 February 2011 on administrative co-operation in the field of taxation, which was implemented in Cyprus domestic law in December 2012. Council Directive 2011/16/EU provides for exchange of information on request in accordance with the international standard. When more than one legal instrument may serve as the basis for exchange of information for example where there is a bilateral agreement with an EU member which also applies Council Directive 2011/16/EU the overlap is generally addressed within the instruments themselves. There are no domestic rules in Cyprus requiring it to choose between mechanisms where it has more than one agreement involving a particular partner and thus the competent authority is free for any exchange to invoke all of the available mechanisms or to choose the most appropriate. In practice, exchange of information on request with other EU member states has almost always taken place through the predecessor of Council Directive 2011/16/EU (Council Directive 77/799/EEC ), and this practice is expected to continue. 246. Cyprus is also involved in exchanging information automatically. This takes place under the scope of EU Council Directive 2003/48/EC of 3 June 2003 on taxation of savings income in the form of interest payments, pursuant to which most EU members as well as other participating jurisdictions exchange data on an annual basis concerning the savings income received from Cypriot paying agents by taxpayers located abroad and vice versa. Automatic exchanges may also take place under the DTCs signed by Cyprus or Council Directive 2011/16/EU on a reciprocal basis.
Foreseeably relevant standard (ToR C.1.1)

247. The international standard for exchange of information envisages information exchange to the widest possible extent. Nevertheless it does not allow fishing expeditions, i.e. speculative requests for information that have

no apparent nexus to an open inquiry or investigation. The balance between these two competing considerations is captured in the standard of foreseeable relevance which is included in Article 26(1) of the OECD Model Tax Convention, set out below: The competent authorities of the Contracting States shall exchange such information as is foreseeably relevant for carrying out the provisions of this Convention or to the administration or enforcement of the domestic laws concerning taxes of every kind and description imposed on behalf of the Contracting States, or of their political subdivisions or local authorities, insofar as the taxation thereunder is not contrary to the Convention. The exchange of information is not restricted by Articles 1 and 2. 248. Seventeen of Cypruss DTCs (Armenia, Austria, Czech Republic, Denmark, Estonia, Finland, Germany, Italy, Kuwait, Lithuania, Poland, Portugal, Russia, Slovenia, Spain, Ukraine and the United Arab Emirates) use this or similar language and therefore clearly meet the foreseeably relevant standard. 249. It is noted that the DTCs with Armenia, Austria, Denmark, Estonia, Finland, Germany, Kuwait, Poland, Portugal, Slovenia and the United Arab Emirates include a provision requiring the requesting state to demonstrate the foreseeably relevance of a request by providing certain specified information. This provision mirrors Article 5(5) of the OECD Model TIEA and this requirement is therefore considered to be consistent with the international standard. In practice, this provision, which also exists in Cyprus domestic law, is interpreted strictly where information must be obtained from a third person (and not from a taxpayer), such as a bank, as in that case prior approval from the Attorney-General is required (see also B.1). It may be expected that the jurisdictions that have concluded an agreement with Cyprus containing this provision, will provide the required information when making an EOI request to Cyprus. 250. More generally, a number of peers have indicated that Cyprus asked for clarifications regarding the foreseeable relevance of the information sought in a few cases. One peer commented that Cyprus did so in a large number of the EOI requests sent by this peer. Although Cyprus did not keep exact statistics on this during the three-year review period, it is estimated that only in 30 cases or so such clarifications were asked, which accounts for approximately 3% of the total number of requests received in that period. Some of the cases where Cyprus asked for clarifications regarding the foreseeable relevance are related to cases where information must be obtained from a bank. As explained under B.1.1 above, prior approval from the Attorney-General is required in that case, and to ensure that this is obtained formal statements may be asked from the requesting jurisdiction, such as (i) a statement that the application for obtaining information is in conformity with
the law and administrative practice of the applicant state, or (ii) a statement that the applicant state has pursued all means available in its own jurisdiction to obtain the information being sought, except those that would give rise to excessive difficulties. These requirements are in accordance with the international standard. In any case, explanations given by Cyprus to the requesting jurisdictions regarding the particulars to be included in a request for bank information, which were given where necessary, have generally avoided delays in other requests made by the same jurisdiction. 251. In addition, the assessment team examined a number of cases in detail (in an anonymised version). However, although it was clear that there were differences between Cyprus and the requesting jurisdiction in these cases, these differences were not necessarily related to foreseeable relevance. These cases experienced delays and it was unclear whether the response received was a final one, as not all information requested was provided and it was also not always clearly indicated by Cyprus whether there would be any next steps taken by them. The same issues also occurred in other cases, as described under C.5.1 below. 252. The DTC applicable to Tajikistan and Turkmenistan contains the following language: exchange [] any other material required for the carrying out of this Convention, limiting the exchange of information to situations where it is relevant for the DTC. This DTC does therefore not meet the foreseeably relevant standard. It is recommended that Cyprus update this DTC to remove this limitation. 253. The other DTCs concluded by Cyprus provide for the exchange of information that is necessary or pertinent for carrying out the provisions of the Convention or of the domestic laws of the Contracting States, or contain language which has similar meaning. The Commentary to Article 26(1) of the OECD Model Tax Convention refers to the standard of foreseeable relevance and states that the Contracting States may agree to an alternative formulation of this standard that is consistent with the scope of the Article, for instance by replacing foreseeably relevant with necessary. In view of this recognition, all DTCs but for the two mentioned (affecting four jurisdictions) above meet the foreseeably relevant standard.
In respect of all persons (ToR C.1.2)

254. For EOI to be effective it is necessary that a jurisdictions obligations to provide information are not restricted by the residence or nationality of the person to whom the information relates or by the residence or nationality of the person in possession or control of the information requested. For this reason the international standard for EOI envisages that EOI mechanisms will provide for exchange of information in respect of all persons.

255. The DTCs applicable to 19 jurisdictions 16 do not specifically include a provision which extends the scope of the exchange of information Article to persons other than residents of one of the Contracting States. However, in respect of seventeen jurisdictions the DTCs provide for the exchange of information as is necessary for carrying out the provisions of the domestic laws of the Contracting States, or similar language. Because the domestic (tax) laws are applicable to non-residents as well as to residents, it is likely that under these agreements information can be exchanged in respect of all persons. In respect of the other two jurisdictions (Tajikistan and Turkmenistan) it is not possible to exchange information in respect of all persons, since the relevant DTC only provides for exchange of information for the purposes of carrying out the Convention. 256. The DTCs applicable to the other 24 jurisdictions do provide for exchange of information in respect of all persons.
Obligation to exchange all types of information (ToR C.1.3)

