Crypto asset service providers is a new concept that was introduced in Cyprus with the transposition of the Fifth Anti-Money Laundering Directive into national legislation. The amended AML legislation was introduced on 25 June 2021 and regulates the digital registry of crypto asset service providers. The Cyprus Securities and Exchange Commission (CySEC) that is the financial regulator in Cyprus, will be regulating the operation and supervision of the crypto-registry as well.

How is this new legislation important for cryptos?

This recent regulatory development is considered of paramount importance because, licensed crypto-asset providers will be able to provide amongst others, regulated cryptocurrency exchange services. This is a very positive step for Cyprus in becoming a key jurisdiction for crypto service providers. We believe that, this development will attract crypto service providers from all over the world, as registered crypto-providers in Cyprus will be considered credible institutions.

So far in Cyprus and in Europe in general, the lack of regulations and guidelines in the crypto-field has imposed legal and regulatory risks for investors, due to inadequate AML/CFT policies adopted in relation to cryptos. The regulation of cryptos marks the beginning of a new era towards the acceptance of digital cryptocurrencies in Cyprus. This will play a critical role on the way Cyprus banks treat cryptos as well.

What are the requirements to apply for a crypto-asset licence?

Initially, to apply for the crypto-licence you need to have an entity incorporated in Cyprus.  In addition, four directors will be required; two of them acting as executive and two as non-executive directors. At least three of them must be Cyprus residents. CySEC will perform an assessment of their knowledgment and experience in order to evaluate whether they satisfy the ‘fit and proper’ test. It is further required for the crypto-provider to have a fully operational office located in Cyprus where local resident staff members need to be hired on a full-time basis to fulfil the key functions of the company. There is a minimum number of personnel that needs to be hired, based on the type of licence selected.

The application to become a crypto-asset service provider is expected to take approximately 6 months and there are currently two options of licences based on different capital requirements; the €125,000 licence and the €150,000 licence.

Based on the €125,000 licence, the crypto provider will be able to provide (a) Reception & Transmission; (b) Execution of orders on behalf of clients; (c) Portfolio management; (d) Investment advice; (e) Exchange between cryptocurrencies and fiat money; (f) Cryptocurrency asset exchange; (g) Participation and / or provision of financial services on distribution, supply and / or sale of cryptocurrencies, including the initial offering; (h) Placing of crypto-assets without a firm commitment basis.

With the €150,000 licence, the crypto provider will be able to offer all the above along with (i) management, transfer, retention, and / or safekeeping, including the depositary of cryptocurrency assets or cryptographic keys or means that allow control over cryptocurrencies; (j) Underwriting and/or placing of crypto-assets on a firm commitment basis; (k) operation of a multilateral trading facility in which interested parties for buying and selling crypto assets may interact in a way that results in a transaction.

We can see that CySEC has provided different options in order for the crypto-provider to be able to choose according to his business model.

Can you currently apply to become a crypto-asset provider?

CySEC is yet to announce the official procedure for applying to become a licensed Crypto Asset Provider but based on CySEC’s press release in March regarding the Cyprus Capital Market, this is expected within 2021.

What do crypto-asset providers need to have in mind in terms of legislative obligations, once they register?

We need to remember that, the rationale of the competent authorities for including cryptos under the European AML framework is to mitigate and prevent the risks that arise from cryptocurrencies, especially in relation to ML. Hence, the crypto-registry will oblige the crypto-providers to adhere to the AML rules and procedures that apply to traditional financial institutions i.e. apply due diligence procedures, monitor and report suspicious transactions, provide ownership transparency, etc.

What do you believe about the future of cryptocurrencies and blockchain technology?

In my opinion cryptos are here to stay. As a technology — blockchain and its lubricating cryptocurrencies will transform finance and the internet towards centralisation. Blockchain and cryptocurrency will be a major platform of innovative disruption in the upcoming decades.

However, the valuations in the crypto market are determined by demand and supply and if any overreaction in the market occurs, will be corrected in the long term.

