Summary on proposed crypto regulation in the EU and the US

MiCA Markets in Crypto-Assets

Summary on proposed crypto regulation in the EU and the US

MiCA as part of the Digital Finance Package of the European Union

The European Parliament adopted the new Regulation (EU) 2023/1114 on markets in crypto-assets (MiCAR) in March 2023.

According to the announcement the main goals for MiCAR   are:

  • Protecting consumers
  • Creating regulatory harmonization, closing regulatory arbitrage loopholes and allowing companies to operate on an EU-wide basis.
  • Creating legal certainty for companies and institutions with a clear rulebook for different services (token issuance, exchange, custody etc.), enabling fair competition and innovation.

Crypto Services covered by MiCA!

MiCA covers basically

  • all forms of token offerings,
  • stablecoin issuance,
  • crypto asset services like exchange and custody,
  • plus new market abuse rules for the entire space.

Assets and Services MiCA does not cover!

  • detailed AML rules for crypto businesses
  • crypto-assets (or crypto-asset services) that are deemed to be securities in order to prevent a duplication of frameworks.
  • In recital 22 MiA clarifies that “where crypto-asset services (..) are provided in a fully decentralized manner without any intermediary, they should not fall within the scope of this Regulation”. 

Cryptoassets covered by MiCA!

  • A crypto-asset is a “digital representation of a value or a right, which may be transferred and stored electronically, using distributed ledger or similar technology”.
  • A utility token is a sub-type of crypto-assets “which is only intended to provide access to a good or a service supplied by its issuer”.
  • An asset-referenced token (ART) is a token that aims at stabilizing its value by referencing/pegging to a basket of currencies, commodities, crypto-assets or other single non-fiat currency assets.
  • An e-money token (EMT) references to the value of one single fiat currency, for example USDC, USDT, BUSD or EUROC.

For ARTs and EMTs, MiCA introduces the concept of “significance”. Significant ARTs & EMTs are tokens that reach certain adoption thresholds and have to meet higher prudential, governance, and liquidity requirements.

Requirements for issuers of crypto-assets

Issuers (“Offerors”) of crypto-assets (with exemptions for utility tokens and small-scale crypto-assets) have to draft a detailed white paper with all the relevant information about the project, the issuer, the risks involved, the technology used, the economic design of the token, and the environmental impact of the consensus mechanism of the token.

Crypto-asset issuers need to notify their respective national competent authority about their white paper, at least 20 days prior to its publication. The authority can prohibit the issuance of the crypto-asset.MiCA offers retail holders that participated in the token offering a right of withdrawal  within 14 calendar days.

Special rules are foreseen for “the issuance of significant ARTs and EMTs.

So only regulated e-money institutions (EMIs) or credit institutions are allowed to issue e-money tokens in the EU. Unlike ART issuers, the competent authority only needs to be notified about the EMT white paper. E-money tokens have strict redemption obligations (same for existing EMIs), and overall have similar “own fund” (2% of supply) and reserve management requirements (e.g. only investments into high-quality liquid assets are allowed).

Extensive rules for cryptoasset service providers, referred to as CASPs, are foreseen.

The different crypto-asset services and the corresponding requirements that MiCA establishes, are influenced by the EU MiFID (Markets in Financial Instruments Directive), As such, MiFID regulated firms that offer services (e.g. securities broker dealers) for traditional asset classes won’t need another MiCA license for similar crypto services (crypto brokerage). These firms will need to inform competent authorities and prove their technical capabilities.

Other companies that seek to offer one of the following crypto-asset services will need to get licensed as a CASP by one of the EU national competent authorities.

  • Custody and administration of crypto-assets
  • Operation of a crypto-assets trading platform
  • Exchange of crypto-assets against fiat or against other crypto-assets
  • Placement of crypto-assets
  • Execution of crypto-asset orders
  • Portfolio management of crypto-assets

All of these CASPs will need to comply with minimum requirements with respect to their governance, the safekeeping of the assets, complaint handlings, outsourcing, wind-down plans, information disclosure, and last but not least, prudential requirements.

Minimum Capital requirements for CASPs are as follows:

  • €150k for tradings platforms, 
  • €125k for custodians and exchanges (brokers), 
  • and €50k for all the others.