257. Jurisdictions cannot engage in effective exchange of information if they cannot exchange information held by financial institutions, nominees or persons acting in an agency or a fiduciary capacity, as well as ownership information. Both the OECD Model Convention (Article 26(5)) and the OECD Model TIEA (Article 5(4)), which are primary authoritative sources of the standards, stipulate that bank secrecy cannot form the basis for declining a request to provide information and that a request for information cannot be declined solely because the information is held by nominees or persons acting in an agency or fiduciary capacity or because the information relates to an ownership interest. 258. As most of Cyprus DTCs were concluded before the update of the OECD Model Tax Convention in 2005, they generally do not contain a provision corresponding to Article 26(5), which was introduced at that update. Currently, the DTCs with Armenia, Austria, Denmark, Estonia, Finland, Germany, Italy, Kuwait, Portugal, Russia, Slovenia, Spain, Ukraine and the United Arab Emirates contain such a provision. However, the absence of this provision does not automatically create restrictions on the exchange of information held by banks, other financial institutions, nominees, agents and fiduciaries, as well as ownership information. The Commentary to Article 26(5) indicates that while paragraph 5 represents a change in the structure of the Article, it should not be interpreted as suggesting that
16. These jurisdictions are: Bulgaria, Greece, India, Ireland, Montenegro, Norway, Poland, Qatar, Romania, Serbia, Singapore, Slovak Republic, Syria, Tajikistan, Thailand, Turkmenistan, the United Arab Emirates, the United Kingdom and the United States.
the previous version of the Article did not authorise the exchange of such information. Cyprus domestic laws allow it to access and exchange the information covered by Article 26(5) even in the absence of such provision in the DTC. 259. One peer, which did not have a DTC with Cyprus, commented on the inability of Cyprus to exchange information held by a bank under the predecessor of Council Directive 2011/16/EU (Council Directive 77/799/EEC ), as Cyprus domestic legislation only provided for the power to obtain information held by a bank where this was requested under a DTC. Cyprus explained to this peer that it was in the process of amending its domestic legislation in order to extent its access powers in this regard in the course of implementing Council Directive 2011/16/EU, and that it would be able to exchange information held by a bank under this new Directive from 1 January 2013 onwards. The requests have now been re-sent and are being processed. Otherwise, no request for information has been declined solely because it was held by a bank or other financial institution. 260. At least one of Cyprus treaty partners (Singapore) currently has restrictions in accessing bank information in the absence of a provision corresponding to Article 26(5) of the OECD Model Tax Convention, which limits the effective exchange of information under this DTC. Such restriction may also exist in other jurisdictions with which Cyprus has concluded a DTC. It is recommended that Cyprus update its DTCs with relevant partners to remove this limitation.
Absence of domestic tax interest (ToR C.1.4)

261. The concept of domestic tax interest describes a situation where a contracting party can only provide information to another contracting party if it has an interest in the requested information for its own tax purposes. A refusal to provide information based on a domestic tax interest requirement is not consistent with the international standard. Jurisdictions must be able to use their information gathering measures even though invoked solely to obtain and provide information to the requesting jurisdiction. 262. As most of Cyprus DTCs were concluded before the update of the OECD Model Tax Convention in 2005, they generally do not contain a provision corresponding to Article 26(4), which was introduced at that update and which stipulates that a domestic tax interest may not be a reason to decline an information request. Currently, the DTCs with Armenia, Austria, Denmark, Estonia, Finland, Germany, Italy, Kuwait, Portugal, Russia, Slovenia, Spain, Ukraine and the United Arab Emirates contain such a provision. However, the absence of this provision does not automatically create restrictions on the exchange of information. The Commentary to Article 26(4) indicates that

paragraph 4 was introduced to express an implicit obligation to exchange information also in situations where the requested information is not needed by the requested State for domestic tax purposes. No domestic tax interest restrictions exist in Cyprus laws even in the absence of a provision corresponding with Article 26(4) of the OECD Model Tax Convention. In practice, no situation of domestic tax interest has occurred in relation to Cyprus ability to exchange information.
Absence of dual criminality principles (ToR C.1.5)

263. The principle of dual criminality provides that assistance can only be provided if the conduct being investigated (and giving rise to the information request) would constitute a crime under the laws of the requested country if it had occurred in the requested country. In order to be effective, exchange of information should not be constrained by the application of the dual criminality principle. 264. None of the DTCs concluded by Cyprus applies the dual criminality principle to restrict the exchange of information, and in practice no issue linked to dual criminality has arisen.
Exchange of information in both civil and criminal tax matters (ToR C.1.6)
265. Information exchange may be requested both for tax administration purposes and for tax prosecution purposes. The international standard is not limited to information exchange in criminal tax matters but extends to information requested for tax administration purposes (also referred to as civil tax matters). 266. All of the DTCs concluded by Cyprus cover both civil and criminal tax matters. It is not recorded by Cyprus whether an EOI request relates to a civil or a criminal tax matter, as the procedures to obtain and exchange information are the same. Peers have not raised any issues specifically related to requests pertaining to either civil or criminal tax matters. 267. It is noted that the confidentiality provision in Cyprus DTC with Ireland does not expressly provide that the competent authority may disclose the information received to other persons or authorities concerned with the enforcement or prosecution in respect of taxes, and it also does not expressly mention courts as being an authority to which information may be disclosed.
Provide information in specific form requested (ToR C.1.7)

268. In some cases, a Contracting State may need to receive information in a particular form to satisfy its evidentiary or other legal requirements. Such forms may include depositions of witnesses and authenticated copies of original records. Contracting States should endeavour as far as possible to accommodate such requests. The requested State may decline to provide the information in the specific form requested if, for instance, the requested form is not known or permitted under its law or administrative practice. A refusal to provide the information in the form requested does not affect the obligation to provide the information. 269. No restrictions apply in any DTC concluded by Cyprus for information to be provided in the specific form requested. The DTC with the United States specifically states that information shall be provided in the form of depositions of witnesses or authenticated copies of unedited original documents, to the extent possible under the domestic laws of the requested State. 270. In practice, no particular problems were raised by peers regarding the form in which the information was exchanged. Two peers indicated that they requested the taxpayer to be interviewed in some cases. This has been done by Cyprus as requested, although a few requests are still outstanding in this respect.
In force (ToR C.1.8)

271. Exchange of information cannot take place unless a jurisdiction has exchange of information arrangements in force. Where such arrangements have been signed, the international standard requires that jurisdictions must take all steps necessary to bring them into force expeditiously. 272. Once the text of an agreement has been initialled, it is submitted to the Council of Ministers for approval under Article 169(1) of the Constitution. This process usually takes several weeks. After signing the agreement, it only needs to be published in the official Gazette before a notification to the treaty partner can be sent that all formalities for the entry into force of the agreement have been completed by Cyprus. As this is a very quick process, Cyprus sometimes waits with such publication in practice not to raise the expectation that the agreement is already in force, as the ratification by the treaty partner can sometimes take a long time. 273. Of the 47 DTCs concluded by Cyprus, eight are not in force. These are mainly agreements that have been signed recently (new DTC with Kuwait: 5 October 2010, DTC with the United Arab Emirates: 27 February 2011, DTC with Estonia: 15 October 2012, DTC with Ukraine: 8 November 2012, DTC with Finland: 15 November 2012, DTC with Portugal: 19 November 2012,

DTC with Spain: 14 February 2013, DTC with Lithuania: 21 June 2013). Cyprus has completed all internal procedures, which usually take between three and four months, and finalised ratification in respect of all of these agreements except for the DTC with Lithuania which has been signed very recently.
Be given effect through domestic law (ToR C.1.9)

274. For information exchange to be effective, the parties to an exchange of information arrangement need to enact any legislation necessary to comply with the terms of the arrangement. 275. In general, bilateral agreements concerning tax or tax information exchange are given effect by publication in the official Gazette. For DTCs, this takes the form of an Order of the Council of Ministers (s. 34 Income Tax Law).
C.2 Exchange of information mechanisms with all relevant partners

