CySEC issued Circular C462 to inform the CIFs that is amending Circular C417 regarding the prudential treatment of crypto assets. Therefore, the prudential treatment of crypto assets will be as follows:

A. Calculation of own funds and capital adequacy ratio (Pillar I)
 

1. Direct investment in crypto assets on a non-speculative basis (banking book exposure)
   When a CIF invests directly in crypto assets on a non- speculative basis (banking book exposure), it should deduct this from its own funds.
2. Direct investment in crypto assets on a speculative basis (trading book exposure)
   When a CIF invests directly in crypto assets on a speculative basis, it should treat these as investments in a derivative product subject to both of the following risks:
   i. Counterparty Credit Risk (“CCR”) calculated in accordance with Section 1 ‘Trading counterparty default’ of the IFR and the CIF should apply a 32% potential future exposure percentage (PFCE) per Art. 29(7) of IFR
   ii. Market Commodity Risk is calculated according to Articles 355 to 361 of the CRR.
3. Direct investment of CIFs’ clients in crypto assets and/or in financial instruments relating to crypto assets with the CIF acting as the counterparty to these transactions

When a CIF acts as the counterparty to its clients’ trades by taking the opposite position to each client’s transaction in crypto assets, and/or in financial instruments on crypto assets, the CIF is subject to Counterparty Credit risk and Market Commodity Risk, in accordance with the methodologies set out in point 2 above, as the CIF is acting as a market maker for its clients.

B. Internal Capital Adequacy Assessment Process (‘ICAAP’) (Pillar II)

CIFs should assess the risks emanated from trading in crypto assets, and/or in financial instruments relating to crypto assets, for their own account or for their clients within the Internal Capital Adequacy Assessment Process (ICAAP). The assessment and discussion of the risks associated with the activity in crypto assets should be included together with a sensitivity analysis that shows how the risks identified affect the CIFs’ projections. In addition, any mitigations should also be discussed, stating any additional capital that should be held in relation to the identified risks.

C. Pillar III disclosures

CIFs should disclose within their Pillar III disclosures any material crypto-asset holdings and include information on:

• the exposure amounts of different crypto-asset exposures,
• the capital requirement for such exposures and
• the accounting treatment of such exposures

D. Enhancement of risks management procedures associated with crypto assets

CIFs, which trade in crypto assets, and/or in financial instruments relating to crypto assets, should revisit their risk management procedures and strategies and ensure that all risks associated with this product are duly taken into consideration.

CySEC has issued the Circular C458 on July 14^th, 2021, to inform Cyprus Investment Firms (“CIFs”) that CySEC’s Circular C418 ‘Enhancement of procedures regarding safeguarding of client funds held by CIFs’ shall be amended. Specifically, the amendment refers to the deletion of paragraph 10 of CySEC’s Circular C418.

Based on the amendment, where it is the CIF’s policy, upon accepting a deposit through electronic means and before the clearing of the funds, to credit its client trading account with the corresponding amount in order for the client to trade with immediate effect, the CIF must ensure that the corresponding amount is transferred before trading, unless the CIF has a ‘buffer’ in the clients’ bank account, from its own funds to client account held by the CIF with an entity required to keep the clients’ funds, without the need to be licensed to provide the ancillary service of granting credits or loans. It is noted that, these funds are considered as clients’ funds and are subject to the corresponding regulatory requirements.

Moreover, you can find below the most important points of Circular C458 regarding the safeguarding of clients’ funds held by CIFs:

1. Requirement for holding separate clients’ accounts

According to par. 6(1) of the CySEC Directive DI87-01 (hereinafter, the ‘Directive’), CIFs must, upon receiving any client funds, promptly place those funds into one or more accounts opened with any of the following entities:

1. central bank
2. credit institution as defined in article 2(1) of the Business of Credit Institutions Law
3. bank authorised in a third country
4. qualifying money market fund

It is provided that the title of the clients’ account sufficiently distinguishes that account from any account used to hold funds belonging to the CIF, as it is required by par. 4(1)(e) of the Directive (i.e. denoted as clients’ accounts).

1. Use of PSPs / EMIs

CIFs may maintain merchant accounts with PSPs and EMIs for, among other purposes, the clearing/settlement of their clients’ payment transactions (inwards and outwards payments). CIFs must, at all times, ensure that clients’ funds are transferred to clients’ accounts held by the CIF with an entity, as stated in Section 1 above, immediately after the clearing/settlement of the payment transactions.

Where the PSP/EMI withhold funds, as rolling reserve or fix deposit, for chargeback or other purposes, for a period of time before releasing the funds to the CIF, the CIF must ensure that the funds equal to rolling reserves or fix deposits, are transferred from the CIF’s own funds in the clients account held by the CIF with an entity, as stated in Section 1 above, to ensure compliance with the provisions of par. 6(1) of Directive.

CIFs merchant accounts must be used only and exclusively by the CIF and not by any other person.

CIFs should maintain merchant accounts with PSPs/EMIs which are licensed/regulated by a competent authority of a Member State or of a third country, which it is considered that it imposes equivalent arrangements to those of the European Union and in particular, to those of the European Directives 2005/06/EC1 and 2007/64/EC2.

