What is the Point of the Cyprus Crypto-Asset Service Provider Policy Statement
The Cyprus Securities and Exchange Commission (“CySEC”) on the 13 of September 2021, published a detailed Policy Statement on the registration and operation of Crypto-Asset Service Providers (PS -01-2021) (the “Policy Statement”), setting out its approach to the registration and operation of Crypto-Asset Providers and the principles contained in the Act to Prevent and Combat Money Laundering and Terrorist Financing Law of 2007, as amended.
CySEC highlights that, depending on their structure, crypto-assets may be considered either:
- as financial instruments under the Investment Services and Activities and Regulated Markets Law; or
- as Electronic Money under the Electronic Money Law; or
- Be a digital representation of value that is not issued or guaranteed by a central bank or public authority, is not necessarily linked to a legally established currency, and does not have the legal status of a currency or money, but is accepted by natural or legal persons as a medium of exchange and can be transmitted, stored and traded electronically, and does not qualify as a fiat currency or as one of the instruments referred to in the points above.
In addition, the Policy Statement refers to the limited number of investment firms that are currently permitted to offer limited crypto-asset activities as a non-regulated activity. These firms must formulate and submit to CySEC an action plan for phasing out their crypto-asset activities by the end of 2022 and, in the meantime, apply for registration as a Crypto-Asset Providers no later than the end of October 2021 or otherwise establish another entity to apply for registration as a Crypto-Asset Providers.
Finally, through this Policy Statement, CySEC amends the previously issued Crypto-Asset Providers Registration Directive in a number of aspects, one of which includes the clarification that, Crypto-Asset Providers authorized by CySEC pursuant to Investment Services and Activities and Regulated Markets Law are not subject to the obligation to hold own funds other than the higher of their initial capital and 25% of their fixed overheads as set out in the said Directive. However, depending on their type of authorization, they may be subject to other capital adequacy requirements (e.g. Cyprus Investment Firms is subject to the specific capital adequacy requirements of IFR/IFD or CRR II/ CRDV.
Registering a Cyprus CASP
Through this Policy Statement CySEC sets out its expectations for Crypto-Asset Provider’s compliance with the regulatory framework, including certain specific expectations in relation to Crypto-Asset Provider’s compliance with their obligations under the CySEC Directive on Preventing and Combating Money Laundering and Terrorist Financing.
In this regard, Crypto-Asset Providers must bring their business into compliance with the AML/CFT Rules and fully comply with their obligations under the AML/CFT Law, including but not limited to:
- organizational and operational requirements;
- conducting “Know Your Client” and other due diligence on clients,
- establishing the economic profile of their clients
- identifying the sources of funds of their clients,
- monitoring client transactions,
- identifying and reporting suspicious transactions
- conducting a comprehensive risk assessment in relation to their clients and activities conducted; and
- taking proportionate measures per client, activity and crypto asset, etc.
Requirements to Register a Cyprus CASP
The Policy Statement also sets out the registration process and requirements for potential Crypto-Asset Providers wishing to register on CySEC’s Crypto-Asset Providers register, as well as CySEC’s expectations of all potential Crypto-Asset Providers during the application stage and thereafter (until the publication of the relevant forms and documents for the commencement of the registration process of Crypto-Asset Providers operating in or from Cyprus), which can be summarized as follows:
Honesty and Competence
Honesty and competence of the management and board of a Crypto-Asset Providers (i.e. good reputation, knowledge, skills and experience) and of the Crypto-Asset Providers beneficiaries (i.e. good reputation, ability to maintain the Crypto-Asset Providers strong financial position);
Assessment of close ties
Assessing the Crypto-Asset Providers close ties to confirm that they do not impede effective monitoring, evaluation and supervision by CySEC;
Full disclosure of the websites used by the Crypto-Asset Providers and requirement to include specific disclosures and mentions from the law
Crypto-Asset Providers need to establish and maintain adequate policies, procedures and maintain systems to ensure compliance with all applicable laws and regulations, including the AML/CFT Act and CySEC’s Policy on Preventing and Combating Money Laundering and Terrorist Financing, and the prudent operation of Crypto-Asset Providers including minimizing the risk of theft or loss of their clients’ crypto-assets.
CASPs must have sufficient own funds comprised of fixed and variable component, in accordance with paragraph 1435 of the CASP Registration Directive.
The performance of its staff shall not remunerated or evaluated in a way that conflicts with the Crypto-Asset Providers duty to act in the best interest of its clients and in particular, the Crypto-Asset Providers shall not proceed with any arrangements in the form of remuneration, sales targets or otherwise, which could motivate its staff to implement aggressive promotion practices of products or services.
Establishment of reporting lines
There must be sound governance arrangements in place, with clearly defined, transparent and clearly identifiable reporting lines.
CySEC expects applicants to provide an organogram, along with a visual representation of the reporting lines.
CySEC expects all reasonable steps to be taken to ensure the continuous and regular
performance of the CASP’s functions and an appropriate and up-to-date policy must be maintained to ensure its continued operation, as well as an appropriate and up-to-date data recovery policy and procedures for the timely resumption of activities, where despite the reasonable measures taken the activity of the CASP is interrupted
When outsourcing the performance of critical functions to third parties, reasonable steps must be taken to avoid any undue additional operational risk and in any case, it must be ensured that the quality of the internal controls or CySEC’s ability to supervise, are not materially impaired.
