CySEC CASP Authorisation Applications under MiCAR

By Athos Myrianthous

Before the implementation of the Markets in Crypto-Assets Regulation (MiCAR), Crypto-Asset Service Providers (CASPs) in Cyprus were registered and operated pursuant to the local CASP regime, ‘Prevention and Suppression of Money Laundering and Terrorist Financing Laws 2007-2021’.

On the 17th of October 2024, the Cyprus Securities and Exchange Commission (CySEC) announced that it would no longer accept any new applications for CASPs under the local regime, and guidance was provided on how to transition from the local regime to Regulation 1114/2023 on MiCAR.

Furthermore, on 13th November 2024, CYSEC announced the beginning of a preliminary assessment phase for CASP registration applications under MiCAR. The preliminary assessment period remained open until December 30, 2024, the date when MiCAR’s CASP regime came into effect. After this date, CASP authorisation applications should only be made under the new MiCAR regime.

For the preliminary phase, CySEC published an Application Form for CASP authorisations pursuant to Article 62 of MiCAR. The Form is expected to be updated and/or finalised after December 30, 2024, when MiCAR formally comes into effect.

Applications for Authorisation under MiCAR

Article 62 (2) of MiCAR sets out the information that entities intending to provide crypto-asset services should include in their application for authorisation to the competent authority of their home Member State. This information includes:

General Information on the Applicant

General information regarding the Applicant entity including its legal name, physical address, contact details, the website domain to be operated, and incorporation documents.

Crypto Services to Be Provided

The Applicant will need to identify the crypto services it wishes to offer based on the following:

• Provision of custody and administration of crypto-assets on behalf of clients, including safekeeping or controlling, on behalf of clients, of crypto-assets or of the means of access to such crypto-assets, where applicable in the form of private cryptographic keys.
• Operation of a trading platform for crypto assets.
• Exchange of crypto assets for funds.
• Exchange of crypto-assets for other crypto-assets.
• Execution of orders for crypto assets on behalf of clients.
• Placing of crypto assets.
• Reception and transmission of orders for crypto assets on behalf of clients.
• Provision of advice on crypto assets.
• Provision of portfolio management services on crypto assets.
• Provision of transfer services for crypto assets on behalf of clients.

Governance Arrangements

The Applicant’s governance arrangements, including a comprehensive organisational structure. Additionally, evidence that the members of the management body and qualified shareholders are of sufficiently good repute and that members of the management body possess the appropriate knowledge, skills and experience to manage the Applicant need to be submitted

Prudential Requirements and Minimum Capital

Information showing compliance with the prudential requirements in Article 67, including permanent minimum capital requirements set out in Annex IV of MiCAR.

Class 1	Crypto-asset service provider authorised for the following crypto asset services: execution of orders on behalf of clients; placing of crypto assets; provision of transfer services for crypto assets on behalf of clients; reception and transmission of orders for crypto assets on behalf of clients; provision of advice on crypto assets; and/or provision of portfolio management on crypto assets.	EUR50,000
Class 2	Crypto-asset service provider authorised for any crypto-asset services under class 1 and: the provision of custody and administration of crypto assets on behalf of clients; the exchange of crypto assets for funds; and/or the exchange of crypto-assets for other crypto-assets.	EUR125,000
Class 3	Crypto-asset service provider authorised for any crypto-asset services under class 2 and: the operation of a trading platform for crypto assets.	EUR150,000

Business Plan

A Business Plan, including forecast accounting plans and financial statements, and calculations of the Applicant’s capital requirements.

Internal Control Mechanisms, Policies and Procedures

A description of its internal control mechanisms, policies and procedures to identify, assess and manage risks, including money laundering and terrorist financing risks, and a business continuity plan.

Program of Operations

A Program of Operations describing the operations of the Applicant and including, among other, the types of crypto-asset services that the applicant intends to provide and where and how those services are to be marketed, as well as the types of crypto-assets to which the crypto-asset services will relate.

Information Security Arrangements

The technical documentation of the ICT systems and security arrangements, and their description in a non-technical language.

Complaints Handling

A complaints’ handling policy that describes the procedures for handling clients’ complaints should also be included.

Segregation of Clients’ Funds and/or Assets and Custody

Description of the procedure for the segregation of the Clients’ funds and/or crypto assets.

Technical and Operational Requirements

Depending on the crypto services the Applicant will apply for, may need to submit the following technical and operational information:

• Operation of a trading platform: The operating rules and the system used to detect market abuse should be described.
• Custody and administration of crypto assets: A custody and administration policy must also be enclosed.
• Execution of orders for crypto assets: An Execution Policy should be provided, including a list of the trading platforms for crypto assets on which the applicant will rely for the execution of orders.
• Exchange of crypto-assets for funds or other crypto assets: A description of the commercial policy and the methodology for determining the price of the crypto-assets to exchange for funds or other crypto assets.
• Advice on crypto-assets or portfolio management of crypto assets: Evidence that the natural persons giving advice or managing portfolios have the necessary knowledge and expertise to fulfil their obligations.
• Transfer services: Information on the manner in which such transfer services will be provided.