Whatever the case, its acceptance by the government authorities is implied among others, by the issuance of relevants laws and by the fact that several countries have already launched their own cryptocurrencies.

How can FiveComply assist crypto-service providers?

Our team can provide you with full support, guidance and assistance in applying for a crypto-licence. As this is a newly-established regulatory area, we believe that our expertise and knowledge in the field can play an important role in yielding positive results with your CySEC application. We can also provide continuous support after acquisition of your licence, in order for your firm to remain compliant and up-to-date according to the latest legislative and regulatory provisions.

We understand that questions might be raised concerning the crypto-field and we are more than happy to discuss with interested parties about their options and any questions they might have about the crypto-licences. We always aim to give priority to each client’s individuality and needs by providing tailored-made advice.

FiveComply has attended today CySEC’s digital event “CySEC 25 Years: The Past, Present and Future of Financial Development and Innovation” which discussed various interesting topics relating to the growth and expansion of CySEC and the evolvement of the financial industry in Cyprus throughout the years.

One of the most important remarks of today’s event, was the Chairwoman’s, Ms. Demetra’s Kalogerou statement relating to crypto asset service providers and the fact that, CySEC will prepare the relevant applications for registration by September 2021.

As always, our team will keep you updated!

Following its June 2021 plenary meeting, the Financial Action Task Force (‘FATF’) has confirmed that an onsite inspection will be conducted in Mauritius in order to assess the implemented AML/CFT measures / reforms and the progress made in order to decide whether Mauritius shall be removed from the FATF Grey list. When FATF places a jurisdiction under increased monitoring (i.e. on the FATF Grey list), it means that this country is committed to resolve any identified strategic deficiencies within an agreed timeframe.

The FATF announcement is considered as a very positive step towards the removal of Mauritius from the FATF Grey list, as the on-site inspection is considered as one of the final stages taken by FATF in its decision-making process.

For Mauritius, the removal from the FATF list, means the initiation of the procedure to exit the European Commission high-risk third countries’ list for AML/CFT, as well. If successful, Mauritius bank account opening will be made easier and credibility for financial institutions and companies will be regained.

Our team at FiveComply will keep you updated and remains at your disposal for any matters you would like to discuss.

Further to the issuance of Circular C451, the Cyprus Securities and Exchange Commission (‘CySEC’) wishes to inform CIFs that, a new version of the Form RBSF-CIF Version 4 (‘the Form’) needs to be completed for the annual collection of various statistical information. The Form must be successfully submitted electronically via the CySEC’s Transaction Reporting System (‘TRS’) by 15:00 hrs, Friday, June 18, 2021, at the latest.

The Form must be completed, and successfully submitted to CySEC, by all CIFs that were authorised by December 31, 2020. In this respect, CIFs that were authorised by December 31, 2020, but have not made use of their authorisation must also submit the Form.

In summary, Form RBSF-CIF Version 4 requires additional information, as per the following sections:

• Section F – Governance and Ownership (two additional questions have been added under points 7.1 and 7.2);
• Section K – Products, Services and Transactions (amendments in Questions 1.1, 1.2, 2.1 – 2.4 and 3.1 and Questions 2.5 and 2.6);
• Section L – Countries and Geographical Areas (amendments in Questions 1.1 – 1.4);
• Section M – Customer Analysis (this is an entirely new section);
• Section N – Internal Policies and Procedures (this is an entirely new section);
• Section O – Geographical Analysis (this is an entirely new section).

In addition, CIFs should have in mind the following, when completing and submitting the Form:

• The Form should be named in the following format ‘Username_yyyymmdd_RBSF-CIF’. The username to be used is the CIF’s TRS credentials. The yyyymmdd in this case, will be 20201231. Future forms will have different reporting periods.
• CIFs are required to report data in Euro, rounded to the nearest unit.
• Before submitting the Form, please ensure that all validation tests that are contained in the Form (Sections A, B, C, D, E, F, G, H, I, J, K, L, M, N, O) at the bottom of the page and Validation Tests Worksheet) are TRUE (Green Colour).
• Please use the latest version of the Form i.e. Version 4.
• Instructions on the completion of the Form can be found in the ‘Instructions’ Worksheet of the Form.

