On the 25th of June 2021, the Cyprus Securities and Exchange Commission (CySEC) issued the Directive for the Registration of Cryptoasset Service Providers (CASPs) in accordance with section 61E of the Law 188(I)/2007 (the “Law”), the national Law transposing the Anti-Money Laundering and Counter Terrorist Financing Directive 2018/843 (the “AMLD5”) in Cyprus. According to the Law, providers carrying out activities in relation to cryptoassets must comply with the AMLD5 and register as CASPs, in the designated Register maintained by CySEC.
The Directive regulates the registration and withdrawal of any registration, any material changes to each registration, the organisational and operational requirements for the CASPs as well as the applicable fees.
What is a Cryptoasset Service Provider?
CASP is defined as a legal person who provides or exercises, one or more of the following services or activities to another person or on behalf of another person:
Cryptocurrency exchanges (crypto-to-crypto, fiat-to-crypto and vice versa)
Management, administration, transmission, transfer, retention, custodianship and safekeeping of crypto-assets or cryptographic keys or means which allow for the exercise control in cryptoassets
Offering and/or sale of cryptoassets, including the initial coin offering
Participation and/or provision of financial services related to the distribution, offering and/or sale of cryptoassets, including the initial offering
The definition of Financial Services related to the distribution, offering and/or sale of cryptoassets under the AMLD5 includes the following services and activities:
Reception and transmission of orders
Execution of orders on behalf of clients
Dealing on own account
Portfolio management
Provision of investment advice
Underwriting and/or placing of cryptoassets on a firm commitment basis
Placing of crypto assets without a firm commitment basis
Operation of a multilateral system where multiple third-party buying and selling
Trading interests in cryptoassets are able to interact in the system in a way that results in a transaction
Registration Procedure
For the registration, interested CASPs must submit the relevant CySEC application which includes the following:
the name, trade name, legal status, and legal identifier (LEI)
the physical address
website
services offered and/or activities performed as prescribed by the Law
The information above will be made publicly available in the designated CASPs Register.
Registration Requirements
CySEC will approve the registration of a CASP provided that it complies with the following:
The applicant must submit all the information, documents required in the application form as well as the addresses of all cryptoassets that will be maintained in the platform. Please note that CySEC may request further information during the application review
The members of the Board of Directors as well as any other individual that holds a managerial position must pass the fit and proper test of CySEC, which is satisfied by showing honesty, capability, good repute, knowledge, skills, expertise, and dedication of adequate time for the performance of their duties
The Board of Directors must have at least four (4) members, out of which at least two (2) must be executive directors whereas the other two (2) non – executive directors
The beneficial owners of the CASP must also pass the fit and proper test of CySEC evidencing good repute and skills to maintain the appropriate financial structure of the CASP
An exclusive website is necessary in the event that the CASP will be operating online without giving access to any other person to operate through their website
The applicant must establish appropriate policies and procedures in order to comply with the Law and this Directive
The applicant must establish appropriate systems and control mechanisms in order to ensure the prudent operation of the CASP including inter alia minimisation of the risk of appropriation or any loss of the CASP’s clients cryptoassets
The CASP must ensure that the remuneration terms of the staff do not conflict with the duty of care that the staff must show in order to act in the best interest of the clients. The CASP must not make any adjustments in the remunerations and targets of sales where they will act as a motivation for the staff to implement aggressive marketing techniques
Τhe CASP must establish robust corporate governance arrangements with explicit, transparent, and clear identifiable reference lines
The CASP must take all reasonable measures establishing a continuity plan and having in place proper policies for the retrieval of data and timely continuance of operations where despite the reasonable measures that are in place, the operations of the CASP have been ceased
The CASP must take all reasonable steps to arrange the outsourcing of essential functions in order to avoid any undue deterioration of the operational risk of the CASP
The CASP must establish proper administrative and accounting policies, internal control mechanisms, risk assessment policies as well as security and control mechanisms for the electronic data processing systems
Based on the scope, nature, scale, and complexity of its activities, the CASP must establish an internal control function which is independent from the other functions and/or operations
The CASP must establish proper security mechanisms, for the purpose of ensuring and verifying the authenticity of the data used for the transmission of information, minimise the risk of destruction of data, the risk of unauthorised access as well as the prevention of leaked information in order to ensure that confidentiality is maintained at all times
The CASP must ensure that records are kept in relation to its performed activities including the relevant correspondences in order to enable CySEC to perform its duties and to take such measures to ensure the CASP’s compliance with its obligations
The CASP must ensure that the staff is not involved in multiple duties and where some of the staff is involved in multiple duties, the CASP must ensure that this does not affect the performance of its duties diligently, professionally and with honesty
The CASP must establish proper complaints policies and procedures in order to ensure that the complaints of the clients are duly addressed
The CASP must ensure that its staff is honest and act in a professional manner with the required knowledge according to its duties
Capital Requirements
The applicant must maintain at all times own funds equal to the higher of the following:
€125,000 initial share capital for the provision of the following services:
Reception and transmission of orders
Execution of orders on behalf of clients
Exchange between cryptoassets and fiat currencies
Exchange between cryptoassets
Participation and/or provision of financial services regarding the distribution, offer and/or sale of cryptoassets including the initial coin offering (ICO) placing of cryptoassets with a firm commitment basis
Portfolio management
€150,000 initial share capital for the provision of the following services:
Management, transfer, holding and/or safekeeping including the custody of cryptoassets or cryptographic keys or any means that allow the exercise of control on cryptoassets
Underwriting and/or placing of cryptoassets on a firm commitment basis
Operation of Multilateral Trading Facility (MTF) for buying and selling cryptoassets
One Quarter (1/4) of the CASP’s fixed expenses calculated on the basis of the previous year that needs to be revised annually.
How Pelaghias, Christodoulou, Vrachas LLC can help you?
CASP Licensing Services
Consulting and advising on the optimal structure of the business based on client needs
Preparation and coordination of the CySEC application including, inter alia, the drafting and reviewing of all the documents required for the CASP license
Liaising and following up with CySEC and other competent authorities until successful completion of the licensing procedure and authorisation
Ongoing legal support in relation to the CASP’s regulatory obligations as well as its day-to-day operations
Comments