-
Privacy and Data Protection
Our digital risk team is made up of a combination of subject matter experts and technical specialists who can help your business comply with the GDPR.
-
Governance, Risk and Compliance (GRC)
While business goals and strategies evolve, our services support you wherever you are in your business cycle. The digital economy is simultaneously increasing the magnitude of new business opportunities while increasing the difficulty of getting it right.
-
ISO 27001 and ISO 27701
Grant Thornton’s ISO 27001 and ISO 27701 specialists will arrange and oversee the formal audit process.
-
SOC 1,2,3
As a service organization there are many ways to provide assurance to your customers and in turn other stakeholders over your control environment. One of the most effective and cost-efficient ways is to issue a Service Organization Control (SOC) Report.
-
Incident Response
Grant Thornton’s Cyber Incident Response Team can support your business in the event of a cyberattack or data loss event. We work alongside your existing IT and Legal teams to provide a co-ordinated, timely and efficient investigation and remediation.
-
Hacking Services
At Grant Thornton, our cyber security experts can develop a bespoke penetration testing plan to meet your business needs and unique IT environment. We can undertake the full suite of testing or conduct individual assessments, as required.
-
Cyber Health Check
Approximately 54% of organizations report that they have experienced at least one cyber-attack during the past year. Grant Thornton’s cyber health check provides you with an objective, jargon-free assessment of your current cyber security, drawing on both qualitative and quantitative elements.
-
Dark Web Threat Intelligence
We use a variety of dark and deep web monitoring tools that continuously scans illegal sites to discover any mention of your data, ranging from breached security credentials such as usernames and passwords to leaked confidential documents of your company.
-
Digital forensics and electronic discovery
We offer a full suite of digital forensics and data acquisition services in investigations related to cybercrime, disputes, fraud and regulatory investigations.
-
Insolvency
If you're facing a time of personal or corporate financial crisis you need advice from someone who listens, who understands your specific issues and deals with them in a supportive and sensitive manner.
-
Crisis stabilisation and turnaround
In periods of financial distress, management teams often face considerable challenges, with many directors having little or no experience of similar conditions.
-
Operational and financial restructuring
Companies challenged by underperformance often need support in identifying options for financial or operational restructuring. Tapping this type of advice helps them create a stable platform for business turnaround.
-
Accelerated M & A
Even fundamentally sound businesses run into difficulties. Cash flow can come under pressure from the loss of a big client, or a dip in performance can threaten a breach of banking covenants if there is insufficient headroom.
-
Indirect Tax
Our experienced VAT specialists are available to assist companies and entrepreneurs of all industries and sizes in meeting their obligations.
-
Direct Tax
We can help you ensure a bespoke balance between tax compliance and effective tax planning for your special circumstances.
-
Life at Grant Thornton
At Grant Thornton Cyprus, we are taking a holistic approach and reimagining the way we work, continually assessing it and making necessary changes to better support our people.
-
In the community
Unlocking the potential for growth in our local communities.
-
Diversity and inclusion
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton Cyprus is the opportunity to work on cross-border projects all over the world.
-
Learning and development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day.
-
Our values
We are a values-driven organisation and we have more than 56,000 people in over 140 countries who are passionately committed to these values.
Grant Thornton Cyprus is constantly monitoring all the regulations regarding digital assets globally, as to cater for its international clientele, when it comes to distributed ledger technologies. Our multidisciplinary team covers all aspects of digital asset professional services and is ready to accommodate customized solutions according to your needs. In an effort to raise awareness and educate the general public we have launched a series of articles covering the most important updates from the DLT world. Recently, we had several updates resulting from the wiliness of the Republic of Cyprus to accommodate the use of the technology under its National Strategy for Blockchain. In this article, we summarize the most recent updates in relation to the regulation for crypto assets, DLT and CASP (Crypto Asset Service Providers), as opposed to the definition Virtual Asset Service Providers (VASPs) used by the Financial Action Task Force.
Cyprus DLT Bill on public consultation
The Ministry of Finance of Cyprus is preparing to implement a national strategy for the implementation and use of blockchain technology, and for this reason, the Ministry has prepared a draft bill, which was published for public consultation on the 6th of September 2021.
The DLT Bill was drafted based on the direction set by the National Strategy on Blockchain and DLTs. International experts and Cypriot lawyers contributed towards the conceptualization of the DLT Bill. In summary, the DLT Bill aims to:
- the development of a conceptual framework for DLTs.
- a framework for legally assessing "smart contracts" and their usage as court evidence.
- provide a direction towards the development of a legal framework for the supervision of persons providing services in the field of financial services with the use of virtual assets.
- to safeguard consumers and potential investors.
