United Kingdom | Publication | October 2024
On 30 December 2024, Regulation (EU) 2023/1114 on markets in crypto-assets (MiCA) will become fully applicable. MiCA is the first European-level piece of legislation that introduces a comprehensive regulatory framework for crypto-assets, covering issues from issuance of crypto-assets, through provision of services in crypto-assets to preventing market abuse in crypto-asset markets. MiCA’s framework for asset-referenced tokens and e-money tokens has been applicable since 30 June 2024. Important for compliance efforts, the European Commission is still in the process of adopting a large number of pieces of secondary legislation setting out technical and operational details of the relevant provisions.
This note provides a high-level overview of some of the key requirements that the new legislation will impose upon persons seeking to make crypto-assets available to the public in the EU or seek their admission to trading on a crypto-asset trading platform, as well as crypto-asset service providers. It sets out some practical points for consideration for firms active in crypto-asset markets as the clock for MiCA’s implementation and ensuring compliance with its requirements is ticking. Becoming compliant with MiCA will require significant efforts in a relatively short timeframe and as MiCA’s application is around the corner, both EU and non-EU firms are well advised to start considering how to adapt to the new regime, given the complexity of the issues at stake. For non-EU firms it is important to bear in mind that MiCA does not have a third-country regime allowing for the cross-border provision of services into the EU from a third-country to clients established in the EU, and the limited reverse solicitation (own initiative) exemption is expected to be interpreted very strictly.
This note is relevant to providers of services in crypto-assets that are not financial instruments within the meaning of the revised Markets in Financial Instruments Directive (MiFID II) and to persons seeking to issue crypto-assets, including so called “stablecoins”, in Europe. This note is also relevant to persons located or established in the European Economic Area (EEA) or established outside the EEA (including in the United Kingdom) and having clients located in the EEA. It is also relevant to investment firms and credit institutions providing investment services or performing investment activities in crypto-assets that, albeit not subject to MiCA’s authorisation requirements, will have to comply with certain other requirements in MiCA.
MiCA sets out harmonised EU-level definitions of all key terms relating to activities undertaken in crypto-asset markets. This includes definitions of crypto-assets and various sub-sets thereof (such as asset-referenced and electronic money tokens), as well as the various types of crypto-asset services and service-providers. As indicated above, MiCA will apply to those crypto-assets that do not classify as instruments subject to other European financial services legislation, including MiFID financial instruments. Whilst there will be regulatory guidance on the criteria for classification of crypto-assets as financial instruments, the assessment of whether a given token is classified as a financial instrument – in particular a derivative – is often a complex task that must be subject to a case-by-case analysis. MiCA sets out provisions applicable to persons seeking to make crypto-assets available to the public in the EU and/or to seek their admission to trading on a crypto-asset trading platform, as well as regulating the provision of services related to crypto-assets in the EU, which are not regulated by other pieces of European law. MiCA sets out rules on transparency and disclosure requirements for the issuance and admission to trading of crypto-assets, the authorisation and supervision of crypto-asset service providers and issuers of stablecoins, the operation, organisation and governance of issuers of stablecoins (asset-referenced tokens and electronic money tokens) and crypto-asset service providers, consumer protection rules, and measures to prevent market abuse and to ensure the integrity of markets in crypto-assets.
According to the Commission’s proposal, MiCA was not intended to apply to non-fungible tokens (NFTs) but the issue was discussed at length during the legislative review process. In conclusion, in accordance with the compromise agreed, NFTs will be excluded from the scope of MiCA, except for those whose features or uses would re-qualify them as crypto-assets within the scope of the regulation. MiCA will therefore include provisions governing the re-classification of NFTs. The Commission is mandated to submit a report to assess the opportunity and potential ways of regulating NFTs by 30 December 2024.
MiCA regulates the offering of crypto-assets to the public in the EU and the request of admission for such crypto-assets to trading on a trading platform for crypto-assets. Such activities will be subject to a prescribed set of requirements, including an obligation to publish a white paper containing a detailed description of the planned crypto-asset offering or admission to trading. MiCA also sets out requirements applicable to marketing communications relating to the offering of crypto-assets and admission of such crypto-assets to trading, as well as conduct rules for crypto-asset issuers, such as an obligation to act honestly, fairly and professionally, coupled with provisions on liability of issuers of crypto-assets. The requirement for offerors of crypto-assets to be a legal entity established in the EU was subject to much debate during the legislative review, and the final compromise steered away from mandating such presence for crypto-assets other than asset-referenced tokens and e-money tokens – notably for fears of undermining the attractiveness of European markets vis-à-vis global competition in crypto-markets. On the other hand, the co-legislators agreed to strengthen the EU presence requirements for crypto-asset service providers.