Accounting and Admin Procedures
Cyprus Crypto-Asset Providers must have in place sound administrative and accounting procedures, internal control mechanisms, effective risk assessment procedures and effective control and safeguard arrangements for information processing systems.
Internal Control Function
Where the scope, nature, scale and complexity of its activity so require, the Cyprus based Crypto-Asset Providers must establish an internal control function that is independent of its other functions and activities, for the design and execution of its internal control mechanisms.
Cyprus Crypto-Asset Providers must have sound security mechanisms in place to guarantee the security and authentication of the means of transfer of information, minimise the risk of data corruption and unauthorised access and to prevent information leakage, in order to maintain the confidentiality of the data at all times.
Cyprus Crypto-Asset Providers must arrange for records to be kept of all of their activities, including the relevant correspondence, which shall be sufficient to enable CySEC to exercise its supervisory functions and to take steps to ensure the Crypto-Asset Provider complies with their obligations.
Functions Undertaken by Individuals in the Organization
The persons employed by Crypto-Asset Providers shall not perform multiple functions unless the exercise of multiple functions does not prevent or it is not likely to prevent such persons from carrying out any work or function with diligence, honesty and professionalism.
Adequate Complain Management Policies
Cyprus Crypto-Asset Providers must have appropriate policies and procedures in place to ensure that its clients’ complaints are properly resolved.
Such policies must capture the risks stemming from clients’ complaints, including litigation and compliance risks along with assigning to certain persons specific responsibilities for handling, escalating and deciding on clients’ complaints.
Any structured and government-backed attempt to integrate and utilize some aspects of blockchain technologies and either as a currency or smart contract or otherwise is a very welcomed step.
In the boom of the initial coin offering, Cyprus rejected and left unregulated any attempt to attract and utilize such technologies, this left a huge gap in the knowledge base of the Cypriot workforce and also might have hindered any attempt to develop a start-up hub in Cyprus.
Will this legislation attract giants like Binance, Coinbase, Huobi Global, or other remains to be seen. But definitely the road has been set and a structure is available.
Our proactive engagement with crypto businesses under the CySEC Innovation Hub, aiming to support innovative businesses and to engage with providers of emerging financial technologies, ensured that our expectations were clearly communicated to market participants well in advance and that the Cypriot framework has captured the industry’s pace, alleviating the risks involved. Our work on financial innovation at national and EU level is ongoing, and we are determined to encourage responsible innovation, whilst ensuring the orderly functioning of the markets.
Publications on Cyprus Business Law
Cyprus Annual Return HE32 for Companies
Cyprus private companies limited by shares are required to prepare and submit to the registrar of companies an annual return HE32. The Cyprus annual return HE32 must be accompanied by (1) Audited Financial Statements (the “FS”) and (2) Declaration of the Director and Secretary (the “Declaration”) confirming that the FS submitted are those presented to the shareholder at an Annual General Meeting (“AGM”)
Cyprus Company Formation
A company is formed in Cyprus by way of law. The principal legal instrument giving such right is the Companies Law, Chapter 113 of the laws of the Republic of Cyprus, however the memorandum and articles play an equal important role in a Cyprus Company Formation. These two ‘constitutional’ documents are often called upon to deal with business matters of the Company and in other times to define the rights of the various parties.
Private Company Limited by Shares
A Cyprus Private Company Limited by shares is a class of private companies incorporated in accordance with the Cyprus Companies Law, Chapter 113 of the laws of the Republic of Cyprus. It is the most frequently used vehicle in Cyprus its numbers, statistics of the Registrar of Companies, being over 200.000 and on an annual basis around 14.000 new companies are incorporated every year.
Cyprus Registrar Forms legality issues and effect
Within the Companies Law, Chapter 113 of the Laws of the Republic of Cyprus the term “Prescribed Form” (καθορισµένο τύπο) which means the Cyprus Registrar Forms is mentioned several times. Although the Companies law requires information to be submitted in the Prescribed Form this does not create automatic legality of the said action (e.g. change of director) is not implied
Transfer of shares when is it effective?
In the case of Morsa Trading the district court held that a person becomes a registered member of a Cyprus company when that person’s name is registered in the register of members. Accordingly, the transfer of shares in a Cypriot Company requires, amongst other things, the registration in the register of members.
Company Migration to Cyprus
Migrating a company to Cyprus is not without its challenges, nevertheless if the foreign countries laws allow a company may redomicile and migrate to Cyprus. After which time it will be registered under the companies law.
Author - Photographer
For many years he has worked and devoted his skills and efforts towards building a successful career as a leading executive. From humble beginnings, his aim has always been to yield results; with a keen focus to attention to detail and client satisfaction. His experience has always been varied and not specific, at times he preferred it. With that in mind, he has dealt with CySEC on licensing and ongoing regulation, international private equity and credit fund managers, NASDAQ and NYSE listed companies occasional millionaires as well as self-made millionaires. His passion though is difficult transaction work organizing and deploying people for a common goal. Harris enjoys reading and studying the Cyprus law and sharing that information on this website.
Merry Christmas and a Happy New Year
As 2022 comes to a close I would like to wish all my readers, their families and their loved ones...
Foss v Harbottle Rule in Cyprus
Introduction to Foss v Harbottle in Cyprus The rule in Foss v Harbottle is a principle of English...
UBO Register ECJ Decision
The UBO Register ECJ decision has shocked the legal and services world of the European Union and...