The jurisdictions network of information exchange mechanisms should cover all relevant partners.
276. Ultimately, the international standard requires that jurisdictions exchange information with all relevant partners, meaning those partners who are interested in entering into an information exchange arrangement. Agreements cannot be concluded only with counterparties without economic significance. If it appears that a jurisdiction is refusing to enter into agreements or negotiations with partners, in particular ones that have a reasonable expectation of requiring information from that jurisdiction in order to properly administer and enforce its tax laws it may indicate a lack of commitment to implement the standards. 277. Cyprus has an EOI relationship with 53 jurisdictions, 50 of which allow for exchange of information according to the international standard. These relationships are with jurisdictions representing: 4 of its major trading partners (Greece, Germany, the United Kingdom and Italy);
34 of the Global Forum member jurisdictions; and 10 of the G20 member jurisdictions.
278. Comments were sought from Global Forum member jurisdictions in the course of the preparation of this report. In May 2011, two jurisdictions (one of which being a G20 member) informed the assessment team that it approached Cyprus to indicate its interest in entering into a TIEA, but Cyprus offered instead to negotiate a DTC. One of these jurisdictions had indicated its willingness to enter into a DTC, but no response was provided at the time of publication of the Phase 1 report on Cyprus (March 2012). The Cypriot authorities had indicated that delays in responding were 279. due to limited resources and heavy workload (it was reported that Cyprus was in (re)negotiation for a DTC or a protocol to a DTC with 22 jurisdictions). 280. The Cypriot authorities had also indicated that they preferred concluding DTCs over TIEAs, as a DTC provides a comprehensive approach to international tax matters. However, in March 2012 Cyprus stated that it was ready to negotiate exchange of information agreements regardless of the form, including TIEAs, without any conditions. 281. Finally, Cyprus powers to obtain and exchange information were limited to cases where this is required to exchange information pursuant to a DTC. Since March 2012, Cyprus has amended its domestic law to enable it to obtain and exchange information pursuant to a TIEA (see B.1). Cyprus has started negotiations in May 2013 on a DTC with the jurisdiction that had commented in May 2011 that it had not received a response despite indicating its willingness to enter into a DTC instead of a TIEA. In July 2013, Cyprus has also indicated to the other jurisdiction that had previously approached Cyprus to enter into a TIEA, that it is now willing to start negotiations to enter into a DTC or a TIEA. The Cypriot authorities state that, as at July 2013, they have responded positively to all requests for negotiations to enter into a DTC or a TIEA, although dates for negotiations have not been fixed in all cases yet. 282. The international standard requires that a jurisdiction exchanges information with all relevant partners, meaning those partners who are interested in entering into an information exchange agreement. Since March 2012, Cyprus can honour the terms of a TIEA as a result of a change of its domestic law, and a policy statement was made that Cyprus was ready to negotiate exchange of information agreements regardless of the form, including TIEAs, without any conditions. Nevertheless, some delays have been experienced in responding positively to all pending requests for negotiations. In this respect, delays between eight months and three years have been reported by peers in the course of the Phase 2 review before receiving firm commitment from Cyprus for starting negotiations. It is recommended that Cyprus ensures that it enters into exchange of information agreements (regardless of their form) with all relevant partners.

Phase 1 determination The element is in place, but certain aspects of the legal implementation of the element need improvement. Factors underlying recommendations Some delays have been experienced in Cyprus responding to requests from other jurisdictions to start negotiations with a view to enter into an information exchange agreement. Recommendations Cyprus should, expeditiously, enter into agreements for exchange of information (regardless of their form) with all relevant partners, meaning those partners who are interested in entering into an information exchange arrangement with it.
Phase 2 rating Largely Compliant
C.3 Confidentiality
The jurisdictions mechanisms for exchange of information should have adequate provisions to ensure the confidentiality of information received.
Information received: disclosure, use, and safeguards (ToR C.3.1)

283. Governments would not engage in information exchange without the assurance that the information provided would only be used for the purposes permitted under the exchange mechanism and that its confidentiality would be preserved. Information exchange instruments must therefore contain confidentiality provisions that spell out specifically to whom the information can be disclosed and the purposes for which the information can be used. In addition to the protections afforded by the confidentiality provisions of information exchange instruments, jurisdictions with tax systems generally impose strict confidentiality requirements on information collected for tax purposes. 284. All of the arrangements for the exchange of information concluded by Cyprus contain a provision ensuring the confidentiality of information exchanged and limiting the disclosure and use of information received, which has to be respected by Cyprus as a party to these agreements. Any person having an official duty or being employed in administer285. ing the Income Tax Law or the ACTL (containing the provisions in respect of obtaining and exchanging information) must deal with the information and all documents relating to the income or object of tax of any person as secret
and confidential and has to make and subscribe a declaration to that effect before a judge (s. 4(1) Income Tax Law and s. 4(2) ACTL). Such information or documents shall not be communicated other than for the purposes of the respective laws, except in case the Minister of Finance authorises such communication for the public interest (s. 4(2) Income Tax Law and s. 4(3) ACTL). As Cyprus must respect the confidentiality provisions of its DTCs, it may be expected that this exception will not occur in respect of information received in the course of an exchange of information request under a DTC. In any case, treaties have precedence over domestic law (s. 169(3) Constitution). 286. In addition to the specific rule in the Income Tax Law, section 67 of the Public Services Law provides that all information, written or oral, which comes to the knowledge of a public officer in the execution of his duties, shall be confidential and its communication to any person shall be prohibited, except for the proper performance of an official duty or on the express direction of an appropriate authority. All officers working for the IRD must make a declaration before the Court in this regard. Breach of the confidentiality is considered a disciplinary offence, which may result in disciplinary punishments varying from a reprimand to dismissal (s. 79 Public Services Law).
All other information exchanged (ToR C.3.2)

287. Confidentiality rules should apply to all types of information exchanged, including information provided in a request, background documents to such requests, and any other documents or communications reflecting such information. 288. The confidentiality rules for tax officials as described under C.3.1 are not restricted to information received. A specific provision is in force to lift the obligation to keep information secret and confidential where it must be disclosed to the competent authorities of another jurisdiction with which Cyprus has concluded a DTC or tax information exchange agreement (s. 4(4)(b) ACTL).
Ensuring confidentiality in practice

289. The offices of the ITAD are located within the Ministry of Finance. The Head of ITAD has a separate office, while the other offices are shared between two or three persons. All offices can be locked separately. 290. Incoming requests in physical form are delivered directly to the ITAD, and only the ITAD staff and the Director for Inland Revenue will see the request. Requests from other EU member states are generally received via the secure intra-EU Closed Communication Network (CCN).