MiCA sets out a framework governing the issuance of asset-referenced tokens (“stablecoins”) and electronic money tokens and their admission to trading on a trading platform. As stated above, this framework has been in application since 30 June 2024. In respect of asset-referenced tokens, the issuer is required to obtain prior authorisation by a Member State National Competent Authority (NCA) and is obliged to publish a white paper which needs to be approved by the relevant NCA. Authorised European credit institutions will not have to obtain additional authorisation to issue asset-referenced tokens. In order to obtain MiCA authorisation, asset-referenced tokens and electronic money token issuers are under an obligation to demonstrate compliance with bespoke own funds requirements, governance arrangements, disclosure requirements, conflict of interest and complaints handling mechanisms, an obligation to hold reserves of assets, as well as having in place policies and procedures governing the custody of the reserve assets, investment of the reserve assets and planning for orderly wind-down. This could be quite a high bar to pass, requiring sufficient time to prepare appropriate documentation, policies, systems and procedures. Importantly and relevant for future distribution of stablecoins in the EU, MiCA introduced restrictions on the use of such crypto-assets as means of exchange. The relevant limits referring to the number and value of transactions are set out in the legislation.
More stringent provisions apply to issuers of asset-referenced tokens that are designated as “significant”. The criteria determining significance for such tokens are listed in MiCA and include, among other things, the criterium that the issuer of an asset-referenced token is a provider of core platform services designated as a gatekeeper in accordance with the EU Digital Markets Act (Regulation (EU) 2022/1925). The Commission is be mandated to adopt delegated acts to specify the circumstances under which the activities of the issuer of stablecoins are considered to be significant on an international scale outside the EU.
Subject to some exemptions, MiCA requires the issuer of electronic money tokens to be an authorised credit institution or an electronic money institution, and comply with the applicable sectoral legislation, as well as publishing a white paper and notifying it to the relevant NCA. As with asset-referenced tokens, MiCA sets out rules for the categorisation of certain e-money tokens as “significant”, and these will be subject to additional requirements and supervision. One point for consideration for potential issuers of e-money tokens is the possibility of structuring their business as a credit institution, as obtaining the relevant regulatory approvals is likely to take time.
The Commission has adopted secondary legislation further specifying the circumstances under which asset-referenced tokens and e-money tokens are considered to be significant.
The area in which MiCA is likely to impact on the broadest scope of crypto-asset market participants concerns the provision of services in crypto-assets. From 30 December 2024, MiCA will require that the provision of services in crypto-assets can only be performed by legal persons and which have been duly authorised as crypto-asset service providers in accordance with MiCA. Services in crypto-assets include custody services, operating trading platforms for crypto assets, exchanging services between crypto-assets and fiat currency or other crypto-assets, executing orders for crypto-assets on behalf of clients, as well as providing placement services, reception and transmission of orders in crypto-assets and advice on crypto-assets, provision of portfolio management in crypto-assets and provision of transfer services in crypto-assets on behalf of clients. To avoid any overlap with existing regulatory frameworks, MiCA authorisation requirements will not be applicable to the provision of crypto-asset services by certain authorised European financial institutions, such as credit institutions, investment firms, market operators, e-money institutions, management companies of UCITS and alternative investment fund managers.
Authorised crypto-asset service providers will be able to provide their services cross-border in all EU jurisdictions, which is akin to “passport” rights known from other pieces of European financial services legislation. They will be subject to a range of requirements, both general as well as specific, depending on the type of service provided. The general requirements will cover prescriptive organisational and disclosure rules, rules regarding safekeeping of client funds and outsourcing, conduct rules and an obligation to act honestly, fairly and professionally in the best interest of clients, as well as prudential requirements such as an obligation to maintain own funds and an insurance policy. It is also worth noting in this context that MiCA does not include a separate regime for third-country crypto-asset service providers. While allowing some limited reliance on the reverse solicitation approach, third-country persons planning to actively solicit clients based in the EU and/or to promote or advertise its services in the EU, will need to obtain authorisation as an EU crypto-asset service provider.
In addition, MiCA applies additional requirements to a separate category of “significant” crypto-asset service providers, being crypto-asset service providers with at least 15 million active users annually in the EU. While significant crypto-asset service providers will be subject to national-level supervision, the NCAs will be obliged to report to the European Securities and Markets Authority (ESMA) on key supervisory developments.
