Countdown to MiCA: The EU’s cryptoassets regulation
On 30 June 2022, the European Council (Council) and the European Parliament (Parliament), announced that they had reached a provisional agreement on the proposal for regulation on markets in cryptoassets (MiCA), which covers issuers of unbacked cryptoassets and fiat-backed or fiat-referencing stablecoins, as well as the trading venues and the wallets where cryptoassets are held. Although the Council and Parliament have confirmed reaching provisional political agreement, at the time of writing, a revised text of the legislative proposal has not yet been published. The next step is for the Council and the Parliament to each approve the political agreement before formally adopting MiCA.
In this OnPoint, we look at what MiCA aims to achieve and its impact on stakeholders. We will also briefly compare MiCA to other legislative measures that would create a framework for the regulation of cryptoassets in the EU, and assess how MiCA may interact with Prospectus Regulation,1 MiFID,2 AIFMD3 and UCITS Directive.4 Finally, we will compare the recent EU developments to those in the UK.
Background to MiCA
In September 2020, as part of its Digital Finance Strategy, the European Commission (Commission) adopted a package of proposed legislative measures that would create a framework for the regulation of cryptoassets in the EU. This included a proposal for a regulation on markets in cryptoassets (MiCA), a proposal for a regulation on digital operational resilience (DORA), a proposal for a regulation on a pilot regime for market infrastructures based on distributed ledger technology (DLT) and a complementing proposal for a Directive amending several directives. The text of the MiCA proposal, adopted in September 2020, together with its associated annexes is available here.
MiCA’s purpose is, in the words of the Council, “to protect investors and preserve financial stability by creating a regulatory framework for the cryptoassets market that allows for continued innovation and maintains the attractiveness of the crypto currencies sector which is evolving quickly”. The Council goes on to say “MiCA will protect consumers against some of the dangers of investing in cryptoassets and help them avoid fraudulent schemes. Cryptoasset service providers will now become liable in case they lose investors’ cryptoassets”.5
Following the publication of the MiCA proposal, the Council adopted its negotiating mandate on 19 November 2021.6 In March 2022, the Economic and Monetary Affairs Committee of the Parliament (ECON) adopted its negotiating position on MiCA, set out in a report7 that formed the basis of interinstitutional negotiation. Trilogues between the co-legislators started on 31 March 2022 and ended in the provisional agreement reached on 30 June 2022.
According to the Parliament’s press release, the key provisions agreed by negotiators for those issuing and trading cryptoassets (the definition of which is covered below) cover transparency, disclosure, authorisation and supervision of transactions. The new legal framework will “support market integrity and financial stability by regulating public offers of cryptoassets”. Finally, the agreed text includes measures against market manipulation and preventing money laundering, terrorist financing and other criminal activities.
What is MiCA aiming to regulate?
Cryptoassets – which take many forms and are continuing to evolve rapidly – are largely unregulated under existing EU legislation, meaning that consumers do not benefit from the guarantees and safeguards associated with regulated financial services. The European Supervisory Authorities8 (together the ESAs) have been active in alerting consumers to these risks.9
Some EU Member States have already developed, or are contemplating developing, their own national cryptoasset frameworks, which could result in multiple similar but divergent regulatory and supervisory regimes across the EU. Similarly, a few Member States have already implemented a bespoke regime to cover some cryptoasset service providers or parts of their activity, but in most Member States they operate outside any regulatory regime. In 2019, France adopted the PACTE Law10 enacting a framework for public offerings of tokens and the activities of digital asset service providers. In parallel, Germany created a regime with a specific focus on cryptoasset custody services11 and introduced digital securities through the Act on Electronic Securities (eWPG),12 which from a regulatory perspective qualify as securities. Luxembourg requires virtual asset service providers (VASPs) to register with the CSSF.13
As the Council noted in its November 2021 negotiating mandate,14 “the lack of a single EU-wide framework for cryptoassets can lead to a lack of users’ confidence in those assets, which could significantly hinder the development of a market in those assets and can lead to missed opportunities in terms of innovative digital services, alternative payment instruments or new funding sources for Union companies. In addition, companies using cryptoassets would have no legal certainty on how their cryptoassets would be treated in the different Member States, which would undermine their efforts to use cryptoassets for digital innovation”.
With the introduction of a common EU framework, uniform conditions of operation for firms within the EU can overcome the differences in national frameworks, which is leading to market fragmentation, and can reduce the complexity and costs for firms operating in this space. At the same time, it will offer firms full access to the internal market and provide the legal certainty necessary to promote innovation within the cryptoasset market.