291. All requests are entered onto the central ITAD database by the ITAD Secretary. This database is only accessible by the ITAD Secretary and the Head of ITAD. All other ITAD officers keep their own records on their personal computers, to which only they have access. Individual printers are also available to each ITAD officer inside its office. Paper files are either kept in the offices of the ITAD officers (when they are working on them) or in the ITAD archives, which only contains ITAD documentation. The archives are locked and only accessible to ITAD staff. 292. Correspondence between the ITAD and the district office is usually sent as government mail, and always addressed personally to the responsible officer, which means that he/she will be the person that opens the mail. In the district offices, open tax files are kept in the office of the tax officer, which is locked when no one is present. No template letter is used for requesting a person to provide informa293. tion for EOI purposes. The Cypriot authorities indicated that the letter does not contain more than the information sought and the time limit within which it should be provided. The information sought may be either copied from the incoming request or, in particular where the questions need further explanation, paraphrased. 294. When requested information is provided to EOI partners, all information produced and an accompanying letter are sent via regular post to the requesting competent authority. Bank information is sent by registered mail. If the request was received via CCN, the response is also sent via CCN. 295. No issues regarding the confidentiality of information have been raised by Cyprus exchange of information partners.
C.4 Rights and safeguards of taxpayers and third parties

The exchange of information mechanisms should respect the rights and safeguards of taxpayers and third parties.
Exceptions to requirement to provide information (ToR C.4.1)

296. The international standard allows requested parties not to supply information in response to a request in certain identified situations. 297. In line with the standard, under all but one (the DTC that applies to Tajikistan, Turkmenistan and Ukraine) of Cyprus DTCs the contracting parties are not obliged to provide information which would disclose any trade, business, industrial, commercial or professional secret or trade process, or information the disclosure of which would be contrary to public policy. 298. The attorney-client privilege (professional secrecy) under Cyprus domestic law appears to apply to certain information other than information (i) produced for the seeking or providing of legal advice or (ii) produced for the purposes of use in existing or contemplated legal proceedings (see B.1.5). As Cyprus DTCs do not define the scope of attorney-client privilege, the provisions in its domestic law could prevent such information held by attorneys (the term advocates is used in Cyprus) from being exchanged under these DTCs. 299. In practice, the attorney-client privilege was not invoked during the three-year period under review. More broadly, no issues in relation to the rights and safeguards of taxpayers and third parties have been encountered in practice, nor have they been raised by any of Cyprus exchange of information partners.
C.5 Timeliness of responses to requests for information

The jurisdiction should provide information under its network of agreements in a timely manner.
Responses within 90 days (ToR C.5.1)

300. In order for exchange of information to be effective it needs to be provided in a timeframe which allows the tax authorities to apply the information to the relevant cases. If a response is provided but only after a significant lapse of time the information may no longer be of use to the requesting authorities. This is particularly important in the context of international cooperation as cases in this area must be of sufficient importance to warrant making a request. There are no specific legal or regulatory requirements in place which 301. would prevent Cyprus from responding to a request for information by providing the information requested or providing a status update within 90 days of receipt of the request. 302. In the three-year review period (1 July 2009 30 June 2012), Cyprus received a total of 929 requests for information from more than 30 partner jurisdictions. A request is regarded as a single request irrespective of the number of subjects involved for which information is requested. Where a supplementary request for information was received in connection with the original request, this is viewed as part of the original request only where it concerns a question of clarification. Where additional information is requested, this is counted as a new request. 303. The statistics provided by Cyprus indicate that it had been in a position to provide a final response within 90 days in 9.6% of the cases, with another 10.9% processed within 180 days. The remaining requests were either responded to after more than 180 days or were, as at March 2013, still outstanding. It should be noted that during the three-year review period, the time periods were counted from the date the request letter was sent, as opposed to the date of receipt of the request (which was not entered in Cyprus database). Delays in receiving mail, which are up to one month in certain cases, are therefore included in the response times.
Table 1. Response times for requests received during the three-year review period
Jul-Dec 2009 nr. Total number of requests received* Full response** 90 days 180 days (cumulative) 1 year (cumulative) >1 year Declined for valid reasons Failure to obtain and provide information requested Requests still pending at the time of the on-site visit (March 2013) Partial responses for the pending requests as at March 2013 (a+b+c+d+e) 150 13 27 (a) 56 (b) 66 (c) (d) 9 18 44 % 2010 nr. 294 24 8 50 17 89 30 % 2011 nr. 278 17 6 43 15 47 17 % Jan-Jun 2012 Total Average nr. 207 35 17 % nr. 929 89 10 20 38 22 40 %
70 34 190 94 45 357 2 1 204 -
37 105 36 102 37
(e) 28 24
19 100 34 129 46 111 54 368 93 55 58 230
* A request is regarded as a single request irrespective of the number of subjects involved for which information is requested. ** The time periods in this table are counted from the date the request letter was sent to the date on which the final and complete response was issued.
304. The statistics show that in 739 cases (almost 80% of the total number of requests) a final response was provided after more than 180 days (in 371 cases) or no final response was provided (in 368 cases) as at March 2013 (the time of the on-site visit). More than a third of the requests are still pending. This is confirmed by the peer input, which indicates that there are indeed many outstanding cases and where a response is received, it is often with a long delay. Some peers also indicated that they were not in all cases satisfied with the response, although it is difficult to determine whether these are cases that are still outstanding and were therefore only partially answered. Where responses were delayed or not provided to date, partial replies and status updates were not sent in all cases, although this is now standard policy of the Cypriot competent authority. In addition, where partial replies were sent, it was not always clearly indicated what steps would be taken by Cyprus to obtain the remaining information and when a final reply may be expected. 305. According to the Cypriot authorities, of the requests which had not been fully responded to as at March 2013, partial replies have been sent in 62.5% of those cases, which is 230 out of the 368 requests. This means that

of the 929 requests received, 60% has been provided with a final response. In 25% of the cases a partial reply was sent, and the remaining 15% of the cases had not been responded to at all as at March 2013. Cyprus has reported that the latter statistic has come down to 6.6% of the cases which have not received a response at all as at September 2013. Peers have reported that they have not received responses to a significant number of queries even after two years or more, and the likelihood of the information still being useful to the requesting jurisdiction, or in some cases even the likelihood of the information being obtained and exchanged may be considered low. While Cyprus considers these cases still pending, these statistics show that timely responses have not been provided in a significant number of cases. 306. The Cypriot authorities stated that the main reason for not being able to provide timely responses and status updates in all cases, was the lack of sufficient personnel within the ITAD to handle the workload (see also C.5.2 Resources below). However, some other factors have been identified in this report (see element B.1 in particular) which have also contributed to the above statistics. 307. The effect of the recent increase in number of staff to handle exchange of information requests (see C.5.2 below) could not be assessed. Cyprus has indicated that in addition to the increase in personnel, it has also recently contacted some of its main EOI partners to start a dialogue with a view to improving response times and accuracy of responses by coming to a mutual understanding of each others needs. Its most important EOI partner noted some improvement already in the first six months of 2012. Cyprus should ensure that the steps taken and to be taken lead to responses to EOI requests which are complete and made in a timely manner.
Organisational process and resources (ToR C.5.2)