On top of that, each CASP function has some specific regulatory requirements to satisfy, for example: 

  • Custodians need to establish a custody policy, communicate clients’ positions regularly, or face liability for clients’ assets lost due to cyber-attacks or malfunctions.
  • Trading platforms need to implement market abuse detection and reporting systems or make public the current bid and ask prices and trading depth.
  • Exchanges and brokers need to have non-discriminatory policies and execute orders at the best possible result and at the price displayed.
  • Advisors and portfolio managers need to assess the suitability of crypto-asset investments for their clients based on risk tolerance and knowledge.

Nota bene: Crypto-assets with inherent anonymisation functions (“privacy coins” like Monero, Zcash etc.) can only be admitted to a trading platform if the token holders and their transaction history can be identified by the CASP or the relevant regulator. As this is de facto impossible to implement, I expect EU regulated crypto exchanges to delist privacy coins from their offering.

CASPs are normally supervised by the national financial supervisors of their home jurisdiction. For CASPs with over 15 million active users, the national supervisor will have to notify EU securities supervisor ESMA.

Market Abuse rules

MiCA also introduces rules against market manipulation and insider trading. Using insider information will be illegal, as will activities that give false or misleading signals to the supply of, demand for, or price of, a crypto-asset. 

Voicing an opinion about a crypto-asset in the media (social or otherwise), requires disclosing the owner’s position

EBA and ESMA: Crypto sheriffs

The European Securities and Markets Authority (ESMA) and the EBA will monitor crypto markets and have the power to intervene in certain situations.  ESMA will be given powers to ban or restrict the provision of crypto asset services by CASPs or the distribution or sale of cryptoassets in case of a threat to investor protection, market integrity, or financial stability.

ESMA will also establish a register of third-country CASPs that operate without authorization.  The competent national authorities will have far-reaching powers for listed entities, including possibly shutting down their websites.

Reverse solicitation

Right now ESMA (EU supervisor) encourages both CASPs (crypto-asset service providers) and NCAs (national supervisors) to prepare for MiCA entering into application and the MiCA transition phase.

While EU citizens will still be able to use unregulated, third-country services on their “own exclusive initiative” (reverse solicitation), the scope of this exemption will be extremely narrow. Third-country, unregulated firms will not be able to market their services in the EU at all, or target EU consumers in any way. Details of this “reverse solicitation exemption” will be published by ESMA in Q1 2024 as part of the numerous technical MiCA standards that still have to be drafted and adopted.

The EU Transfer of Funds Regulation (TFR)

The TFR regulates the EU’s ‘Travel Rule’. It aims to harmonize the rules for crypto-assets and their service providers across the EU. Amongst others, Crypto Asset Service Providers (CASPs) transacting crypto-assets on behalf of their clients are required to accompany transfers of crypto-assets with information on their originator and beneficiary. The TFR stipulates that the CASP of the originator must submit and verify a range of information of the originator and the beneficiary to the CASP of the beneficiary, which needs to monitor and detect any missing or incomplete information.

. Every CASP is required to collect and transmit information on originators and beneficiaries (including intermediaries).

A necessary requirement for the information-sharing duties and other stipulated obligations to apply is that at least one of the CASPs involved is established in the EU and that the transfer of crypto-assets is being sent or received by a provider (and that no exception is applicable). With regards to the crypto-assets and crypto-asset service providers, the proposal references the coming Markets in Crypto-Assets regulation (“MiCAR“), which corresponds to the definitions used by the FATF. A transfer of crypto-assets is defined as any transaction at least partially carried out by electronic means on behalf of an originator through a CASP, with a view to making crypto-assets available to a beneficiary through a CASP. The regulation, however, exempts certain transfers of crypto-assets, such as person-to-person transfers (P2P transfers) or transfers by the CASP acting on its own behalf. Under certain conditions, a Member State may exempt transfers of crypto-assets within its territory if the amount of the transfer does not exceed EUR 1,000.

