Introduction

Back in September 2020, as part of its Digital Finance Package, the EU Commission has published a number of legislative proposals that aim to bring a new shape to the EU financial regulatory landscape with a particular focus on the improvements to the way in which the regulation addresses the opportunities and risks that the application of new technology in finance may bring. One of the cornerstones of the EU Commission’s package was also the proposal for a Regulation, that shall create the very first harmonized regulatory framework on crypto-assets in the EU, the Markets in Crypto-Assets Regulation.

Its official adoption and publication in the EU Official Journal in June last year, started the transitional period during which the industry needs to prepare for the new framework and ensure its compliance with the new requirements by no later than the go live date(s).

As we move further into 2024, the dates as of which the new framework will become officially applicable across the EU 27 are edging ever closer. The new framework will start to apply in two phases: whereas the part of MiCA Regulation containing specific rules applicable to the two types of stablecoins (asset-referenced and e-money tokens) will start to apply as of 30 June 2024, harmonized rules applicable to crypto-asset service providers will start to apply as of 30 December 2024.

But where do we stand at this point with the level 2 and level 3 acts, implementation process and what are some final steps that are yet to be made before the new framework becomes operational? Find out in our detailed analysis below.

Short overview

Intended to become a backbone of the EU regulatory framework on crypto-assets, MiCA Regulation creates a common taxonomy of crypto-assets, harmonized set of rules applicable to issuers and offerors of crypto-assets as well as a harmonized authorization framework applicable to persons engaging in the provision of regulated crypto-asset services in the EU (like crypto-exchanges, wallet providers etc.).

Taxonomy of crypto-assets

Given that different types of crypto-assets may pose different risks to investors, MiCA Regulation introduces a common taxonomy of crypto-assets by differentiating between the following three groups of crypto-assets in relation to each of which a separate set of regulatory requirements will apply:

• Asset referenced tokens: crypto-asset that is not an e-money token and that purports to maintain a stable value by referencing another value or right or a combination thereof (e.g. commodities, other crypto-assets etc.), including one or more official currencies.
• E-money tokens: crypto-asset that purports to maintain a stable value by referring to the value of one official currency (for instance EUR, GBP or USD).
• Other crypto-assets: a catch all category that aims to cover all other crypto-assets such as crypto-currencies (Bitcoin, Ether etc.), various types of investment and utility tokens provided that they do not qualify as transferable securities under existing financial regulations applicable in the EU.

Crypto-assets that qualify as other regulated instruments under existing financial regulations in the EU, such as transferable securities, structured deposits, e-money or securitizations, will remain outside the scope of the new regime. Further crypto-assets that will remain outside the scope of MiCA Regulation include digital currencies issued by central banks (the so-called central bank digital currencies “CBDCs”) or by other public international organizations (such as the International Monetary Fund).

To see more on the scope of application of the new regime, its impact on DeFi protocols, NFTs as well as territorial reach of new requirements, see our dedicated article “Navigating MiCA (Part 1): Overview of the new EU regulatory framework on crypto-assets”.

Public offering of crypto-assets

MiCA Regulation also creates a common regulatory framework applicable to issuers and offerors of crypto-assets that are making them available to the public in the EU.

Under the new framework, prior to offering regulated crypto-assets to the public, the offerors will need to comply with a number of transparency, disclosure and notification requirements that are aimed at ensuring that prospective investors in the EU are provided with sufficient information about the characteristics, risks and rights and obligations attached to crypto-assets, before making their investment decision.

Further, offerors of asset-referenced and e-money tokens will need to comply with certain additional transparency and disclosure requirements and their issuers will need to meet strict authorization requirements that EU lawmakers have designed with the aim of creating a bespoke regulatory framework for stablecoins.

To find out more about the specific requirements applicable to issuers and offerors of crypto-assets under MiCA Regulation, please see our dedicated article “Navigating MiCA: (Part 2): Offering of crypto-assets to the public under the new regime”.

Authorisation framework for CASPs

By following basic principles of the existing financial regulation in the EU (especially the MiFID II framework), MiCA introduces common authorization requirements combined with operational, governance and conduct requirements that all providers of crypto-asset service providers operating in the EU will be required to comply with.