Persons that currently engage in the provision of services in crypto-assets in Europe and plan to continue doing so after 30 December 2024, should start considering the regulatory status of their activities as soon as possible. Where such persons need to seek MiCA authorisation, they should bear in mind that preparation of the relevant documentation, policies and procedures – depending on the organisation’s size, complexity, scale and nature of operations – can be a lengthy process. There are also likely to be structural issues to consider, and prospectively jurisdictional ones, in particular for firms with no existing European presence. Given the relatively tight MiCA implementation timeframes, it may be prudent to try and avoid the application bottleneck that some European NCAs may face closer to the deadline. Persons providing services in crypto-assets in Europe without the required authorisation may be included in the register of non-compliant crypto-asset service providers, which will be set up by ESMA.
MiCA will set out a set of rules applicable to crypto-assets that are admitted to trading on a trading platform for crypto-assets, or for which a request for admission to trading on such a trading platform has been made. Not dissimilar from the relevant rules applicable in securities markets, MiCA’s requirements will include provisions concerning disclosure of inside information and prohibitions on insider dealing, unlawful disclosure of inside information and market manipulation.
It is important to bear in mind that the requirements that MiCA will impose upon persons active in crypto-asset markets, in whichever capacity – issuers or service providers – cannot be considered in isolation. In particular for persons who will enter the regulatory perimeter for the first time by virtue of obtaining MiCA authorisation, it is important to be aware of and consider the practical compliance implications of a broader set of legislative and regulatory requirements, including rules on digital operational resilience. To this end, the relevant piece of European legislation is the Digital Operational Resilience Act (DORA). DORA becomes applicable on 17 January 2025 and introduces a harmonised and comprehensive framework on digital operational resilience for European financial institutions, including crypto-asset service providers that will have to become authorised in accordance with MiCA’s requirements. It sets out a very prescriptive set of requirements concerning the management of information and communication technologies (“ICT”) risk, including internal governance and control frameworks, incident management processes and testing, as well as management of ICT third-party risks. Compliance with DORA is a complex task, both for bigger and more sophisticated crypto-asset market participants whose documentation, systems and processes will have to be reviewed and possibly updated, but also for smaller firms with less advanced existing ICT structures.
The other piece of legislation worth mentioning is the Regulation on the transfer of funds and certain crypto-assets (the “Transfer of Funds Regulation”), which implements in European law the controversial recommendation of the Financial Action Task Force (“FATF”) to accompany the transfer of crypto-assets with information on the originator and the beneficiary (the so called “travel rule”). The Transfer of Funds Regulation becomes applicable on 30 December 2024 and will introduce an obligation for crypto-asset service providers to collect and make accessible data concerning the originators and beneficiaries of the transfers of crypto-assets they undertake. The legislation prescribes details regarding the type of information that the crypto-asset service provider of the originator will have to obtain and verify prior to executing the transfer of crypto-assets. This will apply regardless of the amount of crypto-assets being transferred. It will also require the crypto-asset service provider of the beneficiary to have in place effective procedures to detect missing information. There will also be specific requirements for crypto-asset transfers between crypto-asset service providers and unhosted wallets. All in all, the complexity and prospective technical challenges that firms are likely to face in adopting suitable compliance measures, as demonstrated by similar experiences in other jurisdictions that have implemented the “travel rule”, suggest that firms prepare alongside their MiCA compliance efforts as the date of application of the Transfer of Funds Regulation and that of MiCA are aligned.
As mentioned above, MiCA will become fully applicable on 30 December 2024, subject to a discretionary transition period. Unusually for a regulation, the legislators provided for the possibility of a transition period concerning the application of MiCA’s provisions for crypto-asset service providers. The two transitional measures, described below, are discretionary and individual Member States had until the end of June 2024 in which to notify the European Commission as to whether they would use them and, if so, for how long. The transitional measures comprise of:
That said, firms should take note that relying on grandfathering provisions do not grant them the status of a MiCA crypto-asset service provider. This has various consequences, including that such grandfathered entities will not be able to benefit from intra-EU passport.
Our financial services team has extensive experience in advising European, UK and third-country market participants in crypto-assets, including operators of trading venues, custodians and post-trade service providers, as well as a variety of other companies active in the broader FinTech sector. Unlike most other law firms, we offer a blend of legal, compliance and government relations skills in one cohesive team. This means we can help clients to prepare for legislative change by advising on legal and regulatory requirements, as well as on practical aspects of their implementation from the perspective of operational systems and controls adaptation.
Publication
Miranda Cole, Julien Haverals and Emma Clarke of our Brussels/ London offices are the authors of a chapter on procedural issues in merger control that has been published in the third edition of the Global Competition Review’s The Guide to Life Sciences. This covers a number of significant procedural developments that have affected merger review of life sciences transactions.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023
