The Markets in Crypto-Assets Regulation (MiCAR) is a landmark legislation that aims to create a harmonised and comprehensive framework for the regulation of crypto-assets and related services in the European Union (EU). MiCAR was adopted by the European Parliament and the Council of the EU in June 2023 and entered into force on 29 June 2023. It will apply from 30 December 2024, except for some provisions that will apply from 30 June 2024.
MiCAR is anticipated to bring about a substantial influence on the crypto-asset market, introducing legal certainty, consumer protection, market integrity, and financial stability. Moreover, it is poised to encourage innovation and competition by facilitating cross-border activities and providing passporting rights for crypto-asset service providers (CASPs) operating within the EU. Nevertheless, MiCAR presents certain challenges and responsibilities for crypto-asset issuers and CASPs, along with additional obligations for other financial institutions and investors engaged in transactions involving crypto-assets. In this article, I will provide a technical breakdown of the main aspects of MiCAR.
The definition and classification of crypto-assets under MiCAR
MiCAR characterizes crypto-assets as “a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology.” This definition is expansive and impartial to specific technologies, encompassing various crypto-assets like cryptocurrencies, tokens, stablecoins, and non-fungible tokens (NFTs).
However, it’s essential to note that it excludes crypto-assets qualifying as financial instruments, deposits, structured deposits, electronic money, securitisation positions, insurance products, or pension products under existing EU financial services legislation. These excluded crypto-assets remain subject to the pertinent sectoral rules and regulations.
MiCAR distinguishes between three main categories of crypto-assets that fall within its scope:
- E-money tokens (EMTs): These are crypto-assets that purport to maintain a stable value by referencing the value of one official currency that is legal tender. EMTs are similar to electronic money under the Electronic Money Directive 2009/110/EC (EMD2), but they use distributed ledger technology or similar technology to issue, store and transfer value. Examples of EMTs are Tether (USDT) and USD Coin (USDC), which are pegged to the US dollar.
- Asset-referenced tokens (ARTs): These are crypto-assets that are not EMTs and that purport to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies, commodities, crypto-assets or a basket of such assets. ARTs are a type of stablecoins that are backed by a pool of assets, such as fiat currencies, gold or other crypto-assets.
- Other tokens: These are crypto-assets that are neither EMTs nor ARTs and that have various purposes and characteristics. This category includes utility tokens, which provide access to a good or a service supplied by the issuer, such as decentralized applications (DApps) or platforms. It also includes payment tokens, which are used as a means of exchange, such as Bitcoin or Ether. Furthermore, it includes hybrid tokens, which combine features of different types of tokens, such as governance tokens, which grant voting rights or other benefits to the holders.
They bring forth the concept of significant tokens for EMTs (Electronic Money Tokens) and ARTs (Asset-Reference Tokens). These tokens are subjected to additional requirements owing to their potential impact on financial stability or monetary policy. The task of identifying and monitoring significant tokens falls under the purview of the European Banking Authority (EBA). The EBA employs criteria such as the number of users, transaction values, interconnectedness with the financial system, substitutability with existing payment instruments, and the innovation or complexity of the token to determine significance. The EBA will publish and update a list of significant tokens on its website.
The authorisation and supervision requirements for crypto-asset issuers and CASPs
MiCAR also imposes different authorisation and supervision requirements for crypto-asset issuers and CASPs, depending on the type and significance of the crypto-asset involved.
Crypto-asset issuers
Crypto-asset issuers are natural or legal persons who offer crypto-assets to the public or seek the admission of crypto-assets to trading on a trading platform for crypto-assets. MiCAR requires crypto-asset issuers to comply with the following obligations:
- White paper: Crypto-asset issuers must prepare and publish a white paper that discloses essential information about the crypto-asset project, such as the features, rights and obligations of the crypto-asset, the project’s objectives and intended use of funds, the risks and costs involved, the governance and technical arrangements, and the identity and contact details of the issuer. The white paper must be notified to the competent authority of the issuer’s home member state at least 20 working days before its publication and must be made available on the issuer’s website and the website of any CASP involved in the offer or admission to trading of the crypto-asset. The white paper must also be updated whenever there is a material change that affects the information disclosed.
