REGULATORY DEVELOPMENTS IN CRYPTOASSET SERVICES & PROVIDERS
Authors: Christiana Aristidou, Evdokia Marcou
Many clients have raised inquiries about the registration process with the Cyprus Securities and Exchange Commission (CySEC) for Anti-money Laundering (AML) purposes to conduct business as cryptoasset service providers (CASPs).
Here, we focus on the developments around cryptoasset services following the update of the AML framework in Cyprus and the latest regulatory guidance domestically, by the Central Bank of Cyprus, and internationally.
Cyprus AML Update on Cryptoasset Services
In February 2021, Cyprus transposed the 5th AML (EU) Directive into the domestic AML regime by updating the existing AML law (188(Ι)/2007). The new AML law obliges the so-called “crypto asset service providers” (CASP) to comply with the AML regime and register in a CySEC – operated central registry before offering any within-scope cryptoasset services. The law identifies CySEC as the competent authority to supervise and monitor the central registry and the compliance of CASP with the relevant AML regime. CySEC is responsible to issue guidelines and directions on the relevant registration process.
The recent domestic update expands the scope of the corresponding EU directive covering a wider range of services connected with cryptoassets. Cyprus introduces an encompassing definition for CASP, in line with the issued Financial Action Task Force (FATF) recommendations, and, for that matter, the draft updated FATF recommendations currently in consultation (even though FATF uses the different terminology of “virtual asset service providers”). The 5th AML Directive restricts the scope to providers of exchange services between virtual currencies (terminology used) and fiat currency and custodian wallet providers. The Cypriot law goes further than the EU directive, capturing a wide range of business activities related to cryptoassets.
Scope of CASP
CASP are providers of the following services, a) exchange services between crypto assets and fiat currencies, b) exchange services between crypto assets, c) administration, transfer, safekeeping, including custody services related to crypto assets and cryptographic keys that permit control over crypto assets, d) offer and/or sale of crypto assets, including initial offering, and e) participation and/or provision of financial services regarding the distribution, offer and/or sale of crypto assets, including initial offering – the definition for these financial services in the AML law broadly coincides with the definition of investment services in Part 1 of the domestic investment services law.
Cryptoassets are defined as in the 5th AML Directive. The law further clarifies that fiat currency, electronic money, and financial instruments (defined in MiFID II) are excluded from the scope of cryptoassets.
The expansive and encompassing approach endorsed in the updated AML law aims at capturing various business services connected with cryptoassets, including providers of exchange services (for both crypto-to-crypto and fiat-to-crypto), custodian wallet providers, ICO issuers, and businesses that offer or even participate in the provision of financial services regarding crypto assets.
Initial Coin Offerings (ICO)
ICO issuers have been the subject of regulatory debate. As an alternative means to finance project, ICO attract the interest of project owners and investors. Absent clear and certain regulatory guidance, the deployment of ICO has been equally uncertain and challenging in terms of regulatory compliance. Further to the new definition of CASP, ICO issuers may fall within the new AML regime. ICO issuers or promoters may be obliged to comply with AML obligations and register with CySEC. To determine whether an ICO issuer or promoter is an AML-obliged entity, the crypto assets and their status, nature and function, and the nature and details of the activity or service provided must be examined. Crypto assets, for AML purposes, exclude financial instruments, including transferable securities, and e-money. Where an ICO involves the offering of securities, then the applicable securities laws will apply and the service provider will not be regulated as a CASP but as a provider of financial services. Similarly, crypto assets functioning as e-money would be regulated under the applicable laws for e-money services and the involved providers would be treated, for AML purposes, as e-money institutions. In other cases, however, ICO issuers/promoters must ensure their compliance with the new AML provisions, including their registration with CySEC, as CASP.
The new AML regime means that many providers of cryptoasset services will be AML–obliged entities and will need to register with CySEC. We note that the registration obligation burdens CASP that by way of business provide cryptoasset services: 1) from Cyprus, regardless of their registration in a relevant registry of another EU Member State for these services, and 2) to Cyprus, except for businesses that have already registered in a relevant registry of another EU Member State for these services.
CySEC is required to issue the conditions and guidelines for the registration of CASP. These are expected soon. Given that the approach in the new AML law is heavily informed by the FATF recommendations on virtual assets, it is likely that CySEC will follow FATF in setting and assessing the criteria for the registration and supervision of CASP for AML purposes.
The latest FATF recommendations, currently in draft form and public consultation, expected to be finalized in June 2021, call for a risk-based approach in terms of AML compliance of virtual asset service providers, and a functional and broad-interpretation approach for the definitions and concepts of cryptoassets and cryptoasset service providers.
AML compliance and a successful registration process for cryptoasset services will probably rely on a careful assessment of the risks involved and the presentation of adequate means and designs to combat such risks. This assessment would need to follow the AML conditions provided in the law and, possibly, specific considerations arising on account of cryptoassets. CASP will need specialized guidance to overcome the registration requirements and be in full compliance with the regulatory hurdles.
The updated AML framework in Cyprus will enable CASP to conduct cryptobusinesses in Cyprus with more certainty. The AML obligations and the registration with CySEC need to be carefully followed before offering any cryptoasset services. We are soon expecting the CySEC requirements and directions on the registration process. We expect it to be heavily informed by the latest FATF recommendations. The position of CBC is informed by the lack of across-the-board regulation for cryptoassets. Their registration with CySEC and the need to comply with AML obligations will grant to in-scope cryptoassets a significant layer of security. It remains to be seen how this will affect CBC.
The registration process and the continuing monitoring for the AML compliance of CASP are significant, demanding specialized support. Our lawtech firm is well-versed to address the needs for the AML compliance of CASP, not least due to our wide experience in the AML regime, as informed by all domestic, EU and international laws, standards, guidelines, rules, recommendations and standards, and our expertise in the cryptoindustry and the latest developments thereof.
The information PROVIDED in this information sheet/article is solely for individual education and understanding of the legal issues involved and should not be considered as legal advice. Do not rely upon or act on the said information without taking pro legal advice relating to your own particular situation. You must consult with your own legal counsel for guidance on the application of this information to your own specific case. We are not responsible for any errors or omissions in the contents.
CHRISTIANA ARISTIDOU LLC