13th Apr 2023
The Cyprus Ministry of Finance (“MoF”) has decided to withdraw the proposed “Bill on the Distributed Ledger Technology Law of 2021” (the “DLT Bill”). According to recent media reports and publications this is due to an opinion from the Law Office of the Republic of Cyprus that the DLT Bill is redundant and unconstitutional and due to the anticipated passing and implementation of the Markets in Crypto-Assets Regulation (“MICA”) which might overlap with the DLT Bill.
The Cyprus Bar Association (“CYBAR”) has commented on the Ministry’s decision and the stated reasons for withdrawal and has expressed its strong disagreement with the MoF’s decision to withdraw the DLT Bill and with the reasoning put forth for its decision. In CYBAR’s view the MoF did not take into account the purpose of the DLT Bill and how it could promote Distributed Ledger Technology (“DLT”) such that Cyprus could, in the near future, develop into blockchain hub. It also expressed the view that the scope of the DLT Bill was different to that set out in MICA and requested transparency surrounding the Law Office’s reasoning underpinning its opinion that the DLT Bill was redundant and unconstitutional.
We have commented on the DLT Bill in a previous publication in relation to its potential application to NFTs. In this article we summarise the main provisions of the ill-fated bill, those of the existing regulatory framework in Cyprus for cryptoassets (implemented pursuant to the EU’s 5th AML Directive) and the prospective regulatory framework that will be introduced by MICA for the purposes of comparison. As can be seen from the below, although there appears to be a significant degree of overlap between the existing regulatory framework for crypto-assets in Cyprus and the framework that will be introduced by MICA (which may come to supersede the local framework) there appears to be little overlap between either and the now withdrawn DLT Bill.
The Republic of Cyprus signed the joint Declaration of the Southern Mediterranean Countries on Distributed Ledger Technologies on 4 December 2018, pursuant to which the Cyprus National Blockchain Strategy was drawn up. The DLT Bill was aimed at building on those efforts and establishing a framework to give legal effect to DLT products.
The DLT Bill defined “tokens” and “cryptoassets” as:
a digital representation of value or rights which may be transferred and stored electronically using Distributed Ledger Technology or similar technology and is not:
The DLT Bill further categorised cryptoassets (or tokens) in two different ways:
The DLT Bill provided that tokens “irrespectively of whether they are digitally or nondigitally native [i.e. native or non-native tokens] are personal, movable property of the person they belong to”. In relation to tokens certifying ownership of a physical asset (such as NFTs for example), the DLT Bill provided that “the owner of the token has the same rights in the underlying asset as in the token”. Registration in the name of a specific person, natural or legal in a blockchain or other DLT system; or the possession of one or several private keys that are connected to a token would “constitute rebuttable presumptions of evidence of ownership of a token”. Taken together these provisions sought to provide a legal framework through which legal ownership of an asset (whether digital or physical) could be demonstrated by a DLT network.
Other parts of the DLT Bill set out the ways in which ownership of a token could be transferred. It recognised that transfer of ownership through a DLT network would also have legal effect but also provided that transfer of ownership of a token without having the DLT network updated (i.e. an “off-chain” transfer) could also have legal effect. Importantly the DLT Bill stated that a record on a blockchain which was the product of error, deceit, or fraud would be and empowered Courts to “order any person…to restitute the record or provide any other remedies for the restitution of the record or the damage caused”. This would have provided for legal certainty and remedies in the event of anything going wrong, which in the long-term could inspire both consumer and investor confidence in DLT networks by ensuring that they are not treated as unknown variables in the legal system.
Further to the above, the DLT Bill provided for the legal validity of smart contracts (provided that the requirements of the applicable law with regards to the conclusion of a valid contract were complied with), or that they could be part of a broader legally binding and valid contract. Pursuant to the DLT Bill any smart contracts recorded in code, were to be regarded as written contracts and could be used in Court as evidence. This would have again allowed for legal certainty and may have bred confidence in the use of DLT networks and smart contracts for making arrangements between parties otherwise distrustful of each other.
Cyprus CASP Registration Regime
EU Directive 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or Terrorist financing (the “EU AML Directive”) was amended by Directive (EU) 2018/843 (commonly referred to as the EU 5th AML Directive). One of the amendments introduced required EU Member States to ensure that providers of exchange services between virtual currencies and fiat currencies and custodian wallet providers (amongst others) were registered. Cyprus has transposed the EU AML Directive through the Prevention and Suppression of Money Laundering and Terrorist Financing Law, L.188(I)/2007, (the “AML Law”).
The EU AML Directive defined virtual currencies as “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically”.
