Cyprus fintech: CySEC oversees MiCA crypto licensing; CbC regulates payments and consumer credit
Cyprus has established a dual regulatory framework for fintech, with the Cyprus Securities and Exchange Commission (CySEC) taking the lead on crypto-asset services under the EU-wide MiCA regulation. The Central Bank of Cyprus (CbC) retains authority over traditional payment services, currency exchange, and consumer credit intermediaries under national directives.
Under MiCA, existing crypto-asset service providers (CASPs) operating before December 2024 are subject to a transitional period requiring notification to CySEC, with full authorization deadlines set for July 2026. New entrants and existing financial institutions offering crypto services must comply with strict notification and authorization procedures overseen by CySEC.
For non-crypto fintech activities, the CbC mandates prior authorization for bureaux de change and consumer credit intermediaries, enforcing rigorous fitness and probity assessments. This creates a segmented landscape where crypto assets are regulated by the securities regulator under EU law, while traditional payment and credit activities remain under the central bank's national supervision.
Market in Crypto-Assets Regulation (MiCA) (2023 (applicable 2024-2026))
EU regulation governing crypto-asset service providers, requiring authorization or notification to CySEC for entities providing services in Cyprus.
[1][2][3]Bureaux de Change Businesses Directive 2014 (2014)
National directive requiring prior authorization from the Central Bank of Cyprus for businesses buying or selling foreign currency to the public.
[5]Directive on Authorisation and Supervision of Non-Credit Institutions and Credit Intermediaries (2018)
Establishes the framework for authorizing non-credit institutions and credit intermediaries offering residential consumer credit agreements.
[4]Crypto-asset Service Provider (CASP) - Transitional
Existing CASPs operating before 30 December 2024 must submit evidence of prior activities to CySEC to operate under a transitional period until 1 July 2026 or until final authorization decision. Timeline: Until 1 July 2026
[1]Crypto-asset Service Provider (CASP) - New/Existing Financial Institutions
New entrants and existing regulated entities (e.g., investment firms) must notify CySEC of their intention to provide crypto-asset services under Article 60 of MiCA. Timeline: Immediate notification required
[2][3]Bureau de Change
Requires prior authorization from the Central Bank of Cyprus to operate.
[5]Consumer Credit Intermediary
Requires authorization from the Central Bank of Cyprus, including fitness and probity assessments for shareholders and management.
[4]The regulatory landscape is stabilizing under MiCA, with CySEC actively enforcing transitional deadlines and authorization processes for crypto entities.
[1]Traditional fintech sectors remain under strict national supervision by the Central Bank of Cyprus, with no recent legislative changes indicated in the provided documents.
[4][5]Email alerts for Cyprus updates
New circulars, rules and guidance — a digest in your inbox, same day.