308. The Director of the Department of Inland Revenue of the Ministry of Finance (the Director) is the competent authority of Cyprus for exchange of information purposes. The Director also has the powers to obtain information in this respect. The ITAD, a Division within the Ministry of Finance, is responsible for the day-to-day handling of exchange of information requests. In addition to the Director, both the Head of the ITAD and all ITAD officers are authorised to sign as competent authority.
Organisational process
309. The workflows within the ITAD in respect of EOI requests are based on a procedural manual developed in 2008. The manual is a formalisation of the procedures commonly followed in the three-year review period as well. All requests, as well as the most important follow-up actions, are entered into
a database kept by the Secretary of the ITAD. The process is underway to become fully electronic. Exchange of information requests are received by the ITAD either via 310. regular post or in electronic form. Almost all requests from other EU member states are received in electronic form via the CCN system, while requests from jurisdictions outside the EU are generally received by regular post. The CCN system is checked on a daily basis for new requests. Letters received by regular post are date stamped when they are received by the ITAD. Upon receipt, all requests are entered into a database by the Secretary 311. of the ITAD and given a unique reference number. The Secretary also performs a preliminary check of the IRD electronic system and the Companies Registrar database to determine whether the person(s) believed to be in possession of the information, if mentioned in the EOI request, are registered in Cyprus and if so, what tax district is responsible. A note is added to the file where no registration could be found. 312. The Head of ITAD reviews all requests and allocates them to one of the officers via the Secretary. The Secretary inputs further details of the request into the database, such as the type of information or specific comments, based on the review of the Head of ITAD. If the request was received via the CCN system, an acknowledgement of receipt is sent within seven days to comply with the EU Council Directive 2011/16/EU on administrative co-operation in the field of taxation. In other cases no separate acknowledgement of receipt is sent, but an interim reply should be sent within two months of receipt of the request. 313. When receiving the file, the ITAD officer who is assigned the case checks the validity of the request by verifying whether an information exchange instrument is in place with the jurisdiction that sent the request, whether the request is signed by an authorised person and whether the request can be regarded as foreseeably relevant. The analysis in respect of this check is noted in an internal working paper which is included in each file. In all cases where the ITAD officer determines that a request may be refused or that additional information is required, this is reported to and discussed with the Head of ITAD and appropriate action is taken. According to the internal manual, any refusal should be made within one month of receipt of the request. 314. Once it is established that the request is valid, the ITAD officer determines how the information should be collected. All information that can be collected from the IRD database and the files of the Companies Registrar is collected by the ITAD officer directly and, according to the internal manual, should be sent within two months of receipt of the request. This is either a partial or a final reply, depending on whether other information was also requested. Other information that is collected directly by the ITAD officers is infor315. mation that must be obtained from a company residing in the Nicosia district and

information that must be obtained from a bank (the latter with the written consent of the Attorney-General, see B.1.1). Any correspondence to a taxpayer or bank sent directly by ITAD is only recorded in an Excel-database kept by each ITAD officer individually and consisting of that officers cases only. The taxpayer or bank is generally given 15 days to provide the information sought. 316. Where information must be obtained from a taxpayer other than a company in the Nicosia district, the request is forwarded to the relevant district office and a designated officer in that district office is asked to collect the information. The letter to the district office as well as its response are registered in the central database by the ITAD Secretary. Although the district office is generally given three months to obtain the information from the taxpayer, in practice it follows the same deadlines as the ITAD and gives the taxpayer 15 days to provide the information. The responsible district officer maintains its own database registering all EOI requests under its responsibility. 317. If substantial delays are expected, the internal manual states that the requesting jurisdiction should be informed within three months of receipt of the request. This situation would mainly occur where a taxpayer does not comply with a request to provide information and legal measures must be taken. Until the end of 2011, this situation will also have occurred where a Cypriot taxpayer had not yet submitted its tax return(s) for the year(s) the information sought by the requesting jurisdiction related to, as in those circumstances the Cypriot competent authority would wait with approaching the taxpayer until the relevant tax return(s) was/were submitted (see B.1.1). 318. Once the ITAD officer who is assigned the case has either collected the information himself/herself or received the information from a district office, he/she verifies the information against the information request. Where the information is insufficient to meet the requirements of the request, additional information is requested and a partial reply is sent with the information that is available. In other cases, the ITAD officer will prepare a letter to be sent to the requesting jurisdiction together with the requested information. Throughout the process of information gathering, the ITAD officer is 319. the person primarily responsible for a case. Where the ITAD officer deems it necessary, review and discussion with the Head of ITAD takes place. In case information must be obtained by a district office, timelines can be monitored through the central ITAD database to which the Head of ITAD has direct access. In case the ITAD officers must obtain the information directly, all actions are recorded in the officers individual database as well as in the physical file. Every two months, the ITAD Secretary prepares a report to the Head of ITAD indicating which requests have not been replied with an interim reply within two months, as well as which requests are still outstanding after six months or receipt.
320. The organisational procedures and accompanying deadlines appear to be adequate to provide timely responses. Nevertheless, it should be noted that during the three-year review period delays have occurred in many cases and the internal deadlines were not respected due to other factors, including a lack of staff (see below under Resources).
Resources
321. The ITAD is currently staffed with one Head of Division, seven officers and one secretary. Most officers deal mainly with exchange of information on request, but the ITAD also deals with automatic exchange of information, assistance in recovery of taxes, issues related to DTCs (such as Mutual Agreement Procedures) and other tax matters in relation with the EU. Developments within the EU may lead to an increase in workload in respect of automatic exchange of information by 2014, for which additional personnel may be hired. 322. Although currently the ITAD seems sufficiently staffed, during the three-year review period only three or four officers were available to deal with all incoming requests. The Cypriot authorities acknowledged that this was insufficient to properly handle all EOI requests and therefore hired additional staff in 2012 and 2013. The insufficient staffing of the ITAD during the three-year review period resulted in the build-up of a backlog of outstanding requests: deadlines could not be met, and cases of non-compliance were only detected at a late stage. The ITAD is currently working on eliminating the backlog of outstanding requests, although priority is given to new EOI requests in order not to create a bigger backlog. It is recommended that Cyprus monitors that the resources allocated to its competent authority are sufficient to deal with all incoming EOI requests. 323. Training is mainly undertaken on the job by the Head of ITAD. New officers receive comprehensive explanations on the procedures and legal background of EOI on request, and are monitored more closely in the beginning. General instructions may also be sent to all officers. Officers regularly participate in EU Fiscalis seminars for training purposes. The Head of ITAD attends relevant EU and Global Forum meetings.
Conclusion
324. The organisational process for handling incoming EOI requests has recently been implemented in an internal manual. Internal deadlines and procedures seem adequate to provide timely responses. Depending on the perceived holder of the information, the information is either collected directly by the ITAD officers or with the assistance of a district office.

325. In the three-year review period, the number of staff handling EOI requests was insufficient. Recently, additional staff was hired and allocated to deal with the backlog of outstanding requests. Nevertheless, Cyprus should monitors that the resources allocated to its competent authority are sufficient to deal with all incoming EOI requests. 326. The lack of sufficient staff has also been one of the main reasons for the inability of the Cypriot competent authority to respond to EOI requests in a timely manner during the three-year review period. Less than 10% of the cases were answered within 90 days and only a total of 21.5% of the cases could be answered within 180 days. Updates or interim replies were also not systematically sent. Some initial steps have been taken to improve response times, and Cyprus should ensure that it responds to EOI requests in a complete and timely manner.
Absence of unreasonable, disproportionate or unduly restrictive conditions on exchange of information (ToR C.5.3)
327. There are no specific legal and practical requirements in place which impose restrictive conditions on Cyprus exchange of information practice.
Phase 1 determination This element involves issues of practice that are assessed in the Phase 2 review. Accordingly no Phase 1 determination has been made. Phase 2 rating Partially Compliant Factors underlying recommendations Recommendations
Cyprus should ensure that it responds During the three-year review period, to EOI requests in a complete and Cyprus has been able to send final timely manner. responses within 90 days in less than 10% of the cases, and almost 80% of the cases have been responded to after 180 days or are still outstanding. According to the Cypriot authorities, of the 929 requests received, 15% have not received a response at all during the three-year review period, while another 25% have received a partial response.
Phase 2 rating Partially Compliant Factors underlying recommendations During the three-year review period, Cyprus did not always provide a status update to its EOI partners within 90 days. Although new staff has recently been hired, there was not sufficient staff to handle all incoming EOI requests in a timely manner during the three-year review period. Recommendations Cyprus should provide status updates to its EOI partners within 90 days where relevant. Cyprus should monitor that the resources allocated to its competent authority are sufficient to deal with all incoming EOI requests.
SUMMARY OF DETERMINATIONS AND FACTORS UNDERLYING RECOMMENDATIONS 95
Summary of Determinations and Factors Underlying Recommendations

