Cyprus Securities and Exchange Commission (CySEC) has issued the Directive for the Registration of Cryptoasset Service Providers (CASPs) in accordance with section 61E of the Law 188(I)/2007 (Law), the national Law transposing the Anti-Money Laundering and Counter Terrorist Financing Directive 2018/843 (AMLD5) in Cyprus. According to the Law, providers carrying out activities in relation to cryptoassets must comply with the AMLD5 and register as a CASPs, in the CySEC designated Register before the commencement of such activities.
The Directive regulates the registration and withdrawal of any registration, any material changes to each registration, the organisational and operational requirements for the CASPs as well as the applicable fees.
Definition of Cryptoasset Service Provider
After the transposition into national Law, the CASPs cover the following activities:
Cryptocurrency exchanges (crypto-to-crypto and fiat-to-crypto and vice versa)
Management, administration, transmission, transfer, retention, custodianship and safekeeping of crypto-assets or cryptographic keys or means which allow for the exercise control in cryptoassets
Offering and/or sale of cryptoassets, including the initial coin offering
Participation and/or provision of financial services related to the distribution, offering and/or sale of cryptoassets, including the initial offering
Registration Procedure
For the registration, interested CASPs must submit the relevant CySec application which includes the following:
the name, trade name, legal status, and legal identifier (LEI)
the physical address
website
services offered and/or activities performed as prescribed by the Law
The information above will be made publicly available in the designated CASPs Register maintained by CySEC.
Registration Requirements
CySEC will approve the registration of a CASP provided that it complies with the following:
The applicant must submit all the information, documents required in the application form as well as the addresses of all cryptoassets that will be maintained in the platform. Please note that CySec may request further information during the application review
The members of the Board of Directors as well as any other individual that holds a managerial position must pass the fit and proper test of CySEC, which is satisfied by showing honesty, capability, good repute, knowledge, skills and expertise and dedication of adequate time for the performance of their duties
The Board of Directors must have at least four (4) members, out of which at least two (2) must be executive directors whereas the other two (2) non – executive directors
The beneficial owners of the CASP must also pass the fit and proper test of CySec evidencing good repute and skills to maintain the appropriate financial structure of the CASP
An exclusive website is necessary in the event that the CASP will be operating online without giving access to any other person to operate through their website
The applicant must establish appropriate policies and procedures in order to comply with the Law and this Directive
The applicant must establish appropriate systems and control mechanisms in order to ensure the prudent operation of the CASP including inter alia minimisation of the risk of appropriation or any loss of the CASP’s clients cryptoassets
The CASP must ensure that the remuneration terms of the staff do not conflict with the duty of care that the staff must show in order to act in the best interest of the clients. The CASP must not make any adjustments in the remunerations and targets of sales where they will act as a motivation for the staff to implement aggressive marketing techniques
The CASP must establish robust corporate governance arrangements with explicit, transparent, and clear identifiable reference lines
The CASP must take all reasonable measures establishing a continuity plan and having in place proper policies for the retrieval of data and timely continuance of operations where despite the reasonable measures that are in place, the operations of the CASP have been ceased
The CASP must take all reasonable steps to arrange the outsourcing of essential functions in order to avoid any undue deterioration of the operational risk of the CASP
The CASP must establish proper administrative and accounting policies, internal control mechanisms, risk assessment policies as well as security and control mechanisms for the electronic data processing systems
Based on the scope, nature, scale, and complexity of its activities, the CASP must establish an internal control function which is independent from the other functions and/or operations
The CASP must establish proper security mechanisms, for the purpose of ensuring and verifying the authenticity of the data used for the transmission of information, minimise the risk of destruction of data, the risk of unauthorised access as well as the prevention of leaked information in order to ensure that confidentiality is maintained at all times
The CASP must ensure that records are kept in relation to its performed activities including the relevant correspondences in order to enable CySec to perform its duties and to take such measures to ensure the CASP’s compliance with its obligations
The CASP must ensure that the staff is not involved in multiple duties and where some of the staff is involved in multiple duties, the CASP must ensure that this does not affect the performance of its duties diligently, professionally and with honesty
The CASP must establish proper complaints policies and procedures in order to ensure that the complaints of the clients are duly addressed
The CASP must ensure that its staff is honest and act in a professional manner with the required knowledge according to its duties
Capital Requirements
The applicant must maintain at all times own funds equal to the higher of the following:
€125,000 initial share capital for the provision of the following services
Reception and transmission of orders
Execution of orders on behalf of clients
Exchange between cryptoassets and fiat currencies
Exchange between cryptoassets
Participation and/or provision of financial services regarding the distribution, offer and/or sale of cryptoassets including the initial coin offering (ICO) placing of cryptoassets with a firm commitment basis
Portfolio management
€150,000 initial share capital for the provision of the following services:
Management, transfer, holding and/or safekeeping including the custody of cryptoassets or cryptographic keys or any means that allow the exercise of control on cryptoassets
Underwriting and/or placing of cryptoassets on a firm commitment basis
Operation of Multilateral Trading Facility (MTF) for buying and selling cryptoassets
One Quarter (1/4) of the CASP’s fixed expenses calculated on the basis of the previous year that needs to be revised annually
Withdrawal of CASP’s License from the Register
CySec may delete a CASP from the register if any of the following applies:
The CASP has ceased to offer the services related to cryptoassets for a period of six (6) months
The CASP has been registered pursuant to false representations
The CASP has ceased all its services and activities that fall under the definition of the CASP pursuant to the Law
Applicable Fees
For the purpose of examining the application, CASP must pay €10,000 to CySEC. This amount is not refundable in the event that the application is rejected by CySEC. Please note that when the CASP received its authorisation, then, there is no need to pay any other fee to CySEC for the first (1) year of its authorisation
The annual renewal fee amounts to €5,000 payable to CySEC
For the submission of substantial changes to CySEC, the following fees applies:
€1,000 per activity or service
€2,000 for the notification of any change in the Board of Directors
€5,000 for the notification of any change of the Beneficial Owner of the CASP
€1,000 for the notification of any material change on the website of the CASP
For more information  feel free to contact us at p.koussis@pelaghiaslaw.com.
Panayiotis A. Koussis
Author
Â
Comments