Crypto Asset Service Providers

15 free CySEC AML Chapter 8 flashcards. Tap a card to flip, or use the arrow keys to move through the deck.

Card 1 of 15Registration
1 / 15

Tap the card to flip · use ← → arrow keys to navigate

All 15 cards in this deck

Registration

What is the legal basis for the CASP Register?
Article 61E of the AML/CFT Law — the crypto-specific hook, distinct from Article 54 (MOKAS) and Article 59 (CySEC).
When must a CASP register?
Before providing any crypto-asset services — including firms established abroad that offer services in Cyprus.
How long does CySEC have to assess a CASP application?
Six months.
What can happen to a CASP that is inactive for six continuous months?
It can be struck off the register — the same six-month figure that applies to CySEC's assessment period.

Governance

What is the minimum CASP board composition?
At least four fit-and-proper members: two directing the business and two independent.

Fit and proper

What standard applies to a CASP's managers and beneficiaries?
They must be honest and competent — good reputation, relevant knowledge, skills and experience.

Suspension

Who can suspend a CASP, and what are the two correction windows?
The Chairman and/or Vice-Chairman of CySEC (Board informed next meeting). 7 days for information correction; 15 days for suspected non-compliance.
What can a suspended CASP not do, and what may it still do?
It cannot accept new clients, offer services, or advertise as registered — but it may wind down for existing clients (e.g. conclude transactions, return assets).

Notifications

What are the notification deadlines for CASP changes?
Core identity changes: within one month. Operational-information changes: within 15 days. Material changes need prior approval.

Penalties

What is the penalty for breaching the CASP registration obligation?
Up to 5 years' imprisonment and/or a fine of up to €350,000.

Guidance

What is Policy Statement PS-01-2021?
The CySEC Policy Statement on the Registration and Operations of CASPs, sitting alongside the AML/CFT Law and the CySEC directives.

Obliged entity

Are CASPs Obliged Entities?
Yes — full Obliged Entities to which all workbook chapters apply: KYC/CDD/EDD, source-of-funds checks, monitoring, and suspicious reporting.

Client protection

What must a CASP do to protect client crypto-assets?
Run systems and controls that minimise the risk of theft or loss of clients' crypto-assets.

Conduct

What conduct rules apply to CASP remuneration and client information?
Remuneration must not motivate aggressive selling, and client information (including marketing, clearly identified as such) must be accurate, clear and not misleading.

Register

What does the public CASP register show?
Identifying details — name/trade name, legal form, LEI, address, services and website — plus the public crypto-asset addresses/wallets the CASP controls.
← Chapter 8 guide & exam weightMore CySEC AML decks →