The Cyprus Securities and Exchange Commission ("CySEC") issued a Policy Statement on the Registration and Operations of Crypto Asset Services Providers ("CASP") – PS-01-2021 in early September to layout its finalised rules for CASPs under the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (the "AML/CFT Law"), the CySEC Directive for the prevention and suppression of money laundering and terrorist financing - Register of Crypto Asset Services Providers Financing (hereafter referred to as the "Cumulative CASP Rules"), outlining the next stages as well as CySEC's expectations.

Crypto-assets are a broad phrase that refers to a variety of [private] assets that all have one thing in common: they use cryptography and Distributed Ledger Technology (“DLT”). DLT, which includes Blockchain, is a game-changing technology that allows for global validation and storage of transactions, data, and other information. It is supported by a cryptographic system that operates on the basis of key pairs: On the one hand, public keys are widely known addresses that are used for identification; on the other hand, private keys are not widely known addresses that are used for authentication and encryption, as well as proof of ownership of a crypto-asset, making crypto-assets bearer instruments.

Crypto-assets may, depending on their structure,

1. Qualify as financial instruments under the Investment Services and Activities and Regulated Markets Law (the "Investment Services Law");
2. Meet the requirements of the Electronic Money Law2 (the "E-Money Law") by transposing EMD2 (the "E-Money Law");

III. Be a digital representation of value that isn't issued or guaranteed by a central bank or financial institution. It is not necessarily connected to a legally established currency and does not have the legal status of money or currency, but it is accepted as a means of exchange by natural or legal persons and can be transferred, stored, and traded electronically, and it does not qualify as fiat currency or any of the instruments referenced in points I and (ii) above.

PS-01-2021 was preceded by the CASP Registration Directive. In the meanwhile, based on comments from interested parties, we've made small modifications to our regulations to provide more clarity on territorial and procedural concerns, which are further elaborated by PS-01-2021. The Cyprus Government Gazette has issued the modified CASPRegistration Directive. PS-01-Annex 2021's 1 contains an unofficial translation and consolidation.

CASPs are required entities under the AML/CFT Law, and they must fully comply with their obligations arising from the Cumulative CASP Rules, including but not limited to:

• the fitness and probity of CASP Beneficiaries and persons holding management positions;

• the conditions relating to CASPs registration;

• the organisational and operational requirements;

• performing Know Your Client and other clients due to diligence measures;

• doing a comprehensive risk assessment in relation to their clients and activities, and taking proportionate measures per client, activity, and crypto-asset in question;

• monitoring their clients' transactions;

• identifying and reporting suspicious transactions;

• doing a comprehensive risk assessment in relation to their clients and activities and taking proportionate measures per client, activity, and crypto-asset in question.

CySEC believes that this approach will reduce some, but not all, of the dangers associated with crypto-asset investments, which will be addressed further at the EU level under the planned Regulation on Crypto Asset Markets.

As a result, before investing in any crypto asset, investors should be aware of the considerable risks involved. In the spirit of transparency, CySEC considers the following concerns to be among the most serious:

• Risks to investor protection, including the risk of fraud, conflicts of interest, poor conduct, the inadequate financial position of intermediate actors, poor governance, and poor organisational and operational arrangements;

• Risks to market integrity, including the risk of fraud, conflicts of interest, poor conduct, the inadequate financial position of intermediate actors, poor governance, and poor organisational and operational arrangements;

• Risks arising from technological particularities, such as the possibility of smart contract coding errors, the possibility of a controlling majority of a network's validation capacity, engaging in fraudulent activities, creating double-spending or other abusive opportunities, or the possibility of cyber-attacks, all of which pose unique business continuity and disaster recovery challenges;

• Custody risks, which arise from technological particularities (such as holding crypto-assets online in so-called Hot Wallets5), the possibility of hardware theft (i.e. from so-called Cold Wallets), and the fact that investments in crypto-assets that do not qualify as financial instruments are not eligible for compensation by the Investors' Compensation Fund;

• ML/FT risks, arising from the bearer nature of crypto-assets (which are anonymous7 or pseudo-anonymous to some extent and can be used in the context of electronic contactless transactions) and anonymous crypto wallets, as well as emerging products, services, or tools infiltrating the crypto-assets ecosystem, which further facilitate anonymity, and thus creating new ML/FT opportunities, including new opportunities for taking over the role.

For more information please contact us at info@savvacyprus.com. We would be happy to assist you.