Prior to starting with the provision of regulated crypto-asset services to customers in the EU, prospective CASPs will need to apply for authorization from the national competent authority (NCA) in the EU Member State of their establishment. In order to obtain authorization, they will need to ensure compliance with a number of organizational, governance, conduct and information requirements that apply to crypto-asset service providers under the new regime.

Based on a single license obtained in the home Member State, CASPs will be able to provide services across the EU in accordance with the “passporting” mechanism which is common in other major pieces of the EU financial regulation. This will be possible either through the right of establishment, including through a branch, or based on the freedom of provision of services.

To see more on the specific requirements applicable to offering of crypto-assets to the public as well as on the authorization framework for CASPs check out our dedicated article “Navigating MiCA (Part 3): Authorization regime for crypto-asset service providers”.

Where do we stand with the delegated acts?

With the aim of clarifying high level rules specified under MiCA Regulation, the EU Commission and the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) are mandated to adopt a number of regulatory and implementing technical standards (RTS and ITS) as well as level 3 guidelines. For many in the industry, the level 2 legislation in particular is seen as one of the most important parts of the MiCA puzzle, given that many level 1 provisions require detailed organisational and technical specifications that are desperately necessary for the purpose of successful implementation process.

So far, ESMA has published a number of drafts of level 2 and level 3 acts as part of the following three consultation packages:

• First consultation package: draft acts were published in July 2023 (consultation closed on 20 September 2023, the final report published on 25 March 2024);
• The second consultation package: draft acts were published in October 2023 (consultation closed on 14 December 2023, ESMA due to submit final report to the EU Commission by 30 June 2024)
• The third consultation package: draft acts were published on 25 March 2024 (consultation open until 25 June 2024, ESMA due to submit the final report to the EU Commission by 30 December 2024)

So far published level 2 and level 3 acts provide very helpful clarifications on some key parts of MiCA Regulation that were subject of long discussions within the industry, especially when it comes to:

• Points of differentiation between regulated financial instruments, transferable securities and crypto-assets under the new framework;
• The scope of the reverse solicitation concept, a very limited possibility for non-EU crypto businesses to get access to the lucrative EU market;
• Organisational processes, policies and procedures that prospective CASPs will need to prepare for the purposes of authorisation;
• Technical requirements and templates on crypto-asset white papers for the public offering of crypto-assets in the EU.

Alongside ESMA’s work, EBA has in July, October and November 2023 published a number of draft RTS, ITS and Guidelines under its mandate to develop level 2 and level 3 acts on the MiCA provisions around the new stablecoin framework. On 22 February 2024 the EU Commission has made a step further and adopted four Delegated Regulations building upon the first EBA consultation package that are now to be discussed and adopted by the European Parliament and the Council.

What should you do in the meantime?

Despite the fact that the originally announced 12 and 18-month transitional periods respectively, sounded like quite a lot of time for the implementation, everyone who got involved in the implementation process had a chance to quickly realize that this will be everything but sufficient time. Conscious of time and the complexity of the new rules, the logical question that many may ask is: what shall my business do now to ensure compliance with the new rules?

Truth be told, when it comes to the provision of crypto-asset services, the answer to this question differentiates significantly depending on whether we speak about the implementation roadmap for: (i) authorized financial institutions, (ii) crypto-asset service providers operating under the license of their respective Member State or lastly, (iii) non-regulated entities.

Authorised financial institutions

For authorised financial institutions like MiFID II investment firms, credit institutions, e-money institutions or fund management companies (under UCITS or AIFMD framework) that want to start providing crypto-asset services, the preparation process will be rather simple: Given that the requirements that will apply to CASPs under MiCA Regulation are rather less onerous than the ones that apply to regulated financial institutions, the new framework provides for an equivalence regime for certain regulated institutions that will be able to provide crypto-asset services based on their existing licenses.

To that end, authorized investment firms will be able to provide crypto-asset services that are similar in nature to those that they are already authorized to provide under their existing licenses framework (e.g. portfolio management, reception and transmission of orders, investment advice, custody etc.) without the need for obtainment of an additional MiCA license. The same will apply to e-money institutions looking to engage in the provision of custody services, authorized fund managers looking to provide portfolio management services and other ancillary services (like investment advice) as well as credit institutions that will by default be authorized to provide all crypto-asset services.

