In an article published earlier this year, we discussed how the Prevention and Suppression of Money Laundering and Terrorist Financing Law, L.188(I)/2007 (the “AML Law”) was amended in order to harmonise domestic legislation with the 4th and 5th AML Directives (Directives (EU) 2015/849 and 2018/843 and how it introduced, for the first time, provision for the registration of Crypto-Asset Service Providers (“CASPS”). The Cyprus Securities and Exchange Commission (“CYSEC”) was designated as the relevant competent supervisory authority and was given powers to regulate through the issue of Directives.

CYSEC has since exercised its powers under section 61E(1) of the AML Law, by issuing on 25 June 2021, a ‘Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing (Register of Crypto Asset Service Providers)’ (the “CASP Directive”). In this article we examine and summarise some of the CASP Directive’s provisions and comment upon their implications for potential applicants.

CASP Directive Requirements

The CASP Directive, in line with CYSEC’s statutory powers, lays down the conditions with which CASPs must comply in order to appear on a Register of CASPs (the “Register”). The Register – which will, in due course, be published on CYSEC’s website – shall be accessible to the public and will contain, inter alia, the following information relating to CASPs:

We note that, as of the time of writing, the Register has not been launched on CYSEC’s website and is not yet operational.

The CASP Directive provides a regulatory framework in relation to the operation and management of CASPs doing business in Cyprus. Article 6 of the CASP Directive sets out the main conditions CASPs will need to comply with in order to feature on the Register, some of which we summarise below:

Article 6 contains a number of other conditions that CASPs must comply with which relate to the operation of a CASP’s websites, outsourcing, complaints handling and others which are not mentioned above. Other articles in the CASP Directive pertain to, amongst other issues, matters such as the conditions subject to which CYSEC will approve or reject applications for registration, CASPs’ organisational and operating requirements, the assessment of the fitness and propriety of CASPs’ management bodies and shareholders. We note that, article 14 requires that CASPs must maintain at all times a minimum equity capital which is the higher of:

In addition to the above, prospective applicants should note that CYSEC’s fees for reviewing applications for registration as a CASP amount to €10,000. If the application is successful CYSEC’s annual fees are waived for the first year, and amount to €5,000 per annum thereafter. Fees for notifying changes to CYSEC regarding a CASP’s registration details would cost between €1,000 - €5,000 depending on the type of notification required.

Implications for Applicants

In our previous article, which was published prior to the issue of the CASP Directive, a significant question raised was the degree of regulation that CASPs registered with CYSEC would be subjected to compared to the amount of regulation that traditional investment firms and/or electronic money institutions are currently subject to.

It appears that CYSEC has utilised the powers it has been given under section 61E of the AML Law to prescribe requirements beyond those set out in the 4th and 5th AML Directives. For example, part V of the CASP Directive prescribes various organisational and operational requirements such as the provision of information to customers or potential customers (article 14), capital adequacy (article 15) and conflict of interest (article 16) which are more extensive than the requirements set out in the 4th and 5th AML Directives.

It could be argued that the relevant parts of the AML Law combined with the CASP Directive are not distinctive enough to be considered as completely sui generis legislative instruments as many of their provisions mirror, or otherwise clearly derive from the Investment Services Law (L87(I)/2017) implementing the second Markets in Financial Instruments Directive (Directive 2014/65/EU). Several definitions and provisions in the CASP Directive appear to be identical to provisions in the Investment Services Law. For example, articles 13 and 15 of the CASP Directive that deal with the provision of information to customers and conflicts of interest are very similar to sections 24(1), 25(3) – (5) and others in the Investment Services Law.

This similarity in approach was hinted at, by the amendments to the definitions section of the AML Law and was discussed in our previous article. This suggests that, in the eyes of the legislative and regulatory authorities, cryptocurrency has not yet acquired a distinctive enough “legal identity” so as to be legislated for as a distinct category of economic activity, and that consequently, the regulatory approach towards CASPs and cryptocurrencies is likely to closely resemble that taken towards MiFID investment firms and financial instruments, at least in the short term.

It remains to be seen whether the introduction of cryptocurrency regulation through the CASP Directive will encourage more economic activity in the domestic market. Barriers for entry have now been placed in the way of potential applicants. However, the added comfort provided by compliance with regulatory requirements resembling those of MiFID investment firms, may both entice more consumers of such services into the market, and other previously hesitant service providers (such as banks) to either provide services to CASPs or enter the field themselves. In any event, we expect that the proposed Markets in Crypto Assets Directive[1], if enacted, will provide a common regulatory framework for crypto-assets throughout the European Union and will, with the passage of time, ensure that services in relation to crypto-assets will become more commonplace and widely adopted.

[1]Regulation of The European Parliament and of the Council on Markets in Crypto-Assets, and Amending Directive (EU) 2019/1937