Other Information to Accompany the Application

Other information required to be provided in an application may include the following:

• Agreements regarding the capital raised and evidence of paid-up capital.
• A copy of the insurance agreement to comply with Articles 67(5) and (6) of MiCAR.
• Certifications from the Applicant’s external auditors and legal advisers.
• Policies and procedures for conflicts of interest.
• Policies and procedures adopted to assess the suitability of crypto assets.

Registration Fees

To register on CySEC’s CASPs Register, the below charges apply:

• EUR 10.000 for the examination of an application. Successful applicants will not be required to pay an additional fee for the first year of their registration.
• EUR 5.000 for the purposes of annual renewal of registration.

Assessment Timeline

Pursuant of Article 63 of MiCAR, CySEC is required to acknowledge receipt of an application within five (5) working days and assess whether the application is complete within 25 working days. CySEC will have to grant or refuse authorisation within 40 working days of receiving a complete application based on compliance with MiCAR requirements.

Why choose Cyprus for setting up a CASP?

Setting up a CASP in Cyprus offers strategic advantages that align well with a balanced regulatory environment. Regulatory transparency is provided by CySEC, which has established clear guidelines for crypto businesses to operate in compliance with the applicable regulatory framework, European Union standards, and international best practices.

Cyprus offers a robust and supportive ecosystem for blockchain and digital asset businesses by hosting a fast-growing fintech sector, skilled talent pool, suitable infrastructure, and a favourable tax regime. Additionally, by being an EU member, the country offers access to the European Single Market, making it an ideal location for CASPs aiming to attract clients across Europe and beyond. By establishing in Cyprus, a CASP can benefit from a stable business environment, while positioning itself at the forefront of the digital financial services industry.

Conclusion

Obtaining authorisation with CySEC under MiCAR is a pivotal step for crypto-asset service providers aiming to operate within the EU’s regulatory framework. The application process ensures Applicants adhere to stringent requirements. In order to submit a comprehensive application, Applicants are required to navigate a number of commercial, risk and technical requirements, fostering transparency, good governance, consumer protection, and market integrity.

How can MAP S.Platis assist you with your CASP Application and other relevant service needs?

With a team of more than 100 multidisciplinary financial services consultants, MAP S.Platis is the leader in CySEC and EU authorisation and licensing for a variety of financial institutions, including Crypto-asset service providers (CASPs)

Our licensing services include:

• Consulting in the form of our group’s presence in Cyprus and the rest of the EU;
• Advisory support towards the authorisation and registration of an EU financial institution (including CASP / VASP license); 
• Preparation of the Application File in accordance with current regulatory requirements to include the following activities, among others:

• • Design and build the corporate and organisational structure based on your needs (in a cost-efficient way);

• • Prepare a custom-built Operations Manual in the most efficient manner and based on your needs;

• • Prepare the Anti-Money Laundering Manual (AML) and the Know Your Client (KYC) policies and procedures in the most efficient manner and based on your needs;

• • Prepare the business plan;

• • Complete the application form to be submitted to the relevant EU regulatory authority;

• • Review the questionnaires of the shareholders, directors and heads of departments of the proposed firm;

• • Locate qualified executive and non-executive directors (if needed);

• • Complete the relevant checklists;

• • Prepare necessary justifications to be submitted to the relevant EU regulatory authority, as applicable;

• • Prepare the letter(s) to accompany the application in the event that any exception may be requested;

• • Guide you in providing all the necessary documentation and certificates;

• • Answer any relevant questions concerning the application process, and;

• • Respond on your behalf to the regulatory authority’s queries and suggestions relating to the application.

In addition to the above, our clients trust us for:

• Day-to-day operational issues and support on various regulatory topics such as AML and many others;
• Changing shareholders and directors;
• Structuring and restructuring units and departments;
• Procedures, Manuals and policies drafting, updating and/or redrafting;
• Client Account Opening Questionnaires drafting and/or reviewing;
• Compliance Monitoring Programme drafting and/or review;
• Evaluation and analysis of systems and controls;
• Adjustments and changes to organisational structures;
• Suitability assessment of prospective personnel;
• Reporting to and dealing with the Regulator;
• Assistance and guidance with the preparation of annual/quarterly/monthly reports;
• General strategic advice (related to regulatory matters);
• Onsite inspections;
• Assistance with clients’ complaints;
• Regulatory update notifications;
• Website and marketing material compliance reviews;
• Assistance with updating regulatory Electronic Records;
• Calculation of regulatory Annual Fees;
• Regulatory Gap compliance analysis and impact assessment;
• Security controls;
• Business continuity and disaster recovery;
• Compliance Health Checks; and
• Thematic assurance reviews.

Get Started Today

Embark on your journey to becoming a licensed CASP in the EU. Contact us today to learn more about how our advisory support services can help you achieve your regulatory goals efficiently and effectively.