Our Team at FiveComply remains at your disposal for any assistance that you may require in relation to the above.

The Cyprus Securities and Exchange Commission (‘CySEC’) has issued Circular C445 to inform CIFs that, due to the COVID-19 situation, the deadlines for submission of the following to CYSEC are extended:

In regards to Pillar III Disclosures, CySEC stated that, in case their publication is delayed, the CIF needs to inform the market participants for that delay, the reasons of delay and, to the extent possible, their estimated publication date.

Our Team remains at your disposal for any assistance you may require in regards to the above.

CySEC has conducted an annual assessment of all the Compliance Officers’ Annual Reports (‘CO Reports’) and Internal Audit Reports (‘IA Reports’) for the year 2019 along with their Board of Directors minutes (‘BoD minutes’), as these were submitted to CySEC during 2020. CySEC during this annual review, assessed the compliance of Regulated Entities with their obligations under the Prevention and Suppression of Money Laundering and Terrorist Financing Law (‘the Law’) and the CySEC’s Directive for the Prevention of Money Laundering and Terrorist Financing (the ‘Directive’).

1. What shall be noted?

In summary, CySEC has found common and recurring weaknesses/deficiencies concerning the content of the CO and IA Reports and their BoD minutes, based on which Regulated Entities should ensure that the following obligations are upheld in accordance with the Law and the Directive:

• The Compliance Officer’s obligation for the correct preparation of the Annual CO Report and the sufficient assessment of the level of compliance of the Regulated Entity in relation to the prevention of money laundering and terrorist financing.
• The Internal Auditor’s obligation for the correct preparation of the IA Report and the sufficient review and evaluation of the appropriateness, effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms applied by the Regulated Entity for the prevention of money laundering and terrorist financing.
• The Regulated Entity’s BoD obligation for the sufficient assessment and approval of the Annual Report and the Internal Audit Report and taking all appropriate measures for the correction of any weaknesses and/or deficiencies identified, as well as the implementation timeframe of these measures.
• The Regulated Entity’s BoD obligation to ensure the overall implementation of all requirements of the Law and the Directive, as well as to ensure that appropriate, effective and sufficient systems and controls are introduced for achieving the abovementioned requirement.

More detailed information on the weaknesses/deficiencies identified by CySEC can be found here.

1. Next steps towards?

CySEC in its Circular has informed Regulated Entities that the weaknesses and deficiencies that were identified in the said annual assessment will be the subject of subsequent compliance checks by CySEC.

In addition, CySEC expects that Regulated Entities will prepare the Annual Reports for the year 2021 and onwards based on the CySEC findings.

Thus, if you need any help in assessing compliance of your Company with the regulatory framework and the preparation of the Reports, please let us know.

Our team of experts, can help you stay compliant by offering solutions tailored to your Company’s needs!

The Cyprus Securities and Exchange Commission (‘CySEC’) has recently carried out a review on whether Regulated Entities (i.e. CIFs and Management Companies[1]) are in compliance with the requirements imposed under Article 17(2) of the Investment Services, Activities and Regulated Markets Law (‘the Law’).

Based on the review, CySEC has identified certain good practices and uncovered common deficiencies and/or omissions in order to help Regulated Entities increase the effectiveness of their compliance function.

1. Weaknesses/Deficiencies identified

CySEC’s key weaknesses/deficiencies have focused on three areas of concern:

1. Risk Assessment, Monitoring Activities and Compliance Programme;
2. Reporting Obligation (i.e. the Compliance Officer shall report to the management body at least once a year, the content of such reports, evaluation of procedures by compliance officers, etc.);

• Advisory obligations of the compliance function (e.g. staff training, participation in creating new policies and procedures, day-to-day assistance for staff, etc.).

