13 July 2023
On 16 May 2023 the Regulation on Markets in Crypto-assets (MiCA) was adopted by the Council of the European Union, following approval from the European Parliament on 20 April 2023, marking the final step in the legislative process and making the EU the first major jurisdiction with a comprehensive crypto licensing framework. We examine the key takeaways from MiCA and its impact on crypto firms.
MiCA introduces a broad regulatory framework for cryptoassets in the EU which:
clarifies the powers, including the co-operation and sanctions framework, available to competent authorities.
MiCA forms part of the European Commission's wider digital finance strategy, which also includes a Regulation on digital operational resilience, which will also cover cryptoasset service providers, and a new Regulation on a distributed ledger technology (DLT) pilot regime focused on financial market infrastructures based on DLT.
MiCA creates a new regulatory regime for cryptoassets across the EU. MiCA defines cryptoassets as "a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology"(Recital (2) MiCA). MiCA will apply to cryptoassets that do not already qualify as MiFID financial instruments, deposits or structured deposits or traditional e-money under current EU financial services legislation (Recital (3) MiCA). DeFi protocols and unique non-fungible tokens are largely outside of the scope of MiCA.
|Cryptoassets in scope of MiCA||Definition||Risk rating|
|Utility Tokens||A type of cryptoasset that is intended to provide digital access to a good or service, available on DLT, and is only accepted by the issuer of that token. Utility tokens present the lowest risks||Low|
|EMTs and ARTs (Stablecoins)||
EMTs and ARTs are both types of cryptoassets that would typically be referred to as stablecoins. EMTs purport to maintain a stable value by referring to the value of a single fiat currency that is legal tender.
ARTs, on the other hand, purport to maintain a stable value by referring to the value of several fiat currencies that are legal tender, one or several commodities or one or several cryptoassets, or a combination of such assets.
|Significant Asset Referenced Tokens or Significant Electronic-Money Tokens||The Commission considers significant ARTs and EMTs to pose significant risks for financial stability and consumer protection across the EU.||High|
Broadly, MiCA will apply to the following:
any person, in respect of acts that concern trading in cryptoassets that are admitted to trading on a trading platform for cryptoassets operated by an authorised cryptoasset service provider, or for which a request for admission to trading on such a trading platform has been made.
Cryptoasset services can only be provided in the EU by a legal person that has its registered office in the EU and is authorised under MiCA. Entities that are already authorised under certain existing financial services sectoral legislation (such as banks, investment firms and electronic money institutions) do not need to also be authorised under MiCA to provide cryptoasset services but will be required to make a notification to the competent authority of the home member state. CASPs authorised in one member state will be able to operate across the EU under an EU passport.
In a bid to ensure the protection of prospective retail holders of cryptoassets, MiCA requires issuers of cryptoassets to provide information about the characteristics, functions and risks of the cryptoassets that they intend to purchase, this is known as a cryptoasset white paper.
The white paper does not need to be approved prior to its publication (except if the cryptoassets are ARTs or EMTs), however the relevant competent authority may require amendments to be made or suspend the offer or trading of the cryptoassets. Issuers will also need to consider whether any additional EU or domestic regulatory frameworks apply in as well.
|Principal information requirements for a cryptoasset white paper (Article 6 MiCA)||Information about the offeror or the person seeking admission to trading|
|Information about the issuer, if different from the offeror or person seeking admission to trading|
|Information about the operator of the trading platform in cases where it draws up the cryptoasset white paper|
|Information about the crypto-asset project|
|Information about the offer to the public of the crypto-asset or its admission to trading|
|Information about the crypto-asset|
|Information on the rights and obligations attached to the cryptoasset|
|Information on the underlying technology|
|Information on the risks|
|Information on the principal adverse impacts on the climate and other environment related adverse impacts of the consensus mechanism used to issue the cryptoasset|
CASPs will be required to satisfy organisational and governance requirements (Article 68 MiCA), prudential requirements (Article 67 MiCA), rules relating to safeguarding of clients' assets (Article 70 MiCA), and have procedures in place to handle complaints (Article 71 MiCA) and manage conflicts of interest (Article 72 MiCA).
Competent authorities at member state level will be responsible for supervising CASPs and enforcing requirements under MiCA.
CASPs that have more than 15 million active users will be classified as Significant CASPs (Article 43 MiCA). Significant CASPs will remain supervised by the relevant Competent Authorities, however the European Securities and Markets Authority (ESMA) will have an "intervention power" to prohibit or restrict the provision of cryptoasset services by CASPs if there are threats to market integrity, investor protection or financial stability.
The European Banking Authority (EBA) will supervise stablecoins that have over 10 million users or a reserve of assets with a value of over €5 billion. The European Central Bank will also have veto rights in respect of any stablecoin in relation to which it has concerns.
Cryptoassets that do not qualify as financial instruments under MiFID II will fall outside the scope of the EU Market Abuse Regulation. However, MiCA sets outs its own market abuse rules for cryptoasset markets in an attempt to guarantee market integrity. These rules will be applicable to cryptoassets that are admitted to trading on a trading platform for cryptoassets operated by an authorised cryptoasset service provider. MiCA includes requirements relating to the lawful disclosure of inside information by issuers, offerors and persons seeking admission to trading and prohibits insider dealing, unlawful disclosure of inside information and market manipulation and contains rules for the prevention and detection of market abuse (Article 76 MiCA).
