• FAI Comply

PS-01-2021: CySEC's Policy Statement on the Registration and Operations of CASPs

Following the publication of Policy Statement PS-01-2021, Cyprus Securities and Exchange Commission wishes to outline its approach:


  • on the registration and operations of Crypto-Asset Services Providers (herein-after the "CASPs");

  • on the principles contained into the AML/CFT Law in relation to CASPs’ activities, as have been elaborated by means of the CySEC Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing.


In addition to the above, with this Policy Statement CySEC sets out its expectations for the compliance of CASPs with the regulatory framework, including certain specific expectations in relation to the compliance of CASPs with their obligations under the CySEC Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing.


LEGAL FRAMEWORK

WHO THE STATEMENT POLICY CONCERNS

APPLICATION FOR CASPs REGISTRATION

A. GENERAL INFORMATION

B. KEY OBLIGATIONS AND CYSEC’s EXPECTATIONS

NEXT STEPS

LEGAL FRAMEWORK

CySEC introduces a new regulatory framework (i.e. MiCA) in relation to tokens that do not qualify as financial instruments (i.e. crypto assets) and bespoke rules for Asset Referenced Tokens and EMTs (so called ‘stable-coins. Furthermore, Crypto-assets’ activities are subject to Anti-Money Laundering and Counter-Terrorism Financing (“AML/CFT”) Regulation and supervision under AMLD V and will be also subject to the relevant rules of the New EU AML/CFT Package, once these come into force.


WHO THE STATEMENT POLICY CONCERNS


The Policy Statement concerns:

  • CASPs as defined in the AML/CFT Law providing or carrying out services or activities on a professional basis in or from the Republic;

  • Customers purchasing, holding or transferring crypto assets will be also impacted by this Policy Statement to the extent they resort to the services of a CASP;

  • Other regulated entities

APPLICATION FOR CASPs REGISTRATION


A. GENERAL INFORMATION

CASPs must therefore fully abide to their obligations stemming from the AML/CFT Law, the CySEC Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing - Register of Crypto Asset Service Providers (the “CASP Registration Directive”) and the CySEC Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing (collectively hereinafter the “Cumulative CASP Rules”). CASPs operating from Cyprus must be registered with CySEC in order to be able to provide services and/or perform activities in relation to crypto-assets and will be regulated by CySEC under the Cumulative CASP rules.

Where a CASP is established in another EEA Member State or in a Third Country, but provide services from Cyprus under any form and/or arrangement, will be operating from Cyprus in relation to the service and/or activities originating therefrom and will be subject to registration and supervision under the Cumulative CASP Rules.


CASPs registered in a Third Country, must be registered with CySEC in order to be able to provide services and/or perform activities, in relation to crypto- assets in Cyprus and will be regulated by CySEC under the Cumulative CASP Rules. However such registration is contingent to CySEC being satisfied with such entities compliance with the Cumulative CASP Rules.

B. KEY OBLIGATIONS AND CYSEC’s EXPECTATIONS

As per the CySEC Directive on CASPs Registration, the prospective CASPs (the “Applicants”) must submit the relevant application form issued by CySEC for the registration in the CySEC CASP Register (the “CASP Application Form”), duly completed.

Applicants are expected to be in a position to satisfy CySEC in relation to the following subject matters upon registration and/or on an ongoing basis:


  • Persons holding a management position

  • Beneficiaries of CASPs

  • Close links between the applicant and other natural or legal persons

  • Website fully owned and exclusively used by the CASP

  • Establishment of AML policies and procedures

  • Establishment of operating policies and procedures

  • CASPs' own funds comprised of fixed and variable component

  • Employees' Remuneration

  • Reporting Obligations and corporate governance

  • Business Continuity and Disaster Recover Plan

  • Outsourcing the performance of critical functions to third parties

  • Administrative and Accounting procedures

  • Internal Control function

  • Security mechanisms

  • Record Keeping

  • Employees responsibilities and obligations

  • Complaints' Procedure(s)

  • Marketing communication and information to clients


CASPs must comply with all of their responsibilities stemming from the Cumulative CASP Rules at all times.

NEXT STEPS

CySEC will publish relevant forms and documents in a bespoke section on its website for the commencement of the registration process for CASPs operating in or from Cyprus.

As to the a limited number of investment firms that were permitted to provide crypto-assets’ activities on a limited scale, as a non-regulated activity, CySEC believes that the extraordinary circumstances under which such operations were permitted under section 5(5)(b) of the Investment Services Law, is highly unlikely to still be relevant.


Written by Angeliki Georgiou, Independent Legal Consultant

Please do not hesitate to contact our team for more information as to the above CASPs application.




Recent Posts

See All