If the regulation applies, it stipulates different obligations depending on whether the crypto-asset service provider acts on behalf of the originator, who is the sender, or the beneficiary, who is the recipient of the crypto transfer. When a transfer is being processed, then the CASP of the originator must ensure that it is accompanied by the name, account number (if an account is being used to process the transaction) and address, official personal document number, customer identification number or the date and place of birth of the originator as well as the name and account number (if such an account exists and is being used for the transaction) of the beneficiary. If the transfer or the batch of transfers does not exceed EUR 1,000 in total, it is sufficient to include the names of the originator and the beneficiary and the account number. If no account is being used, the CASP of the originator needs to ensure that the transfer can be individually identified and the record originator and beneficiary address identifiers on the distributed ledger. Before the transfer is processed, the service provider of the originator must verify the information sent on the basis of documents, data and information obtained from a reliable and independent source (which is assumed if the originator was verified in accordance with the proposed Anti-Money Laundering Regulation). Without the CASP being in full compliance, the transfer shall not be executed.

The CASP of the beneficiary has to detect whether the necessary information for the transfer is missing or incomplete. To achieve this, the service provider must implement effective procedures and monitoring after or during transfers where appropriate. The degree of verification that the beneficiary’s CASP must take depends on the amount transferred. If the transfer exceeds EUR 1,000, then the beneficiary’s service provider must verify the information on the basis of documents, data or information obtained from a reliable and independent source. If the transfer does not exceed EUR 1,000, the accuracy of the information shall only be verified if the beneficiary effects a pay-out in cash or anonymous electronic money or where reasonable grounds for money laundering exist. The verification process in all instances is nevertheless assumed to have taken place when the identity of the beneficiary has been verified in accordance with the proposed Anti-Money Laundering Regulation.

 

 Under the TFR, CASPs will be required to apply enhanced monitoring to transactions with unhosted wallets, and must verify the identity of the originators or beneficiaries behind unhosted wallets for transfers of more than 1,000 euros ($1,000). This requirement exceeds the FATF standards, which only require the collection — but not verification — of data on unhosted wallets.

CASPs must provide information on the source and beneficiary of any transaction if required by an investigating authority, with no minimum transaction threshold. Current FATF standards only apply for transactions 

European Council agreed to form an Anti-Money Laundering (AML) body (expected in 2024) with the authority to also supervise certain high-risk CASPs.

BiPartisan crypto bill proposals in the United States

The US appears to be far, far clear on legislation on digital assets.  Only submissions on how they might get there and which entity would be responsible for regulating these markets have been published so far.

On 7th June 2022, Senators Cynthia Lummis (R-WY) and Kirsten Gillibrand (D-NY) introduced the Responsible Financial Innovation Act (the bill), which sets out to create the first complete regulatory and bipartisan framework for digital assets. The account is – like MiCA  – also intended to establish legal clarity for regulators and the industry and protect consumers by providing a range of disclosures and clarifying settlement conditions and rights over digital ownership.

 

The Responsible Financial Innovation Act

 

The main proposals of the Act include:

  •  A standard to determine which digital assets are commodities and securities, including formal definitions for digital assets, smart contracts, and digital asset intermediaries.
  •  Authorisation rules to various crypto industry participants, inc. crypto exchanges.
  • Defi protocols are not explicitly covered.
  •  CFTC is set as a watchdog for crypto exchanges.
  • Safeguarding customer assets and preventing commingling of the customer and corporate funds.
  • Consumer protections for stablecoin issuers, requiring entire reserve (1:1 ratio) and detailed disclosure of how the stablecoin is backed. Redemption must be possible at the investor’s request with recognized legal tender.
  • Specific disclosure requirements for digital asset service providers.
  • Act directs the Federal Energy Regulatory Commission to analyze and report on energy consumption in the digital asset space.

 

Digital Commodity Exchange Act (DCEA)

The second bipartisan bill, the Digital Commodity Exchange Act of 2022 (DCEA), was shared in April 2022. The DCEA also assigned regulatory authority over digital asset spot markets to the CFTC. The CFTC would be authorised to register and regulate trading venues (i.e., exchanges) offering spot or cash digital commodities, which would have to abide by specific requirements for safeguarding customer assets consistent with those currently applicable to futures.

 

FinCEN has proposed a new cryptocurrency regulation to impose data collection requirements on cryptocurrency exchanges and wallets, which may extend to unhosted wallets.