CySEC has issued a Circular on 3 August, providing some clarity on the matters of the prudential treatment of crypto assets and enhancement of risk management procedures associated with them, focusing on Cyprus Investment Firms ('CIFs').

In relation to calculation of own funds and capital adequacy ratio (Pillar I), there still being no reference in the current prudential framework for crypto assets, the following treatment should be used by the CIFs when calculating their capital adequacy requirements:

  • For Direct investment in crypto assets on a non-speculative basis, a CIF should handle these investments according to Article 36(1)(b) of the Regulation (EU) No. 575/2013 (the 'CRR'), ie. direct capital deduction from own funds, as referred to at Article 9(2) of Regulation (EU) 2019/2033 ('IFR').
  • For Direct investment in crypto assets on a speculative basis, a CIF should treat these as investments in a derivative product taking into consideration both of the Counterparty Credit Risk and the Market Commodity Risk.
  • For direct investment of a CIFs' clients in crypto assets and/or in financial instruments relating to crypto assets with the CIF acting as the counterparty to these transactions, the CIF should also assess the Counterparty Credit Risk and Market Commodity Risk, as the CIF is acting as a market maker for its clients.

In relation to the Internal Capital Adequacy Assessment Process ('ICAAP') (Pillar II), CIFs should assess the risks from trading in crypto assets, and/or in financial instruments relating to crypto assets, for their own account or for their clients within the ICAAP, involving also a sensitivity analysis on the CIF's projections.

Furthermore, CIFs should disclose within their Pillar III disclosures any material crypto-asset holdings and include information on:

  • the exposure amounts of different crypto-asset exposures,
  • the capital requirement for such exposures and
  • the accounting treatment of such exposures.

CIFs, which trade in crypto assets, and/or in financial instruments relating to crypto assets, should reassess their risk management procedures and strategies and ensure that all risks associated with these products are duly taken into consideration.

In general, investors should be reminded that according to the Cyprus Law on Capital Adequacy of Investment (L.97(I)/2021), CIFs "must have in place sound, effective and complete strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that they consider adequate to cover the nature and level of the risks to which they are or might be exposed". Moreover, they "must ensure that the board of directors approves and periodically reviews the strategies and policies for taking up, managing, monitoring and mitigating the risks the CIF is or might be exposed to".

Apart from the above, UY recommends CIFs should also examine taking mitigating measures against operational, cybersecurity and reputational risks.

The Circular can be found here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.