The AML Law transposed the above definition into domestic law as follows:
“Crypto Asset” means a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by persons as a means of exchange or investment and which can be transferred, stored, and traded electronically, and it is not-
Whilst there is some similarity between the above definitions and the definition of a cryptoasset set out in the DLT Bill we note that the above definitions do not require that cryptoassets use DLT or similar technology but only that they are capable of being transferred, stored and traded electronically. We also note that the relevant definition in the AML Law, by contrast to that in the EU AML Directive specifically refers to, and excludes, fiat currency, electronic money and MIFID II financial instruments from its scope. However it also includes digital representations of value that are accepted as a means of “investment” as well as those that are accepted as a means of “exchange”.
In addition to the definition set out above, the AML Law provides a definition for providers of services in relation to crypto-assets – referred to as Crypto-Asset Service Providers or CASPs. In order to comply with the registration requirements set out in the EU AML Directive, the AML Law introduces a CASP register and requires any person providing services in relation to Crypto-Assets to apply to the Cyprus Securities and Exchange Commission (“CYSEC”) in order to become registered.
This registration requirements applies to CASPs that provide services from Cyprus, and to any CASPs that are based abroad and provide services to persons in Cyprus. CASPs based in other EU Member States and duly registered pursuant to their Home Member State’s law transposing the EU AML Directive are not required to register but must nevertheless notify CYSEC of their intention to provide services to persons in Cyprus. CYSEC has published its own Directive in relation to CASPs which sets out a number of minimum requirements that prospective CASP registrants must comply with (including minimum capital requirements, systems and controls, and avoiding conflicts of interest).
MICA is expected to enter into force in 2023 and is set to establish a harmonised regulatory framework for crypto-assets across the EU. Article 3 of MICA defines a crypto-asset as “a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology”. It is important to note that MICA will not apply to crypto-assets that would qualify as MIFID II financial instruments and other categories of asset that are already subject to regulation under different and existing EU Regulations and Directives.
MICA will distinguish between crypto-assets in the following way:
Core requirements that will be introduced by MICA include the requirement that all issuers of the three types of crypto-asset will have to issue white papers. These constitute prospectus-like documents that will inform prospective holders of the tokens about their characteristics. White-papers will have to be issued prior to the offer of any tokens to the public and prior to their listing on any trading platform. MICA will introduce minimum content requirements for white papers including information about the issuer, the crypto-asset project, associated risks and on any principal adverse environmental and climate related impacts of the consensus mechanism used to issue the crypto-asset.
Issuers of electronic money and asset referenced tokens will have to comply with stricter rules due to concerns with regard to financial stability and monetary sovereignty. The public offer or listing of asset-referenced tokens and electronic money tokens within the EU will generally require prior approval.
In addition to the above MICA will also introduce an EU framework for the authorisation and supervision of CASPs in order to be able to provide crypto-asset services and we anticipate that this framework will supersede the existing registration framework provided for under the EU AML Directive. It is noted that specified categories of institution that already subject to supervision under EU financial services regulation will be permitted to provide services in relation to crypto-assets, without having to apply for authorisation as a CASP, by filing a notification with the national competent authority responsible for their supervision. MICA will also introduce its own definitions for crypto-asset services and for CASPs. These are somewhat similar to those set out in the Cyprus AML Law.
Moreover, MICA will also set out rules for several other areas involving crypto-assets. Amongst other things it will introduce rules for market abuse similar to those set out in the Market Abuse Regulation (Regulation 596/2014) including a prohibition on insider dealing and requirements regarding the disclosure of inside information. It will also place requirements on boards of asset-referenced tokens and CASPs to assess and periodically review effectiveness of policy arrangements and compliance procedures.
We note that there is a degree of similarity between the definition for crypto-assets in the DLT Bill, the AML Law and MICA, but that there are several differences as well. For example, both the DLT Bill and MICA require that crypto-assets are based on DLT – a requirement absent from the AML Law definition. Notwithstanding any difference and similarities, we consider that the simplest, and widest definition, is that set out in MICA but that in any event there would be a substantial degree of overlap such that the majority of crypto-assets (as the term would be commonly understood) would fall within each of the definitions described above.
Ultimately, we would agree with the assessment that there is no substantial degree of overlap between the DLT Bill on the one hand and the AML Law and MICA on the other. The AML Law provides a regulatory framework providing for the registration of, and minimum requirements for, CASPs. MICA’s provisions are more wide-ranging than those of the AML Law but there is a substantial degree of overlap with regards to the authorisation, and minimum requirements for, CASPs. Importantly MICA will apply equally in all EU Member States and there will not be any differences in implementation (as there may exist with the EU AML Directive). However, the subject matter of the DLT Bill was different in that it sought to provide a legal framework through which legal ownership and transfer of ownership could be evidenced by a DLT network and provide for the legal validity of smart contracts. These provisions may have provided a degree of legal certainty such that they may have bred confidence in the use of DLT networks and smart contracts for making arrangements between parties otherwise distrustful of each other. They are not replicated in the AML Law or MICA, the scope of which appears to be substantially different.