CySEC has issued Circular C478 on 21 December 2021, informing Regulated Entities (i.e., CIFs, ASPs, UCITS, AIFMs, AIFs, AIFLNPs, CASPs, etc.) on the result of the National Risk Assessment (‘the NRA’) on Money Laundering and Terrorist Financing (‘ML/TF’) risks of Virtual Assets (‘VA’) Activities and Virtual Asset Service Providers (‘VASPs’), which was published by the Ministry of Finance of the Republic of Cyprus.

The NRA Report focuses on the ML/TF risks imposed by VA and VASPs, by identifying and assessing the risks that may arise through the use of these new technologies. In addition, it includes recommendations and other appropriate measures in order to manage and mitigate those risks, as required by the relevant FATF’s Recommendations.

CySEC considers the NRA Report to be of assistance to the Regulated Entities engaging or seeking to engage in VA activities, in understanding their AML/CFT risks and obligations and how they can effectively comply with these obligations. Therefore, CySEC expects that all Regulated Entities study the Report in depth, as its contents should be taken into account when assessing AML/CFT risks, thereby, improving the effectiveness of the measures and procedures applied.

CySEC has already commenced the implementation of measures/actions in order to address the identified risks by issuing:

1. the Policy Statement PS-01-2021 (available here) to outline its approach on the registration and operations CASPs under the AML/CFT Law,
2. the CySEC Directive for registration of CASPs (available here), and
3. the Circular C476 (available here) relating to the FATF’s Guidance on Risk-based Approach for VA and VASPs.

Lastly, CySEC is in the process of amending its Directive for the Prevention and Suppression of Money Laundering and Terrorist Financing, to accommodate the FATF Recommendation regarding virtual asset transfers.

Our team shall keep you updated on future updates!

In case you have any queries that you would like to discuss, feel free to contact us.

The European Securities and Markets Authority (ESMA) has updated its Question and Answers (available here), relating to the application of the Alternative Investment Fund Managers Directive (AIFMD), Directive 2011/61/EU.

ESMA added a new question under Section XI of the Q&As which clarifies whether managers of undertakings investing in crypto assets are or not subject to the AIFMD. According to ESMA, this should be assessed on a case-by-case basis, while market participants and national competent authorities (NCAs) should pay attention to the guidance provided in the ESMA Guidelines on key concepts of the AIFMD.

In particular, collective investment undertakings raising capital from a number of investors to invest in crypto assets in accordance with a defined investment policy for the benefit of those investors
will qualify as ‘AIF’ in accordance with Article 4(1)(a) of the AIFMD.

As the AIFMD does not provide a list of eligible or non-eligible assets, AIFs may in principle invest in any traditional or alternative assets, as long as, the AIFM can ensure compliance with the AIFMD. However, more specific investment and risk diversification requirements for AIFs investing in crypto assets, as well as, limitations regarding the target investors of such AIFs may exist at national level.

Lastly, ESMA via its updated Q&As reminded market participants and investors of the high risks involved in investments in crypto-assets (relevant is also the joint ESMA, EBA and EIOPA warning dated February 2018 (accessible here).

In case you have any queries that you would like to discuss, feel free to contact us.

CySEC has issued a Policy Statement (available here), relating to its decision to further amend Directive 87-04, in an effort to ensure the smooth transition of  UK groups / firms operating under the Temporary Permissions Regime (TPR), until they establish physical presence in Cyprus.

CySEC introduced TPR, so that UK firms can continue to provide investment services without physical presence in Cyprus, under the condition that they only offer their services to eligible counterparties and/or professional clients based in Cyprus.

In this respect, CySEC amended Directive DI87-04, allowing companies to continue operating under the TPR regime, until their application to establish a branch or a new CIF or acquire stakes including qualifying stakes in an existing CIF (i.e. physical presence in Cyprus), is reviewed by CySEC. In case of a successful assessment of such an application, a period of additional six (6) months will be granted by CySEC, in order to ensure smooth and compliant onboarding of clients and for such physical establishments to become fully operational.