Per the Council’s July 2022 press release announcing the agreement on MiCA, MiCA is a regulatory framework that “will protect investors and preserve financial stability, while allowing innovation and fostering the attractiveness of the cryptoasset sector. This will bring more clarity in the European Union, as some member states already have national legislation for cryptoassets, but so far there had been no specific regulatory framework at EU level”.15
It remains to be seen how the final MiCA Regulation will interact with the existing national regimes and other EU legislation.
It is important to note that the UK has not followed the EU’s path with regards to development of a UK MiCA Regulation. This means that going forward there is likely to be a divergent approach between the EU and UK.
What and who is in scope?
The intention is that MiCA will bring certain types of cryptoassets within the regulatory and legal perimeter, but importantly it will not attempt to regulate every form of cryptoasset.
The proposal is that MiCA is limited to cryptoassets that do not qualify as MiFID financial instruments, deposits or structured deposits or traditional e-money under existing EU financial services legislation. Per the definition in MiCA, cryptoasset means a digital representation of value or rights that may be transferred and stored electronically, using DLT or similar technology. MiCA makes a distinction between three subcategories of cryptoasset, each of which would be subject to more specific requirements. The three categories are:
- utility tokens – which are a type of cryptoasset that is intended to provide digital access to a good or service, available on DLT, and that is only accepted by the issuer of that token;
- asset-referenced tokens – aimed at maintaining a stable value by referencing several currencies that are legal tender, one or several commodities, one or several cryptoassets, or a basket of such assets; and
- e-money tokens or electronic money tokens – which are cryptoassets that are intended primarily as a means of payment aimed at stabilising their value by referencing only one fiat currency, and have a function that is very similar to the function of electronic money.
Non-Fungible Tokens (NFT), which commonly refers to digital assets representing unique real-world or online objects like art, music, cinema tickets, digital collectibles from clothing brands or in-game items in computer games, will be outside the scope of MiCA if they fall under existing cryptoasset categories. Within 18 months, the Commission will however be tasked to prepare a comprehensive assessment and, if deemed necessary, a specific, proportionate and horizontal legislative proposal to create a regime for NFTs and address the emerging risks of such new market.16
The MiCA proposals would apply to issuers of the type of cryptoassets that are in scope of MiCA and firms whose business it is to provide services related to the cryptoassets that are in scope of MiCA – referred to as cryptoasset service providers (CASPs).
Requirements for issuers of cryptoassets
Inspired by Prospectus Regulation, the public offer of cryptoassets will be subject to a white paper.17
For issuers of cryptoassets other than asset-referenced tokens and e-money tokens, the white paper will have to be notified to the competent supervisory authority, but will not be subject to its authorisation. Requirements for issuers of asset-referenced tokens and e-money tokens go further – no offer to the public in the EU or admission to trading on a trading platform for cryptoassets will be permitted if the issuer is not authorised in the EU, and if the white paper has not been approved by its competent authority.
Furthermore, issuers will be subject to ongoing information obligations. They will be required to establish a complaint-handling procedure as well as other requirements, such as rules on conflicts of interest, notification on changes to their management body to its competent authority, governance arrangements, own funds, rules on the reserve of assets backing the asset-referenced tokens and requirements for the custody of the reserve assets.
In return for complying with MiCA, issuers will benefit from a European passport providing the access to a Single European Market for the issuance of cryptoassets.
Requirements for CASPs
The cryptoasset services are defined in MiCA to include:
a) the custody and administration of cryptoassets on behalf of third parties;
b) the operation of a trading platform for cryptoassets;
c) the exchange of cryptoassets for fiat currency that is legal tender;
d) the exchange of cryptoassets for other cryptoassets;
e) the execution of orders for cryptoassets on behalf of third parties;
f) placing of cryptoassets;
g) the reception and transmission of orders for cryptoassets on behalf of third parties providing advice on cryptoassets; and
h) providing advice on cryptoassets.
Whilst the Commission’s original September 2020 proposal for MiCA did not include ‘providing portfolio management on cryptoassets’ in the list of ‘cryptoasset services’, both the Council and ECON’s proposals did include portfolio management as a cryptoasset service. Although it is not confirmed, it is likely that the final MiCA Regulation will include ‘providing portfolio management on cryptoassets’ as a cryptoasset service, meaning the activity will be in scope of the MiCA regulation and that legal persons wishing to provide such services will need to be authorised by the relevant national competent authority.
