News

CySEC warns firms over money laundering risks after MiCA transition ends

Cyprus Mail · 2026-07-09

AI SUMMARY

• What happened: The Cyprus Securities and Exchange Commission (CySEC) issued a warning to regulated financial firms to enhance their anti-money laundering (AML) controls following the end of the EU's MiCA transition period on July 1, 2026. • Why it matters: The warning comes amid concerns that the transition could elevate money laundering and terrorist financing risks as firms adapt to new regulations, particularly with unauthorized providers exiting the market and customers migrating to authorized services. • What to watch next: Firms are advised to implement robust customer due diligence and risk assessment measures, and to prepare for potential increases in transaction volumes and compliance challenges as the crypto-asset landscape evolves post-MiCA transition.

**CySEC Issues Warning to Financial Firms on Money Laundering Risks Post-MiCA Transition**

The Cyprus Securities and Exchange Commission (CySEC) has issued a critical warning to regulated financial firms regarding the need to enhance their anti-money laundering (AML) controls in light of the impending end of the European Union’s transition period under the Markets in Crypto-Assets Regulation (MiCA), set for July 1, 2026. This advisory follows the publication of new guidance by the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), which highlights the potential risks of money laundering and terrorist financing as the crypto-asset market adapts to the new regulatory landscape.

In a circular released this week, CySEC emphasized that firms wishing to continue providing crypto-asset services within the EU must obtain authorization as MiCA-compliant Crypto-Asset Service Providers (CASPs) following the transition period. The regulator anticipates that this change will lead to substantial structural transformations within the EU crypto-asset sector, particularly as unauthorized virtual asset service providers exit the market. This transition may result in customers either closing their accounts or migrating to authorized providers.

AMLA has cautioned that the significant changes expected in the market could elevate money laundering and terrorist financing risks if firms do not implement adequate safeguards during this transition. CySEC has advised that authorized firms should adopt a risk-based approach when onboarding customers from unauthorized providers, rather than automatically rejecting them. Instead of applying blanket de-risking measures, firms are encouraged to conduct individual risk assessments and implement customer due diligence measures that are proportionate to the risk level presented by each client.

The circular also addresses the risks faced by firms that are exiting the market. CySEC noted that unauthorized providers may exhibit weakened AML and counter-terrorist financing controls during their wind-down processes, particularly if previous compliance deficiencies have been identified. To mitigate these risks, the regulator has recommended that firms develop robust and well-documented wind-down plans, as required by national legislation. Additionally, firms should maintain adequate governance structures, sufficient resources, and enhanced monitoring until all regulated activities have officially ceased.

CySEC highlighted that rapid market exits could diminish transparency regarding customer relationships and the movement of crypto assets, potentially creating opportunities for illicit funds to be concealed or transferred quickly, including for sanctions evasion. Firms are reminded to comply with all AML obligations throughout the wind-down process, which includes keeping customer due diligence information current and reporting any suspicious transactions or activities as necessary.

For authorized crypto-asset service providers, CySEC indicated that the transition could significantly alter their risk exposure as new customers migrate from firms that are no longer authorized to operate. The regulator warned that these shifts could change business models and customer portfolios, potentially concentrating higher-risk customers among authorized providers. To address these challenges, CySEC urged firms to ensure that their transaction monitoring systems are equipped to manage increased volumes of crypto-asset transfers.

Moreover, firms must ensure they have adequate staffing and system capacity to handle the increased workloads resulting from customer migration. The regulator stressed that a sudden influx of customers could place undue pressure on transaction monitoring systems and compliance functions, necessitating strengthened customer onboarding procedures and better integration of customer risk information.

CySEC reiterated that customer due diligence should remain a central component of the onboarding process, with enhanced due diligence applied when higher risks are identified. It is crucial that customers transferring from unauthorized virtual asset service providers are not automatically classified as high risk solely due to their previous provider; instead, they should be assessed on an individual basis using a risk-based approach.

Furthermore, CySEC reminded supervised entities of their ongoing responsibility to comply with AML and counter-terrorist financing obligations both during the transition period and after any customer migration or business wind-down has been completed. The regulator also referenced a report from the Financial Action Task Force (FATF) regarding the risks associated with offshore and unauthorized virtual asset service providers. Firms are expected to identify and assess the money laundering and terrorist financing risks linked to relationships, transactions, or business activities involving unauthorized providers and to implement appropriate mitigation measures.

In conclusion, CySEC has urged regulated entities to fully recognize the risks associated with the conclusion of the MiCA transition period and to bolster their risk-based controls in accordance with Cyprus’ Prevention and Suppression of Money Laundering Activities Law. The proactive measures outlined in the circular aim to safeguard the integrity of the financial system as the crypto-asset market undergoes significant regulatory changes.

Source: Cyprus Mail
RELATED NEWS

More Stories

All News
News

Delivery rider beaten and robbed by three in Limassol

• What happened: A 23-year-old food delivery rider was beaten and robbed by three assailants in Limassol, who stole his motorcycle, cash, and mobile phones. •...

News

DCO launches AI guidebook to help governments develop regulation

• What happened: The Digital Cooperation Organisation (DCO) launched an AI guidebook to assist governments in developing ethical artificial intelligence policie...

News

Today’s weather: Largely sunny, storms possible

• What happened: Cyprus is experiencing mostly clear weather on Thursday, with temperatures reaching up to 36 degrees Celsius inland, but storms are expected in...

News

Oil surges, stocks fall as Trump says Iran ceasefire no longer exists

• What happened: Oil prices surged sharply after US President Donald Trump announced that the ceasefire with Iran no longer exists, leading to a decline in glob...

News

VDL: EU, Turkey must seize momentum to tackle Cyprus issue - Breakingthenews.net

• What happened: European Commission President Ursula von der Leyen urged the EU and Turkey to take advantage of the current momentum to address the long-standi...

News

Trump says Iran contacted him seeking deal after US strikes on the country

• What happened: Former President Donald Trump stated that Iran has contacted him seeking a deal following recent US military strikes against the country, which...