News and developments
Cyprus introduces first steps towards Crypto-Asset regulation through AML Law amendments
- Providers of exchange services between virtual currencies and fiat currencies (“Exchange Providers”); and
- Providers of custody services for virtual currencies (“Custody Providers”).
a) fiat currency; or
b) electronic money; or
c) a financial instrument as defined in Part III of the First Appendix of [L144(I)/2017][2]
The exclusion of “fiat currency” from the Amending Law definition appears unnecessary as fiat currencies are usually both issued by central banks and constitute legal tender. This means that they are extremely unlikely to fall within the definition of Virtual Currency as set out in the AML Directives and which was for the most part adopted by the Amending Law. On the other hand, the exclusion of “electronic money” and “financial instruments” from the Crypto-Asset definition appears designed to remove any electronic money and financial instruments, already subject to regulation from falling under Crypto-Asset regulation to avoid potential jurisdictional overlap. This is discussed further in the Jurisdictional Overlap section below. Defining the business of Crypto-Asset Services Providers (“CASPS”) Although the AML Directives introduced a definition of “Virtual Currencies”, they did not introduce an equivalent definition for Exchange Providers. Instead, the AML Directives merely set out that any “providers engaged in exchange services between virtual currencies and fiat currencies” fall within the Directives’ scope[3] and that Member States must ensure that such providers are registered[4]. The AML Directives did however provide the following definition for Custody Providers (which must also be registered): ‘custodian wallet provider’ means an entity that provides services to safeguard private cryptographic keys on behalf of its customers to hold, store and transfer virtual currencies[5] The Amending Law introduces a definition for Crypto-Asset Services Providers (“CASPs”) that appears to cast a wider net than the 5th AML Directive and seems intended to encompass both Exchange Providers and Custody Providers. Section 2 of the AML Law defines a CASP as: any person who provides or carries out one or more of the following services or activities to another person or on behalf of another person to the extent that these do not fall within the services or activities provided by entities referred to in paragraphs (a) to (h) of section 2A of the AML Law[6]:(a) the exchange of crypto-assets for fiat currency;
(b) the exchange of crypto-assets for other crypto-assets;
(c) the management, transfer, retention, and/or safekeeping, including custody, of crypto-assets, cryptographic keys or any others means which permit the exercise of control over crypto-assets;
(d) the offer and/or sale of crypto-assets, including any initial offering; and
(e) the participation in and/or provision of financial services related to the distribution, offer and/or sale of crypto-assets[7], including their initial offer.
(referred to below as the “CASP Definition”) It is worth noting the following points in relation to the above definition:- The AML Directive definition for Custody Providers (“custodian wallet provider”) appears to only capture entities that provide services in relation to the safeguarding of “cryptographic keys”. The CASP Definition in the AML Law appears to be wider in that it also captures entities which provide custody of Crypto-Assets (rather than just the custody and/or safeguarding of crypto-graphic keys) as well as “any other means” which permit the exercise of control of crypto-assets.
- It appears difficult to distinguish between the “exchange of crypto-assets for fiat currency” and the “exchange of crypto-assets for other crypto-assets” in sub-paragraphs (a) and (b) and the “offer and/or sale of crypto-assets” in sub-paragraph (d) as, in practical terms, the sale of a Crypto-Asset effectively consists of the exchange of fiat currency for the Crypto-Asset in question, or the exchange of one Crypto-Asset for another. Given the similarity in meaning and the inclusion of the term “initial offering” (as well as the word “offer”) in sub-paragraph (d) of the CASP Definition, the sub-paragraph may be aimed towards ensuring that any entities that issue their own Crypto-Assets, or are otherwise involved in Initial Coin Offerings[8], fall within the definition of a CASP and become subject to the provisions of the AML Law.
- Sub-paragraph (e) in the CASP Definition refers to the participation in and/or provision of “financial services related to the distribution, offer and sale of crypto-assets”. This term is given a specific meaning in section 2 of AML Law as follows:
‘financial services related to the distribution, offer and sale of crypto-assets’ means the following services and activities in relation to crypto-assets:
(a) Reception and transmission of orders;
(b) Execution of orders on behalf of clients;
(c) Dealing on own account;
(d) Portfolio management;
(e) Investment advice;
(f) Underwriting and/or placing of crypto-assets on a firm commitment basis;
(g) Placing of crypto-assets without a firm commitment basis; and
(h) Operation of a multilateral system in which multiple third-party buying and selling trading interests in crypto-assets are able to interact in the system.