The TPR entities that will be eligible to continue operating under the TPR after 31^st of December 2021, will be listed in a bespoke section on CySEC’s website. The rest of the TPR entities must cease their actively solicited operations in Cyprus by 1^st of January 2022.

Considering the ongoing impact of the Covid-19 pandemic, the Financial Services Commission, Mauritius (the “FSC”) via the issuance of a regulatory relief is granting an extension of deadlines for some balance sheet dates to FSC licensees, which are unable to comply, in a timely manner, with their filing obligations under the relevant Acts.

Administrative penalties will not be levied provided that FSC licensees comply with their filing obligations within the extended timeline granted by the FSC, as indicated in tables A to C below.

Failure to comply with the extended time, as applicable, will trigger the imposition of administrative penalties pursuant to the Financial Services (Administrative Penalties) Rules 2013.

The FSC has stated that, no further request for extension will be granted in relation to the below reporting deadlines.

The table below highlights usual reporting deadlines, as well as, the extension granted to the
FSC Licensees:

A. Financial Statements

B. Statutory Returns

C. RMF Returns

Our team of FiveComply experts can assist you in complying and submitting in a proper and timely manner the regulatory reports imposed by the FSC.

CySEC via the issuance of its Circular C476 has informed Regulated Entities (CIFs, CASPs, ASPs, AIFMs, etc.) that the Financial Action Task Force (FATF) has updated its 2019 Guidance for a Risk-Based Approach to Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). Special consideration, shall be attributed by CySEC Crypto Asset Service Providers (CASPs) to the FATF Guidance.

The revised Guidance shall form part of the FATF’s ongoing monitoring on VAs and VASP sector.

In summary, the Guidance covers, inter alia, the following:

• explains how the FATF Recommendations should apply to VA activities and VASPs;
• provides relevant examples and types of activities covered and/or excluded by the VASP definition;
• identifies obstacles to applying mitigating measures to the dangers deriving and associated with VA activities and VASPs;
• and offers potential solutions;
• more detailed definitions of virtual asset and VASP;
• examines a non-exhaustive list of elements that need to be considered by VASPs to determine how best to mitigate the relevant ML/CFT risks.

Our team at FiveComply can assist you to understand and comply with the imposed AML/CFT requirements, by identifying, assessing, and determining how to mitigate efficiently the ML/CFT risks associated with VA activities and the provision of VASP products or services.

At its October 2021 Plenary, the FATF concluded that Mauritius would NO longer be subject to increased monitoring by the FATF, as Mauritius strengthened the effectiveness of its AML/CFT regime and addressed related technical deficiencies to meet the Action Plan’s commitments regarding the strategic deficiencies identified by FATF in February 2020. Mauritius will continue to work with the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) to improve further its AML/CFT system. However, the FATF Plenary Decision can be considered a global acknowledgment for the Mauritius institutions in tackling effectively money laundering and terrorism finance.

Based on the Mauritius Ministry of Financial Services and Good Governance announcement dated 21 October 2021, all throughout the FATF International Co-Operation Review Group (ICRG), Mauritius has demonstrated its commitment to prioritise and fully implement the FATF Action Plan while ensuring the sustainability and effectiveness of the measures undertaken. Very important was also the role of both the public and private sectors that cooperated very effectively to ensure the Action Plan is finalised with success.

In addition, Mauritius has been cooperating closely with other international Groups that enhanced its technical knowledge such as, the ESAAMLG, the European Union through the EU AML/CFT Global Facility, the German Agency for International Cooperation, etc.

AML/CFT will remain one of the Mauritius Government’s top priorities and will continue its constant efforts to sustain the AML/CFT reforms and protect the integrity of its financial system.

The Cyprus Securities and Exchange Commission (“CySEC”) on September 13th, 2021, issued a Policy Statement on the Registration and Operations of Crypto Asset Services Providers (“CASP”), where it outlines the registration requirements and provides additional information about how to register as a CASP.

Q When was the concept of Crypto Asset Service Provider (CASP) initially introduced in Cyprus?

The concept of Crypto Asset Services Providers was initially introduced in Cyprus with the transposition of the Fifth Anti-Money Laundering Directive into national legislation. The amended AML legislation was introduced on 25 June 2021 and regulates the digital registry of CASP. CySEC that is the financial regulator in Cyprus, will be regulating the operation and supervision of the crypto-registry.

