Almost 60 percent of one Cypriot bank's clients are "high risk" in terms of money laundering and almost a third of all bank depositors' records contain errors, a leaked EU report says.

The confidential paper - published at the weekend by Cypriot website stockwatch.com.cy - was drawn up in April by Moneyval, a unit of the Strasbourg-based Council of Europe, and by US accountancy firm Deloitte on the request of eurozone finance ministers.

Student or retired? Then this plan is for you.

The full version, containing banks and customers' names, is still under lock and key.

But the leaked four-page resume paints a damning picture of what goes on in the mini financial centre which just got €2 billion of EU taxpayers' money.

Deloitte looked at the six Cypriot banks which hold €2 billion or more in deposits.

It also looked at 90 big borrowers (worth €16 billion in total loans), 180 big depositors (worth €8 billion) and 120 randomly selected customers.

In terms of doing business with potential crooks, it found that 10 percent of all of them are "politically exposed persons" and that 58 percent of customers in one of the six banks pose a "high risk" on money laundering.

It got the information from "simple commercial database checks" even though the banks themselves had failed to flag them.

In terms of knowing who their customers really are, Deloitte said 27 percent of all depositors' files and 11 percent of borrowers' files "showed inaccurate information on the customer and beneficial owner."

It noted that banks rely on "introducers" - firms, lawyers and accountants who work for the real owners of accounts - for 75 percent of their international business, muddying the water on customer identity.

It added that when dealing with "complex" structures - accounts held by firms with three or more layers of nominal owners between the bank and the real customer - the banks did proper ID checks in just 9 percent of cases.

They launched just four internal probes on potential money laundering on the sample clients between 2008 and 2012.

They reported zero "suspicious transactions" to Cypriot authorities in 2008 to 2010, one in 2011 and "a few" in 2012.

But Deloitte identified 29 of them in the last 12 months alone, some of which it described as "very compelling cases."

"Deloitte's analysis exposes systemic deficiencies in the implementation of preventive measures by the audited institutions," the leaked report says.

"Overall awareness regarding clients presenting higher risk profiles was not demonstrated to be robust," it adds.

The paper gives the lie to Cypriot diplomats and politicians who have been telling media in recent months the island adheres to international standards.

It also casts doubt on the credibility of Moneyval, whose previous reports gave Cyprus a clean bill of health.

"While Moneyval was not able to access actual customer files, its findings significantly revise its previous, more favourable assessment of Cyprus' AML [anti-money-laundering] system," the report notes.

Moneyval, as an intergovernmental body, can only look at the work of Cypriot government institutions, which is one reason why the eurozone ministers brought in Deloitte.

The man who chairs the ministers' meetings, Dutch finance chief Jeroen Dijsselbloem, has said the EU will draft an "action plan" for Cyprus to enact if it wants to keep the bailout money flowing.

German leader Angela Merkel in April also promised the Bundestag that she will clean up Cyprus if MPs approved the EU rescue.

But the leaked paper risks making her look bad in the run-up to elections in September.

"It could be quite problematic for Merkel. If German people saw the report, they might say: 'I would not give my money to such a country'," an EU diplomat told this website last week.