The above list closely replicates the list of Investment Services and Activities set out in Section 1 of Annex I of MiFID II and Part 1 of the First Appendix of the Investment Services Law. It is therefore apparent that any form of service, which constitutes a MiFID II investment service when offered in relation to financial instruments, will fall within the scope of the AML Law, and would require the provider to register in accordance with the provisions of the AML Law when it is offered in relation to Crypto-Assets. The adoption of near-identical terms to those in Section 1 of Annex I of MiFID II suggests that the regulatory approach towards Crypto-Assets might, in the short-term at least, closely resemble the regulatory approach currently taken towards MiFID II financial instruments. This appears to be confirmed by the designation of CYSEC as the supervisory authority for CASPs.- The CASP definition specifically excludes services or activities that fall “within the services or activities provided by entities referred to in paragraphs (a) to (i) of section 2A of the AML Law”. Paragraphs (a) to (i) of section 2A of the AML Law refer to, inter alia, Credit Institutions[9] and Financial Institutions[10] which are subject to separate and extensive financial services regulation. This appears aimed at ensuring that entities that fall under the scope of existing financial services legislation, and which offer services in relation to Crypto-Assets, are excluded from any requirements that may apply to CASPs to avoid jurisdictional overlap, although this may lead to some interesting outcomes which are discussed in further detail in the Jurisdictional Overlap section below.
- CYSEC will prepare and maintain a register of CASPs (the “Register”);
- CYSEC will publish the Register on its website or in any other way that it may decide; and
- CYSEC may determine by Directive how the Register will operate, be maintained and be updated.
- The conditions subject to which CYSEC will approve or reject applications for registration;
- CASPs’ organisational and operating requirements;
- Registration fees; and
- The assessment of the fitness and propriety of CASPs’ management bodies and shareholders.
- An entity that is properly authorised and regulated under existing financial services legislation (a “Regulated Entity”) might offer services in relation to Crypto-Assets; or
- A Crypto-Asset might be deemed to be a “financial instrument”, or “electronic money” under existing financial services legislation;
(a) Credit institutions;
(b) Financial institution;
(c) Any of the following natural or legal persons in the exercise of their professional activities:
(i) Auditor, external accountant and tax advisor;
(ii) Independent legal professional…[when providing certain services];
(d) Natural or legal person not already covered under paragraph (c) [when providing certain services]
(e) estate agents, including when acting as intermediaries in relation to the rental of property in relation to transactions for which the monthly rental amounts to, or exceeds, ten thousand euro (€10,000);
(f) providers of gambling services, [as provided in the relevant laws of Cyprus];
(g) casino [which falls under the scope of the laws relevant to the operation and supervision of casinos];
(h) a person trading in goods, if the payment is made or collected in cash and it concerns an amount equal to or greater than ten thousand euro (€10.000), regardless of whether the transaction is carried out in a single operation or in several operations which appear to be linked.