Whilst the attempt to ban proof-of-work mining was ultimately unsuccessful, ESMA will produce regulatory technical standards on how CASPs disclosure their energy consumption. This disclosure will likely take the form of a white paper and will require firms to provide information their energy use, the production of waste and greenhouse gas emissions.
MiCA establishes a change in control regime for issuers of ARTs (Article 41 MiCA) and CASPs (Article 83 MiCA), which is similar to the regime applying in traditional financial services legislation.
The requirements that firms must adhere to under MiCA will vary depending on the types of cryptoasset being issued and the activities being carried on. Firms should not underestimate the time and resources required to become authorised and the implementation of the various requirements under MiCA into their existing systems and processes.
Firms should consider whether their existing activities fall within the scope of MiCA. If this is the case, such firms must obtain authorisation from the relevant national regulator. Certain EU regulated entities such as credit institutions, investment firms and electronic money institutions are not required to obtain authorisation but must notify the relevant national regulator. Even if the conclusion is that their existing activities do not fall within the scope of MiCA, firms should consider whether any future activities would bring them within the scope of MiCA.
Existing agreements will need to be updated to ensure compliance with MiCA. For example, this will include the requirement that certain agreements with third parties are in writing, as well as the need to update client terms and conditions to reflect mandatory contractual and client consent requirements within MiCA.
Firms will need to take into consideration the liability attached to their services and activities under MiCA. For example, CASPs will be liable for damages that result from a cyber-related incident, for example a cyber-attack or any malfunctions. However, the CASP's liability will be capped at the market value of the cryptoasset that was lost at the time loss occurred.
Issuers of EMTs and ARTs must obtain prior approval from a competent authority of their white paper before they can issue, offer or market their tokens (Recital (43) MiCA). Issuers and offerors of other tokens are subject to less onerous requirements, needing only to notify the regulator and provide a copy of their white paper before doing so (Recital (31) MiCA).
Regulators are already taking steps to be seen as providing attractive hubs for firms seeking authorisation. For example, in a statement released by the French Financial Markets Authority (AMF), the AMF has started work on the transition towards MiCA and is contributing to the drafting of the implementing technical standards and guidelines. The AMF states that "this regulation will help to increase the competitiveness of French and European players by creating a harmonised European framework, and will ensure better protection for investors." In a speech made by the Director of Financial Regulation of the Central Bank of Ireland, Gerry Cross commented that there is short time frame for MiCA to come into effect, and that Ireland is already seeing firms "getting ready now for the formal authorisation process".
MiCA was published in the Official Journal of the EU on 9 June 2023. MiCA will enter into force 20 days after publication. Provisions relating to ARTs and EMTs will apply 12 months after the regulation enters into force, being 30 June 2024. The remainder of the provisions will apply 18 months after entry into force, being 30 December 2024.
CASPs that were already legally providing their services can continue to do so until the earlier of 18 months after the MiCA proposal applies or until they obtain authorisation (Article 143, paragraph 3 MiCA).
MiCA only provides a regulatory framework. Further details will be laid out in regulatory technical standards and implementing technical standards that will be developed by ESMA and the EBA. ESMA is also tasked with drawing up guidelines to accompany a number of areas. On 12 June 2023, ESMA announced that together with relevant stakeholders it will hold three public consultations on the various implementing measures. The first consultation package is due to be published in July 2023, the second in October 2023, and the third in Q1 2024.
MiCA will apply to firms located outside of the EU where those firms are engaged in the issuance, offer to the public and admission to trading of cryptoassets or that provide services related to cryptoassets within the EU. Firms outside the EU wanting to carry out cryptoassets activities within the EU or with customers located within the EU must consider the territorial scope of MiCA and how this will impact on their current and future business models.
Like MiFID, MiCA contains "reverse solicitation" rules, where an EU client may, at its own exclusive initiative, initiate the provision of crypto services by unauthorised non-EU firms. MiCA provides that ESMA will, within 18 months of MiCA’s entry into force, develop guidelines to specify when a third country firm is deemed to solicit clients established or situated in the Union and guidelines on supervisory practices to detect and prevent circumventions of MiCA reverse solicitation rules.
MiCA does not provide for a separate third country regime, meaning that persons located outside the EU wishing to actively promote and/or advertise their services to clients in the EU must obtain full authorisation. One of the requirements for becoming licensed as a CASP under MiCA is that the CASP has a registered office in an EU member state where it carries out at least part of its cryptoassets services. The CASP must also have an effective place of management in the EU and at least one director shall be EU resident.
The adoption of MiCA marks a significant milestone on the path to a much-needed regulatory framework for cryptoassets. Elisabeth Svantesson, Minister of Finance of Sweden, commented that "… [r]ecent events have confirmed the urgent need for imposing rules which will better protect Europeans who have invested in these assets, and prevent the misuse of crypto industry for the purposes of money laundering and financing of terrorism."
Firms that obtain authorisation under MiCA will be able to operate across the EU under a single set of rules and investors should have a greater degree of certainty and protection. Firms who offer cryptoassets in the EU should now conduct a gap analysis to understand how their business operations will need to be updated to ensure compliance with MiCA.
This article has been published in www.compliancemonitor.com and www.i-law.com.