Ontario's new Consumer Protection Act one step closer to becoming law
Ontario will soon have new consumer protection legislation that will double fines and increase litigation and class action risk.
On 25 September 2020 the European Commission (the “Commission”) published its long-awaited draft legislation on markets in crypto-assets – commonly known as the “Markets in Crypto-Assets Regulation” or MiCA. The proposal was part of the broader Digital Finance Strategy package and it was the first European-level legislative initiative aiming to introduce a comprehensive regulatory framework for crypto-assets, and covering issues from issuance of crypto-assets, through provision of services in crypto-assets to preventing market abuse in crypto-asset markets. Following legislative review, during which European co-legislators introduced some changes to the Commission’s draft, a provisional political agreement on the final text was reached on 30 June 2022. While at the time of writing this article MiCA’s post-trilogue text and its publication in the Official Journal of the European Union (“OJ”) is still pending, the adoption and application of MiCA will mark the beginning of a harmonised European approach to regulating crypto-assets.
This note provides a high-level overview of some of the key requirements that the new legislation will impose upon issuers of crypto-assets and crypto-asset service providers and sets out some practical points for consideration for firms active in crypto-asset markets as the clock for MiCA’s implementation and ensuring compliance with its requirements starts ticking. Becoming compliant with MiCA will require significant efforts in a relatively short timeframe and while MiCA’s application is still some time away, both EU and non-EU firms are well advised to start considering how to adapt to the new regime, given the complexity of the issues at stake.
This note is relevant to providers of services in crypto-assets that are not financial instruments within the meaning of the revised Markets in Financial Instruments Directive (“MiFID II”) and to persons seeking to issue crypto-assets, including so called “stablecoins”, in Europe. This note is also relevant to persons located or established in the European Economic Area (“EEA”) or established outside the EEA (including in the United Kingdom) and having clients located in the EEA. It is also relevant to investment firms and credit institutions providing investment services or performing investment activities in crypto-assets that, albeit not subject to MiCA’s authorisation requirements, will have to comply with certain other requirements in MiCA.
Once formally approved MiCA will set out harmonised EU-level definitions of all key terms relating to activities undertaken in crypto-asset markets. This includes definitions of crypto-assets and various sub-sets thereof (such as asset-referenced and electronic money tokens), as well as the various types of crypto-asset services and service-providers. MiCA will apply to persons involved in the issuance of crypto-assets, as well as services related to crypto-assets in the EU, which are not regulated by other pieces of European law. MiCA will set out rules on transparency and disclosure requirements for the issuance and admission to trading of crypto-assets, the authorisation and supervision of crypto-asset services providers and issuers, the operation, organisation and governance of issuers of asset-referenced tokens, electronic money tokens and crypto-asset service providers, consumer protection rules, and measures to prevent market abuse and to ensure the integrity of markets in crypto-assets.
According to the Commission’s proposal, MiCA was not intended to apply to non-fungible tokens (“NFT”s) but the issue was discussed at length during the legislative review process. In conclusion, in accordance with the compromise agreed, NFTs will be excluded from the scope of MiCA, except for those whose features or uses would re-qualify them as crypto-assets within the scope of the regulation. MiCA will therefore include provisions governing the re-classification of NFTs. The Commission will be mandated to submit a report 18 months following MiCA’s entry into force to assess the opportunity and potential ways of regulating NFTs.
MiCA will regulate issuance and offering of crypto-assets to the public in the EU and request of admission for such crypto-assets to trading on a trading platform for crypto-assets. Such activities will be subject to a prescribed set of requirements, including an obligation to publish a white paper containing a detailed description of the planned crypto-asset offering or admission to trading. MiCA will also set out requirements applicable to marketing communications relating to the offering of crypto-assets and admission of such crypto-assets to trading, as well as conduct rules for crypto-asset issuers, such as an obligation to act honestly, fairly and professionally, coupled with provisions on liability of issuers of crypto-assets. The requirement for offerors of crypto-assets to be a legal entity established in the EU was subject to much debate during the legislative review, and the final compromise steers away from mandating such presence for crypto-assets other than asset-referenced tokens and e-money tokens – notably for fears of undermining the attractiveness of European markets vis-à-vis global competition in crypto-markets. On the other hand, the co-legislators agreed to strengthen the EU presence requirements for crypto-asset service providers.
