15 free CySEC AML Chapter 8 flashcards. Tap a card to flip, or use the arrow keys to move through the deck.
Card 1 of 15Registration
1 / 15
Tap the card to flip · use ← → arrow keys to navigate
All 15 cards in this deck
Registration
What is the legal basis for the CASP Register?
Article 61E of the AML/CFT Law — the crypto-specific hook, distinct from Article 54 (MOKAS) and Article 59 (CySEC).
When must a CASP register?
Before providing any crypto-asset services — including firms established abroad that offer services in Cyprus.
How long does CySEC have to assess a CASP application?
Six months.
What can happen to a CASP that is inactive for six continuous months?
It can be struck off the register — the same six-month figure that applies to CySEC's assessment period.
Governance
What is the minimum CASP board composition?
At least four fit-and-proper members: two directing the business and two independent.
Fit and proper
What standard applies to a CASP's managers and beneficiaries?
They must be honest and competent — good reputation, relevant knowledge, skills and experience.
Suspension
Who can suspend a CASP, and what are the two correction windows?
The Chairman and/or Vice-Chairman of CySEC (Board informed next meeting). 7 days for information correction; 15 days for suspected non-compliance.
What can a suspended CASP not do, and what may it still do?
It cannot accept new clients, offer services, or advertise as registered — but it may wind down for existing clients (e.g. conclude transactions, return assets).
Notifications
What are the notification deadlines for CASP changes?
Core identity changes: within one month. Operational-information changes: within 15 days. Material changes need prior approval.
Penalties
What is the penalty for breaching the CASP registration obligation?
Up to 5 years' imprisonment and/or a fine of up to €350,000.
Guidance
What is Policy Statement PS-01-2021?
The CySEC Policy Statement on the Registration and Operations of CASPs, sitting alongside the AML/CFT Law and the CySEC directives.
Obliged entity
Are CASPs Obliged Entities?
Yes — full Obliged Entities to which all workbook chapters apply: KYC/CDD/EDD, source-of-funds checks, monitoring, and suspicious reporting.
Client protection
What must a CASP do to protect client crypto-assets?
Run systems and controls that minimise the risk of theft or loss of clients' crypto-assets.
Conduct
What conduct rules apply to CASP remuneration and client information?
Remuneration must not motivate aggressive selling, and client information (including marketing, clearly identified as such) must be accurate, clear and not misleading.
Register
What does the public CASP register show?
Identifying details — name/trade name, legal form, LEI, address, services and website — plus the public crypto-asset addresses/wallets the CASP controls.