Circular C580: Guidance on identifying, assessing and understanding Terrorist Financing Risks in the context of Crypto Assets activities


The Cyprus Securities and Exchange Commission (the “CySEC”) has issued on the 01 June 2023 Circular C580 about the issuance of a guide on identifying, assessing and understanding Terrorist Financing Risks in the context of Crypto Assets activities (the “Guidance”).

The Guidance includes relevant sources of information that should be considered when identifying and assessing terrorist financing risks associated with crypto-asset activities. It also includes general considerations for understanding terrorist financing risks in relation to crypto-asset activities, with relevant examples and types of activities that create red flags for potential terrorist financing in the context of these activities.

Regulated entities are required to assess the risk inherent in their business taking a holistic approach and considering all the factors to which they are exposed.

Although Money Laundering (“ML”) and Terrorist Financing (“TF”) have similarities, they have important differences which must be understood in order to distinguish suspicious terrorist financial activity from ML.

The most important difference involves the origin of funds, thus TF funds are not necessarily illegally obtained, they are often clean legal funds to commit a crime. ML involves funds derived from illicit proceeds with the purpose of using them to perform legitimate activities. Also, TF uses small amounts and transactions involving unrelated parties as opposed to ML activity which involves large amounts of money. Tracing money differs between TF and ML; in the case of TF money is used to fund TF activities by many and, in many cases, unrelated to the initiator whereas in the case of ML the funds are eventually transferred to the person (s) who initiated the proceedings.

Some illustrative examples are presented below:

  • The use of crypto-assets enables greater anonymity than traditional funding channels;
  • Certain digital wallets and privacy may be used which enable data anonymization;
  • There is the possibility of anonymous funding if the sender and the recipient are not identified properly or if cryptocurrency mixers and tumbler services and enhanced cryptography are used to obscure the financial audit of the transactions;
  • Users can receive payments from unknown sources worldwide;
  • Cheaper and faster cross-border payments as crypto-assets can be quickly used for large scale cross-border transactions;
  • Customers are mostly non-face-to-face;
  • They can provide links to dark net marketplaces where they can be accepted as a method of payment;
  • Decentralization - Terrorists can use cryptocurrencies owing to the perceived advantages of decentralization. Because they are open-source, decentralized applications, cryptocurrencies are often described as ‘permissionless’; that is, access to them cannot be restricted and users may transfer their crypto-assets without the involvement of a Crypto Asset Service Provider (the “CASP”) (peer-to-peer (“P2P”) transactions), thus bypassing AML/CFT obligations, such as the FATF’s travel rule;
  • P2P transactions allow users to send crypto-assets to beneficiaries regardless of geographic boundaries, as long as the beneficiaries have a virtual asset address and an internet connection;
  • The existence of gaps in the implementation of international AML/CFT standards in different countries, especially in jurisdictions where AML/CFT standards for crypto-assets are lacking or poorly enforced;
  • CASPs that do not comply with AML/CFT requirements and other regulatory obligations;
  • The use of platforms that allow for the conversion from one asset to another without these transactions being recorded in the blockchain;
  • The use of emerging technology that allows the parties to send and receive crypto-assets without needing each transaction to be recorded on the blockchain.

These are not the only potential risk factors relevant to the CASPs business and should not be the only risks considered in the risk assessment – they are however important overarching themes relevant to the CASP sector.

In conclusion, regulated entities in Cyprus should implement robust AML/CFT measures, including, customer due diligence and transaction monitoring, and should remain alert for any red flags that may indicate TF activity.

The content of this article is valid as at the date of its first publication. It is intended to provide a general guide to the subject matter and does not constitute legal advice. We recommend that you seek professional advice on your specific matter before acting on any information provided. For further information or advice, please contact Stephanos Ayiomamitis, Senior Associate, at our Limassol office, Tel +357 25363685 or email stephanos.ayiomamitis@kyprianou.com