The Cyprus Securities and Exchange Commission (CySEC) has urged regulated financial firms to strengthen their anti-money laundering (AML) and counter-terrorist financing (CTF) controls as the European Union’s transition period under the Markets in Crypto-Assets Regulation (MiCA) ended on July 1, 2026.
In a circular issued this week, the regulator referred firms to new guidance from the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), outlining the risks that may emerge as the crypto-asset market adapts to the new regulatory framework.
Follow THE FUTURE on LinkedIn, Facebook, Instagram, X and Telegram
Market Transition Raises New Compliance Challenges
With the transition period now over, firms wishing to continue providing crypto-asset services in the European Union must be authorised as MiCA-compliant Crypto-Asset Service Providers (CASPs).
CySEC said the market is expected to undergo significant changes as unauthorised virtual asset service providers either cease operations or their customers move to authorised firms. According to AMLA, that process could increase money laundering and terrorist financing risks if firms fail to maintain appropriate controls while customers and assets are transferred.
A Risk-Based Approach Remains Essential
Rather than automatically rejecting customers moving from unauthorised providers, AMLA recommends that authorised firms assess each relationship individually. CySEC echoed that guidance, urging firms to avoid blanket de-risking practices and instead apply customer due diligence measures proportionate to each customer’s risk profile.
The regulator said maintaining a risk-based approach remains central to ensuring effective compliance while allowing legitimate business relationships to continue.
Wind-Down Plans Require Continued Oversight
CySEC also highlighted the risks associated with firms exiting the market, warning that AML and CTF controls may weaken during the wind-down process, particularly where compliance shortcomings already exist.
To mitigate those risks, firms should maintain robust governance arrangements, adequate resources and documented wind-down plans where required under national legislation. Customer due diligence, transaction monitoring and suspicious transaction reporting must remain fully operational until all regulated activities have formally ceased.
The regulator also noted that rapid market exits could reduce visibility over customer relationships and crypto-asset transfers, potentially creating opportunities for illicit financial activity, including sanctions evasion.
Customer Migration May Increase Risk Exposure
For authorised CASPs, the transition may significantly alter customer profiles as clients migrate from firms that are no longer permitted to operate.
CySEC said firms should ensure their transaction monitoring systems, staffing levels and operational capacity are sufficient to manage higher volumes of onboarding and crypto-asset transfers. Customer due diligence should remain at the centre of the onboarding process, with enhanced due diligence applied where higher risks are identified.
At the same time, the regulator stressed that customers transferring from unauthorised virtual asset service providers should not automatically be considered high risk. Instead, every relationship should be assessed individually under a risk-based framework.
FATF Guidance Supports The New Framework
CySEC also directed firms to guidance issued by the Financial Action Task Force (FATF) on the risks associated with offshore and unauthorised virtual asset service providers.
According to the regulator, supervised entities are expected to identify and assess money laundering and terrorist financing risks arising from relationships, transactions and business activities involving such providers, and to apply appropriate mitigation measures where necessary.
The circular concludes that regulated entities should fully consider the risks arising from MiCA’s implementation and continue strengthening their risk-based AML and CTF controls in line with Cyprus’ Prevention and Suppression of Money Laundering Activities Law.