The purpose of the draft DLT Bill, issued by the Ministry of Finance of Cyprus, is to regulate the status of various records and transactions carried out on services supported using DLTs. Furthermore, the Bill provides a definition for smart contracts and sees them as legally binding and valid contracts that can be used in legal courts. It is unlikely that Chapter 149 of the Cyprus Contract Law will include smart contracts as valid contracts unless they abide by the provisions of the law regarding the formation of legally valid and binding contracts, i.e. offer and acceptance, consideration, intention to create legal relations and capacity. Overall, the Bill aims to facilitate the use of distributed ledger technology including blockchain technology. Thus, a balance should be achieved between the need to promote innovative technologies, their correct use, stimulation of innovation and the measures against money laundering, as well as, an adequate level of protection for investors and consumers.
As the DLT Bill is still in a draft form and out for public consultation, we will refrain from publishing our specific comments in public, but will address them to the Ministry through the recognized industry Body, the Cyprus Blockchain Technologies Think-Tank of which we are founding members.
As a general comment however, we feel that the DLT bill still needs to clarify:
- How would it enable Cyprus to distinguish itself as a leading, innovative, and sustainable location for DLT projects?
- How will it ensure credibility and provide the legal certainty to users wishing to make use of a DLT platform?
- How innovation would be fostered within this legal framework?
CASP & CYSEC
Furthermore, on September 13th, the Cyprus Securities and Exchange Commission (“CySEC”) issued a Policy Statement on the Registration and Operations of Crypto Asset Services Providers (“CASP”) – to outline its position for CASPs (crypto asset services providers) under the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (the “AML/CFT Law”).
According to the updated policy, an individual who provides or carries out services or activities related to crypto assets must immediately inform CySEC. The service provider is obliged to register with CySEC if the validity of its registration is expired or if its entry in the register is modified. Moreover, if the service provider registered multiple entities in a Member State of the EU (European Union), it must provide all registration details to the Commission.
CASPs must comply under the AML/CFT Law and must therefore fully abide by the obligations stemming from the Cumulative CASP Rules, which include:
- performing Know Your Client (KYC) and other client Due Diligence measures
- drawing the Economic Profile of their clients
- identifying the Source of Funds of their clients
- monitoring the clients’ crypto asset transactions and wallet addresses
- identifying and reporting suspicious transactions.
Apart from these compulsory rules, CySEC amended Paragraph 5, where it expects CASPs to maintain a register of crypto wallet addresses of their clients and maintain all filing data related to crypto asset services they provide. Furthermore, CySEC must be made aware of the geographical location of the customers and whether CASPs enable customers to make crypto payments.
Over time, CySEC is expected to publish additional directives for CASP filing requirements. In addition, relevant directives describing organizational and functional requirements and any other obligation to ensure that the crypto asset Service Provider complies with all relevant laws are expected.
CySEC classifies Crypto-Asset Service Providers into three classes
Class 1: includes CASPs that provide investment advice with an initial capital of 50,000 EUR.
Class 2: CASPs that provide any of the following services, with an initial capital of 125,000 EUR:
- reception & transmission of client orders
- execution of orders on behalf of clients
- exchange between crypto assets and fiat currency
- exchange between crypto assets
- participation and/or provision of financial services related to the distribution, offering and/or sale of crypto assets, including the initial offering
- placement of crypto assets without firm commitment
- portfolio management.
Class 3: includes service providers of Class 1 or Class 2 with an initial capital of 150,000 EUR that expand the scope of their activities to:
- administration, transfer of ownership, transfer of site, holding, and or/safekeeping, including custody of crypto assets
- underwriting and/or placement of crypto assets with firm commitment
- operation of a multilateral system, which brings together multiple third-party buying and selling interests in crypto assets in a way that results in a transaction
As a final comment, there seems to be an overlap between the CASP/CySEC reference and the 269/2021 Directive, while it is still unknown how the Central Bank of Cyprus will treat crypto assets, as there is no official guideline.
We’re here to help
Grant Thornton’s specialized team on Distributed Ledger Technology has thoroughly analyzed the recent DLT guidelines as to provide the most up to date information on regulatory matters relating to crypto assets. If you have any questions on the topics discussed, feel free to contact us directly to find out more details. Our team of experts is ready to assist and help you understand the specifics of legal and regulatory requirements, and to concretely consult you in exploring a whole new world of opportunities arising by adopting this innovative technology.
Sources
CySEC 269/2021 Directive: https://www.cysec.gov.cy/CMSPages/GetFile.aspx?guid=903756f3-f963-47b5-a9e2-9e493a9829e2
CySEC Policy Statement: https://www.cysec.gov.cy/CMSPages/GetFile.aspx?guid=13075523-a19e-43d9-8cce-e2c0e0f5bca9
CySEC AML/CFT Law: https://www.cysec.gov.cy/CMSPages/GetFile.aspx?guid=3c138c88-b3df-4de3-b53e-c7951509a5db
DLT Bill – Call for consultation: http://mof.gov.cy/en/press-office/announcements/949/?ctype=ar
Cyprus contract Law: http://www.cylaw.org/nomoi/indexes/149.html
FATF Public Consultation on VASPs: https://www.fatf-gafi.org/publications/fatfrecommendations/documents/public-consultation-guidance-vasp.html