Crypto Asset Services Provider (CASP) established in the European Economic Area and registered with one or more EEA National Competent Authorities for the purpose of the Prevention and Suppression of Money Laundering and Terrorist Financing Law (AML/CFT Law) that delivers services in or from Cyprus, must formally register with the Cyprus Securities and Exchange Commission (CySEC).
In the case when activities or services are not along with the framework that control registration for AML/CFT purposes, it should be submitted an application to be registered as a CASP with CySEC.
It is worth mentioning that the CySEC policy is also an attempt towards qualifying cryptocurrencies (but only these regulated). Crypto Assets (depending on the corporate structure) qualify as financial instruments according with the Investment Services and Activities and Regulated Markets Act or as electronic money according with the Electronic Money.
Existing businesses that perform a material existing crypto-asset activity were obliged to fill an application before the end of October 2021 and be compliance with the AML/CFT Law and the Directives issued according to the AML/CFT Law.
New businesses must register with CySEC before lunching their operations in or from Cyprus.
Legislative framework
In force legislative framework is consist of:
- The CySEC directive for the prevention and suppression of money laundering and terrorist financing
- The CySEC Directive for the register of crypto asset services providers
- The CFT/AML Law
The legislative framework contains provisions such as:
- The operational and organizational requirements
- The efficiency and integrity of CASP beneficiaries and those in management positions
- Sketching the economic profile of customers
- Carrying out KYC activities and other customer due diligence measures
- Controlling the clients’ transactions
- Conditions related to the registration of CASP entities
- Identification of the source of customer funds
- Reporting and identifying suspicious transactions
- Undertaking a comprehensive risk assessment regarding customer activities and taking proportionate measures with respect to each customer, business, and cryptocurrency