MiCA will set out a whole new framework governing the issuance of asset-referenced tokens (“stablecoins”) and electronic money tokens and their admission to trading on a trading platform. In respect of asset-referenced tokens, this will include an obligation for the issuer to obtain prior authorisation by a Member State National Competent Authority (“NCA”) and an obligation to publish a white paper which needs to be approved by the relevant NCA. Authorised European credit institutions will not have to obtain additional authorisation to issue asset-referenced tokens. In order to obtain MiCA authorisation, stablecoins and electronic money token issuers will have to demonstrate compliance with bespoke own funds requirements, governance arrangements, disclosure requirements, conflict of interest and complaints handling mechanisms, an obligation to hold reserves of assets, as well as having in place policies and procedures governing the custody of the reserve assets, investment of the reserve assets and planning for orderly wind-down. This could be quite a high bar to pass, requiring sufficient time to prepare appropriate documentation, policies, systems and procedures. Importantly and relevant for future distribution of stablecoins in the EU, the co-legislators agreed to introduce restrictions on the use of such crypto-assets as means of exchange. The relevant limits referring to the number and value of transactions will be set out in the legislation.
More stringent provisions will be applicable to issuers of asset-referenced tokens that will be designated as “significant”. The criteria determining significance for such tokens were subject to much discussion in the trilogue negotiations. The outcome is that the compromise foresees the inclusion in the criteria of the provision of core platform services designated as gatekeepers in accordance with the recently adopted Digital Market Act, as well as the international activity of an issuer outside the EU. The Commission will be mandated to adopt delegated acts to specify the circumstances under which the activities of the issuer of stablecoins are considered to be significant on an international scale outside the EU.
Subject to some exemptions, MiCA will require the issuer of electronic money tokens to be an authorised credit institution or an electronic money institution, and comply with the applicable sectoral legislation, as well as publishing a white paper and notifying it to the relevant NCA. As with asset-referenced tokens, MiCA will set out rules for categorisation of certain e-money tokens as “significant”, and these will be subject to additional requirements and supervision. One point for early consideration for potential issuers of e-money tokens is the possibility of structuring their business as a credit institution, as obtaining the relevant regulatory approvals is likely to take time.
The area in which MiCA is likely to impact on the broadest scope of crypto-asset market participants concerns the provision of services in crypto-assets. MiCA will require that the provision of services in crypto-assets can only be performed by legal persons and which have been duly authorised as crypto-asset service providers in accordance with MiCA. Services in crypto-assets will include custody services, operating trading platforms for crypto assets, exchanging services between crypto-assets and fiat currency or other crypto-assets, executing orders for crypto-assets on behalf of clients, as well as providing placement services, reception and transmission of orders in crypto-assets and advice on crypto-assets, provision of portfolio management in crypto-assets and provision of transfer services in crypto-assets on behalf of clients (for a more in-depth overview of the proposed MiCA approach to regulate the provision of services in crypto-assets, please see our earlier article). In order to avoid any overlap with an existing regulatory framework, MiCA authorisation requirements will not be applicable to the provision of crypto-asset services by certain authorised European financial institutions, such as credit institutions, investment firms, market operators, e-money institutions, management companies of UCITS and alternative investment fund managers.
Authorised crypto-asset service providers will be able to provide their services cross-border in all EU jurisdictions, which is akin to “passport” rights known from other pieces of European financial services legislation. They will be subject to a range of requirements, both general as well as specific, depending on the type of service provided. The general requirements will cover prescriptive organisational and disclosure rules, rules regarding safekeeping of client funds and outsourcing, conduct rules and an obligation to act honestly, fairly and professionally in the best interest of clients, as well as prudential requirements such as an obligation to maintain own funds and an insurance policy. It is also worth noting in this context that MiCA will not include a separate regime for third-country crypto-asset service providers. While allowing some limited reliance on the reverse solicitation approach, third-country persons planning to actively solicit clients based in the EU and/or to promote or advertise its services in the EU, will need to obtain authorisation as an EU crypto-asset service provider.
In addition, MiCA will apply additional requirements to a separate category of “significant” crypto-asset service providers, being crypto-asset service providers with at least 15 million active users annually in the EU. While significant crypto-asset service providers will be subject to national-level supervision, the NCAs will be obliged to report to the European Securities and Markets Authority (“ESMA”) on key supervisory developments.
Persons that currently engage in the provision of services in crypto-assets in Europe and plan to continue doing so following the application of MiCA, should start considering the regulatory status of their activities as soon as possible. Where such persons need to seek MiCA authorisation, they should bear in mind that preparation of the relevant documentation, policies and procedures – depending on the organisation’s size, complexity, scale and nature of operations – can be a lengthy process. There are also likely to be structural issues to consider, and prospectively jurisdictional ones, in particular for firms with no existing European presence. Given the relatively tight MiCA implementation timeframes, it may be prudent to try and avoid the application bottleneck that some European NCAs may face closer to the deadline. Persons providing services in crypto-assets in Europe without the required authorisation may be included in the register of non-compliant crypto-asset service providers, which will be set up by ESMA.
