ESMA publishes first consultation on detailed MiCA rules for crypto markets 

Written By Anna Nicolis

Last week, the European Securities and Markets Authority (ESMA) has opened its first round of consultation on technical standards under the Markets in Crypto-Assets (MiCA) Regulation, seeking feedback from industry practitioners by September 20, 2023. In this initial consultation, ESMA requests input on proposed rules for Crypto-Asset Service Providers (CASPs) and sets out an initial package containing five draft Regulatory Technical Standards (RTS) and two Implementing Technical Standards (ITS). 

The consultation covers details on rules on a range of topics, notably:  

  1. notification of intent by financial entities to provide crypto-asset services;  

  2. the authorisation of crypto-asset service providers;  

  3. procedures for handling customer complaints;  

  4. identification and management of conflicts of interest; and  

  5. the proposed acquisition of significant holdings in a crypto-asset service provider. 

The technical standards established through this process are to be presented by ESMA to the European Commission by June 2024. 

Before delving into a summary of the proposed ESMA draft standards, let’s take a look at the key requirements under MiCA. 

 

What is in scope under MiCA? 

MiCA governs the issuance, offering, and trading of crypto-assets, as well as the provision of certain crypto-asset services within the EU. MiCA applies to all crypto-assets not already regulated under other financial services rules (e.g. MiFID for securities and UCITS for funds).  

Specifically, MiCA categorises crypto-assets into three types based on their value stabilisation strategy: 

  • E-money tokens: crypto-assets that aim to maintain their value by referencing a single official currency. They act as electronic alternatives for coins and banknotes, primarily used for payments. 

  • Asset-referenced tokens: these crypto-assets attempt to stabilise their value by referencing another value, right, or combination, including one or several official currencies. This category includes all crypto-assets, excluding e-money tokens, that back their value with assets.

  • Other tokens: the third category is a catch-all for all other types of crypto-assets, excluding asset-referenced tokens and e-money tokens. This encompasses a broad range of crypto-assets, including utility tokens.

Crypto-assets issuance 

MiCA establishes requirements for those offering and attempting to trade crypto-assets, as well as for issuers of asset-referenced tokens and e-money tokens. These requirements are modelled on the existing EU Prospectus rules, adapted for crypto-assets.

In instances where an offer to the public involves crypto-assets (excluding asset-referenced tokens or e-money tokens), or when an individual is attempting to gain trading access for such crypto-assets within the EU, the offerors or those seeking trading admission are required to compile, notify their competent authority, and publish a crypto-asset white paper. This document must contain essential disclosures which include a plan of business operations, risk and compliance arrangements, financial plans, among others.

Crypto-asset services 

MiCA enforces EU-level requirements for crypto-asset service providers (CASPs), extending beyond the offering and trading of crypto-assets. 

MiCA outlines a list of regulated activities pertaining to all crypto-assets, including: 

  • Custody and administration of crypto-assets for clients 

  • Operating a crypto-asset trading platform 

  • Exchanging crypto-assets for funds or other crypto-assets 

  • Executing crypto-asset orders for clients 

  • Offering advice on crypto-assets 

Entities must be authorised as a CASP before providing these services. This requires an application to the competent authority in the Member State where the entity is registered. Once authorisation is granted, the CASP will be able to take advantage of the passporting rules to offer services across the EU. 

Furthermore, MiCA mandates CASPs to meet certain prudential and organisational requirements. This includes having competent management, robust internal control mechanisms, and systems for maintaining information integrity and confidentiality. Additional requirements may apply based on the services provided and their associated risks. 

Regulated financial institutions offering crypto-asset services 

Financial institutions that are currently authorised under EU regulation (CRR for credit institutions or MIFIR/IFR for investment firms) will be permitted to offer crypto-asset services without requiring an additional CASP authorisation under MiCA; such firms must simply file a specific notification with their home supervisory authority. Banks (credit institutions) will have the liberty to offer all types of crypto-asset services; investment firms will only be allowed to offer those crypto-asset services that correspond to investment services and activities for which they are already authorised under MiFID II. 

ESMA consultation paper summary  

As stated above, the initial consultation phase focuses on five areas for which ESMA provides a set of proposed RTS and ITS standards to implement detailed rules for CASPs: 

  1. Provision of Crypto-Asset Services: the heart of the MiCA regulation is its focus on the authorisation and corresponding notification requirements for entities aiming to offer crypto-asset services. As specified in Article 60(7), entities intending to offer such services are expected to provide substantial detail on their organisation and governance arrangements, including: control mechanisms for anti-money laundering (AML) and counter-terrorist financing (CTF), measures for preventing market abuse and managing operational and security risks. 

  2. ESMA clarifies that entities already authorised by their home National Competent Authority (NCA) and that have already supplied much of this information are only required to go through a simplified procedure, providing only information not previously supplied. 

