top of page
fnlogo.png

CySEC Urges Firms to Reinforce Anti-Money Laundering Controls Following End of MiCA Transition Period

  • 10 minutes ago
  • 4 min read

The Cyprus Securities and Exchange Commission (CySEC) has called on regulated financial institutions to strengthen their anti-money laundering and counter-terrorist financing frameworks following the conclusion of the European Union's transition period under the Markets in Crypto-Assets Regulation (MiCA) on July 1, 2026. In a circular issued this week, the regulator highlighted newly published guidance from the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, which outlines the money laundering and terrorist financing risks that may arise as the European crypto-asset market adapts to the full implementation of the new regulatory regime.



CySEC explained that, with the transition period now concluded, any firm wishing to continue providing crypto-asset services within the European Union must be authorised as a MiCA-compliant Crypto-Asset Service Provider (CASP). The regulator noted that the end of the transitional arrangements is expected to bring significant structural changes to the EU crypto-asset market, as virtual asset service providers that have not obtained the required authorisation leave the market and their customers either close their accounts or transfer their business to authorised providers.


According to the circular, AMLA has warned that this period of market adjustment could significantly increase money laundering and terrorist financing risks if firms fail to maintain effective safeguards throughout the transition. In response to these emerging risks, CySEC said AMLA recommends that authorised firms adopt a risk-based approach when accepting customers previously served by unauthorised providers, rather than refusing such customers automatically. Instead of relying on blanket de-risking measures, firms are expected to conduct individual risk assessments for each customer and apply customer due diligence measures that are proportionate to the level of risk presented by that client.


The regulator also drew attention to the risks affecting firms that are in the process of exiting the market. CySEC stated that unauthorised providers may experience a weakening of their anti-money laundering and counter-terrorist financing controls while winding down their operations, particularly where shortcomings had already been identified within their compliance frameworks. To reduce these vulnerabilities, the regulator advised firms that are required to cease operations under national legislation to establish comprehensive and properly documented wind-down plans. It further stated that firms should maintain effective governance arrangements, ensure sufficient operational resources remain available, and continue enhanced monitoring of their activities until every regulated business operation has formally ended.


CySEC warned that rapid departures from the market may reduce transparency surrounding customer relationships and the movement of crypto-assets, creating opportunities for illicit funds to be hidden or transferred quickly, including for the purpose of evading international sanctions. The regulator therefore reminded firms that they remain fully responsible for complying with all anti-money laundering obligations throughout the wind-down process. This includes maintaining current customer due diligence information and reporting suspicious transactions or other suspicious activities whenever appropriate.


For authorised Crypto-Asset Service Providers, the regulator cautioned that the transition may substantially alter their overall risk exposure as customers migrate from firms that are no longer permitted to operate within the European Union. According to CySEC, these customer movements could significantly reshape business models and customer portfolios while potentially concentrating higher-risk clients among authorised providers.


To address these developments, CySEC said firms should ensure that their transaction monitoring systems possess sufficient capacity to process increased volumes of crypto-asset transfers. The regulator also advised firms to maintain adequate staffing levels and ensure their technological infrastructure is capable of handling the additional operational demands created by customer migration. It further warned that a rapid increase in customer onboarding could place considerable pressure on transaction monitoring systems and compliance functions, making it essential for firms to strengthen their onboarding procedures and improve the integration of customer risk information into their compliance processes.


The circular emphasises that customer due diligence should remain a core element of every onboarding process, while enhanced due diligence measures should be implemented whenever higher-risk circumstances are identified. At the same time, CySEC stressed that customers transferring from unauthorised virtual asset service providers should not automatically be classified as presenting a higher risk solely because of their previous provider. Instead, each customer should be assessed individually in accordance with a comprehensive risk-based approach.



The regulator also reminded all supervised entities that responsibility for complying with anti-money laundering and counter-terrorist financing obligations continues throughout both the transition period and any subsequent customer migration or business wind-down process. Compliance responsibilities do not cease until all relevant activities have been fully completed.


In addition, CySEC directed regulated firms to a report published by the Financial Action Task Force addressing the risks associated with offshore and unauthorised virtual asset service providers. The regulator stated that firms are expected to identify and evaluate money laundering and terrorist financing risks arising from business relationships, transactions, or other activities involving unauthorised virtual asset service providers and to implement appropriate mitigation measures consistent with a risk-based approach.


CySEC concluded by urging all regulated entities to give full consideration to the risks created by the end of the MiCA transition period and to reinforce their risk-based anti-money laundering and counter-terrorist financing controls in accordance with Cyprus' Prevention and Suppression of Money Laundering Activities Law.

By fLEXI tEAM

Comments


bottom of page