MiCA sets the provisions on authorisation and operating conditions of CASPs, defining the provisions on authorisation, detailing the content of such an application, the assessment of the application and the rights granted to competent authorities to withdraw an authorisation. There are also provisions setting out a mandate for the European Securities and Markets Authority (ESMA) to establish a register of all CASPs, which will also include information on the cryptoasset white papers notified by competent authorities. For the cross-border provision of cryptoasset services, MiCA sets out the details and the way information about cross-border activities of cryptoassets should be communicated from the competent authority of the home Member State to that of the host Member State.
In addition, MiCA:
- sets out requirements and obligations for CASPs, such as the obligation to act honestly, fairly and professionally, organisational requirements, rules on the safekeeping of clients’ cryptoassets and funds, the obligation to establish a complaint-handling procedure, rules on conflict of interests and rules on outsourcing. MiCA also requires that national authorities issue authorisation within a timeframe of three months. Regarding the largest CASPs, national authorities will be required to transmit relevant information regularly to ESMA; and
- provides for the development of delegated legislation specifying certain details, requirements and arrangements as set out in the MiCA as well as grandfathering provisions.
The above reflects what was set out in the Commission’s September 2020 proposal. The Council and Parliament have proposed other provisions/amendments. One of the most significant is the inclusion of certain environmental safeguards within the final MiCA regulation. Concerns have been raised that the current proof-of-work consensus mechanism used to validate many cryptoasset transactions results in a significant, high-carbon footprint, and this has led to a proposal that will require significant CASPs to disclose their energy consumption. ESMA would be mandated to prepare regulatory technical standards on these obligations, providing the market with clear guidance on how such disclosures should be carried out. The proposal is that CASPs should make publicly available, in a prominent place on their website, information on their environmental and climate impact, and forward this information to their national competent authority, which will inform ESMA. The press release announcing the agreement between the Parliament and Council also states that the agreed text includes measures against market manipulation and preventing money laundering, terrorist financing and other criminal activities, but there are no further details at this stage as to the detail of these measures.
The provisional political agreement reached by the Parliament’s negotiating team will now have to be approved first by the ECON, followed by a plenary vote. The Council also must approve the deal before it can come into force.
It is proposed that, once adopted, MiCA will apply in EU Member States 18 months after it has entered into force, except for certain provisions related to asset-referenced tokens and e-money tokens that will apply from the date the MiCA Regulation enters into force.
Other EU Developments
EU Digital Operational Resilience for the financial sector (DORA)
DORA was one of the other four legislative measures announced in September 2020. The aim is for participants in the EU financial sector to be subject to a common set of rules to mitigate information communication technology (ICT) risks. DORA aims to establish a comprehensive digital operational resilience framework across the European banking, markets infrastructure, insurance and investment sectors, requiring financial entities to manage their ICT risks in a robust and effective way. It will also harmonise the current provisions in EU financial services legislation into one EU-level regulation, instead of the current range of different and inconsistent rules in different sectors and across Member States.
On 11 May 2022,18 Council and Parliament announced that they had reached provisional political agreement on the proposed DORA. The provisional agreement is subject to approval by Council and Parliament before going through the formal adoption procedure, but both are expected to adopt the regulation. On 28 June 2022, the Parliament updated its procedure file to indicate that the Parliament will consider the proposed DORA during its plenary session to be held from 17 to 20 October 2022. The new rules will apply 24 months after they enter into force.
In addition, a Joint Committee of the ESAs’ Sub-Committee on Digital Operational Resilience has been established to assist the ESAs in fulfilling their policy mandates under DORA and related tasks.19
The Commission has also published a draft directive to align certain existing EU financial services legislation with DORA, which proposes amendments to operational risk or risk management propositions in AIFMD, UCITS Directive and MiFID.
DLT Pilot Regime Regulation
A regulation on a pilot regime for market infrastructures based on DLT (DLT Pilot Regime Regulation) was published in the Official Journal of the EU on 2 June 2022.20 The majority of the provisions will apply from 23 March 2023, except for certain articles that apply from 22 June 2022 and article 16 (which amends MiFIR),21 and which has applied from 4 July 2021.
As was the case with MiCA, the DLT Pilot Regulation recognises that EU financial services legislation was not designed with DLT and cryptoassets in mind, and the existing regulation actually contains provisions that potentially preclude or limit the use of DLT in the issuance, trading and settlement of cryptoassets that qualify as financial instruments. There is also a lack of authorised financial market infrastructures that use DLT to provide trading or settlement services, or a combination of such services, for cryptoassets that qualify as financial instruments. Furthermore, regulatory gaps exist due to legal, technological and operational specificities related to the use of DLT and to cryptoassets that qualify as financial instruments.
