CySEC publishes its Policy Statement and forms Cypriot Crypto Asset Service Providers
On 13 September 2021, the Cyprus Securities and Exchange Commission (CySEC) issued a Policy Statement (PS-01-2021) (CySEC Crypto Policy Statement) on the Registration and Operations of Crypto Asset Services Providers (CASPs) to outline its finalised rules for CASPs under the Prevention and Suppression of Money Laundering and Terrorist Financing Law 2007 (theAML Law) and the CySEC Directive for the prevention and suppression of money laundering and terrorist financing - Register of Crypto Asset Services Providers (theCySEC CASP Directive), elaborating on the next steps and on CySEC’s expectations.
Under section 61E of the AML Law, CASPs in Cyprus are expected to become registered and approved with CySEC in order to engage in CASP business within the jurisdiction. For more information on the registration perimeter please refer to our earlier blog posts here.
The CySEC Crypto Policy Statement provides the industry with more detail on CySEC’s views of the various types of crypto assets in the market. Here, the regulator mentions that crypto-assets is a broad term covering a diverse set of assets utilising cryptography and Distributed Ledger Technology (DLT). The regulator clarifies that crypto-assets, among other things, may:
- Qualify as financial instruments under the Investment Services and Activities and Regulated Markets Law, transposing MiFID II
- Qualify as electronic money under the Electronic Money Law, transposing EMD2, or
- Be a digital representation of value that is neither issued nor guaranteed by a central bank or a public authority, which is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored, and traded electronically, and does not qualify either as fiat currency or as financial instruments under the Investment Services Law or electronic money under the Electronic Money law.
CySEC clarifies that the CASP regime is, in general, limited to registering those businesses engaged in services and activities relating to the last type of crypto asset in the bullet points above.
CySEC has also highlighted that investors should be aware of the high risks entailed before proceeding with any crypto-asset investment, in addition to usual AML risks, including:
- Risks in relation to investor protection who may be lured into unsuitable investments and the risk of fraud
- Risks in relation to market integrity, stemming from inconsistent liquidity, unregulated price discovery mechanisms, insider dealing and market abuse in relation to crypto-assets
- Risks stemming from technological specificities such as the colloquially known “51% attacks” and coding errors in smart contracts
- Custody risks, stemming from technological specificities such as the use of online wallets for the custody of crypto assets and the possibility of theft; and
- Potential financial stability risks, stemming from a mainstream / institutional adoption of crypto assets
Importantly, the Policy provides some much-anticipated guidance on the interpretation of the provisions of the CySEC CASP Directive with regards to the registration procedure providing much-needed guidance on:
- The fitness and probity of the CASP beneficiaries and persons holding a management position
- The conditions in relation to CASP registration
- The organisational and operational requirements
- Preforming Know Your Client and other client due diligence measures
- Drawing the economic profile of their clients
- Identifying the source of funds of their clients
- Monitoring the clients’ transactions
- Identifying and reporting suspicious transaction
- Undertaking a comprehensive risk assessment in relation to their clients and activities and take proportionate measures per client, activity, and crypto-asset in question
- The contents of information, including marketing communications, addressed to clients or potential clients
- Minimum capital requirements; and
- Maintain and operate effective organisational and administrative arrangements with respect to identifying, preventing, and disclosing conflicts of interest
The CySEC CASP Policy Statement confirms that CySEC will commence evaluation of applications from existing or prospective CASPs. Whilst there is no outright grandfathering regime CASPs that submit applications within October 2021 should be prioritised for review over those submitting later.
The Policy Statement can be found here. CySEC’s press release can be found here.
Our previous blog post on CySEC’s CASP Directive can be found here.