Introduction

On the 25th June 2021 the Cyprus Securities and Exchange Commission (the "CySEC") issued the directive R.A.A. 269/2021 regarding the register of service providers concerning crypto assets, in accordance with articles 59 and 61E of the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007, Law 188(I)/2007, as amended (the "Law"). The Law was amended earlier in 2021 to implement and harmonize into Cyprus law, the 4th and 5th AML Directives (Directives (ΕU) 2015/849 and 2018/843), which focus on achieving higher transparency by preventing the financial market from being misused for illegal purposes like money laundering and financing of terrorism. Although EU has not fully regulated crypto assets and cryptocurrencies these directives provide some form of regulation.

CySEC Directive

CySEC was regulated to be the supervisory authority responsible for providers who provide services related to crypto asset services. Despite the fact that crypto assets are not yet fully regulated in Cyprus, CySEC has issued a directive on the "Register of Providers of Services regarding Crypto Assets" (the "CySEC Directive"). CySEC Directive regulates the creation, maintenance, operation and update of the register of crypto assets services providers and sets the requirements for their registration in the register.

The CySEC Directive applies to the following crypto asset service providers which are eligible for registration in the register:

  1. crypto asset service providers providing or carrying out services or activities on a professional basis from the Republic of Cyprus, irrespective of their entry in the register of a Member State for the services or activities they provide;
  2. crypto asset service providers providing or carrying out services or activities on a professional basis in the Republic of Cyprus, other than persons providing or carrying out services or activities in the Republic of Cyprus relating to cryptocurrencies and which are registered in a Member State for the services or activities they provide.

According to the relevant definitions provided under the Law:

"Crypto asset" means a digital representation of a value which is not issued by a central bank or public authority or guaranteed, is not necessarily linked to a legally circulating currency and does not have the legal status of currency or money, but is accepted by individuals as a means of trading or investment and can be transferred, stored or circulated electronically and is not

(a) fiat currency; or

(b) electronic money, or

(c) financial instruments as defined in Part III of the First Annex to the Investment Services and Activities and Regulated Markets Law;

"Crypto asset Service Provider" means a person who provides or exercises one or more of the following services or activities to another person or on behalf of another person, which do not fall under the services or activities of the obliged entities mentioned in paragraphs (a) to (h) of article 2A:

(a) Exchange between crypto assets and fiat currencies;

(b) Exchange between crypto assets;

(c) Management, transfer, holding and/or safekeeping, including custody, of crypto assets or cryptographic keys or means which allow the exercise of control on crypto assets;

(d) Offering and/or sale of crypto assets, including the initial offering; and

(e) Participation and/or provision of financial services regarding the distribution, offer and/or sale of crypto assets, including the initial offering"

An application by the crypto-asset service provider must be submitted to CySEC for its registration in the register of crypto-asset service providers. This application shall be reviewed by CySEC and will only be approved if the following conditions are fulfilled:

  1. all the documents requested by CySEC;
  2. good reputation, knowledge, experience and skills of its executives;
  3. a minimum of 4 directors, of which two will manage the business activities and the remaining two will be independent;
  4. appropriate policies and procedures in accordance with the Law and relevant directives;
  5. the necessary own funds as analysed below;
  6. if operating online, a personal website owned and operated by the applicant;
  7. no conflict of interest between its staff and clients;
  8. good governance arrangements, with clear, transparent and detectable lines of reference;
  9. appropriate systems and control mechanisms for minimizing the risk of theft or loss of its clients' crypto-assets data;
  10. appropriate administrative and accounting procedures, internal control mechanism, effective risk assessment procedures and effective control and security mechanisms of electronic data processing systems;
  11. appropriate security mechanisms to ensure and verify the authenticity of the means of transmitting information, minimizing the risk of data destruction and unauthorized access and preventing the leakage of information, so that the confidentiality of the data is always kept.

The CySEC Directive has set capital requirements for the applicants. Crypto-Asset Service Providers are required to possess enough own funds that are at least equivalent to the greater of the amounts mentioned below:

  1. The initial amount of capital mentioned in the Annex to the directive that commensurate with their operations and nature;
  2. Twenty-five percent or one-quarter of the Crypto-Asset Service Providers' fixed expenses during the preceding year. The provision of this paragraph will be brought into effect as follows:
    1. From January 1, 2022, 30% of the applicable amount;
    2. From January 1, 2023, 60% of the applicable amount;
    3. From January 1, 2024, 100% of the applicable amount.

The applicants are also required to pay the amount of €10,000 upon the submission of their application which is not to be refunded if the application is rejected. The applicants will be informed by the CySEC within the period of six months from the date of submitting the application, whether their application is successful or not. As soon as the application of registration is officially approved, the applicant will be registered in the register by CySEC. Renewal of the registration amounts to €5,000 per year. Amendments in the particulars of the service provider are allowed as well and the fees will be between the scale of €1,000-€5,000 depending on the amendment. Possible amendments include any changes of the following:

  • in the services or related activity of the provider;
  • of the address of the crypto assets;
  • of a board member or any person holding an administrative position;
  • in beneficiaries;
  • in the website of the provider.

The register shall be available in the official website of CySEC and shall be visible to the general public showing the following information in relation to the registered crypto asset service providers:

  • The name, the trading name, the legal type and the legal entity identifier of the crypto asset service provider;
  • The physical address of the crypto asset service provider;
  • The services being offered and/or the activities the crypto asset service provider may offer and/or perform as per subsections (a) to (e) of section 2(1) of the Law;
  • The website of the crypto asset service provider.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.