It therefore appears that where a Regulated Entity offers any of the services set out in the CASP Definition in relation to Crypto-Assets it would be exempt from the requirements set out in section 61E of the AML Law described above. In practice, we would expect that the vast majority of persons offering services in relation to Crypto-Assets that would be exempt from registration requirements under section 61E of the AML, would consist of credit institutions and/or investment firms that may in time begin to offer services in relation to Crypto-Assets. However, rather interestingly, as currently drafted the AML Law also provides that, for example, estate agents or providers of gambling services, may offer services in relation to Crypto-Assets without having to seek entry onto the Register, without having to comply with any of the additional requirements provided for by section 61E, and without having to comply with any future requirements that might be set out in future CYSEC Directives. It remains to be seen whether this position will be amended in future, whether through CYSEC Directive or a different legislative instrument. Crypto-Assets as Financial Instruments or Electronic Money A detailed discussion regarding the extent to which Crypto-Assets might constitute financial instruments for the purposes of MiFID II or electronic money for the purposes of the Electronic Money Directive (Directive 2009/110/EC) is beyond the scope of this paper but we note that there have been a number of publications released in the past few years that discuss the relevant issues at length. In particular we note the European Securities and Markets Authority’s (“ESMA”) Advice on Initial Coin Offerings and the European Banking Authority’s (“EBA”) Report on Crypto-Assets that were both published on 9 January 2019 and discussed the legal qualification of Crypto-Assets under EU financial services laws. Both papers summarise consultations with EU National Competent Authorities (“NCAs”) regarding the legal qualification of Crypto-Assets in different EU jurisdictions. Several NCAs (the papers did not specify which) deemed that in certain circumstances Crypto-Assets can qualify as both financial instruments and/or electronic money. At the national level, neither CYSEC nor the Central Bank of Cyprus have published any guidance setting out their views as to when a Crypto-Asset might constitute a financial instrument or electronic money for the purposes of the Investment Services Law or the domestic law implementing the Electronic Money Directive. In the absence of any specific guidance from either regulator it is difficult to draw conclusions about the approach that either regulator might take. It is evident that the features and nature of any given Crypto-Asset will be crucial as regards its legal qualification. The implication of any given Crypto-Asset qualifying as a MiFID II financial instrument or electronic money would be wide-ranging. For example, if a Crypto-Asset qualified as MiFID II financial instrument a full set of EU and domestic rules and legislation, including, inter alia, MiFID II, the Investment Services Law, the Central Securities Depositary Regulation and the Settlement Finality Directive might come to apply to the provision of any services in relation to that Crypto-Asset. As such, any entities that might be considering registering as a CASP with CYSEC, might need to consider the extent to which any of the Crypto-Assets might qualify as MiFID II financial instruments or electronic money meaning that any services offered in relation to might fall under existing financial services legislation. If so, then any such firms would likely be required to apply for authorisation as an investment firm, electronic money institution or for another type of license. Further, they would need to remain vigilant in ensuring that any Crypto-Assets in relation to which they might offer services in the future is not deemed to fall under financial services legislation. Finally, in advance of any Directives regarding the matter being published by CYSEC it is difficult to anticipate the degree of regulation that CASPs registered with CYSEC will be subjected to as compared to the amount of regulation that investment firms and/or electronic money institutions are currently subject to. It is however worth noting the following:- Article 47(1) of the AML Directive provides that “Member States shall ensure that providers of exchange services between virtual currencies and fiat currencies and custodian wallet providers, are registered, that currency exchange and cheque cashing offices, and trust or company service providers are licensed or registered, and that providers of gambling services are regulated”. The use of different terms (as underlined above) for different types of entity in article 47(1) of the AML Directive suggests that, at the EU level at least, the expectation is that providers of gambling services will be subject to more control than Exchange Providers. It should however be noted that there is nothing to prevent any EU Member State from mandating more onerous requirements for Exchange Providers.
- This appears to be the case in Cyprus where section 61E of the AML Law gives CYSEC the power to issue Directives in relation to matters that go beyond the requirements set out in the AML Directive. For example section 61E(7) of the AML Law provides that CSYEC will adopt and apply organisational and operational requirements for CASPs, where there is no such equivalent requirement in the Directive.
[1] Article 3(18) of the 4th AML Directive; [2] L144(I)/2017 (the “Investment Services Law”) transposes the Second Markets in Financial Instruments Directive, Directive 2014/65/EU, (“MiFID II”) into domestic law. Note that the definition of “financial instruments” in the Investment Services Law effectively adopts the definition of “financial instruments” in MiFID II. [3] Article 2(1)(3)(g) 4th AML Directive; [4] Article 47(1) 4th AML Directive; [5] Article 3(19) of the 4th AML directive; [6] This list includes credit institutions, investment firms and other bodies and is discussed further below; [7] This term is also defined in s2 of the AML Law; [8] Initial Coin Offerings can be described as the crypto-currency industry’s equivalent to Initial Public Offerings; [9] As defined in article 4(1)(1) of the Capital Requirements Regulation, (Regulation (EU) 575/2013); [10] The term as defined in the AML Law includes Investment Firms as defined in section 2(1) of the Investment Services Law (and MiFID II), insurance and reinsurance undertakings, collective investment undertakings and other financial services firms;