The Cyprus Securities and Exchange Commission (CySEC) issued for the first time regulations regarding cryptocurrency, which can be found in Circular C417, published in the end of November 2020. These rules have as a main aim to safeguard that Cyprus Investment Firms (CIFs), make provision to cover investments in cryptocurrencies and that risks involving cryptocurrencies are managed property.

In accordance with the Circular, CIFs must first obtain authorization from CySEC to trade in cryptocurrencies, as they are not specifically regulated by previous financial regulation, whether in Cyprus, or at the level of the EU.

The first three provisions outlined in the Circular, specify how CIFs should calculate capital adequacy for cryptocurrency investment, and how to report it.

Then, risks must be carefully managed. CIFs must assess the risks emanated from trading in crypto assets, and/or in financial instruments regarding to crypto assets, for their own account or clients within the Internal Capital Adequacy Assessment Process (ICAAP). The assessment and discussion of the risks associated with the activity in crypto assets should be included together with a sensitivity analysis that indicates in what way the risks identified affect the CIF's estimations. Furthermore, any mitigations should also be discussed, stating any supplementary capital that should be held in relation to the identifies risks.

Correspondingly, CIFs must also disclose any material crypto-asset holdings and provide information on the: exposure amounts of different crypto-asset exposures; the capital requirement for such exposures and the accounting treatment of such exposures.

CIF's, which trade in crypto assets, and/or in financial instruments relating to crypto assets, must re-examine their risk management procedures and strategies and ensure that all risks related with this product are fully taken into consideration.

Based on Section 68 of the Law 144(I)/2007, which still applies, states:

"CIF's must have in place sound, effective and complete strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that they consider adequate to cover the nature and level of the risks to which they are or might be exposes. These strategies and processes are subject to regular internal review to ensure that they remain comprehensive and proportionate to the nature, scale and complexity of the activities of the CIF".

Finally, the circular concludes that, considering the nature of crypto assets, CIFs should also examine taking mitigating measures against operational, cybersecurity and reputational risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.