Q Do crypto assets qualify as financial instruments?

Depending on their structure, crypto-assets may, inter alia:

1. Qualify as financial instruments under the Investment Services and Activities and Regulated Markets Law, transposing MiFID II (the “Investment Services Law);
2. Qualify as Electronic Money under the Electronic Money Law, transposing EMD2 (the “E-Money Law”);
3. Be a digital representation of value that is neither issued nor guaranteed by a central bank or a public authority. It is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored, and traded electronically, and it does not qualify neither as fiat currency, nor as any of the instruments referred to in points (i) and (ii) above.

Q What should be the next steps of the crypto-asset providers?

CASPs that shall provide services in or from Cyprus must submit a duly completed application form, along with relevant questionnaires and any additional information and/or required evidence, in accordance with CySEC’s Announcements on the submission of applications and relevant correspondence, as amend[1]ed from time to time and also pay the corresponding fee. In addition to the above, an electronic version of the application form (i.e. Form 188-01) should be also submitted at caspregistrations@cysec.gov.cy.

CASPs established in the EEA that are registered with one or more EEA National Competent Authorities for AML/CFT purposes in relation to all services or activities undertaken or intended to be undertaken in Cyprus, must submit a notification form at  eeacasp@cysec.gov.cy.

Q When shall they register?

New businesses must register with CySEC before commencing their operations in or from Cyprus. Existing businesses that demonstrate a material existing crypto-asset activity will need to submit an application before the end of October 2021 and be fully compliant with the AML/CFT Law and the Directives issued pursuant to the AML/CFT Law.

Q What are the applicable CySEC fees?

CySEC registration charges are, as follows:

•  €10.000 for the examination of an application. Successful applicants will not be required to pay an additional fee for the first year of their registration.
•  €5.000 for the purposes of renewal of registration per year.

Q What are the requirements to apply for a crypto-asset licence?

Initially, to apply for the crypto-licence you need to have an entity incorporated in Cyprus and at least one fit and proper shareholder, as per the require[1]ments of CySEC. In addition, four directors will be required; two of them acting as executive and two as non-executive directors. At least three of them must be Cyprus residents. CySEC will perform an assess[1]ment of their knowledge and experience in order to evaluate whether they satisfy the ‘fit and proper’ test. It is further required for the crypto-provider to have a fully operational office located in Cyprus where local resident staff members need to be hired on a full-time basis to fulfil the key functions of the company. There is a minimum number of personnel that needs to be hired, based on the type of licence selected.

The application to become a crypto-asset service provider is expected to take approximately 6 months and there are currently three types of licences based on different capital requirements; the €50.000, the €125,000 licence and the €150,000 licence.

Based on the €50.000 licence, the crypto provider can provide investment advice services.

With the €125,000 licence, the crypto provider will be able to provide (a) Reception & Transmission of client orders; (b) Execution of orders on behalf of clients; (c) Exchange between crypto-assets and fiat currency; (d) Investment advice; (e) Exchange between crypto[1]assets; (g) Participation and/or provision of financial services related to the distribution, offering and/or sale of crypto-assets, including the initial offering; (h) Placement of crypto-assets without firm commit[1]ment; (i) portfolio management

With the €150,000 licence, the crypto provider will be able to offer all the above along with (i) administra[1]tion, transfer of ownership, transfer of site, holding, and/or safekeeping, including custody, of crypto-as[1]sets or cryptographic keys or means enabling control over crypto-assets; (j) underwriting and/or placement of crypto-assets with firm commitment; (k) opera[1]tion of a multilateral system, which brings together multiple third-party buying and selling interests in crypto-assets in a way that results in a transaction.

We can see that CySEC has provided different options in order for each crypto-provider to be able to choose, according to his business model.

Q How can FiveComply team help potential applicants to acquire a crypto-licence?

Given the new CySEC policy and regulatory requirements for the acquisition of a crypto-licence, our team’s expertise and knowledge in the field can play a vital role in maximising efficiency, minimis[1]ing administrative time & costs and yielding positive results with your CySEC application.