You can refer to Circular C441, for additional information on the identified weaknesses/deficiencies.

1. Good Practices identified

1. Formal meetings of the senior management were held on a quarterly basis, with the physical presence of all members and the compliance officer in attendance.
2. Minutes of the quarterly meetings were adequately and properly kept (i.e. they included a brief description of the issues discussed, a brief reference to the important views/suggestions expressed, as well as a satisfactory description of the handling/decision/suggestions put forward).
3. Preparation of quarterly reports for core compliance areas, such as, the monitoring of the Regulated Entity’s post trading reporting obligation for the senior management’s attention.
4. A good practice identified relevant to corporate governance, was the inclusion of the review conducted on the order of board meetings in the Annual Compliance Report (e.g. by evaluating and documenting that meetings were properly summoned and that the agenda and the right materials were sent to the senior management beforehand, as well as an evaluation on the interaction of the senior management with the compliance officer).
5. The inclusion of the extent and frequency of training to staff in the Annual Compliance Report and documenting/justifying why trainings should be tailored on each department’s needs and activities.
6. Including a training log in the Annual Compliance Report.
7. The inclusion of a communication log in the Annual Compliance Report listing the communication with CySEC.

1. What are the next steps to be taken by Regulated Entities?

All Regulated Entities shall consider the issues raised by CySEC and conduct a review of their policies and arrangements in order to ensure whether the Company is in compliance with the requirements imposed under the relevant legislative framework for the compliance function. If any deficiencies are identified, immediate actions shall be taken to rectify the situation and ensure compliance.

Our team at FiveComply can perform a review on your behalf and assist you in identifying any deficiencies in the Company’s policies and arrangements. We can assist you in finding suitable solutions to eliminate any deficiencies by reviewing and revisiting your current policies and procedures and provide practical results, so your Company can achieve compliance with the CySEC and European regulatory frameworks.

[1] AIFMs when providing services pursuant to section 6(6) of Law 56(I)/20013, as in force and UCITS

Management companies when providing services pursuant to section 109(4) of Law 78(I)/2012, as in force.

On behalf of our client, we are recruiting a Compliance Officer to join a growing Forex company based in Limassol. The successful candidate will have experience in a Compliance role within a CIF and be up to date with rules and regulations.

• Review, enhance and design policies and procedures
• Preparation of annual and other reports.
• Cooperate with various departments ensuring that procedures are in line with regulatory requirements.
• Managing the legal framework upon which the Company will operate, ensuring compliance with the relevant law.
• Create all necessary terms and conditions, agreements, risk warnings and any other legal document needed.
• Reviewing existing and new applicable regulations, advise how these are affecting the office’s operations and make necessary recommendations to the Senior Management.
• Do suitability and viability analysis for the department.
• Review and approve website and other marketing content.
• Overseeing compliance procedures and advise on risk management.
• Dealing with client complaints and legal matters related to compliance.
• Provide assistance on training and educating staff regarding compliance functions and obligations.
• Set up and manage relationships with external vendors required for the product’s operations.
• Evaluating third-party agreements.
• Performing day-to-day reviews and inspections to evaluate compliance of the Company with its legal and regulatory obligations.
• Reviewing the effectiveness of internal policies and procedures.

• Previous experience in the Forex Industry/CIF is a MUST
• Bachelor degree from a reputable University in Law/ Finance/ Economics/ Business or related field.
• Holding of CySEC Advanced Certificate will be considered as a great advantage.
• Minimum 18 months experience in Forex compliance matters, as well as strong knowledge of relevant regulations.
• Excellent research skills.
• Computer literate; MS Office.

• Competitive remuneration package.
• Friendly working environment.
• Personal development opportunities.
• And much more.

