← Regulations / Cyprus / travel-rule
Grade A AI-Researched

Cyprus -- Travel Rule Implementation Regulatory Overview

Published: 2026-04-22 Updated: 2026-04-22 Author: SearXNG+LLM Version 1 Sources cited in: English (4)

Methodology

AI-generated synthesis from web search results.

Limitations

  • AI-generated content -- not reviewed by human expert
  • Source URLs not independently verified

Cyprus, as an EU member state, is fully aligned with the FATF standards and the EU's anti-money laundering (AML) framework. The implementation of the FATF Travel Rule for virtual assets is primarily driven by EU legislation, specifically the recast Transfer of Funds Regulation (EU) 2023/1113 (TFR 2023) and its direct application within Cypriot law and regulatory guidance.

Here's a breakdown of the status in Cyprus:

1. Whether Adopted & Legal Basis

  • Adopted: Yes, the Travel Rule is considered adopted in Cyprus through its direct application of EU law and the integration of FATF standards into its national AML/CFT framework.
  • Legal Basis:
    • EU Level: The primary legal basis for the Travel Rule for crypto-assets across the EU, including Cyprus, is Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets (recast Transfer of Funds Regulation - TFR 2023). This regulation repeals the previous TFR (EU) 2015/847 and is part of the EU's AML/CFT legislative package alongside the Markets in Crypto-Assets Regulation (MiCA). As an EU Regulation, it is directly applicable in all member states, including Cyprus, without requiring national transposition, though national authorities issue guidance.
    • National Level: The overarching national AML/CFT framework in Cyprus is the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2000 (Law 188(I)/2007, as amended). This law incorporates various EU AML Directives (AMLDs) and grants regulatory powers to authorities like CySEC. CySEC issues directives and guidance under this national law to ensure compliance.

2. Effective Date

  • For the EU as a whole, Regulation (EU) 2023/1113 applies from 30 December 2024.
  • Therefore, this is the de jure effective date for the full application of the Travel Rule for crypto-asset transfers in Cyprus as per the EU regulation. Cypriot Crypto Asset Service Providers (CASPs) must be fully compliant by this date.

3. Threshold Amounts

  • No lower threshold: TFR 2023/1113 significantly amends the Travel Rule for crypto-asset transfers by eliminating the de minimis threshold. This means that for all crypto-asset transfers, regardless of amount, CASPs must obtain and verify originator and beneficiary information if they are involved in the transfer.
  • This removes the previous €1,000 threshold that existed for traditional wire transfers in earlier iterations of the TFR for the specific case of crypto-assets.

4. Which VASPs are Covered

  • The TFR 2023/1113 applies to Crypto-Asset Service Providers (CASPs) as defined under the upcoming MiCA Regulation.
  • In Cyprus, these entities are currently registered with the Cyprus Securities and Exchange Commission (CySEC) as Crypto Asset Service Providers (CASPs) under the Prevention and Suppression of Money Laundering and Terrorist Financing Law.
  • This includes, but is not limited to, entities that:
    • Operate crypto exchanges.
    • Provide custodial wallet services.
    • Are involved in the transfer of crypto-assets on behalf of a customer.
    • Provide other services related to crypto-assets that facilitate transfers.
  • URL (CySEC CASP Register): CySEC - Register for Crypto Asset Services Providers

5. Technical Implementation Requirements

CASPs in Cyprus must implement robust technical and operational systems to comply with the Travel Rule. This includes:

  • Information Collection:
    • Originator Information:
      • Name of the originator.
      • Crypto-asset account number of the originator (or unique transaction identifier).
      • Address of the originator (or national identification number, or customer identification number, or date and place of birth).
    • Beneficiary Information:
      • Name of the beneficiary.
      • Crypto-asset account number of the beneficiary (or unique transaction identifier).
  • Information Verification: CASPs must verify the accuracy of the originator information on the basis of documents or data obtained from a reliable and independent source.
  • Information Transmission: The required information must be transmitted with the crypto-asset transfer (or immediately after) to the beneficiary CASP, using secure and reliable communication channels. Interoperability solutions (e.g., TRP, OpenVASP, Travel Rule Universal Protocol - TRUP) are expected for efficient information exchange between CASPs.
  • Record Keeping: CASPs must retain the collected information for a period of five years, in line with general AML/CFT record-keeping requirements.
  • Sanctions Screening: CASPs are required to screen originator and beneficiary information against relevant sanctions lists.
  • Missing or Incomplete Information: CASPs must have policies and procedures for handling transfers with missing or incomplete information. This may include:
    • Requesting additional information.
    • Rejecting the transfer.
    • Restricting the availability of the crypto-assets.
    • Reporting suspicious activity to the Unit for Combating Money Laundering (MOKAS), Cyprus's Financial Intelligence Unit (FIU).
  • CySEC's existing directives on AML/CFT compliance for CASPs (e.g., Circular C367 and Circular C446) set the broader expectation for robust internal controls, risk assessment frameworks, and the use of appropriate technology to manage AML/CFT risks.

6. Penalties for Non-Compliance

Non-compliance with AML/CFT obligations in Cyprus, including the Travel Rule, can lead to significant administrative penalties imposed by CySEC, and in severe cases, criminal prosecution. The Prevention and Suppression of Money Laundering and Terrorist Financing Law and related directives empower CySEC to impose:

  • Monetary Fines: Substantial fines can be imposed. For legal persons (CASPs), fines can reach up to €5 million or 10% of their total annual turnover, whichever is higher, or even up to twice the amount of the benefit derived from the breach, if that can be determined. For individuals, fines can reach up to €1 million.
  • Withdrawal or Suspension of Authorization/Registration: CySEC has the power to suspend or completely withdraw a CASP's registration if serious breaches occur, effectively preventing them from operating in Cyprus.
  • Public Reprimands: Disciplinary measures can include public statements identifying the non-compliant entity and the nature of the breach.
  • Cease and Desist Orders: Orders requiring the CASP to stop specific non-compliant activities.
  • Referral for Criminal Prosecution: In cases involving severe breaches, particularly those linked to actual money laundering or terrorist financing, the matter can be referred to the Attorney General's Office for criminal investigation and prosecution, which may lead to imprisonment for individuals.

CySEC has a track record of imposing fines on regulated entities for AML/CFT deficiencies, underscoring its commitment to enforcing compliance.

Sources & Attribution

This article was generated by SearXNG+LLM .

Primary Sources

[1] Regulation (EU) 2023/1113 on EUR-Lex (government-public)
[2] CySEC - Prevention and Suppression of Money Laundering and Terrorist Financing Law (government-public)
[3] CySEC - Register for Crypto Asset Services Providers (government-public)
[4] CySEC Circulars (government-public)

Edit History

2026-04-22 — auto-publish-pipeline: published — Auto-published: grade A

This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →