On 25 June 2021, CySEC has published the Directive for the prevention and suppression of money laundering and terrorist financing related to the Registration of Crypto Asset Service Providers (“the Directive” only in Greek). This was an action expected by CySEC after the transposition of the EU 5th AML Directive to the Cyprus AML Law ,Law 188(I)/2007 as amended (“the AML Law”), where the concept of crypto assets was introduced in the Cypriot legal framework.
Who shall apply for admission to the Crypto Asset Service Provider registry?
Based on the AML Law, a Crypto Asset Service Provider, that provides or exercises services or activities on a professional basis in Cyprus, must be registered to the CySEC Crypto Asset Service Provider registry by fulfilling the requirements described in the Directive. The registration to the CySEC Crypto Asset Service Provider registry will be mandatory, regardless of the Crypto-Asset Service Provider being registered in another EU Member State.
Definition of Crypto Asset Service Provider
A Crypto Asset Service Provider is defined as a person who provides or exercises, one or more, of the following services or activities to another person or on behalf of another person:
- Cryptocurrency exchanges (crypto-to-crypto and fiat-to-crypto and vice versa).
- Management, administration, transmission, transfer, retention, custodianship and safekeeping of crypto-assets or cryptographic keys or means, which allow for the exercise control in crypto-assets.
- Offering and/or sale of crypto-assets, including the initial offering.
- Participation and/or provision of financial services related to the distribution, offering and/or sale of crypto-assets, including the initial offering:
- Reception and transmission of orders.
- Execution of orders on behalf of clients.
- Dealing on own account.
- Portfolio management.
- Provision of investment advice.
- Underwriting and/or placing of crypto-assets on a firm commitment basis.
- Placing of crypto-assets without a firm commitment basis.
Registration of Crypto Asset Service Providers
The Applicants must submit the fully completed application to the CySEC based on the requirements of the Directive. Once approved, the following information will be publicly available in the CySEC Crypto Asset Service Provider registry:
- the name, the trade/business name, the legal status and the legal entity identifier of the Applicant;
- the physical address of the Applicant;
- the website of the Applicant through which it intends to perform/provide its services/activities;
- the prospective services and/or activities, as prescribed in the AML Law;
- the address of the relevant crypto-assets of the Applicant.
The CySEC shall inform the Applicants if their registration application has been approved or not within six (6) months after the application submission date.
Summary of the main registration requirements
Fit & Proper:
Individuals in managerial positions of the Applicant are honest and competent, in good repute, possess good academic or professional knowledge and skills, have a considerable amount of managerial and technical experience, and dedicate an adequate amount of time performing the assigned tasks with the Applicant.
Board of Directors:
Minimum four (4) fit & proper individuals, out of which two (2) will manage the business activities of the Crypto Asset Service Provider and two (2) will act as independent members.
Ensure that the existence of any close links between the Applicant and any third parties does not prevent CySEC to act as the Supervisory body.
Employees have the necessary knowledge, experience and good repute contingent on the tasks that are assigned to them.
Employees are not engaged in multiple duties until and unless the performance of several duties at one time does not hinder or impede them from doing their work with professionalism, sincerity, and conscientiousness.
For online activities, a website is exclusively owned and used by the Applicant without the possibility of any other persons get involved in the operation of the said website.
Policies & Procedures & other organizational arrangements:
- Appropriate policies and procedures are established and adequate systems and control mechanisms are in place to ensure the prudent operation of the Crypto Asset Service Provider, including the minimization of the risk of theft or loss of crypto asset information of clients
- Sound administrative and accounting procedures, risk assessment procedures, internal control mechanisms and effectual security and control mechanisms of the data of electronic processing system
- Adequate risk management procedures and systems concerning the Applicant’s obligations towards AML law.
- Internal audit procedure is established independently of the other operations and activities, for the development and execution of the internal audit mechanisms
- Establishment of business continuity arrangements
- Relevant policies and procedures are established in order to make certain that potential complaints of its customers are resolved properly
- Records are maintained in accordance with all of the operations and functions performed, which may take into account the pertinent communication in such a manner that enables the Commission to perform its supervisory duties
Consummate governance arrangements are in place, with reference lines that are transparent and clearly identified and defined.
Maintain the necessary initial capital and own funds based on the type of application. More specifically, it is essential to possess enough own funds that are at least equivalent to the greater of the amounts mentioned below:
- the initial amount of capital mentioned in Directive that commensurate with the Crypto Asset Service Provider’s operations and nature OR
- a quarter (1/4) of the Crypto Asset Service Provider’s fixed expenses during the preceding year. If no more than one year has passed since the date the Crypto Asset Service Provider began operations, the estimated fixed expenses are included in the forecasting of the first 12-month transactions
- Registration fees for CySEC examination: EUR 10.000
- Registration renewal (1 year period) : EUR 5.000
- Other fees for material changes apply
Once approved, no fee or subscription is paid to the CySEC during the first year of registration in the Registry. If the registration application is rejected, the application fee is non-refundable.
The Registration Application forms and details concerning the registration are expected to be officially available at the CySEC’s website by September 2021.