This is an excellent opportunity to work in a growing FX Trading company, in a challenging and demanding working environment which offers career prospects and rewards to thriving members of the team. Employment Conditions: Full Time

Location: Limassol – Cyprus

Apply by sending an email to hr@fivecomply.com attaching your CV

Recent amendments to the serial 2 and 4 of the Third Schedule of the Anti-Money Laundering and Countering the Financing of Terrorism Act 2020 (“AML/CFT Act”) now require reporting entities under the AML/CFT Act to file Cash Transaction Threshold Reporting (“CTTR”) and Wire Transfer Transaction Reporting (“WTTR”) with the Financial Intelligence Unit Seychelles (“FIU”), as per the following:

1. REPORTING THRESHOLD APPLICABLE TO WIRE TRANSFERS

“Every financial institution that sends domestically or cross-border or receives cross-border wire transfers, including electronic fund transfers, shall report all wire transfers of SCR50,000 or more of the equivalent money in the currency of other countries.”

1. REPORTING THRESHOLD APPLICABLE TO BUREAU DE CHANGE

“Every Bureau de Change, including banks acting as Bureau de Change for forex trading in respect of persons who are not their customers shall report all transactions of its customers involving SCR 5,000 or more or the equivalent money in the currency of other countries.”

Revised FIU Guidelines and Reporting Templates

Further to the above legislative amendments, the FIU has revised its guidelines and reporting templates in relation to both WTTR and CTTR. The revised guidelines and reporting templates can be accessed here.

Submissions to the FIU

The submissions based on the amended provisions of the AML/CFT Act shall commence on 1 May 2021.  All submissions shall be made using the revised Forms, which shall include retrospective cash transactions or wire transfers, that have been effected on or after 5 March 2021.

Please note that Threshold Reporting is not a new obligation. Therefore, all reporting entities which are currently submitting Threshold Reports to the FIU are required to continue with their submissions, as per the current established procedures, until 30 April 2021.

What is a Threshold Report?

A Threshold Report is a report that reporting entities are required to file with the FIU for executing cash transactions or wire transfers above the prescribed threshold limit.

The threshold reporting obligation is clearly defined in the AML/ CFT Act 2020, Section 5 of the AML/ CFT Act creates the obligation on reporting entities to file CTTR and WTTR with the FIU in the manner prescribed by the FIU.

Our Team at FiveComply can assist you comply with the abovementioned obligations. Do not hesitate to contact us.

CySEC has issued Circular C435 in order to inform Cyprus Investment Firms (‘CIFs’) which intend to provide investment and/or ancillary services and/or perform investment activities in the territory of Czech Republic, to CNB’s regulatory rules regarding the persons that are allowed to provide such services.

On 24 March 2020, the Czech Parliament adopted the Act No. 119/2020 Coll., which amended Act No. 256/2004 Coll., (hereinafter the “Amended Act”), being the Czech national law transposing MiFID II. Under Section 25 of the Amended Act, investment firms established in other EEA Member States providing cross-border services to retail clients and professional clients on request under MiFID II passport are allowed to provide services under the freedom to provide services (i.e. without establishing a branch), with respect to Article 57 TFEU, only on a temporary or occasional basis.

Pursuant to Section 25 of the Amended Act, if non-Czech investment firms are presumed to provide investment services to retail and professional on request clients on a permanent basis, such firms will be under a strict obligation to establish a branch in the Czech Republic, and may only provide investment services under Article 35 of MiFID II (establishment of branch). The requirement for the establishment of a branch does not apply for investment services provided to professional clients by default (as per Section 2a of the Amended Act).

Section 25(1) of the Amended Act provides as follows:

“A foreign person authorised by the supervisory authority of another EU member state to provide investment services may provide investment services, for which it has such authorisations of its supervisory authority of the home state, in the Czech Republic without location of a branch in the Czech Republic in compliance with the EU legislation, temporarily or occasionally, if it is not investment services provided to professional clients pursuant to Section 2a, to whom investment services can be provided in this way even permanently. The CNB shall inform this person without undue delay that it has received data from the supervisory authority of the home state concerning the intended provision of investment services by this person in the Czech Republic.”

Our team at FiveComply remains at your disposal and can help you comply with the abovementioned obligations.