On 24 September 2020, the European Commission published its proposed Regulation on markets in crypto assets (MiCA), which forms part of a wider set of publications on Europe's Digital Finance Strategy. This article sets out the 10 key things you need to know about the MiCA proposals.
1. What is MiCA and why is it needed?
There is currently a gap in European financial services regulation that means many cryptoassets fall outside the scope of the regulatory protections. Europe, and other countries, have or are trying to plug this gap. MiCA is Europe's response. The proposals are intended to create an innovation-friendly framework that does not pose obstacles to the application of new technology, while ensuring a common approach across the Single Market and addressing the new risks cryptoassets pose. In reality they are a patchwork quilt of existing EU regulations, stitched together in a special regime for cryptoassets and slightly amended to form a degree of proportionality, although some will disagree that these proposals are proportionate.
2. What crypto assets will be subject to this regime?
MiCA will apply to any person providing cryptoasset services or issuing cryptoassets (see below) in or into Europe. MiCA will apply any cryptoasset that is not already subject to EU regulation. That will include utility tokens, payment tokens, stablecoins (or asset-referenced tokens) and a newly defined e-money token (a token that isn't e-money in the traditional sense, but has all the hallmarks of traditional e-money). It will not apply to security tokens that are already subject to existing EU regulatory regimes.
It will also not apply to central bank digital currencies (CBDC) but places significant requirements on significant stablecoins (in other words, global stablecoins, or GSCs). This appears to be another regulatory step to ensure Central Banks retain control of monetary policy and to safeguard against perceived risks with GSCs.
3. We provide a (global) stablecoin, is that caught?
Yes! But there are different obligations for different types of stablecoins, and more new terminology.
So-called "asset-referenced tokens" are defined as cryptoassets that purport to maintain a stable value by referring to the value of several fiat currencies that are legal tender, one or several commodities or one or several cryptoassets, or a combination of such assets. In other words, fiat, commodity or crypto-backed stablecoins.
Then the EU proposes another type of stablecoin, called "electronic money tokens" or "e-money tokens" which is defined as a type of cryptoasset the main purpose of which is to be used as a means of exchange and that purports to maintain a stable value by referring to the value of a fiat currency that is legal tender. A key difference between asset-referenced tokens and e-money tokens is that e-money tokens are pegged to a single fiat currency.
Finally, the recitals state that "algorithmic stablecoins" should not be considered "asset-referenced tokens", although they may be subject to the requirements for cryptoassets more generally. Algorithmic stablecoins are referred to as those which aim at maintaining a stable value, via protocols, that provide for the increase or decrease of the supply of such cryptoassets in response to changes in demand.
Asset-referenced tokens and e-money tokens may be subject to additional obligations on issuers and service providers where they are deemed to be "significant"'. Significance is assessed based on whether a token and/or the issuer meets three or more criteria. These include the size of the issuer’s customer base, the value of tokens issued or of individual transactions, the size of the issuer’s reserve of assets, or the instrument’s interconnectedness with the financial system. Issuers of instruments deemed significant must apply the European Banking Authority (EBA), which is then required to make the formal decision as to whether the instrument is significant.
4. What crypto asset services are in scope?
The following services when carried on in relation to a cryptoasset will be regulated under MiCA:
- custody and administration of cryptoassets;
- the operation of a trading platform for cryptoassets;
- the exchange of cryptoassets for fiat currency;
- the exchange of cryptoassets for other cryptoassets;
- the execution of orders for cryptoassets on behalf of third parties;
- the placement of cryptoassets;
- the reception and transmission of orders for cryptoassets; and advice on cryptoassets.
In addition, the Commission states that if a crypto asset service provider is providing payment services as part of its crypto asset services, it would need to be authorised under PSD2 or appoint a payment institution that is.
Those familiar with European regulation will recognise the above largely copies out existing regulated activities under European law.
5. We provide crypto asset services, what does that mean for our firm?
Let's start with the good news. You will be able to use a pan-European passport to offer your cryptoasset services throughout Europe. Many will consider that's where the good news ends!
To get your passport, cryptoasset service providers will be subject to what's being coined a "mini-MiFID" regime. For those not familiar with the European Markets in Financial Instruments Directive (MiFID), this will include:
- being established in the EU and obtaining a licence;
- having to meet minimum and ongoing capital requirements;
- complying with various organisational requirements, such as ensuring management have necessary skills and experience and being of good repute, maintaining proper systems and controls to manage ICT security, record keeping and anti-money laundering requirements;
- complying with client asset and money rules where a service provider’s business model requires them to hold funds belonging to clients, including placing all client funds in a central bank or credit institution separately identifiable from any of its own funds;
- providing clients with clear, accurate and non-misleading information, in particular in marketing communications, with clients being properly warned of the risks associated with purchasing cryptoassets and not being misled as to the real or perceived advantages of any cryptoassets.
