Following the publication of Policy Statement PS-01-2021, Cyprus Securities and Exchange Commission wishes to outline its approach:
on the registration and operations of Crypto-Asset Services Providers (herein-after the "CASPs");
on the principles contained into the AML/CFT Law in relation to CASPs’ activities, as have been elaborated by means of the CySEC Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing.
In addition to the above, with this Policy Statement CySEC sets out its expectations for the compliance of CASPs with the regulatory framework, including certain specific expectations in relation to the compliance of CASPs with their obligations under the CySEC Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing.
LEGAL FRAMEWORK
CySEC introduces a new regulatory framework (i.e. MiCA) in relation to tokens that do not qualify as financial instruments (i.e. crypto assets) and bespoke rules for Asset Referenced Tokens and EMTs (so called ‘stable-coins. Furthermore, Crypto-assets’ activities are subject to Anti-Money Laundering and Counter-Terrorism Financing (“AML/CFT”) Regulation and supervision under AMLD V and will be also subject to the relevant rules of the New EU AML/CFT Package, once these come into force.
WHO THE STATEMENT POLICY CONCERNS
The Policy Statement concerns:
CASPs as defined in the AML/CFT Law providing or carrying out services or activities on a professional basis in or from the Republic;
Customers purchasing, holding or transferring crypto assets will be also impacted by this Policy Statement to the extent they resort to the services of a CASP;
Other regulated entities
APPLICATION FOR CASPs REGISTRATION
A. GENERAL INFORMATION
CASPs must therefore fully abide to their obligations stemming from the AML/CFT Law, the CySEC Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing - Register of Crypto Asset Service Providers (the “CASP Registration Directive”) and the CySEC Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing (collectively hereinafter the “Cumulative CASP Rules”).
CASPs operating from Cyprus must be registered with CySEC in order to be able to provide services and/or perform activities in relation to crypto-assets and will be regulated by CySEC under the Cumulative CASP rules.
Where a CASP is established in another EEA Member State or in a Third Country, but provide services from Cyprus under any form and/or arrangement, will be operating from Cyprus in relation to the service and/or activities originating therefrom and will be subject to registration and supervision under the Cumulative CASP Rules.
CASPs registered in a Third Country, must be registered with CySEC in order to be able to provide services and/or perform activities, in relation to crypto- assets in Cyprus and will be regulated by CySEC under the Cumulative CASP Rules. However such registration is contingent to CySEC being satisfied with such entities compliance with the Cumulative CASP Rules.
B. KEY OBLIGATIONS AND CYSEC’s EXPECTATIONS
As per the CySEC Directive on CASPs Registration, the prospective CASPs (the “Applicants”) must submit the relevant application form issued by CySEC for the registration in the CySEC CASP Register (the “CASP Application Form”), duly completed.
Applicants are expected to be in a position to satisfy CySEC in relation to the following subject matters upon registration and/or on an ongoing basis:
Persons holding a management position
Beneficiaries of CASPs
Close links between the applicant and other natural or legal persons
Website fully owned and exclusively used by the CASP
Establishment of AML policies and procedures
Establishment of operating policies and procedures
CASPs' own funds comprised of fixed and variable component
Employees' Remuneration
Reporting Obligations and corporate governance
Business Continuity and Disaster Recover Plan
Outsourcing the performance of critical functions to third parties
Administrative and Accounting procedures
Internal Control function
Security mechanisms
Record Keeping
Employees responsibilities and obligations
Complaints' Procedure(s)
Marketing communication and information to clients
CASPs must comply with all of their responsibilities stemming from the Cumulative CASP Rules at all times.
NEXT STEPS
CySEC will publish relevant forms and documents in a bespoke section on its website for the commencement of the registration process for CASPs operating in or from Cyprus.
As to the a limited number of investment firms that were permitted to provide crypto-assets’ activities on a limited scale, as a non-regulated activity, CySEC believes that the extraordinary circumstances under which such operations were permitted under section 5(5)(b) of the Investment Services Law, is highly unlikely to still be relevant.
Written by Angeliki Georgiou, Independent Legal Consultant
Please do not hesitate to contact our team for more information as to the above CASPs application.