The DLT Pilot Regulation provides a legal framework for the trade and settlement of transactions in cryptoassets that qualify as financial instruments within the meaning of the MiFID – with those cryptoassets that are not MiFID financial instruments being caught by MiCA. The DLT Pilot Regulation will create a pilot regime for market infrastructures based on DLT to test such DLT market infrastructures, enabling regulated entities to operate DLT market infrastructures comprising DLT multilateral trading facilities, DLT settlement systems and DLT trading and settlement systems. The DLT Pilot Regulation provides competent authorities to grant permission to operators of DLT market infrastructures and temporarily exempt them from the existing financial regulatory and operational regime, subject to certain conditions and the compliance with minimum organisational requirements.22
Trying to find a compromise between protecting financial markets and stimulating innovation, the DLT Pilot Regime Regulation includes certain limitations in term of size for being admitted on or settled by DLT market infrastructure. At the moment of admission to trading or recording on a distributed ledger, the DLT financial instruments that are shares, the issuer of which shall not have a market capitalization of more than EUR 500 million and DLT financial instruments that are bonds, other forms of securitized debt or money market instruments shall not have an issue size in excess of EUR 1 billion. In case of undertakings for collective investment, the threshold is set at EUR 500 million assets under management.23
Importantly, the specific permissions and exemptions should be granted for a period of up to six years from the date of granting the permission, and are only valid for the duration of the pilot regime. However, this leaves open the question of how to organize an exit the regime once the six-year period has elapsed.
Transparency of cryptoasset transfers
In terms of other developments in the EU, on 29 June 2022, the Council issued a press release24 announcing that negotiators from the Council and the Parliament had reached a provisional agreement on the proposal updating the rules on information accompanying the transfers of funds by extending the scope of those rules to transfers of cryptoassets. The introduction of this ’travel rule’ will “ensure financial transparency on exchanges in cryptoassets and will provide the EU with a solid and proportional framework that complies with the most demanding international standards on the exchange of cryptoassets”, with the Council making specific reference to recommendations 15 and 1625 of the Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog.
How will MiCA interact with Prospectus Regulation and MiFID?
MiCA took inspiration from Prospectus Regulation when setting the framework for issuers of cryptoassets and from MiFID when regulating CASPs.
The scope of MiCA aims to start where the scope of Prospectus Regulation and MiFID ends because the relevant cryptoasset does not qualify as a financial instrument. The starting point to determine the applicable regulation will be the test of whether the cryptoasset qualifies as a financial instrument or not. The negative delineation between MiCA and the Prospectus Regulation on the one hand, and MiFID on the other, may turn out to be challenging when the qualification of a cryptoasset is not straightforward. It must also be noted that the interpretation whether a relevant asset qualifies as a financial instrument is not always consistent across the EU member states.
In practice, CASPs may likely service cryptoassets qualifying as financial instruments and regulated under MiFID as well as cryptoassets not qualifying as financial instruments and regulated under MiCA. Consequently, CASPs may end up being subject to both MiFID and MiCA.
What would be the impact for AIFs and UCITS?
The regulation on issuance of cryptoassets and servicing cryptoassets introduced by MiCA, including the liability sets on custodian wallet providers, may provide more comfort to depositaries of alternative investment funds (AIFs) when contemplating to hold asset-referenced tokens in their portfolios. Under AIFMD, cryptoassets do not in principle qualify as "financial instruments that can be held in custody" (even though they may be qualified as financial instruments under MiFID). The result is that cryptoassets should be considered as "other assets" for the purpose of determining the safe-keeping obligations of the depositary and the applicable liability regime. Notwithstanding this, one major obstacle for AIFs investing in cryptoassets is the reluctancy for depositaries to assume the safe-keeping functions for these AIFs.
MiCA does not have an impact for UCITS, as UCITS are generally restricted from investing in assets that do not qualify as financial instruments. It will have to be seen whether the DLT Pilot Regime Regulation will make it easier for UCITS to invest in cryptoassets qualifying as an eligible financial instrument under the UCITS Directive and becoming investable for a UCITS because they are traded and settled in accordance with the DLT Pilot Regime Regulation. Furthermore, the DLT Pilot Regime Regulation may eventually create a path for UCITS and AIFs to create and issue blockchain based versions of their units that would be able to trade similarly to non-financial cryptoassets.
