Contacts

Third-party due diligence policy

I. INTRODUCTION

This Third-Party Due Diligence Policy (the “Policy”) establishes the framework and requirements for conducting due diligence on third parties, including vendors, resellers, agents, and business partners. The objective is to ensure that all third-party relationships are compliant with legal and ethical standards and do not expose MCS IT Distribution Ltd. (the “Company”) to reputational, legal, or financial risks. Such due diligence is also aimed at prevention of money laundering and terrorist financing activities.

II. SCOPE

The Policy applies to all departments and individuals who engage, evaluate, or manage third parties on behalf of the Company. It covers new engagements, renewals, and significant changes in third-party operations or ownership.

III. AML AND CTF REGULATORY FRAMEWORK

With respect to applicable anti-money laundering (the “AML”) and counter-terrorist financing (the “CTF”) issues the Company complies with the following regulations, including but not limited to:
  1. 2024/1624 REGULATION (EU) 2024/1624 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing;
  2. Prevention and Suppression of Money Laundering Activities Law (188(I)/2007);
  3. Combating Terrorism Law (L. 110(I)/2010);
  4. Guidance by the Republic of Cyprus Ministry of Finance and MOKAS (Unit for Combating Money Laundering).

IV. RESPONSIBILITIES

  1. Legal Department is responsible for overseeing the due diligence process and maintaining relevant records.
  2. Business units are responsible for initiating due diligence and ensuring completion before engagement.
  3. All employees must report concerns or red flags related to third parties to Legal Department and, if necessary, to their superiors.

V. DUE DILIGENCE PROCESS

V.1 Steps for Third-Party Engagements

The following steps must be followed for all relevant third-party engagements:
  1. completion of a Third-Party Questionnaire (optional);
  2. background checks including sanctions and watch list screening;
  3. evaluation of ownership structure and beneficial ownership;
  4. review of financial, legal, and compliance history;
  5. risk classification and approval by Legal Department;
  6. contractual obligations including compliance with anti-bribery, sanctions, AML and CTF laws.

V.2 Due Diligence of Individuals

The employee conducting standard due diligence of individuals shall ensure to the reasonable extent that the following procedure is followed:

(1) Identify:

  1. full name;
  2. date of birth;
  3. nationality;
  4. identity card number/travel document number;
  5. proof of residential address.

(2) Verify:

The information collected in (1) should be verified by viewing original copies of the documents referenced below. If unable to view original copies, consider requesting certified true copies of the documents from a qualified solicitor, accountant, or similar regulated professional.

V.3 Due Diligence of Legal Entities

The employee conducting standard due diligence of legal entities shall ensure to the reasonable extent that the following procedure is followed:

(1) Identify:

  1. full legal name and trading name (if different);
  2. place and date of incorporation;
  3. corporate and business registration number;
  4. registered address and primary business address (if different);
  5. nature/type of business;
If privately owned (i.e., not publicly listed):
  1. full names of directors and other officers;
  2. full names of any individual shareholders owning more than 25% (twenty-five percent) of the entity (beneficial owners).

(2) Verification:

  1. the information collected as stated above should be verified using publicly available resources;
  2. the verification procedures for individuals, as set out above, should be undertaken on individual shareholders owning or controlling more than 25% (twenty-five percent). If no such shareholders exist, the identity of two directors should be verified;
  3. verification of individual shareholders is not required where the legal entity is listed on a recognized stock exchange or is regulated by a financial regulator. In such cases, the Company should retain evidence of such listing or regulation for its records.

VI. RISK-BASED APPROACH

Due diligence depth and frequency shall correspond to the risk level of the third party, based on factors including:
  1. country of incorporate and operation;
  2. nature of services or goods provided;
  3. proximity to government entities;
  4. past compliance or legal issues;
  5. negative media background.

VII. ONGOING MONITORING

Third-party relationships must be monitored regularly. High-risk third parties shall be reviewed at least annually. Any changes in ownership, business activities, or negative news must trigger a reassessment. Contracts shall contain obligations to report on change of ownership.

VIII. DOCUMENTATION & RECORDKEEPING

All due diligence records must be retained for a minimum of 5 (five) years after termination of relationships and must be accessible to the Legal Department. This includes questionnaires (if any), screening results, approval documentation, and monitoring records.

IX. VIOLATIONS

Failure to comply with the Policy may result in disciplinary action, up to and including termination. Third parties found to be in violation of compliance obligations may be subject to contract termination and potential legal action.

X. CONTACT

For further information about the Policy or the due diligence process, please utilize the feedback form.

This website uses cookies to ensure its proper functioning and to enhance your experience. By continuing to use the site, you agree to the use of necessary cookies. For details, please see our Privacy Policy.

Accept