The Cyprus Securities and Exchange Commission (The "CySEC") has recently issued a Directive (R.A.D 269/2021) regarding the operating and registration conditions of the Crypto-Asset Service Providers (the "Directive"), subsequent to the recent implementation and enactment of the 5th AML Directive. As per the directive issued by the CySEC, the registration application to the Register of Crypto-Asset Service Providers owned by CySEC is required to be submitted to CySEC. The applicant's (prospective Crypto-Asset Service Provider) name, physical address, trade name, and legal form must be mentioned in the application. The applicants will be informed by the Commission within the period of six months, starting from the application submission date. As soon as the application for the purpose of registration is officially approved, the applicant will be registered in the register by the CySEC on an immediate basis.

Registration Requirements: The application for the registration in the register will only be approved by CySEC if the applicant is successful in fulfilling all of the conditions mentioned below:

  • All essential documents and information are submitted to CySEC.
  • Individuals occupying an administrative post are highly competent and honest, have a positive image and reputation, possess good skills, knowledge, and have a considerable amount of experience, and are willing to dedicate an adequate amount of time performing the assigned tasks.
  • At least four individuals form and represent the board of directors, of which two members will be considered independent members and the remaining two will administer the business activities.
  • The applicant owns and maintains a personal website, without any likelihood of any other individual operating and running it.
  • Appropriate and pertinent policies and procedures are set up in order to make sure that it complies with the Law and Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing.
  • Internal control mechanisms are applied in order to confirm its forehanded operation and functioning.
  • The applicant possesses sufficient funds.
  • It is made certain that the compensation policy for individuals included in the service provision to clients focusing on inspiring for responsible and sensible conduct, treating clients fairly and avoiding any type of conflict of interest in the relationship with any particular client, and avoids making any type of arrangement in the shape of sales targets, remuneration, or any other kind of related thing that could possibly prompt its staff to follow promotion practices of services and products that are aggressive in nature.
  • Consummate governance arrangements, are in place, with reference lines that are transparent and are clearly identified and defined.
  • All necessary actions are taken in order to ensure the regular and uninterrupted implementation of its operations and upholds a relevant and updated policy to confirm its ceaseless functioning and processes for the purpose of retrieving data and the well-timed continuation of its activities in case of it being interrupted.
  • The applicant maintains well-grounded accounting and administrative procedures, efficacious risk assessment procedures, internal control mechanism, and effectual security and control mechanisms of the data of electronic processing system.
  • An internal audit operation is in place and ultimately maintained, that is independent and separate from the other operations, only where it is suitable and compatible in terms of complexity, scale, and nature of the enterprise.
  • Reasonable security mechanisms are applied, devised to assure the safety of the passage or medium of transfer of information, limit the risk of data getting corrupted along with the access that is not authorized, and resist the leakage of critical information prior to publication, in order to always maintain the data confidentiality.
  • It is made certain that the record is maintained in accordance with all of the operations and functions it performs, which may take into account the pertinent communication in such a manner that enables the Commission to perform its supervisory duties.
  • The applicant confirms that the employees are not engaged in multiple duties until and unless the performance of several duties at one time does not hinder or impede them from doing their work with professionalism, sincerity, and conscientiousness.
  • Relevant policies and procedures are established in order to make certain that potential complaints of its customers are resolved properly.
  • It is made certain that the individuals employed have the necessary knowledge contingent on the tasks that are assigned to them.

Capital Requirements: It is essential for Crypto-Asset Service Providers to possess enough own funds that are at least equivalent to the greater of the amounts mentioned below:

i. the initial amount of capital mentioned in the Annex to the directive that commensurate with their operations and nature;

ii. Twenty-five percent or one-quarter of the Crypto-Asset Service Providers' fixed expenses during the preceding year. The provision of this paragraph will be brought into effect as follows:

a) From January 1, 2022, 30% of the applicable amount;

b) From January 1, 2023, 60% of the applicable amount;

c) From January 1, 2024, 100% of the applicable amount;

Fees and Subscriptions: The applicants are required to pay €10,000 upon the submission of their application which may not be refunded if the application is rejected. In the register, the yearly renewal of the registrations amounts to €5,000.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.