Skip to main content

CySEC Policy Statement PS-03-2024 on Fees and Information Submission

CySEC’s Policy Statement PS-03-2024 establishes the framework for fees and information submission with a clear focus on MiCAR compliance for CASPs.

This policy outlines essential requirements for Crypto Asset Service Providers (CASPs) in Cyprus, covering compliance, licensing, and ongoing obligations

In this article, we break down the key aspects of MiCAR compliance, including applicable fees and actionable steps for CASPs to navigate the regulatory landscape.

Whether you’re pursuing CASP authorization or aligning with MiCAR’s requirements, this guide provides essential insights.

At CX Financia, we specialize in licensing and compliance support for CASPs and other regulated entities, helping you achieve seamless regulatory alignment.

Visit our financial services page to learn how we can assist you in meeting MiCAR obligations.

What is CySEC Policy Statement PS-03-2024?

CySEC’s Policy Statement PS-03-2024, published on December 13, 2024, establishes the regulatory framework in several key areas, including:

  1. Offerors and persons seeking admission to trading of crypto-assets other than Asset-Referenced Tokens (ARTs) and Electronic Money Tokens (EMTs).
  2. Issuers of ARTs,espec especially in cases where they are not credit institutions.
  3. Crypto Asset Service Providers (CASPs) authorized under MiCAR.

Furthermore, the policy, which is comprehensively detailed within the statement, follows a public consultation process that began in June 2024 through Consultation Paper CP-01-2024. This approach ensures a transparent and collaborative development of regulatory requirements.

Background: Understanding MiCAR

MiCAR introduces a harmonized regulatory framework across the European Union for crypto-assets that are not classified as financial instruments. It governs:

  1. Initial offerings of crypto-assets.
  2. Admission of crypto-assets to trading platforms.
  3. Services related to crypto-assets, such as custody, exchange, and portfolio management.

CySEC is tasked with overseeing MiCAR compliance in Cyprus. The regulation becomes enforceable on December 30, 2024, with transitional provisions allowing existing entities to operate temporarily under national rules.

Types of Crypto-Assets Covered by MiCAR

  1. Asset-Referenced Tokens (ARTs): Stablecoins backed by a basket of assets.
  2. Electronic Money Tokens (EMTs): Digital tokens pegged to fiat currencies.
  3. Other Crypto-Assets: Cryptocurrencies like Bitcoin or utility tokens.

Entities operating within these categories must comply with stringent licensing, governance, and reporting obligations under MiCAR.

Key Compliance Requirements for CASPs

CASPs are central to MiCAR’s regulatory framework. Specifically, they provide services such as custody, trading platform operations, and portfolio management involving crypto-assets. To comply with these regulations effectively, CASPs must adhere to strict licensing requirements and implement robust governance frameworks. These obligations are designed to enhance transparency and accountability in crypto-asset operations.

Below are the key compliance requirements:

1. Licensing Requirements

To operate legally under MiCAR, CASPs must obtain authorization from CySEC. The application process includes:

  • Submitting detailed documentation about governance structures.
  • Demonstrating compliance with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) regulations.
  • Providing evidence of financial stability and operational readiness.

2. AML/CFT Obligations

CASPs are considered “obliged entities” under AML/CFT legislation. They must:

  • Implement robust Know Your Customer (KYC) procedures.
  • Monitor transactions for suspicious activities using blockchain analytics tools.
  • Report any suspicious transactions to CySEC or relevant authorities.

3. Consumer Protection Measures

CASPs must prioritize consumer protection by:

  • Disclosing all fees and risks associated with their services.
  • Maintaining transparent complaint handling mechanisms.
  • Ensuring that marketing communications are clear and not misleading.

4. Governance Framework

CASPs are required to establish:

  • Independent compliance functions to oversee regulatory adherence.
  • Risk management systems tailored to their operations.
  • Internal audit mechanisms to evaluate governance effectiveness regularly.

Applicable Fees Under CySEC’s Policy

CySEC has introduced a fee structure tailored to support MiCAR compliance for CASPs, ensuring that regulatory oversight is balanced with operational fairness. This structure includes both fixed annual fees and variable components based on financial turnover.

Below is a summary of fees applicable to CASPs:CySEC has established a fee structure that balances regulatory oversight with operational fairness. Below is a summary of fees applicable to CASPs:

Fixed Annual Fees

Service TypeFixed Annual Fee
Custody Services€10,000
Trading Platform Operations€20,000
Exchange Services€5,000
Execution of Orders€5,000
Reception & Transmission of Orders€5,000
Providing Advice€8,000
Portfolio Management€8,000
Fixed Annual Fees

Variable Component Based on Turnover

An additional fee applies based on financial turnover from crypto-related services:

Turnover RangePercentage
€500,001–€1 million1%
€1 million–€5 million0.4%
€5 million–€10 million0.3%
Over €10 million0.1%
Variable Component Based on Turnover

The annual supervisory fee is capped at €500,000. For assistance with CASP licensing or compliance in Cyprus, explore our licensing services

Information Submission Requirements

The Cyprus Securities and Exchange Commission (CySEC), through its Policy Statement PS-03-2024, has outlined specific information submission requirements for entities falling under the scope of the Markets in Crypto-Assets Regulation (MiCAR).

These requirements play a critical role in ensuring compliance with MiCAR’s regulatory framework and are particularly relevant to Crypto Asset Service Providers (CASPs)

Key Submission Requirements

Entities operating under MiCAR must submit detailed information to CySEC as part of their compliance obligations. The submission process is designed to ensure transparency, accountability, and adherence to MiCAR’s stringent regulatory standards.

