Key Findings of Cyprus National Risk Assessment with respect to Virtual Assets and Virtual Asset Service Providers (November 2021)

​Key Findings of Cyprus National Risk Assessment with respect to Virtual Assets and Virtual Asset Service Providers (November 2021)

Download the full report here 

Key Findings:

1. There is very limited VA or VASP (or VASP-type) activity in Cyprus. There have been limited access points for VA into the broader Cyprus economy.
2. There is a widespread perception that the VA/VASP sector is high risk, but overall there is limited direct understanding or experience regarding the specific Money Laundering (ML) and Terrorist Financing (TF) risks of VA and VASP sector on the part of key authorities.   CySEC has had initial direct supervisory experience supervising ML/TF risks of a small subset of entities.
3. CySEC will have a critical role supervising VA activities, leading Cyprus’s efforts to mitigate VA/VASP ML/TF risks.
4. The Police have acquired some direct experience and sophisticated understanding with VA.  
5. There is very limited to no use of specialised commercial cryptocurrency AML compliance and intelligence/blockchain forensics and transaction monitoring tools and databases. Supervisors, law enforcement and the FIU have received little to no access to and training on their use.
6. As of late 2020 Cyprus had not implemented the wire transfer rule for transfer of VA for FIs and VASPs, often referred to as the “Travel Rule” for VA.   The deficiency can be corrected in secondary legislation.
7. Current measures to mitigate NPO vulnerabilities, including the consulting project and risk assessment currently being undertaken on behalf of the Minitry of Interior (MOI), are not taking into account the VA/VASP sector.
8. Processes for updates from supervisors to obliged entities on designations to sanctions lists and other communications are designed for normal business hours. Because VA markets, unlike traditional financial markets, are active on a 24/7/365 basis, this could be a material gap with regard to VASPs and movement of VA (partly mitigated by other sources of updates available to obliged entities through widely available databases). 

Recommended Actions:

1. The Central Bank of Cyprus (CBC) and the Cyprus Securities and Exchange Commission (CySEC) should update their respective AML/CFT Directives to include measures dealing specifically with VA/VASPs. The revised directives should expressly incorporate the Travel Rule for VA wire transfers to address the FATF deficiency, and should make enhanced due diligence (EDD) indicators and requirements for VA that are currently implicit more explicit.
2. In light of CySEC’s role supervising VASPS and VA activities and leading Cyprus’ efforts to mitigate VA/VASP ML/TF risks, it should also provide education to its supervised obliged entities regarding identification of suspicious activity in relation to VAs.
3. Firms in the FI sector should expressly adopt written policies and procedures to comply with the wire transfer rule for VA. As the highest priority, CySEC should ensure that FIs already engaging in VASP-type activities do so.
4. Authorities should start to maintain and share data and metrics specific to VA/VASPs. Although activity levels now are believed to be negligible, this will enable an evidence-based baseline as activities increase, promoting earlier detection of risks or changes to risk levels.
5. Training and significant capacity building should be made available with respect to VA/VASP ML/TF risks, as well as technological and market evolution in VA/VASP sector. Training needs should be led and monitored at the Advisory Authority level.
6. Supervisory authorities, Law enforcment and the FIU should receive in depth training of these issues and enhance their capacity accordingly.
7. Cyprus should leverage its collaboration with other jurisdictions that have had additional and complementary experiences with the VA/VASP sector, drawing from these relationships to identify lessons and best practices. Such international cooperation could be an important channel for Cyprus to strengthen and accelerate its capacity building for the VA/VASP sector.