- having complaints handling procedures in place;
- maintaining and operating an effective policy to prevent conflicts of interest; and
- taking reasonable steps to avoid operational risk when outsourcing and ensuring the service provider remains fully responsible for discharging its obligations under MiCA.
There are additional requirements for service providers that offer particular services, such as custodians or exchange or trading platform providers. The proposals certainly are comprehensive.
6. What about issuers of crypto assets?
MICA defines a cryptoasset issuer as any "person who offers cryptoassets to third parties". This is an intentionally broad definition.
All issuers will have to comply with a number of general requirements, with issuers of stablecoins (or asset-referenced tokens) and e-money tokens (payment tokens) subject to more stringent requirements.
The general requirements are another scaled back, mix of existing EU regulations. In particular:
- issuers will be required to publish a whitepaper – but this is not the whitepaper the industry has got used to. This is a mini-prospectus for those familiar with the EU Prospectus Regulation.The whitepaper must set out, in line with detailed form and content requirements, details of the asset, the offering procedure, and the issuer itself, such that potential buyers will be able to make an informed purchase decision and understand the risks relating to the offering. Unlike a prospectus, there is no requirement for a competent authority to approve of the whitepaper, but it must be submitted to the competent authority with an explanation of why the issuance falls outside the scope of MiFID II. Failure to comply with the requirements could lead to liability for the issuer arising from claims by token holders;
- issuers will have to comply with the fair, clear, and not misleading standards when marketing cryptoassets; and
- issuers will have to act honestly, fairly and professionally, communicate with the holders of cryptoassets in a fair, clear, and not misleading manner; prevent, identify, manage and disclose conflicts of interest that may arise; maintain effective administrative arrangements; and maintain all of their systems and security access protocols to an appropriate standard.
However, the requirements for asset-referenced tokens and e-money tokens go much further. The regime for e-money tokens requires issuers to be authorised under the E-Money Directive to avoid any regulatory arbitrage.
For issuers of asset-referenced tokens, Europe has meshed together aspects of the requirements applicable to e-money firms and investment firms. There are three key additional obligations:
- the issuer will have to comply with prudential requirements (being the higher of €350,000 or 2% of the average amount of reserve assets, or such other amount as required by regulators) and hold its reserve assets in custody, segregated from its own funds and unemcumbered;
- the issuer must have robust governance arrangements, a clear organisational structure, well defined, consistent and transparent lines of responsibility, effective process to manage, monitor, and report risks, and adequate internal control mechanisms. There will also be requirements on controllers of cryptoasset issuers; and
- the issuer must produce and publish information on their practices, including in relation to the assets in circulation, any event that might have a significant effect on the value of their tokens and their conflict of interest policies, as well as complaints handling obligations.
7. We are based outside the EU, surely we avoid all of this?
Only if you are not offering your tokens in Europe.
If you want to issue asset referenced tokens or e-money tokens in Europe, you will need to be established in the EU and obtain authorisation. This is so the regulators have appropriate oversight and control over these more significant activities.
8. When are the proposals coming into force?
These are just proposals at this stage. They have to go through the EU legislative process yet. This could take 18-24 months and the proposals could change during that time. A lot can happen in two years in this industry!
Even when it comes into force, there will be a transitional period for firms to ensure they meet the new requirements and the ability for a light-touch regime for existing regulated entities.
9. What does it mean for the UK in light of Brexit?
From a UK perspective, MiCA will not be directly applicable in the UK, but its effect could be significant for a number of reasons. On Brexit in particular, who knows where we will be by the time MiCA is published in the Official Journal and becomes law, but it is almost certainly the case that the UK will not directly implement MiCA. However, MiCA may have a significant effect on the cryptoasset market. It is likely that cryptoassets covered by MiCA will be viewed as safer investments, therefore increasing the appeal of the European crypto-asset markets possibly to the detriment of other markets, including the UK market. Similarly, the increased credibility conferred on cryptoassets through increased regulation is likely to result in banks and other established credit institutions moving into the cryptoasset space, disrupting the current market. For these reasons, the UK will likely publish its own proposals in the near future. Although the provisions will not be identical, it is likely that they will share many similarities with MiCA.
10. Will MiCA really put Europe at the front of the crypto asset race?
That remains to be seen. The proposals are comprehensive and should certainly achieve the objective of mitigating risks and better protecting consumers. But these proposals firmly favour incumbent financial institutions over Fintech start-ups, who may see the new requirements as significant barriers to entry. Even under the e-money directive there are "small" or "sub-threshold" regimes. It is a wonder why the EU did not propose this while it was stitching together the rest of EU regulations.
