To print this article, all you need is to be registered or login on

On the 25th of June 2021, the Cyprus Securities and
Exchange Commission (the “CySEC”) issued the long-awaited
Directive regarding the Registry of Providers of services relating
to crypto assets 269/2021 (the “Directive”). The said
Directive was issued following the amendments of the 5th
AML Directive, which was implemented by the Republic of Cyprus into
the Prevention and Suppression of Money Laundering and Terrorist
Financing Law of 2007 to 2021 (the “Law”). The
5th AML Directive brought major amendments to the
virtual currency industry as for the first time providers of
services related to crypto assets (the “PSCA”) were
defined. In the present article the registration and authorization
procedure of the Directive will be summarized.

PSCA Registry

CySEC will issue on its website the Registry of PSCA which will
be accessible by the public, maintaining the following information
for the registered PSCA:

(a) Name, trade name, legal form and the legal entity identifier
of the PSCA;

(b) The physical address of the PSCA;

(c) The services and/or the activities offered by the PCSA as
provided in the definition of PSCA in paragraphs (a) to (e) of
Article 2 of the AML Law, namely:

(i) Exchange between cryptocurrencies and fiat currencies;

(ii) exchange of cryptocurrencies with cryptocurrencies;

(iii) the management, transfer, holding, and/or safekeeping,
including custody, of cryptocurrencies or cryptographic keys or
means enabling control over cryptocurrencies;

(iv) offering and/or selling cryptocurrencies, including the
initial public offering; and

(v) participation and/or provision of financial services related
to the distribution, offering and/or sale of cryptocurrencies,
including the initial public offering;

(d) the website of the PSCA.

Application for the registration to PSCA Registry

Subject to the provisions of paragraphs (2) and (3) of article
61E of the Law, for the registration of PSCA in the PSCA Register,
the applicant submits duly completed the registration application
(the “Application”) issued by CySEC, which will be
available on CySEC’s website. The Application must include the
information referred in the previous paragraph above as well as the
addresses of crypto assets of the PSCA, accompanied by all the
documents and data specified in it. The original documents and data
are submitted in the official language of the Republic or in

The applicant must notify CySEC regarding any changes relating
to the information submitted with their Application, from the date
of submission of the Application until the notification of the
decision of CySEC for the approval or rejection of the Application.
During the examination of the information and/or documentation
submitted with the Application, CySEC may request clarifications
and/or additional data, documents or information, which in its
discretion are necessary for reaching its conclusion.

CySEC informs the applicant within six (6) months from the
submission of a fully completed Application whether or not the
registration in the Register of PSCA has been successful.

CySEC requirements for registration to PSCA Registry

CySEC may approve an Application provided that the applicant
meets the following conditions:

(a) The applicant has submitted all the information, documents
and/or data that are required and/or has provided any
clarifications requested by CySEC as mentioned above;

(b) The applicant reassures that the persons holding a
managerial position in the PSCA must be competent and honest, which
is fulfilled if they have a good reputation, knowledge and skills
as well as experience and are capable of devoting enough time to
the execution of their duties towards the PSCA. This point is
crucial for CySEC, since it gives extra emphasize in the Directive
by defining good repute, integrity and morality as well as
knowledge, skills and expertise;

(c) The Board Members of the PSCA must be consisted at least of
four persons, which meet the criteria mentioned in point (b) above,
where the two of the four persons must manage the business
activities of the PSCA and the other two to be independent

(d) The beneficiaries of the PSCA are honest and competent,
which is fulfilled if they have a good reputation and the ability
to maintain the strong financial structure of PSCA. To maintain the
strong financial structure of the PSCA, the beneficiaries must have
sufficient financial strength to ensure the sound and prudent
management of PSCA in the foreseeable future (usually three years),
for which they should satisfy CySEC;

(e) The close links between the applicant and other natural or
legal persons do not prevent the effective monitoring, evaluation
and supervision of CySEC. Where the natural or legal person with
whom the applicant has a close connection is in a third country,
the laws, regulations or administrative provisions of the third
country shall not impede the effective performance of the
supervisory functions of CySEC;

(f) When operating online, the PSCA must maintain its own
website which will have the exclusive ownership and use where it
will operate its activities without the possibility of any other
person operating through it;

(g) It has established appropriate policies and procedures to
ensure its compliance, including with its members, employees and
persons to whom functions are assigned, in accordance with the Law
and the Directive;

(h) It has established appropriate policies and procedures and
has appropriate control systems and mechanisms in place to ensure
the prudent operation of the PSCA, including to minimize the risk
of theft or loss of its customers’ cryptocurrencies;

(i) The PSCA has own funds in accordance with the provisions of
the Directive;

(j) Ensures that the performance of its staff is not remunerated
or evaluated in a manner that conflicts with its duty to act in the
best interests of its customers and in particular does not make any
adjustments in the form of remuneration, sales targets or otherwise
form, which could motivate its staff to implement aggressive
promotion practices of products or services;