The UK position
The UK regulatory and legislative framework was also not developed with an intention to regulate cryptoassets. The UK regulatory authorities – namely the Financial Conduct Authority (FCA) and Prudential Regulatory Authority (PRA) – have applied the existing legislation to cryptoassets in the same way they would to other financial products and services. Looking to the future, the UK government and regulatory authorities are consulting on various legislative proposals to bring regulation of cryptoassets within the UK regulatory perimeter.
The UK has not stated an intention to follow the path taken by the EU with regards to MiCA. However, the UK is taking steps to develop regulation in this area. In terms of most recent developments, the UK government has consulted on plans to extend the scope of the existing UK financial promotions regime to include cryptoassets. The FCA has also consulted on changes to financial promotion rules for high-risk investment, including cryptoassets (CP22/2).26 A policy statement and final handbook rules responding to the FCA’s CP22/2 are expected later in 2022.
On 4 April 2022, following an earlier consultation paper on the UK regulatory approach to cryptoassets and stablecoins and a call for evidence on DLT in financial markets, HM Treasury published its response27 that confirms HM Treasury's intention to take the necessary legislative steps to bring activities that issue or facilitate the use of stablecoins used as a means of payment into the UK regulatory perimeter.
This was followed by the Queen’s Speech28 delivered in May 2022 – which sets out the government’s legislative priorities for the next parliamentary sessions – where the UK government indicated that it will bring forward legislation in the form of a Financial Services and Markets Bill that aims, amongst other things, at “harnessing the opportunities of innovative technologies in financial services, including supporting the safe adoption of cryptocurrencies and resilient outsourcing to technology provide”. There is a clear cross over with DORA, as resilient outsourcing to technology is what DORA aims to cover.
Different regimes developing in different jurisdictions may result in a proliferation of regulation in the same area, but may also result in different opportunities for market participants.
The final form of MiCA is not yet confirmed, but whatever form it takes, it marks the start of regulation of cryptoassets on an EU-wide basis, as opposed to the discrete national legislation that has existed to date. The exact impact that MiCA will have on the EU financial services industry in practice is not yet clear, but it is likely to be notable.
1) Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market, and repealing Directive 2003/71/EC.
2) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU Text with EEA relevance.
3) Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010.
4) Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS).
7) The Report is available.
8) The European Supervisory Authorities being the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA).
9) See here for March 2021 warning from the ESAs on the risk cryptoassets pose to consumers.
10) Loi du 22 mai 2019 relative à la croissance et la transformation des entreprises (PACTE).
11) Section 1 para. 1a sentence 2 no. 6 KWG.
12) Law on Electronic Securities (eWpG), promulgated as Art. 1 G of 3.6.2021 (Federal Law Gazette I p. 1423); Entry into force in accordance with Article 12 of this G on 10.6.2021.
13) The Luxembourg law of 25 March 2020 amended the law of 12 November 2004 on the fight against money laundering and terrorist financing (AML/CFT Law) by submitting VASPs within the scope of the AML/CFT Law and imposing their registration with the Commission de Surveillance du Secteur Financier, the supervisory authority for the financial services in Luxembourg.
14) Ibid 6.
15) The Press Release is available.
16) Ibid 15.
17) Article 5 of MiCA.
18) Parliament’s press release is available.
19) The JC CS DOR’s mandate is available.
20) The DLT Pilot Regulation (Regulation (EU) 2022/858) is available.
21) Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012.
22) The recitals state “[T]he pilot regime should allow for certain DLT market infrastructures to be temporarily exempted from some of the specific requirements of Union financial services legislation that could otherwise prevent operators from developing solutions for the trading and settlement of transactions in cryptoassets that qualify as financial instruments, without weakening any existing requirements or safeguards applied to traditional market infrastructures. DLT market infrastructures and their operators should have in place adequate safeguards related to the use of distributed ledger technology to ensure the effective protection of investors, including clearly defined chains of liability to clients for any losses due to operational failures”.
23) Article 3.1 of DLT Pilot Regime Regulation.
24) The Council press release is available.
25) Recommendation 15 sets the global AML/CFT Standards for virtual assets (VA) and virtual assets service providers (VASPs), and Recommendation 16 requires VASPs to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting VA transfers.
26) CP 22/2 is available.
27) HM Treasury’s response is available.
28) The transcript of the Queen’s Speech is available.