Directive for Registration of Crypto Asset Service Providers
Copyright 2021 Christiana Aristidou LLC
Authored by: Christiana Aristidou , Evdokia Markou.
The Cyprus Securities and Exchange Commission (CySEC) has issued the Directive for the Registration of Crypto Asset Service Providers (CASPs) in accordance with section 61E of the Law 188(I)/2007, (Law) the Cypriot law transposing the Anti-Money Laundering and Counter Terrorist Financing Directive 2018/843 (AMLD5) in Cyprus. According to the Law, providers carrying out cryptoactivity must comply with the AML regime and register as a Crypto Asset Service Provider, in the CySEC registry (Registry) before conducting or to continue conducting such activity.
The Directive regulates the registration and withdrawal of registration, any material changes to the registration, the organisational and operating requirements for CASPs, and the applicable fees.
For the registration, interested providers must submit the relevant CySEC application with the name, trade name, legal status & legal identifier, the address, and website of their crypto entity, and their prospective services, as prescribed by the Law; these details will be published and made publicly available in the Registry. The applicant must provide the address of the relevant cryptoassets. Applicants must also comply with additional requirements for registration, that deal with:
- Capital adequacy. Initial capital and own fund conditions (initial capital ranges from EUR 125K – 150K, depending on services).
- Good repute and competence of directors/persons with managerial position, and good repute and financial soundness of beneficiaries with qualifying holding in applicant.
- Board composition: at least 4 directors, 2 executive and 2 non-executive/independent.
- Close links of applicant with third parties.
- Applicant’s compliance with the AML regime (the Law and the Directive).
- Robust governance and business continuity arrangements, record-keeping, and complaint handling processes.
- Proper administrative, accounting, internal control, risk assessment, and digital processing of data systems/mechanisms, protection, and confidentiality of data.
- Operational Functions’ outsourcing.
- Requirements on competence and conduct by staff, and remuneration conditions.
CySEC has six (6) months to decide on the application for registration.
The Directive regulates the organisational and operating aspects of CASPs regarding the commercial communications and information to clients, their ongoing capital adequacy, and their handling and mitigation of potential conflict of interests to protect their clients.
The Directive also deals with the withdrawal and suspension of registrations. CySEC may withdraw or suspend registrations on the specific grounds in the Directive. CASPs may also apply to have their registration withdrawn.
For changes to the registration details, applicants must either inform CySEC to update the details (regarding name, trade name, legal identifier, or physical address of CASP) or submit such changes to CySEC for prior approval (for material changes (per Directive) in the scope of CASPs’ services, crytpoassets addresses, directors/persons with managerial position, beneficiaries, and the website).
The registration fees are €10.000, and the renewal fees are €5.000, while for any material changes the fees range from €1.000 to €5.000, depending on the nature of the material change.
CySEC will publish a Policy Statement to further clarify and substantiate aspects of the relevant processes.
The Directive goes into effect on June 25, 2021. Please note that for the own fund conditions, the calculation of fixed expenses, as one of the two possible grounds for meeting the own fund requirements, as the greater between a) initial capital requirement, and b) 1/4 of the CASP’s fixed expenses of the previous years, is based on a transitional basis, starting from 30% of the 1/4 of fixed expenses from Jan 1, 2022, 60% of the said fixed expenses from Jan 1, 2023, and 100% of the said expenses from Jan 1, 2024 and thereafter.
Our hybrid lawtech firm offers services and advice for:
- The registration of a Crypto-asset service provider in accordance with the CySEC Directive.
- Preparation and support in the application process before CySEC, and all connected policies and procedures, manuals, documentation, including:
- AML/CFT policy/manual,
- Data Protection and Confidentiality,
- Security Policy Document,
- Governance arrangements and Internal Controls,
- Complaint handling and following up,
- Conflict of interest and mitigation policy,
- Commercial Communications and marketing policy,
- Operations policy, including systems and controls against risk of loss or theft of cryptoassets.
- Advice and support on registration and ongoing requirements regarding:
- Good repute and competence requirements for directors/managers and beneficiaries, and additionally financial soundness requirement for the latter,
- Corporate structure,
- Capital adequacy,
- Staff conduct and remuneration requirements,
- Systems and controls,
- General Compliance matters,
- Changes and material changes: advice and handling of specific process required,
- Crypto Asset – specific advice and support.
- Communication with CySEC in all steps and processes.