On June 25, 2021 the Cyprus Securities and Exchange Commission (CySEC) published a Directive on ‘the Register of Providers of Services Regarding Crypto Assets’ (R.A.D 269/2021), under powers conferred by Law 188(I)/2007 on ‘Prevention and Suppression of Money Laundering and Terrorist Financing’. The amended law incorporated the 5th Anti Money Laundering Directive (EU) 2018/843 (‘AMLD5’) into Cyprus national law.
The Directive provides for the creation and maintenance of a Register for Providers of Services Regarding Crypto Assets (‘the Register’) by CySEC and lays down the procedures for registration and the operating requirements of Crypto Asset Service Providers (CASPs).
Crypto Asset is defined as an asset with a digital representation of value that is neither issued nor guaranteed by a central bank or a public authority, it is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored, and traded electronically, and it does not qualify as fiat currency, electronic money, of financial instruments
TYPES OF SERVICE AND CAPITAL REQUIREMENTS
There are three types of activities regulated by CySEC for which there is a different minimum capital requirement:
Prospective CASPs must submit the relevant application form issued by CySEC for the registration in the CySEC CASP Register, duly completed, which must inter alia include information in relation to:
Upon registration, as well as on an ongoing basis, applicants are expected to satisfy CySEC’s requirements in relation to the following:
- the persons holding a management position in the CASP must be honest and competent. The Board of Directors shall be comprised of at least four directors, two of which must be executives (directing the business activities of the provider) and two must be independent, non-executive, members of the board;
- the beneficiaries of CASPs must be honest and competent, i.e. have a good reputation and the ability to maintain the strong financial position of the CASP;
- the close links between the applicant and other natural or legal persons shall not hinder its effective monitoring, evaluation and monitoring of CYSEC, i.e., in the event that the natural or legal person with whom the applicant has a close relationship is in a Third Country;
- own and maintain a website exclusively used by the CASP through which the CASP will operate;
- establish appropriate policies and procedures to ensure its compliance, including that of its executives, employees and persons to whom functions are assigned to;
- ensure the prudent operation, including minimizing the risk of theft or loss of their clients' crypto-assets, via appropriate policies, procedures, systems, and controls;
- The provider shall have sufficient own funds comprised of fixed and variable component;
- staff performance shall not be remunerated or evaluated in a way that is motivating to implement aggressive promotion practices of products or services;
- The provider shall establish sound governance arrangements with clearly defined, transparent and identifiable reporting lines;
- a business continuity and recovery plan must be included in the Internal Operations Manual;
- identify the functions to be outsourced to third parties and the steps to be undertaken in order to avoid any undue additional operational risk, maintain the quality of the internal controls and ensure CySEC’s ability to supervise;
- implement sound administrative and accounting procedures, internal control mechanisms, effective risk assessment procedures and effective control and safeguard arrangements for information processing systems;
- establish an independent internal control function;
- implement sound security mechanisms to guarantee the security and authentication of the means of transfer of information;
- keep records of all their activities, including the relevant correspondence, which shall be sufficient to enable CySEC to exercise its supervisory functions
- establish appropriate policies and procedures to ensure that its clients’ complaints are properly resolved; and
- all staff members must be honest and professionals and possess the appropriate knowledge for the tasks assigned to them.
PROVISIONS FOR AML
The “Travel Rule” is the obligation to obtain, hold, and transmit originator and beneficiary information in order to identify and report suspicious transactions, monitor the availability of information, take freezing actions, and prohibit transactions where appropriate. Under the “Travel Rule”, any transaction with a value equal to or in excess of 1.000 Euros, must be deemed as material. Where an obliged entity sends a material crypto-asset transfer to a CASP, the relevant obliged entity must immediately and by secure means obtain the following information and submit it to the CASP:
a) the payer’s physical address;
b) the payer’s national identity number;
c) the payer’s customer identification number; or
d) the payer’s date and place of birth.
- For the purposes of examining the application for registration in the CASP Register, the CASP shall pay to the Cyprus Securities and Exchange Commission a fee of 10.000 Euros.
- For the purposes of renewal of registration in the CASP Register for a period of one year, the CASP pays a fee of 5.000 Euros.
- For the submission of a notice of material change, a fee shall be paid between 1.000 – 5.000 Euro depending on the nature of the change (refer to paragraph 16 of the Policy Statement)
HOW WE CAN HELP
Our office has established its footprint in the Cypriot Financial Services Market. Our dedicated team can successfully complete and submit your CASP registration to CySEC. Our services relate to the following:
- Careful evaluation of the case and specifics pertaining the submission of the application.
- Preparation and/or assistance for the preparation of all necessary document (i.e. Internal Procedures Manual, Business Plan, Anti-Money Laundering Manual etc.), in accordance with CySEC’s regulations.
- Timely submission of the application to CySEC.
- Undertake prompt actions related to any additional queries from the Commission.
- Resolution of the Commission’s recommendations/comments.
- Registration on the CASP register.