On 25th June 2021 the Cyprus Securities and Exchange Commission (the “CySEC“) issued a Directive (R.A.A. 269/2021) regarding the Register of Service Providers concerning Crypto Assets, pursuant to Sections 59 and 61E of the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, Law 188(I)/2007, as amended (the “Law”).
It should be noted that the Law was amended earlier in 2021 to implement, inter alia, the 4th and 5th AML Directives (Directives (ΕU) 2015/849 and 2018/843). Under this Law, CySEC is the supervisory authority responsible for services and activities provided by Service Providers in Cyprus which concern Cryptocurrencies, who are registered in the relevant Register under the Law.
The 5th anti-money laundering Directive (Directive (EU) 2018/843) (the “EU Directive”), focuses and aims, among others, on higher transparency in registrations of companies, trusts and similar legal arrangements and to limit the anonymity related to virtual currencies and wallet providers, hence provides for some form of regulation in relation to crypto assets.
Despite the fact that crypto assets are not yet fully regulated in Cyprus, it is on the basis of this Law that CySEC issued its Guidance to Cyprus Investment Firms on issues relating to Crypto assets by its November 2020 Circular (C417) as well as its latest (June 2021) Directive on the Register of Crypto asset Service Providers, implementing certain reporting requirements of those offering such services.
According to the relevant definitions provided under the Law:
“Crypto asset” means a digital representation of a value which is not issued by a central bank or public authority or guaranteed, is not necessarily linked to a legally circulating currency and does not have the legal status of currency or money, but is accepted by individuals as a means of trading or investment and can be transferred, stored or circulated electronically and is not
(a) fiat currency; or
(b) electronic money, or
(c) financial instruments as defined in Part III of the First Annex to the Investment Services and Activities and Regulated Markets Law;
“Crypto asset Service Provider” means a person who provides or exercises one or more of the following services or activities to another person or on behalf of another person, which do not fall under the services or activities of the obliged entities mentioned in paragraphs (a) to (h) of article 2A:
(a) Exchange between crypto assets and fiat currencies;
(b) Exchange between crypto assets;
(c) Management, transfer, holding and/or safekeeping, including custody, of crypto assets or cryptographic keys or means which allow the exercise of control on crypto assets;
(d) Offering and/or sale of crypto assets, including the initial offering; and
(e) Participation and/or provision of financial services regarding the distribution, offer and/or sale of crypto assets, including the initial offering”
According to CySEC’s latest directive, an “Applicant” means the Crypto asset Service Provider. Reference to “Register” or “Register of CASP” shall means the Register of Crypto asset Service Providers established and maintained by CySEC, pursuant to paragraph (1) of Article 61E of the Law.
As per the directive issued by CySEC, an application by a Crypto-Asset Service Provider must be submitted to CySEC for its registration in the Register of Crypto-Asset Service Providers which is maintained by CySEC.
The applicant’s (prospective Crypto asset Service Provider) name, physical address, trade name, and legal form must be mentioned in the application. In order to approve the application, the applicant must satisfy a number of conditions, which include, inter alia:
- good reputation, knowledge, experience and skills of its executives;
- a minimum of 4 directors, of which two will manage the business activities and the remaining two will be independent;
- appropriate policies and procedures in accordance with the law and directives on Prevention and Suppression of Money Laundering and Terrorist Financing;
- the necessary own funds;
- if operating online, a personal website owned and operated by the applicant;
- no conflict of interest between its staff and clients;
- good governance arrangements, with clear, transparent and detectable lines of reference;
- appropriate systems and control mechanisms for minimizing the risk of theft or loss of its clients’ crypto-assets data;
- appropriate administrative and accounting procedures, internal control mechanism, effective risk assessment procedures and effective control and security mechanisms of electronic data processing systems;
- appropriate security mechanisms to ensure and verify the authenticity of the means of transmitting information, minimizing the risk of data destruction and unauthorized access and preventing the leakage of information, so that the confidentiality of the data is always kept.
The Directive has also set capital requirements for the applicants. Crypto-Asset Service Providers are required to possess enough own funds that are at least equivalent to the greater of the amounts mentioned below:
i. the initial amount of capital mentioned in the Annex to the directive that commensurate with their operations and nature;
ii. Twenty-five percent or one-quarter of the Crypto-Asset Service Providers’ fixed expenses during the preceding year. The provision of this paragraph will be brought into effect as follows:
a) From January 1, 2022, 30% of the applicable amount;
b) From January 1, 2023, 60% of the applicable amount;
c) From January 1, 2024, 100% of the applicable amount
The applicants are additionally required to pay €10,000 upon the submission of their application which may not be refunded if the application is rejected.
The applicants will be informed by the CySEC within the period of six months from the date of submitting the application to CySEC, regardless of whether the application has been successful or not.
As soon as the application of registration is officially approved, the applicant will be registered in the Register by CySEC on an immediate basis. Upon approval, there is no registration fee required to be paid however the renewal of the registration amounts to €5,000.
For more information, please contact us at email@example.com. We will be happy to assist you.