Our team of experts, always works closely with FiveComply clients, in order to understand their business and develop a customised “application package”. We always aim to give priority to each client’s individuality and needs by providing tailored-made advice.

You can contact our team for a free consultation session on how to register with CySEC as a Crypto Asset Service Provider (CASP).

The Cyprus Securities and Exchange Commission (the ‘CySEC’) is the regulator which authorises and supervises amongst others, Cyprus Investment Firms / Forex (CFDs) Brokerages / Traditional Brokerages in Cyprus. Cyprus is part of the European Union, thus, a CySEC licensed investment firm can provide its services to all European Economic Area countries.

To obtain a CySEC licence and be authorised as an Investment Firm/ Forex (CFDs) Brokerage / Traditional Brokerage, the following requirements must be fulfilled:

1) Fit and Proper Shareholder(s) based on EU regulations (e.g. be able to justify proof and source of funds);

2) Fit and Proper Directors (2 executive & 2 non-executives);

3) Fully completed application forms and questionnaires;

4) Detailed Business Plan including amongst others, three years of financial projections;

5) Detailed Procedures/ Manuals.

Our team consists of high-calibre personnel with hands on experience in the investment services sector that are able to guide you from the beginning of your application until the granting of your licence by CySEC. Our Company obtained a significant number of Investment Firms / Forex (CFDs) Brokerages / Traditional Brokerages CySEC licences during the last years.

You can contact us to meet our team and ask for any questions you may have!

CySEC issued Circular C462 to inform the CIFs that is amending Circular C417 regarding the prudential treatment of crypto assets. Therefore, the prudential treatment of crypto assets will be as follows:

A. Calculation of own funds and capital adequacy ratio (Pillar I)
 

1. Direct investment in crypto assets on a non-speculative basis (banking book exposure)
   When a CIF invests directly in crypto assets on a non- speculative basis (banking book exposure), it should deduct this from its own funds.
2. Direct investment in crypto assets on a speculative basis (trading book exposure)
   When a CIF invests directly in crypto assets on a speculative basis, it should treat these as investments in a derivative product subject to both of the following risks:
   i. Counterparty Credit Risk (“CCR”) calculated in accordance with Section 1 ‘Trading counterparty default’ of the IFR and the CIF should apply a 32% potential future exposure percentage (PFCE) per Art. 29(7) of IFR
   ii. Market Commodity Risk is calculated according to Articles 355 to 361 of the CRR.
3. Direct investment of CIFs’ clients in crypto assets and/or in financial instruments relating to crypto assets with the CIF acting as the counterparty to these transactions

When a CIF acts as the counterparty to its clients’ trades by taking the opposite position to each client’s transaction in crypto assets, and/or in financial instruments on crypto assets, the CIF is subject to Counterparty Credit risk and Market Commodity Risk, in accordance with the methodologies set out in point 2 above, as the CIF is acting as a market maker for its clients.

B. Internal Capital Adequacy Assessment Process (‘ICAAP’) (Pillar II)

CIFs should assess the risks emanated from trading in crypto assets, and/or in financial instruments relating to crypto assets, for their own account or for their clients within the Internal Capital Adequacy Assessment Process (ICAAP). The assessment and discussion of the risks associated with the activity in crypto assets should be included together with a sensitivity analysis that shows how the risks identified affect the CIFs’ projections. In addition, any mitigations should also be discussed, stating any additional capital that should be held in relation to the identified risks.

C. Pillar III disclosures

CIFs should disclose within their Pillar III disclosures any material crypto-asset holdings and include information on:

• the exposure amounts of different crypto-asset exposures,
• the capital requirement for such exposures and
• the accounting treatment of such exposures

D. Enhancement of risks management procedures associated with crypto assets

CIFs, which trade in crypto assets, and/or in financial instruments relating to crypto assets, should revisit their risk management procedures and strategies and ensure that all risks associated with this product are duly taken into consideration.

We can help our clients set up and develop their business model in the most cost efficient and compliant way thus minimizing expenses and achieving the best compliance results.

Get in touch with us to come closer to the compliance results of your desire!