Upstract Image1

Related Practice Areas

Related Practice Areas

Upstract Image2

Related Industry Sectors

Related Industry Sectors

Share

CySEC has published a Directive on ‘the Register of Providers of Services Regarding Crypto Assets’, under powers conferred by Law 188(I)/2007 on ‘Prevention and Suppression of Money Laundering and Terrorist Financing’.

On 25 June 2021, the Cyprus Securities and Exchange Commission (‘CySEC’) published Directive Κ.Δ.Π. 269/2021 on ‘the Register of Providers of Services Regarding Crypto Assets’ (‘the CySEC Directive’). The CySEC Directive was published under powers bestowed to CySEC under recently amended Law 188(I)/2007 on ‘Prevention and Suppression of Money Laundering and Terrorist Financing’ (‘the Amended Law’). The Amended Law enacted the 5th Anti Money Laundering Directive (EU) 2018/843 (‘AMLD5’) into Cyprus national law on 18 February 2021, as analysed in our article here.

More specifically, under Article 61E (1) of the Amended Law CySEC is required to compile and maintain a Register for Providers of Services Regarding Crypto Assets (‘the Register’). Under Article 61E (2) the Register records Crypto-Asset Service Providers offering professional services from Cyprus irrespective of registration in another Member State, and those providing services in Cyprus unless registered in another Member State for such services. Under Article 61E (1)(γ) CySEC may determine via directive(s) the functioning, maintenance, record entry and update of the Register.

The key provisions of the CySEC Directive are the following:

  • Register Entries

The Register is published on CySEC’s website, and records the name, trade name, legal medium and legal entity identifier of the provider, its registered address, its website, as well as the services offered and activities in which it may participate. The provider must apply for entry using the application published in the CySEC website. Moreover, CySEC may request additional information where deemed necessary, and should confirm or deny entry on the Register within 6 months.

  • Conditions for Registration

There are 20 individual but often overlapping conditions for registration set out in Para 6 of the CySEC Directive. The key requirements summarised below are:

  • To ensure persons serving administrative functions in the provider as well as beneficiaries are honest and capable individuals. These criteria are fulfilled where the individuals in question enjoy good reputation, possess knowledge, capabilities and experience, and devote sufficient time to the operation of the provider. The CySEC Directive contains analytical provisions on how the latter are assessed.
  • To implement appropriate policies and procedures as well as internal control mechanisms ensuring prudent operation, and the compliance of members, staff and agents with the provisions of the Amended Law. This includes minimising risk of theft or loss of crypto assets and/or personal data, and adopting appropriate security measures. Records should be kept at all times and made available to CySEC upon request.
  • Deletion from the Register or Suspension of Registration

Deletion may take place under Article 61E (5) of the Amended Law on one of the following situations:

  • where the provider does not deal in crypto assets for a continuous period of 6 months or over;
  • upon registration on false pretences or following other irregularity;
  • upon termination of all services and related activity under Article 2 (1) of the Amended Law; and
  • where the provided no longer falls under Article 61E (2).

CySEC may also suspend registration for an appropriate period, where it deems the information which appears on the Register is incorrect or incomplete, and where any of the Para 6 conditions are not met. During suspension in the latter case the provider may not provide crypto-asset related services.

  • Notification of Substantial Changes and CySEC Approval

The following changes are considered ‘substantial’ under Para 12 and require notification to and prior approval from CySEC:

  • a change in services or related activity of the provider;
  • any change of crypto-asset addresses, defined under the CySEC Directive as public addresses and/or keys/digital wallets controlled by the Provider;
  • any change in the Board or in individuals with administrative positions;
  • any change in beneficiaries; and
  • any change in relation to the website of the provider.
  • Capital Adequacy, Fees, and Conflicts of Interest

The provider should maintain at any time capitals at least equal to the largest of the following sums:

  • A sum defined under the Appendix of the CySEC Directive depending on category (1-3), which is determined by the nature of the provider’s activity, or
  • ¼ of the fixed costs during the previous year, reviewed annually.

A provider should pay a fee of €10,000 for registration, €5,000 for renewal of registration on an annual basis, and various smaller fees for notification of a substantial change.

Finally, any potential conflicts of interest are notifiable to the client, who must be informed of any measures taken by the provider to mitigate these risks.

For more information please visit our website microsite on Blockchain or contact Mr Ioannis Generalis at This email address is being protected from spambots. You need JavaScript enabled to view it.

Back to News

Monday – Friday

8:00 – 18:00

TEL: +357 24 201 600

FAX: +357 24 201 601

Privacy Policy