Cyprus: CySEC new Directive on the register of Crypto-Asset Service Providers
On the 25 June 2021, the Cyprus Securities and Exchange Commission (CySEC) issued the Crypto Asset Service Providers (CASP) Directive (R.A.D 269/2021), in order to provide guidance for operating and registration conditions of the CASPs pursuant to the 5th Anti-Money Laundering Directive.
Additionally, it has been decided that the Register of CASPs should be approved and registered with CySEC.
According to the amended AML Law, Crypto Asset Service Providers are defined as a person who provides or exercises one or more of the following services or activities to another person or on behalf of another person:
- Exchange between crypto assets and fiat currencies;
- Exchange between crypto assets;
- Management and/or transfer and/or retention and/or safekeeping, including custodianship of crypto assets or cryptographic keys or means enabling control over crypto assets;
- Offering and/or selling crypto assets, including the initial offering;
- Participation and/or provision of financial services related to the distribution, offering and/or sale of crypto assets, including the initial offering.
The above-mentioned crypto asset service providers should be registered in the register kept by CySEC in accordance with s. 61E (1) of the AML Law.
The following information of the applicant (crypto asset service provider), must be mentioned in the application:
- Name, trade name, legal form and legal entity identifier of the crypto asset service provider;
- Physical address of the crypto asset service provider;
- The services being offered and/or the activities the crypto asset service provider may offer and/or perform as per subsections (a) to (e) of section 2(1) of the AML Law;
- Website of the crypto asset service provider.
All essential documents and information are submitted to CySEC and will only be approved by CySEC if the applicant is successful in satisfying a number of conditions which includes:
- At least four persons represent the board of directors, of which two members will be considered independent members and the remaining two will administer the business activities of the applicant (executive directors);
- Individuals occupying executive positions have good reputation, are highly experienced, skilled and knowledgeable;
- The applicant owns and maintains a personal website, if operating online;
- Appropriate policies and procedures are set up in accordance with the Law and Directive on Prevention and Suppression of Money Laundering and Terrorist Financing;
- Proper systems and control mechanisms for minimizing the risk of theft or loss of its clients’ crypto-assets data;
- The applicant owns adequate funds;
- To make sure that there is no conflict of interest between its staff and clients;
- Appropriate governance arrangements with clear, transparent and detectable lines of reference;
- The applicant maintains appropriate accounting and administrative procedures, effective risk assessment procedures, internal control mechanism, and, efficient security and control mechanisms of the electronic data processing systems;
- Suitable security mechanisms are applied to ensure and verify the authenticity of the means of transmitting information, minimizing the risk of data destruction and unauthorized access and preventing the leakage of information, so that the confidentiality of the data is always kept.
It is important for Crypto-Asset Service Providers to own enough funds that are at least equivalent to the greater of the amounts mentioned below:
The initial amount of capital mentioned in the Annex to the directive that commensurate with their operations and nature;
Twenty-five percent or one-quarter of the Crypto-Asset Service Providers’ fixed expenses during the preceding year. The provision of this paragraph will be brought into effect as follows:
- From January 1, 2022, 30% of the applicable amount;
- From January 1, 2023, 60% of the applicable amount;
- From January 1, 2024, 100% of the applicable amount;
Fees and Subscriptions
The applicants are required to pay €10,000 upon the submission of their application which may not be refunded if the application is rejected. In the register, the yearly renewal of the registration amounts to €5,000.
The applicant will be informed by the Commission within the period of six months, starting from the application submission date. As soon as the application for the purpose of registration is officially approved, the applicant will be registered in the register by the CySEC.