  3. Content of Templates for Authorisation: Article 62 of MiCA lays down the necessary steps for entities seeking authorisation as CASPs. Applicants are expected to submit a wide array of information, ranging from legal identity and head office location, to governance arrangements, along with proof of the good repute of the management body. The process also requires detailed business plans, structural organisation, and measures to safeguard client assets, among other things. 

  4. This rigorous process, akin to that which applies to TradFi investment firms under MiFIR, ensures that applicants have committed significant resources upfront to ensure full compliance with the new requirements, thus underlining ESMA's intention to create a robust and transparent regulatory environment for the provision of crypto-asset services. The Annex appended to the consultation provides an extensive level of detail for each of the information requirements. 

  5. Complaints-handling Procedures of Crypto-Asset Service Providers: Article 71 of MiCA mandates the establishment of effective and transparent complaints-handling procedures to meet the need for robust investor protection in the nascent crypto-asset market. Therefore, ESMA has proposed detailed requirements for CASPs, including the need for an independent complaints management function, proper record-keeping, and regular reporting to the management body.  

  6. Identification, Prevention, Management and Disclosure of Conflicts of Interest: Under Article 72 of MiCA, CASPs are expected to create and maintain robust policies and procedures to identify, prevent, manage, and disclose conflicts of interest. Providers must prominently display these disclosures to existing and potential clients on their websites, thereby ensuring that clients are aware of the nature and sources of conflicts of interest. 

    ESMA has proposed detailed rules on the content of these policies, which should encompass effective procedures to prevent or manage conflicts that may arise in the course of providing a crypto-asset service, including procedures to ensure the equitable treatment of all clients. 

  7. Assessment of Intended Acquisition of a Qualifying Holding in a CASP: under Article 83 of MiCA, any individual or business entity intending to acquire or increase a significant stake in a CASP is required to notify the NCA in writing. The NCA is expected to evaluate the suitability of the proposed acquirer, taking into account several criteria, including the reputation and experience of the acquirer, its financial soundness, and any increased risk of money laundering or terrorist financing associated with the acquisition. 

    This RTS aims to establish a harmonised and clear process for acquiring significant holdings in CASPs. The goal is to create a level playing field across the EU, ensuring legal clarity, maintaining consistency with existing EU financial legislation, and protecting the stability of the financial market. In practice, this is intended to end the market in off-the-shelf licences for sale, which in the past had allowed dubious entities to effectively bypass the regulatory authorisation process. 

 

In sum, as per Verena Ross (Chair of ESMA)’s statement: 

“This first consultation package is an important milestone for ESMA in the implementation of the MiCA framework. It translates our ambition to set high regulatory standards in the EU for crypto-asset related activities into concrete requirements. 

We are determined to ensure entities involved in crypto-asset related activities understand that the EU is not a place for forum-shopping.  We also want to remind consumers that, even with the implementation of MiCA, there will be no such thing as a safe crypto-asset.” 

 

In parallel to this first consultation, ESMA will be working on its remaining mandates aiming to publish a second consultation package in October 2023. More information regarding the ESMA approach to MiCA implementing measures can be found here

What does this mean for Crypto-Asset firms in the EU? 

With MiCA due to take effect in 2024 (30 June 2024 for stablecoins; 31 December 2024 for other CASPs), it’s important that crypto-asset firms who operate in the EU (or plan to do so) take steps to align their business model and governance with the MiCA rules. 

From our experience working with firms in the crypto-asset space, we expect to see focus on the following aspects:

  • Prepare for authorisation – review organisational and governance arrangements, fitness of senior management team; in some cases, it may be beneficial for firms to add senior advisors who have experience dealing with ESMA and EU member state regulatory authorities;

  • Strengthen systems and controls – especially around AML/CTF and market abuse monitoring; while the crypto space has made significant progress on this front, this is a high profile risk and we expect EU regulators to set a high bar for compliance;

  • Review / restructure products and services – to address conflicts of interest; this is often perceived by regulators as a key weakness in the crypto industry, giving rise to concerns about investor protection. It will be essential for firms to be able to explain how they have identified and removed or mitigated all conflicts of interest;

  • Enhance customer service functions – to reduce complaints and ensure those which are raised are handled effectively; again, demonstrating that investor protection, including fixing things when they go wrong, is front and centre of the firm’s approach will go a long way to assuaging regulators’ concerns.

 

Please contact us if you would like to discuss what MiCA means for your business and we will help you navigate the rapidly evolving regulatory requirements. 

Anna Nicolis
Previous

The FCA is set to introduce new Financial Promotions Rules for Cryptoassets
Next

FCA proposes stronger protections for borrowers in financial difficulty: consumer credit focus