For purposes of transparency and full information of investors, CIFs are requested to post on their websites a list with the names of the PSP/EMI they cooperate, as well as the competent authority/country that supervise them.

1. Due diligence and diversification of institutions holding clients’ funds

CIFs are expected on a regular basis (and no less than once in each financial year) to perform due diligence procedures of the banks where clients’ funds are placed.

CIFs should consider diversifying placements of client funds with more than one bank where the amounts are, for example, of sufficient size to warrant such diversification.

CySEC expects CIFs to consider the following when selecting a bank where clients’ funds are placed:

1. the capital of the bank;
2. the amount of client funds placed, as a proportion of the bank’s capital and deposits;
3. the credit rating of the bank (if available); and
4. to the extent that the information is available, the level of risk in the investment and loan activities undertaken by the bank and its affiliated companies.

1. Depositing clients’ funds with a bank or qualifying money market fund of the same group as the CIF

According to par. 6(3) of the Directive, where a CIF deposits client funds with a bank or money market fund of the same group as the CIF, then the CIF must limit the funds that are deposited with any such group entity or combination of any such group entities so that the funds do not exceed 20% of all such funds.

CySEC considers that the amount of small balance of clients’ funds with a bank or money market fund of the same group as the CIF should be, at any point of time, the lower of the:

1. €3.000.000
2. 50% of the total clients’ funds held by the CIF.

In some cases, exceptions can be applied and where the threshold stated above has been exceeded for reasons stated in CySEC Circular, the CIF shall take immediate action to reduce the balance of clients’ funds within the allowable limits.

1. Use of Title Transfer Collateral Arrangements (“TTCAs”)

CIFs are not entitled to:

1. transfer funds belonging to retail clients to a third party, as there is an outright prohibition of such practice in section 17(10) of the 87(I)/2017 CySEC Law.
2. arbitrarily transferring funds belonging to non-retail clients, without taking into account the factors provided for in par. 8(1) of the Directive, without being able to demonstrate that a TTCA would be appropriate for that non-retail client and without properly informing the non-retail client for the risks entailed, as per par. 8(3) of the Directive.

1. Maintaining a ‘buffer’ in clients’ bank accounts

CIFs may decide to maintain a ‘buffer’ of own funds into clients’ bank accounts in order to:

1. facilitate the smooth running of their business,
2. ensure no delays,
3. cover clients’ funds with PSP/EMI,
4. manage the foreign exchange risk from maintaining clients’ funds in a different currencies,
5. to cover possible shortfalls.

It is up to the CIF to decide the amount of the ‘buffer’ that will be maintained. CySEC emphasizes that these funds are considered as clients’ funds and are subject to the regulatory requirements of the Directive and the Law.

In case the CIF considers to apply the above, written policy should be established and approved by the Board, indicating the procedures and percentage that shall be kept, the relevant risks and justification of the percentage / amount kept based on the exposures and risks that the CIF faces.

1. Single officer for the safeguarding of client financial instruments and funds

According to par. 9 of the Directive a CIF should appoint a single officer of sufficient skill and authority with specific responsibility for matters relating to the CIF’s compliance with its obligations regarding the safeguarding of client financial instruments and funds. A single officer with overall responsibility for the safeguarding of client instruments and funds should be appointed in order to reduce risks of fragmented responsibility across diverse departments, especially in large and complex CIFs, and to remedy unsatisfactory situations where CIFs do not have overarching sight of their means of meeting their obligations.

The single officer is expected to verify the accuracy and completeness of the clients’ money reconciliation that is included in CySEC’s QST-CIF Form (ie. Reconciliation Tab).

The details of the single officer should be indicated in CySEC’s Portal.

1. Reconciliation of clients’ funds

When a CIF undertakes transactions for its clients on a daily basis, CySEC expects that reconciliations of clients’ funds will be contacted on each business day on the records of the CIF as at the close of business of the previous business day. 3

CIFs must ensure that reconciliations are performed between:

1. Clients’ bank accounts or any other third party holding clients’ funds (as per CIF records) Vs bank statements or any other third party statements.
2. Client bank accounts or any other third party holding clients’ funds (as per CIF records) Vs clients’ equity (as per CIF records).

Equity includes deposits/withdrawals, credits, realised and unrealised profits/losses and represents the actual funds owed to each client. It is expected that reconciling items should only arise due to timing differences and cleared within a few days.

1. Other Matters

CIFs must ensure that there are at least two persons with combined signatory powers in relation to the clients’ accounts. It is stressed that the following persons cannot be appointed as signatories:

1. the persons involved in the preparation of clients’ reconciliations and
2. the shareholders of the CIF if they do not have executive duties within the CIF.

CySEC expects that the Chief Executive Officer or the Chief Financial Officer or the Head of the Accounting Department or an Executive Director may be the persons to be appointed as the signatories of the clients’ accounts with entities of Section 1 above.