Authorised entities looking to benefit from this equivalence regime will need to follow specific notification procedure and notify their NCAs about their plan to start providing crypto-asset services and submit required documentation. NCAs generally only have 20 days to inform authorized entities if the notification was incomplete and request additional documentation (i.e. no approval/authorisation is required).

Authorised CASPs under national law

Bearing in mind that some EU Member States already have in place national regulatory frameworks regulating the crypto-industry (like Germany), the new framework leaves a possibility for Member States to apply a simplified procedure for applications for authorization submitted by entities that are already authorized under national law to provide crypto-asset services. In such case, the NCAs will be required to ensure that these applicants comply with key requirements under MiCA Regulation.

Further, EU lawmakers have left a possibility for Member States to grandfather the status of authorized CASPs, to entities that provide crypto-asset services in accordance with national frameworks, for up to 18 months after MiCA go live date or until they obtain new MiCA license (whichever sooner).

However, ESMA has expressed concerns and urged Member States to limit the duration of eventual grandfathering periods with the aim of ensuring consistent introduction of the new framework at the EU level.

This may give quite a lot breathing space for CASPs that are already operating under national licenses however provided that the Member State of their establishment: (i) already has existing national authorization framework on crypto-asset service providers, (ii) opts to stipulate under national law grandfathering period as well as a fast track procedure as allowed under MiCA Regulation.

For instance, in Germany, which was one of the first EU Member States that introduced a designated regulatory framework on crypto-assets back in 2020, the Government has recently published the Draft Act on the Digitalisation of the Financial Markets (“Finanzmarktdigitalisierungsgesetz “FinmadiG”) which introduces targeted amendments to the local framework that shall facilitate the introduction of the MiCA framework into national law.

This act, also allows authorised CASPs under national law to continue to operate based on their existing license by 31 December 2025. By mirroring the provisions of the Article 143 MiCA Regulation, FinmadiG also provides for a fast track application procedure for already authorised CASPs that will be specified in detail in the ordinance of the German Federal Minsitry of Finance (Bundesfinanzministerium) and the German Bundesbank.

More on FinmadiG and the changes that it will bring to the existing German framework on crypto-assets will be published in our next article dedicated to this topic.

Non-regulated entities

Non-regulated entities looking to enter the crypto-space in the EU post go-live date(s) will have by far the greatest challenge to overcome: entering the regulated space for the new entrants not familiar with the standards and practice of NCAs in the EU is everything but an easy task to accomplish. Nonetheless, it is still far from unachievable.

In order to navigate the implementation process successfully, new entrants eyeing CASP license shall use the remaining transitional period wisely and prepare for the new framework by focusing in particular on the following:

• Business Plan: Define your business plan and your expansion strategy (incl. relevant in-scope crypto-asset services, preferred Member State for their EU hub, suitable model for cross-jurisdictional operation etc.);
• Organisational Structure: Define and set up internal organisational structure of your future entity by taking into account key regulatory requirements;
• Hiring Plan: Prepare a clear hiring plan and start early on to look for suitable members of the management board and persons that will take responsibility over key control functions (such as compliance, risk management, money laundering reporting officers);
• Ownership Control: Future CASPs need to go through rather strict control procedure on all major shareholders of the company – therefore, ensure that your cap table is clear and understandable enough so that this formal part does not start to unnecessarily prolong the entire application process;
• Internal Processes and Procedures: Set up internal processes and procedures that ensure compliance with key regulatory requirements including requirements on internal risk management, compliance, outsourcing, digital operational resilience and AML framework;
• Policies: Ensure that your compliance with key regulatory requirements is properly documented in internal policies, a number of which are mandatory to be prepared and maintained not only at the authorisation date but also throughout the lifecycle of the CASP.

Any questions?

If you have any questions on how to navigate the new regulatory framework on crypto-assets in the EU, feel free to reach out. Our team of experts which has significant experience in advising financial institutions and innovative fintech companies on all questions related to the new EU regulatory framework on crypto-assets.