The company BYKEP SAS was registered as a DASP by the AMF, after receiving a positive opinion from the ACPR, on 18 February 2021, for the activities of custody of digital assets and buying or selling digital assets for legal tender, while the settlement of transactions by electronic money/prepaid cards was not being authorized.
The controls carried out by the ACPR within the company from May 2022, in order to verify compliance with the conditions of its registration as a DASP, in particular the implementation of the anti-money laundering and counter-terrorism financing (AML/CFT) framework submitted in support of its DASP registration application, revealed failures justifying the initiation of a withdrawal procedure.
The AMF may withdraw a DASP’s registration, with the ACPR’s approval, on its own initiative or at the initiative of the ACPR, when the provider no longer complies with the requirements associated with registration.
The information gathered by the ACPR during its investigations and transmitted to the AMF showed in particular that transactions had been carried out on clients’ wallets without their consent. They also showed serious failures in the AML-CFT framework, specifically in the management of the “know-your-customer” (KYC) files, in the tighter scrutiny of high-risk transactions or in the implementation of asset freezing measures.
In light of the above and after an analysis of BYKEP’s observations, in the context of an adversarial exchange initiated in July, the AMF concluded that these failures constituted breaches of the requirements set forth in 1° and 4° of Article L. 54-10-3 of the Monetary and Financial Code. On the proposal of the ACPR, and in accordance with its opinion, the AMF has therefore decided to withdraw BYKEP’s registration.
Furthermore, the company informed the AMF and the ACPR on September 8 of a theft of digital assets through a cyberattack, which would concern a substantial portion of its clients’ assets, for a value estimated by the company at approximately €300,000 on the date of the alleged theft. The AMF has asked the company to inform its clients as soon as possible and is closely monitoring this case. Legal action may be taken.
The AMF reminds that registration as a DASP does not imply any verification by the authority in relation to information systems security. French law provides for the verification of the security of information systems only for DASPs with a license, which is not the case of BYKEP SAS (a registered only DASP).
About the AMF
The AMF is an independent public authority responsible for ensuring that savings invested in financial products are protected and that investors are provided with adequate information. The AMF also supervises the orderly operations of markets. Visit our website : https://www.amf-france.org
About the ACPR
The Autorité de Contrôle Prudentiel et de Résolution is the administrative authority operationally attached to the Banque de France that supervises the banking and insurance sectors and ensures financial stability. The ACPR is also responsible for protecting the customers of the supervised institutions and ensuring the fight against money laundering and the financing of terrorism. It also has resolution powers. The ACPR’s operational departments come under its General Secretariat. Visit our website at : https://acpr.banque-france.fr/
This news item was originally published by the Financial Markets Authority (AMF FR). For more information, see the Source Link.