Factors underlying recommendations
Determination
Recommendations
Jurisdictions should ensure that ownership and identity information for all relevant entities and arrangements is available to their competent authorities (ToR A.1) The element is in place. Phase 2 rating: Partially Compliant Companies and partnerships are required to keep a register of members or partners, and companies and certain partnerships must submit up-todate ownership information in an annual return to the Registrar. In the period 2008-12, on average only 23% of the companies filed an annual return, and no monitoring and enforcement of this obligation has been carried out. Moreover, the compliance rates of the obligations to register for tax purposes and to submit tax returns are low. Non-compliance with these obligations may have resulted in Cyprus not exchanging up-todate information, in particular because the Companies Register is the primary source used by the Cypriot authorities for obtaining ownership information on companies and partnerships. Cyprus should ensure that its monitoring and enforcement powers are sufficiently exercised in practice to support the legal requirements which ensure the availability of ownership information on companies and partnerships.
96 SUMMARY OF DETERMINATIONS AND FACTORS UNDERLYING RECOMMENDATIONS

Factors underlying recommendations A clear obligation on trustees to have information available on the other trustees, settlors and beneficiaries of the trust(s) with respect to which they act as a trustee, is only in force since 1 January 2013.
Determination Phase 2 rating: Partially Compliant (continued)
Recommendations Cyprus should monitor the practical implementation of the recently introduced requirement on trustees to keep comprehensive identity information on trusts.
Jurisdictions should ensure that reliable accounting records are kept for all relevant entities and arrangements (ToR A.2) The element is in place. Phase 2 rating: Non-Compliant Accounting records have not been available in a number of cases, in particular where the person required to keep the accounting records did not comply with its general obligations to submit tax returns and/or annual returns to the Companies Registrar. Comprehensive accounting record keeping obligations on certain trusts as well as on companies incorporated in Cyprus but managed and controlled in another jurisdiction have only been introduced recently. Cyprus should ensure that reliable accounting records, including underlying documentation, are being kept by all relevant entities and arrangements for a period of at least five years.
Cyprus should monitor the practical implementation of the recently introduced obligations to keep comprehensive accounting information by trusts and companies incorporated in Cyprus but managed and controlled in another jurisdiction.
Banking information should be available for all account-holders (ToR A.3) The element is in place. Phase 2 rating: Compliant Competent authorities should have the power to obtain and provide information that is the subject of a request under an exchange of information arrangement from any person within their territorial jurisdiction who is in possession or control of such information (irrespective of any legal obligation on such person to maintain the secrecy of the information) (ToR B.1) The element is in place.
Determination Phase 2 rating: Non-Compliant
Factors underlying recommendations Until the end of 2011, it was the practice of the Cypriot competent authority not to approach a taxpayer for information before that taxpayer had submitted its income tax return(s) for the year(s) the information sought by the requesting jurisdiction related to, even in cases where no direct relationship between the tax return and the information sought existed. This has led to unnecessary delays in obtaining the information. Since the end of 2011, the Cypriot competent authority will try to obtain information from a taxpayer for EOI purposes where this information does not depend on the submission of an income tax return regardless of whether the income tax return has been filed. The Cypriot competent authority did not use its specific information gathering powers to obtain information from third parties other than banks, i.e. service providers such as lawyers, which may have had the information requested. In addition, these specific information gathering powers, which include the written consent of the AttorneyGeneral, have been used to obtain information from a bank directly in only a limited number of cases. This may have contributed to delays in responding to EOI requests.
Recommendations Cyprus should monitor the practical implementation of its recently revised policy in respect of obtaining information from Cypriot taxpayers.
Cyprus should use its information gathering powers to obtain information from all potential information holders, including directly from banks and other third parties, where appropriate.

Factors underlying recommendations The relatively high level of non-compliance by Cypriot taxpayers in responding to letters to provide information has not effectively been dealt with in terms of an effective use of the available compulsory powers. This may have specifically impacted the obtaining of bank information from Cypriot taxpayers.
Determination Phase 2 rating: Non-Compliant (continued)
Recommendations Cyprus should exercise its compulsory powers more effectively in exchange of information cases where information is not produced, in particular in respect of bank information.
The rights and safeguards (e.g. notification, appeal rights) that apply to persons in the requested jurisdiction should be compatible with effective exchange of information (ToR B.2) The element is in place. Phase 2 rating: Compliant Exchange of information mechanisms should allow for effective exchange of information (ToR C.1) The element is in place. Phase 2 rating: Compliant The jurisdictions network of information exchange mechanisms should cover all relevant partners (ToR C.2) The element is in place, but certain aspects of the legal implementation of the element need improvement. Some delays have been experienced in Cyprus responding to requests from other jurisdictions to start negotiations with a view to enter into an information exchange agreement. Cyprus should, expeditiously, enter into agreements for exchange of information (regardless of their form) with all relevant partners, meaning those partners who are interested in entering into an information exchange arrangement with it.
Phase 2 rating: Largely Compliant The jurisdictions mechanisms for exchange of information should have adequate provisions to ensure the confidentiality of information received (ToR C.3) The element is in place. Phase 2 rating: Compliant
Determination
Recommendations
The exchange of information mechanisms should respect the rights and safeguards of taxpayers and third parties (ToR C.4) The element is in place. Phase 2 rating: Compliant The jurisdiction should provide information under its network of agreements in a timely manner (ToR C.5) This element involves issues of practice that are assessed in the Phase 2 review. Accordingly no Phase 1 determination has been made.

Determination Phase 2 rating: Partially Compliant
Recommendations
Cyprus should ensure that it During the three-year review responds to EOI requests in a period, Cyprus has been complete and timely manner. able to send final responses within 90 days in less than 10% of the cases, and almost 80% of the cases have been responded to after 180 days or are still outstanding. According to the Cypriot authorities, of the 929 requests received, 15% have not received a response at all during the three-year review period, while another 25% have received a partial response; these latter cases are considered pending by Cyprus for the information which was not provided. During the three-year review period, Cyprus did not always provide a status update to its EOI partners within 90 days. Although new staff has recently been hired, there was not sufficient staff to handle all incoming EOI requests in a timely manner during the three-year review period. Cyprus should provide status updates to its EOI partners within 90 days where relevant. Cyprus should monitor that the resources allocated to its competent authority are sufficient to deal with all incoming EOI requests.
ANNEXES 101
Annex 1: Jurisdictions Response to the Review Report 17