MiCA will set out a set of rules applicable to crypto-assets that are admitted to trading on a trading platform for crypto-assets, or for which a request for admission to trading on such a trading platform has been made. Not dissimilar from the relevant rules applicable in securities markets, MiCA’s requirements will include provisions concerning disclosure of inside information and prohibitions on insider dealing, unlawful disclosure of inside information and market manipulation.
It is important to bear in mind that the requirements that MiCA will impose upon persons active in crypto-asset markets, in whichever capacity – issuers or service providers – cannot be considered in isolation. In particular for persons who will enter the regulatory perimeter for the first time by virtue of obtaining MiCA authorisation, it is important to be aware of and consider the practical compliance implications of a broader set of legislative and regulatory requirements, including rules on digital operational resilience. To this end, the relevant piece of European legislation is a newly adopted Digital Operational Resilience Act (“DORA”). DORA introduces a harmonised and comprehensive framework on digital operational resilience for European financial institutions, including crypto-asset service providers that will have to become authorised in accordance with MiCA’s requirements. It will set out a very prescriptive set of requirements concerning the management of Information and Communication Technologies (“ICT”) risk, including internal governance and control frameworks, incident management processes and testing, as well as management of ICT third-party risks. Compliance with DORA is likely to be a complex task, both for bigger and more sophisticated crypto-asset market participants whose documentation, systems and processes will have to be reviewed and possibly updated, but also for smaller firms with less advanced existing ICT structures.
The other piece of legislation worth mentioning is the recently adopted European regulation on the transfer of funds and certain crypto-assets (the “Transfer of Funds Regulation”), which implements in European law the controversial recommendation of the Financial Action Task Force (“FATF”) to accompany the transfer of crypto-assets with information on the originator and the beneficiary (the so called “travel rule”). The Transfer of Funds Regulation, which was agreed in trilogues on 29 June 2022 and is awaiting publication in the OJ is pending, will introduce an obligation for crypto-asset service providers to collect and make accessible data concerning the originators and beneficiaries of the transfers of crypto-assets they undertake. The legislation prescribes details regarding the type of information that the crypto-asset service provider of the originator will have to obtain and verify prior to executing the transfer of crypto-assets. This will apply regardless of the amount of crypto-assets being transferred. It will also require the crypto-asset service provider of the beneficiary to have in place effective procedures to detect missing information. There will also be specific requirements for crypto-asset transfers between crypto-asset service providers and unhosted wallets. All in all, the complexity and prospective technical challenges that firms are likely to face in adopting suitable compliance measures, as demonstrated by similar experiences in other jurisdictions that have implemented the “travel rule”, suggest that firms should start preparing alongside their MiCA compliance efforts as the implementation timetable of the Transfer of Funds Regulation and that of MiCA had been intentionally aligned.
As mentioned earlier, while MiCA is still going through the final approval phases, its publication in the OJ that will mark its entry into force and set out the detailed timetable for implementation is expected to take place in late Q3 / early Q4 2022. We understand that as a result of the trilogues discussions the co-legislators agreed to shorten implementation periods for MiCA but the details remain to be made available (according to the Commission’s proposal, the majority of the provisions should become applicable 18 months following entry into force, and the provisions concerning asset-referenced tokens and electronic money tokens should become applicable with no transition period). We also understand that MiCA will include certain grandfathering provisions and simplified authorisation procedures for those crypto-asset service providers that submit applications before MiCA becomes applicable and those that at the time of entry into force of MiCA (expected Q4 2022), were authorised under national law to provide crypto-asset services. Grandfathering provisions will cover both the provision of services in crypto-assets and crypto-assets admitted to trading on a trading platform in Europe prior to MiCA becoming applicable.
Our financial services team has extensive experience in advising European, UK and third-country market participants in crypto-assets, including operators of trading venues, custodians and post-trade service providers, as well as a variety of other companies active in the broader FinTech sector. Unlike most other law firms, we offer a blend of legal, compliance and government relations skills in one cohesive team. This means we can help clients to prepare for legislative change by advising on legal and regulatory requirements, as well as on practical aspects of their implementation from the perspective of operational systems and controls adaptation.
Ontario will soon have new consumer protection legislation that will double fines and increase litigation and class action risk.
Starting on January 22, 2024, corporations under the Canada Business Corporations Act (CBCA) that are required to maintain a register of individuals with significant control (ISCs) will have to file that information with the director under the CBCA.
The New Development Bank (NDB), the multilateral development bank established by Brazil, Russia, India, China & South Africa (BRICS) to finance infrastructure and sustainable development projects, hosted a very interesting side event at COP28 on Day 6.
© Norton Rose Fulbright LLP 2023