CySEC has published circular C417, which is addressed to Cyprus Investment Firms, and contains guidance on investment in crypto-assets. Though undeniably significant, C417 does not constitute but guidance written in non-mandatory language, and may contribute to divergent crypto-asset regulation across the EU. Therefore, adequate regulation can only be achieved at EU level.
A first step in regulating crypto asset investment in Cyprus was taken by the Cyprus Securities and Exchange Commission (CySEC) on 25 November 2020, through publication of guidance under Circular no. C417 on ‘Prudential treatment of crypto assets and enhancement of risk management procedures associated with crypto assets’. C417 is addressed to Cyprus Investment Firms (CIFs), and follows the findings of a report on crypto-assets published by the European Banking Authority (EBA) with advice for the European Commission.
Crypto assets are private assets that rely on cryptography and distributed ledger technology, whereby they derive their perceived or inherent value. Different types exist such as payment/exchange type tokens (for example virtual currencies), investment type tokens, and utility type tokens (designed to access goods or services). Under current Cypriot legislation CIFs can only transact in crypto assets if they have obtained a permission to provide such services pursuant to article 6(9)(b) of Law 144(I)/2007 (the ‘old’ CIF Law) or article 5(5) of Law 87(I)/2007 (the ‘new’ CIF Law).
The EBA report concludes that, at large, crypto assets fall outside the scope of EU financial services regulation, and highlights divergent approaches on regulation of crypto assets emerging across the EU. CySEC published C417 which addresses and makes specific reference to the EBA report, and is divided into four sections, reviewed below. Pillars I and II are on capital adequacy, whereas pillar III is on disclosures. The final section is devoted to risk management procedures.
Pillar I: Calculation of own funds and capital adequacy ratio
The guidance on Pillar I calculations addresses (i) direct investment on a non-speculative basis (banking book exposure), (ii) direct investment on a speculative basis (trading book exposure), and (iii) direct investment by CIFs’ clients with CIFs acting as counterparty. The guidance is as follows:
On direct non-speculative investment, CIFs should apply direct capital deduction from own funds.
Pillar II: Internal Capital Adequacy Assessment Process (ICAAP)
CIFs should use their ICAAP to assess risk from trading in crypto assets or instruments associated with crypto assets, whether on their own account or on account of their clients. Within ICAAP the risks associated with crypto asset trading should be discussed, a sensitivity analysis (potentially including stress testing) should be produced on how these risks may affect CIFs’ projections, and additional capital to be held should be considered to mitigate against these risks.
Pillar III: Disclosures
CIFs should disclose under Part 8 of the CRR any material crypto-asset holdings including information on (i) the exposure amounts of different crypto-asset exposures, (ii) the capital requirements for such exposures and (iii) the accounting treatment of such exposures.
Section 4: Enhancement of risks management procedures associated with crypto assets
CIFs should revisit their risk management procedures and strategies, and ensure that all risks associated with crypto asset investments are duly taken into consideration. Under Section 68 of the ‘old’ CIF law and section 104(2) of the ‘new’ CIF law, “CIFs must have in place sound, effective and complete strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that they consider adequate to cover the nature and level of the risks to which they are or might be exposed”. These strategies and processes cover taking up, managing, monitoring and mitigating risks, and are subject to periodic reviews. In addition, C417 recommends taking mitigating measures against operational, cybersecurity, and reputational risks, where applicable.
The C417 is a step in the right direction when it comes to providing some form of regulation on CIFs’ investments in crypto assets, and in addressing the absence thereof identified in the EBA report. One however needs to stress it provides what it says on its face, which is guidance, written in non-mandatory form throughout. Moreover, whereas it offers temporary protection, it may further contribute to the divergent policies on regulation of crypto assets emerging across the EU. It is therefore our view that adequate regulation can only take place at EU level, and the sooner this takes place, the greater the consistency hence the commercial certainty across the Common Market.