Cyprus would like to express its thanks to the expert assessors and to the Global Forum Secretariat personnel for their hard work in compiling the Cyprus Peer Review Report. Cyprus is committed to implement the international standards of transparency and exchange of information for tax purposes. Cyprus has in place the necessary legal and regulatory framework for effective exchange of information and will take necessary actions concerning the recommendations for implementation issues. In relation to ownership information, this exists at the Register of the Registrar of Companies (electronic access is available) and at the official Register of Members which is located in Cyprus and is kept by each company. Under the Companies Law this Register of Members is available for inspection by the authorities and the public at large. Service providers which are Directors or Company Secretaries to the companies keep ownership information on the companies in order to enforce the Anti-Money Laundering legislation and the Company Law and are monitored by their supervisory authorities through on-site inspections to that effect as noted in paragraph 68 of this Report. Therefore, ownership information is available. Concerning the assignment of Ratings, Cyprus strongly believes that the Overall Rating of Non Compliant and the Ratings of Non Compliant for elements A2-Keeping reliable accounting records and B1-Power to obtain and provide information are not representative of the state of affairs in these fields and are not fair. In relation to element A2-Keeping reliable accounting records, based on paragraph 163, accounting information was requested in more than 650 cases during the three year review period. Based on the responses received from the 13 peers that provided input for accounting information via the questionnaires, only 10 cases for accounting information (excluding tax
17. This Annex presents the jurisdictions response to the review report and shall not be deemed to represent the Global Forums views.
102 ANNEXES
returns or financial statements) were reported as not being responded by the cut-off date. This indicates that for the overwhelming majority of cases, the accounting information was available and has been exchanged. For completeness purposes, we note that out of the 10 cases mentioned above, since the cut-off date, 9 of them were responded to. For the 1 case not responded to yet, legal actions are in process against the taxpayer. The above clearly indicate that reliable accounting records are kept while the filing of the income tax returns and/or annual returns to the Registrar of companies is not the factor determining their keeping (as implied in Section A2 of this Report). Both the tax legislation and the Companies Law include provisions that oblige the relevant persons to keep reliable accounting records. The filing of the income tax returns/annual returns affects only the cases where these particular returns are requested by the requesting jurisdiction and in practice this has happened in a limited number of cases (in the vast majority of cases the queries received relate to specific transactions such as invoices, contracts etc., which is not an information that appears in the annual return/tax return). In relation to element B1Power to obtain and provide information, the relevant commentary in the Table of Determinations and Ratings clearly indicates that the within the review period change to the administrative practice, whereby information is obtained from the taxpayer regardless of whether the income tax return has been filed, is considered suitable. Furthermore, according to paragraph 201, it is clearly evident that Cyprus competent authority has used its powers to obtain information from banks, where adequate information concerning the specific bank requests (e.g. the name of the Bank) was provided by the requesting jurisdiction. Moreover as per paragraph 214, out of the 2000 prosecutions per year, a number of them concern prosecutions for not responding to requests for exchange of information purposes. Therefore, Cyprus has the powers to obtain and provide information and has used them. In conclusion, Cyprus position is that the Overall Rating (and the Rating of A2 and B1) of Non-Compliant does not do justice, neither to the substantial number of exchange of information requests Cyprus has dealt with, nor to the procedural and regulatory changes that Cyprus has implemented in its effort to fully comply with the standards on transparency and exchange of information for tax purposes.
ANNEXES 103
Annex 2: List of All Exchange-of-Information Mechanisms in Force
EU regulations Cyprus exchanges information under:

EU Council Directive 2011/16/EU of 15 February 2011 on administrative co-operation in the field of taxation. This Directive provides inter alia for exchange of banking information on request for taxable periods after 31 December 2010 (Article 18). All EU members were required to transpose it into national legislation by 1 January 2013, which was done by Cyprus through Law N.205(I)-2012 which entered into force on 28 December 2012. The current EU members, covered by this Council Directive, are: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom; and EU Council Directive 2003/48/EC of 3 June 2003 on taxation of savings income in the form of interest payments. This Directive aims to ensure that savings income in the form of interest payments generated in an EU member state in favour of individuals or residual entities being resident of another EU member state are effectively taxed in accordance with the fiscal laws of their state of residence. It also aims to ensure exchange of information between member states.
Bilateral and multilateral arrangements

Exchange of information relationships providing for tax information exchange on request as at July 2013, in alphabetical order:
104 ANNEXES
Type of EoI Arrangement DTC DTC 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Austria Belarus Belgium Bulgaria Canada China, Peoples Rep. Croatia Czech Republic Denmark Egypt Estonia Finland France Germany Greece Hungary India Ireland Protocol DTC DTC DTC DTC DTC EU Directive 2011/16/EU DTC DTC DTC DTC DTC DTC DTC DTC DTC DTC DTC Date Entered Into Force 19 September 2011 1 January 1991 1 April 2013 1 January 2013 12 February 1999 8 December 1999 1 January 2013 3 January 2001 1 January 2013 3 September 1985 5 October 1991 1 July 2013 26 November 2009 1 January 2013 7 September 2011 1 January 2013 14 March 1995 1 January 2013 1 January 2013 1 April 1983 1 January 2013 16 December 2011 1 January 2013 16 January 1969 1 January 2013 1 January 2013 21 December 1994 7 December 1970 1 January 2013
Jurisdiction 1 Armenia
Date Signed 17 January 2011 20 March 1990 21 May 2012 29 May 1998 14 May 1996 30 October 2000 2 May 1984 25 October 1990 1 July 2013 28 April 2009 11 October 2010 18 December 1993 15 October 2012 15 November 2012 18 December 1981 18 February 2011 30 March 1968
EU Directive 2011/16/EU 15 February 2011
EU Directive 2011/16/EU 15 February 2011 EU Directive 2011/16/EU 15 February 2011
EU Directive 2011/16/EU 15 February 2011 EU Directive 2011/16/EU 15 February 2011 EU Directive 2011/16/EU 15 February 2011 EU Directive 2011/16/EU 15 February 2011 EU Directive 2011/16/EU 15 February 2011 EU Directive 2011/16/EU 15 February 2011 13 June 1994 24 September 1968
30 November 1981 24 September 1982
ANNEXES 105
Jurisdiction DTC 20 Italy
Type of EoI Arrangement Protocol DTC New DTC DTC DTC
Date Signed 24 April 1974 4 June 2009
Date Entered Into Force 9 June 1983 23 November 2010 1 January 2013
EU Directive 2011/16/EU 15 February 2011 21 Kuwait 5 October 2010
15 December 1984 25 September 1986 1 January 2013 14 April 2005 1 January 2013 1 January 2013 11 August 1994 1 January 2013 12 June 2000 3 September 2008 8 September 1986 1 January 2013 18 May 1955 7 July 1993 9 November 2012 1 January 2013 1 January 2013 20 March 2009 8 November 1982 1 January 2013 17 August 1999 2 April 2012 18 July 2007 8 September 1986 27 October 2006 8 February 2001
22 Latvia 23 Lebanon 24 Lithuania
EU Directive 2011/16/EU 15 February 2011 18 February 2003 21 June 2013
EU Directive 2011/16/EU 15 February 2011 EU Directive 2011/16/EU 15 February 2011 DTC DTC DTC DTC DTC DTC Protocol DTC DTC DTC DTC Protocol DTC DTC DTC DTC 22 October 1993 21 January 2000 28 January 2008 29 June 1985 2 May 1951 4 June 1992 22 March 2012 19 November 2012 11 November 2008 16 November 1981 5 December 1998 7 October 2010 27 April 2007 29 June 1985 28 June 2006 24 November 2000 EU Directive 2011/16/EU 15 February 2011
25 Luxembourg 26 Malta 27 Mauritius 28 Moldova 29 Montenegro 30 Netherlands 31 Norway
32 Poland
EU Directive 2011/16/EU 15 February 2011 33 Portugal 34 Qatar 35 Romania 36 Russia 37 San Marino EU Directive 2011/16/EU 15 February 2011
38 Serbia 39 Seychelles 40 Singapore
106 ANNEXES
Type of EoI Arrangement DTC DTC DTC DTC DTC DTC DTC DTC DTC DTC New DTC DTC DTC DTC Date Entered Into Force 30 December 1980 1 January 2013 14 September 2011 1 January 2013 8 December 1998 1 January 2013 13 November 1989 1 January 2013 22 February 1995 26 August 1983 4 April 2000 26 August 1983 26 August 1983
Jurisdiction 41 42 Slovak Republic Slovenia
Date Signed 15 April 1980 12 October 2010 26 November 1997 14 February 2013 25 October 1988 15 March 1992 29 October 1982 27 October 1998 29 October 1982 29 October 1982 8 November 2012 27 February 2011 20 June 1974 19 March 1984
43 South Africa 44 Spain 45 Sweden 46 Syria 47 Tajikistan 48 Thailand 49 Turkmenistan 50 Ukraine 51 52 United Arab Emirates United Kingdom
18 March 1975 1 January 2013 31 December 1985
53 United States
ANNEXES 107
Annex 3: List of All Laws, Regulations and Other Material Consulted

