The AML Directive Regulating Crypto Asset Providers in Cyprus
Becoming a Cyprus Crypto Asset Service Provider (CASP)
On 25 June, the Cyprus Securities and Exchange Commission (CySEC) issued an amending AML Directive to regulate Crypto Asset Service Providers (CASPs) along with its policy statement for licensing, subsequent to the implementation of the 5
th AML Directive.
If you are a CASP, that provides services from Cyprus, you are required to register with CySEC.
Who is considered as CASPs?
CASP is an entity that provides or exercises one or more of the following services or activities to another entity or on behalf of another entity:
-
exchange between crypto assets and fiat currencies
-
exchange between crypto assets
-
management, transfer, holding and/or safekeeping, including custody, of crypto assets or cryptographic keys or means which allow the exercise of control on crypto assets
-
offering and/or sale of crypto assets, including the initial offering
-
participation and/or provision of financial services regarding the distribution, offer and/or sale of crypto assets, including the initial offering
The following CASPs should follow the directive and are eligible to register:
-
Providing or carrying out services or activities on a professional basis from Cyprus, irrespective of their entry in the register of a member state for the services or activities they provide
-
Providing or carrying out services or activities on a professional basis in Cyprus, other than persons providing or carrying out services or activities in Cyprus relating to cryptocurrencies and which are registered in a member state for the services or activities they provide
How to register
The Register is mandatory for CASPs providing or carrying out services from Cyprus and CASPs providing or carrying out services to Cyprus, except for businesses that have already registered in a relevant registry of another EU member state for these services. All CASPs must:
-
Complete and submit the application forms as well as all the requested documents
-
Good reputation, knowledge, experience and skills of its executives
-
Minimum of 4 directors, of which two will manage the business activities and the remaining two will be independent
-
Appropriate policies and procedures in accordance with the Law and relevant directives
-
The necessary own funds
-
If operating online, a personal website owned and operated by the applicant
-
No conflict of interest between its staff and clients
-
Good governance arrangements, with clear, transparent and detectable lines of reference
-
Appropriate systems and control mechanisms for minimizing the risk of theft or loss of its clients' crypto-assets data
-
Appropriate administrative and accounting procedures, internal control mechanism, effective risk assessment procedures and effective control and security mechanisms of electronic data processing systems
-
Appropriate security mechanisms to ensure and verify the authenticity of the means of transmitting information, minimizing the risk of data destruction and unauthorized access and preventing the leakage of information, so that the confidentiality of the data is always kept
Depending on the services provided, the company should also make the relevant initial capital injection as well as own funds:
-
The initial capital requirements depend on the type of services to be provided, as detailed in the CASP classes table below and range from €50,000 to €150,000.
-
The own funds’ requirement for CASP is at least equal with the greater amount of the following:
-
The amount of the initial capital that the respective CASP applicant is required to possess as per the CASP classes table
-
A quarter (1/4) of the CASP’s fixed overheads of the previous years, that is based on a transitional basis, starting from 30% of the 1/4 of fixed expenses from 1 January 2022, 60% of the said fixed expenses from 1 January 2023
-
100% of the said expenses from 1 January 2024 and thereafter