CySEC emphasizes that the clients’ accounts with entities of Section 1 above, can only be used by the CIF for its clients and not for the clients of the group that the CIF belongs to.

Our team at FiveComply can assist you in complying with the relevant regulatory framework by identifying any deficiencies in your CIF’s internal operations. We can provide you with tailored-made solutions based on your CIF’s business model.

Do not hesitate to contact us!

Crypto asset service providers is a new concept that was introduced in Cyprus with the transposition of the Fifth Anti-Money Laundering Directive into national legislation. The amended AML legislation was introduced on 25 June 2021 and regulates the digital registry of crypto asset service providers. The Cyprus Securities and Exchange Commission (CySEC) that is the financial regulator in Cyprus, will be regulating the operation and supervision of the crypto-registry as well.

How is this new legislation important for cryptos?

This recent regulatory development is considered of paramount importance because, licensed crypto-asset providers will be able to provide amongst others, regulated cryptocurrency exchange services. This is a very positive step for Cyprus in becoming a key jurisdiction for crypto service providers. We believe that, this development will attract crypto service providers from all over the world, as registered crypto-providers in Cyprus will be considered credible institutions.

So far in Cyprus and in Europe in general, the lack of regulations and guidelines in the crypto-field has imposed legal and regulatory risks for investors, due to inadequate AML/CFT policies adopted in relation to cryptos. The regulation of cryptos marks the beginning of a new era towards the acceptance of digital cryptocurrencies in Cyprus. This will play a critical role on the way Cyprus banks treat cryptos as well.

What are the requirements to apply for a crypto-asset licence?

Initially, to apply for the crypto-licence you need to have an entity incorporated in Cyprus.  In addition, four directors will be required; two of them acting as executive and two as non-executive directors. At least three of them must be Cyprus residents. CySEC will perform an assessment of their knowledgment and experience in order to evaluate whether they satisfy the ‘fit and proper’ test. It is further required for the crypto-provider to have a fully operational office located in Cyprus where local resident staff members need to be hired on a full-time basis to fulfil the key functions of the company. There is a minimum number of personnel that needs to be hired, based on the type of licence selected.

The application to become a crypto-asset service provider is expected to take approximately 6 months and there are currently two options of licences based on different capital requirements; the €125,000 licence and the €150,000 licence.

Based on the €125,000 licence, the crypto provider will be able to provide (a) Reception & Transmission; (b) Execution of orders on behalf of clients; (c) Portfolio management; (d) Investment advice; (e) Exchange between cryptocurrencies and fiat money; (f) Cryptocurrency asset exchange; (g) Participation and / or provision of financial services on distribution, supply and / or sale of cryptocurrencies, including the initial offering; (h) Placing of crypto-assets without a firm commitment basis.

With the €150,000 licence, the crypto provider will be able to offer all the above along with (i) management, transfer, retention, and / or safekeeping, including the depositary of cryptocurrency assets or cryptographic keys or means that allow control over cryptocurrencies; (j) Underwriting and/or placing of crypto-assets on a firm commitment basis; (k) operation of a multilateral trading facility in which interested parties for buying and selling crypto assets may interact in a way that results in a transaction.

We can see that CySEC has provided different options in order for the crypto-provider to be able to choose according to his business model.

Can you currently apply to become a crypto-asset provider?

CySEC is yet to announce the official procedure for applying to become a licensed Crypto Asset Provider but based on CySEC’s press release in March regarding the Cyprus Capital Market, this is expected within 2021.

What do crypto-asset providers need to have in mind in terms of legislative obligations, once they register?

We need to remember that, the rationale of the competent authorities for including cryptos under the European AML framework is to mitigate and prevent the risks that arise from cryptocurrencies, especially in relation to ML. Hence, the crypto-registry will oblige the crypto-providers to adhere to the AML rules and procedures that apply to traditional financial institutions i.e. apply due diligence procedures, monitor and report suspicious transactions, provide ownership transparency, etc.

What do you believe about the future of cryptocurrencies and blockchain technology?

In my opinion cryptos are here to stay. As a technology — blockchain and its lubricating cryptocurrencies will transform finance and the internet towards centralisation. Blockchain and cryptocurrency will be a major platform of innovative disruption in the upcoming decades.

However, the valuations in the crypto market are determined by demand and supply and if any overreaction in the market occurs, will be corrected in the long term.

Whatever the case, its acceptance by the government authorities is implied among others, by the issuance of relevants laws and by the fact that several countries have already launched their own cryptocurrencies.

How can FiveComply assist crypto-service providers?

Our team can provide you with full support, guidance and assistance in applying for a crypto-licence. As this is a newly-established regulatory area, we believe that our expertise and knowledge in the field can play an important role in yielding positive results with your CySEC application. We can also provide continuous support after acquisition of your licence, in order for your firm to remain compliant and up-to-date according to the latest legislative and regulatory provisions.

We understand that questions might be raised concerning the crypto-field and we are more than happy to discuss with interested parties about their options and any questions they might have about the crypto-licences. We always aim to give priority to each client’s individuality and needs by providing tailored-made advice.