Commercial laws
Charities Law (Cap. 41) Clubs (Registration) Law (Cap. 112) Companies Law (Cap. 113) Cooperative Societies Law Cooperative Societies Regulations (selected provisions) International Trusts Law 1992 Law Regulating Companies Providing Administrative Services and Related Matters Partnership and Business Names Law Societies and Institutions Laws, 1972 and 1997 Trustee Law (Cap. 193)
Financial sector laws

Banking Laws of 1997 to 2009 Central Bank of Cyprus Laws of 2002 to 2007 Directive to banks in accordance with Article 59(4) of the Prevention and Suppression of Money Laundering Activities Law of 2007 Law Providing for Transparency Requirements in relation to Information about Issuers whose Securities are Admitted to Trading on a Regulated Market Money laundering: Guidance Notes for lawyers Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007
108 ANNEXES
Taxation laws
Assessment and Collection of Taxes Law 1978 Income Tax Law of 2002 Special Contribution for the Defence of the Republic Law of 2002
Miscellaneous
Company Income Tax Return Constitution of Cyprus Income Tax Return Self-Employed Public Services Law Tax Register Registration Form
ANNEXES 109
Annex 4: Persons Interviewed During the On-site Visit

Officials from the Department of Inland Revenue Officials from the Ministry of Finance Official from the Registrar Official from the Central Bank Official from the Cyprus Securities and Exchange Commission Officials from the Authority for the Supervision of Cooperative Societies Officials from the Audit Service for Cooperative Societies Official from the Attorney-Generals office Representatives from the Cyprus Bar Association Representatives from the Institute of Certified Public Accountants of Cyprus
ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT

The OECD is a unique forum where governments work together to address the economic, social and environmental challenges of globalisation. The OECD is also at the forefront of efforts to understand and to help governments respond to new developments and concerns, such as corporate governance, the information economy and the challenges of an ageing population. The Organisation provides a setting where governments can compare policy experiences, seek answers to common problems, identify good practice and work to coordinate domestic and international policies. The OECD member countries are: Australia, Austria, Belgium, Canada, Chile, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Korea, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, the Slovak Republic, Slovenia, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States. The European Union takes part in the work of the OECD. OECD Publishing disseminates widely the results of the Organisations statistics gathering and research on economic, social and environmental issues, as well as the conventions, guidelines and standards agreed by its members.
OECD PUBLISHING, 2, rue Andr-Pascal, 75775 PARIS CEDEX 16 (23 2013 43 1 P) ISBN 978-92-64-20547-5 No. 60977 2013-01
Global Forum on Transparency and Exchange of Information for Tax Purposes
PEER REVIEWS, PHASE 2: CYPRUS

This report contains a Phase 2: Implementation of the Standard in Practice review, as well as revised version of the Phase 1: Legal and Regulatory Framework review already released for this country. The Global Forum on Transparency and Exchange of Information for Tax Purposes is the multilateral framework within which work in the area of tax transparency and exchange of information is carried out by 120 jurisdictions, which participate in the Global Forum on an equal footing. The Global Forum is charged with in-depth monitoring and peer review of the implementation of the international standards of transparency and exchange of information for tax purposes. These standards are primarily reected in the 2002 OECD Model Agreement on Exchange of Information on Tax Matters and its commentary, and in Article 26 of the OECD Model Tax Convention on Income and on Capital and its commentary as updated in 2004. The standards have also been incorporated into the UN Model Tax Convention. The standards provide for international exchange on request of foreseeably relevant information for the administration or enforcement of the domestic tax laws of a requesting party. Fishing expeditions are not authorised but all foreseeably relevant information must be provided, including bank information and information held by duciaries, regardless of the existence of a domestic tax interest or the application of a dual criminality standard. All members of the Global Forum, as well as jurisdictions identied by the Global Forum as relevant to its work, are being reviewed. This process is undertaken in two phases. Phase 1 reviews assess the quality of a jurisdictions legal and regulatory framework for the exchange of information, while Phase 2 reviews look at the practical implementation of that framework. Some Global Forum members are undergoing combined Phase 1 and Phase 2 reviews. The Global Forum has also put in place a process for supplementary reports to follow-up on recommendations, as well as for the ongoing monitoring of jurisdictions following the conclusion of a review. The ultimate goal is to help jurisdictions to effectively implement the international standards of transparency and exchange of information for tax purposes. All review reports are published once approved by the Global Forum and they thus represent agreed Global Forum reports. For more information on the work of the Global Forum on Transparency and Exchange of Information for Tax Purposes, and for copies of the published review reports, please refer to www.oecd.org/tax/transparency and www.eoi-tax.org.
Consult this publication on line at http://dx.doi.org/10.1787/9789264205482-en This work is published on the OECD iLibrary, which gathers all OECD books, periodicals and statistical databases. Visit www.oecd-ilibrary.org for more information.
ISBN 978-92-64-20547-5 23 2013 43 1 P
9HSTCQE*cafehf+

Peer Review Report Phase 2 Implementation of The Standard in Practice

Uploaded by

Copyright:

Peer Review Report Phase 2 Implementation of The Standard in Practice

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Peer Review Report Phase 2 Implementation of The Standard in Practice

Uploaded by

Copyright:

GLOBAL FORUM ON TRANSPARENCY AND EXCHANGE OF INFORMATION FOR TAX PURPOSES

Peer Review Report Phase 2 Implementation of the Standard in Practice

ISBN 978-92-64-20547-5 (print) ISBN 978-92-64-20548-2 (PDF)

Corrigenda to OECD publications may be found on line at: www.oecd.org/publishing/corrigenda.

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

ABOUT THE GLOBAL FORUM 5

About the Global Forum

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

Information and methodology used for the peer review of Cyprus

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

Taxation and international cooperation

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 17

Compliance with the Standards

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

18 COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 19

A.1 Ownership and identity information

Companies (ToR A.1.1)

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

20 COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION

Ownership information held by companies

Ownership information held by the authorities

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 21

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

22 COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION

Ownership information held by service providers

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 23

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

24 COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 25

Conclusion and practice

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

26 COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION

Bearer shares (ToR A.1.2)

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 27

Partnerships (ToR A.1.3)

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

28 COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 29

Conclusion and practice

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

30 COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION

Trusts (ToR A.1.4)

Ownership information held by trustees and service providers

PEER REVIEW REPORT PHASE 2 CYPRUS OECD 2013

COMPLIANCE WITH THE STANDARDS: AVAILABILITY OF INFORMATION 31