1. Applications for Authorization

Entities seeking authorization under MiCAR must provide comprehensive documentation. This includes:

Governance Frameworks

  • A detailed description of the entity’s governance structure, including roles and responsibilities of the management body.
  • Evidence of suitability assessments for members of the management body, ensuring they possess the necessary knowledge, skills, and experience.
  • Policies for managing conflicts of interest, internal controls, and risk management.

AML/CFT Measures

  • Documentation outlining Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) measures.
  • Procedures for conducting customer due diligence (CDD), transaction monitoring, and reporting suspicious activities.
  • Use of blockchain analytics tools to trace transactions and identify high-risk activities.

Details on Services Provided

  • A breakdown of all crypto-related services offered by the entity, such as custody, trading platform operations, portfolio management, or advisory services.
  • Information on how these services comply with MiCAR’s requirements.

2. Notifications

Entities must notify CySEC about significant changes that could impact their operations or compliance status. Key notification requirements include

Changes to Management Body or Key Personnel

  • Immediate notification of any changes to the management body or key function holders.
  • Submission of updated suitability assessments for new members or key personnel.

Proposed Acquisitions or Structural Changes

  • Notification of any proposed acquisitions or mergers involving the entity.
  • Detailed plans outlining how these changes will impact the entity’s compliance with MiCAR.

3. Annual Reporting Obligations

Entities are required to submit annual reports that provide a comprehensive overview of their operations and compliance status. These reports must include:

Financial Turnover from Crypto-Related Services

  • A breakdown of revenue generated from crypto-related services.
  • Audited financial statements detailing turnover from each service provided.

Compliance with AML/CFT Measures

  • Evidence of ongoing compliance with AML/CFT regulations.
  • Updates on any changes to AML/CFT policies or procedures.

CySEC’s Emphasis on ESMA Templates

CySEC has stressed that all submissions must adhere to templates provided by the European Securities and Markets Authority (ESMA).

These templates standardize information submission across all EU member states, ensuring consistency and facilitating regulatory oversight. For example:

  1. Applications for authorization must follow ESMA’s templates for governance frameworks and AML/CFT documentation.
  2. Notifications regarding management changes or acquisitions must include specific details outlined in ESMA’s technical standards.

At CX Financia, we assist entities in preparing submissions that meet CySEC and ESMA requirements. Learn more about our compliance services.

Feedback from Public Consultation

During the consultation period (June–July 2024), stakeholders raised concerns about certain aspects of the proposed fees and requirements. In particular,key feedback included:

  1. The need for a cap on annual supervisory fees to prevent excessive costs for large-scale operators.
  2. Clarifications on turnover-based fee calculations for CASPs.
  3. Adjustments to reflect the business models of different entities.

CySEC’s Adjustments Based on Feedback

In response to stakeholder concerns, CySEC made several adjustments to its final approach:

1. Cap on Annual Supervisory Fees

CySEC introduced a cap of €500,000 for annual supervisory fees applicable to CASPs. This ensures that large-scale operators are not disproportionately burdened by fees.

2. Turnover-Based Fee Clarifications

The methodology for calculating turnover-based fees was clarified:

  • Only revenue from crypto-related services will be considered.
  • Entities must provide audited financial statements with a detailed breakdown of turnover sources.

3. Fixed Components Adjusted for Business Models

The fixed fee structure was adjusted to better reflect the scale and complexity of services provided by CASPs. For example:

  • Custody services incur a fixed annual fee of €10,000.
  • Trading platform operations incur a higher fixed fee of €20,000 due to their complexity and risk profile.

Next Steps for CASPs

Entities falling under MiCAR must act promptly to ensure compliance:

  1. Submit applications or notifications to CySEC by relevant deadlines outlined in PS-03-2024.
  2. Ensure governance structures align with MiCAR requirements. This includes conducting regular suitability assessments for management members and maintaining robust internal controls.
  3. Review internal AML/CFT frameworks to meet compliance standards. AML/CFT compliance is a cornerstone of MiCAR’s regulatory framework. CASPs must invest in advanced blockchain analytics tools and implement rigorous transaction monitoring systems.
  4. Comprehensive Reporting Obligations.Annual reporting requirements demand meticulous record-keeping and transparency. CASPs should establish processes to track financial performance and compliance metrics throughout the year.

At CX Financia, we specialize in guiding businesses through regulatory requirements like MiCAR. Whether you need help with licensing or ongoing compliance support, our team is here to assist you.

How CX Financia Can Help?

Complying with regulations like MiCAR requires expertise and precision. At CX Financia:

  1. We assist with preparing applications for authorization under MiCAR.
  2. Our team provides guidance on implementing governance frameworks and AML/CFT measures.
  3. We help entities prepare notifications and annual reports that meet CySEC’s stringent standards.

Visit our financial services page to learn more about how we can support your business.

Conclusion

CySEC’s Policy Statement PS-03-2024 establishes a comprehensive framework for fees and information submission requirements under MiCAR, providing clarity and addressing key stakeholder concerns raised during the public consultation process.

For Crypto Asset Service Providers (CASPs), this policy serves as a critical guide to achieving regulatory compliance while navigating the complexities of MiCAR’s obligations.

Entities operating in Cyprus must act promptly to align their governance structures, AML/CFT measures, and reporting processes with these new requirements.

Prioritizing MiCAR compliance for CASPs is essential not only to meet CySEC’s standards but also to ensure operational continuity and mitigate potential regulatory risks.