(k) It has sound governance arrangements, with clearly defined,
transparent and clearly identifiable reference lines;

(l) Takes all reasonable steps to ensure the continuous and
regular performance of its functions and maintains an appropriate
and up-to-date policy to ensure its continued operation as well as
procedures for data retrieval and the timely resumption of its
activities in case the activities of the PSCA are interrupted;

(m) Ensures that it entrusts the performance of essential
functions to third parties, so that reasonable steps can be taken
to avoid any undue deterioration of operational risk and in no way
substantially impairs the quality of the internal control of the
PSCA or CySEC’s ability to monitor PSCA;

(n) Has sound administrative and accounting procedures, internal
control mechanisms, effective risk assessment procedures and
effective control and security mechanisms for electronic data
processing systems;

(o) Where the scope, nature, scale and complexity of its
activity so require, the PSCA has established an internal control
function that is independent of its other functions and activities,
for the design and execution of its internal control mechanisms of
the procedures mentioned above;

(p) It has sound security mechanisms to ensure and verify the
authenticity of the means of transmitting information, minimizing
the risk of data destruction and unauthorized access and preventing
information leakage, so that data confidentiality is always

(q) Ensures that records are kept in relation to all the
functions it performs, which also include the relevant
communication, in such a way as to enable CySEC to exercise its
supervisory duties and to take actions to ensure compliance with
the obligations of the PSCA;

(r) Ensures that the persons employed by it do not perform
multiple duties unless the exercise of multiple duties does not
prevent or is likely to prevent such persons from carrying out any
work or function with diligence, honesty and professionalism;

(s) It has appropriate policies and procedures in place to
ensure that its customers’ grievances are properly

(t) Ensures that the persons employed in the PSCA possess the
appropriate guarantees of honesty and professionalism and the
appropriate knowledge according to the tasks assigned to them.

Once the registration application is approved, CySEC shall
immediately register the applicant in the PSCA Register.

PSCA capital requirements

As per the Directive, the PSCA must always maintain capital at
least equal to the greater of the following amounts:

(a) the amount of the initial capital of the below Annex,
depending on the nature of its functions and activities;

(b) one quarter (1/4) of the fixed expenses of the PSCA during
the previous year, revised annually.

If less than one year has elapsed from the date on which the
PSCA became active, it shall use, for the calculation referred to
in point (b) above, the estimated fixed costs included in its
forecasts for its transactions of the first twelve months, as
submitted with the PSCA Application.

The provisions of point (b), shall enter into force on 1 January
2022, as follows:

(a) 30% of the amount concerned from 1 January 2022;

(b) 60% of the relevant amount from 1 January 2023;

(c) 100% of the relevant amount from 1 January 2024.


Cryptocurrency Services

Initial Capital

Category 1

PSCA providing investment advice

Category 1

Category 2

PSCA providing the services of Category 1 and/or any of the
following services:

(a) Receiving and transmitting orders; and/or

(b) Execution of orders on behalf of clients; and/or

(c) Exchange between cryptocurrencies and fiat currencies;

(d) Exchange between cryptocurrencies; and/or

(e) Participation and/or provision of financial services related
to the distribution, offering and/or sale of cryptocurrencies,
including the initial offer; and/or

(f) disposal of cryptocurrencies without commitment withdrawal;

(g) portfolio management

EUR 125.000

Category 3

PSCA providing any of the services of Category 1 or 2

(a) management, transfer, transition, holding, and/or
safekeeping, including custody, of cryptocurrencies or
cryptographic keys or means enabling control over cryptocurrencies;

(b) acceptance and/or disposal of crypto assets with a
commitment to withdraw; and/or

(c) operation of a multilateral system in which several persons
interested in buying and selling cryptocurrencies can interact in a
way that results in a transaction.

EUR 150.000


For the purposes of examining the application for registration
in the PSCA Register, the PSCA pays to CySEC a fee of 10,000 Euros.
If the application for registration in the PSCA Register is
approved by CySEC, the PSCA does not pay any fee or subscription to
CySEC for the first year of its registration in the PSCA Register.
In case the application for registration in the Register of PSCA is
not approved by CySEC, the fee paid by the PSCA is not

In case of renewal in the PSCA Register for a period of one (1)
year, the PSCA pays a subscription of 5,000 euros.

For the submission of a notice of substantial change, a fee
shall be paid as follows:

(a) EUR 1,000 per service or activity;

(b) EUR 2,000 per change in the persons consisting the Board
Members of the PSCA;

(c) EUR 5,000 per change in the beneficiaries of the PSCA;

(d) EUR 1,000 per change regarding the website of the PSCA.

At the time of publication of the present article, CySEC has not
issued the relevant Application. It is expected to be issued within
the next month.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

Credit: Source link

Leave a comment

1 × 4 =