- Authorisation: Crypto-asset issuers of EMTs and ARTs must obtain an authorisation from the competent authority of their home member state before offering such tokens to the public or seeking their admission to trading on a trading platform for crypto-assets. The authorisation process involves submitting an application that includes information such as the identity and contact details of the issuer, the white paper, the governance and technical arrangements, the risk management and internal control mechanisms, the complaints handling procedures, and the arrangements for the protection of the reserve assets backing the EMTs or ARTs. The competent authority must assess the application and grant or refuse the authorisation within three months of receiving a complete application. The authorisation is valid in all member states and allows the issuer to passport its activities across the EU. Crypto-asset issuers of other tokens do not need an authorisation, but they must comply with the white paper requirement and other general obligations under MiCAR.
- Supervision: Crypto-asset issuers of EMTs and ARTs are subject to ongoing supervision by the competent authority of their home member state, which may impose administrative sanctions or remedial measures in case of non-compliance with MiCAR. The competent authority may also withdraw the authorisation of the issuer if certain conditions are met, such as the issuer no longer meets the authorisation requirements, the issuer has obtained the authorisation by false statements or any other irregular means, the issuer has not made use of the authorisation within 12 months of its granting, or the issuer has ceased to offer or admit to trading the EMTs or ARTs for more than six months. Crypto-asset issuers of other tokens are not subject to ongoing supervision, but they must cooperate with the competent authorities and provide any information requested by them.
Crypto-asset service providers
Crypto-asset service providers are natural or legal persons who provide or perform one or more of the following services or activities on a professional basis:
- Custody and administration of crypto-assets on behalf of clients
- Operation of a trading platform for crypto-assets
- Exchange of crypto-assets for fiat currency or other crypto-assets
- Execution of orders for crypto-assets on behalf of clients
- Placing of crypto-assets
- Reception and transmission of orders for crypto-assets on behalf of clients
- Providing advice on crypto-assets
- Providing portfolio management on crypto-assets
- Providing transfer services for crypto-assets on behalf of clients
MiCAR requires CASPs to comply with the following obligations:
- Authorisation: CASPs must obtain an authorisation from the competent authority of their home member state before providing any of the above services or activities. The authorisation process involves submitting an application that includes information such as the identity and contact details of the CASP, the programme of operations, the governance and technical arrangements, the risk management and internal control mechanisms, the complaints handling procedures, the arrangements for the safeguarding of clients’ funds and crypto-assets, and the policies and procedures for the prevention of money laundering and terrorist financing. The competent authority must assess the application and grant or refuse the authorisation within three months of receiving a complete application. The authorisation is valid in all member states and allows the CASP to passport its activities across the EU.
- Supervision: CASPs are subject to ongoing supervision by the competent authority of their home member state, which may impose administrative sanctions or remedial measures in case of non-compliance with MiCAR. The competent authority may also withdraw the authorisation of the CASP if certain conditions are met, such as the CASP no longer meets the authorisation requirements, the CASP has obtained the authorisation by false statements or any other irregular means, the CASP has not made use of the authorisation within 12 months of its granting, or the CASP has ceased to provide or perform the crypto-asset services or activities for more than six months.
- Prudential requirements: CASPs must comply with prudential requirements, such as holding a minimum amount of own funds, maintaining adequate capital adequacy ratios, applying sound accounting and auditing standards, and ensuring the continuity and regularity of their operations. The prudential requirements vary depending on the class of the CASP, which is determined by the type and scope of the crypto-asset services or activities provided
- Conduct of business rules: CASPs must comply with conduct of business rules, such as providing clear and accurate information to clients, acting honestly and fairly, avoiding conflicts of interest, ensuring the suitability and appropriateness of their services or activities, executing orders promptly and efficiently, and disclosing any fees or charges. The conduct of business rules vary depending on the type of client, which may be retail, professional or eligible counterparty.
- Safeguarding requirements: CASPs must comply with safeguarding requirements, such as segregating clients’ funds and crypto-assets from their own assets, keeping accurate records and accounts, ensuring the availability and accessibility of clients’ funds and crypto-assets, and protecting clients’ funds and crypto-assets from insolvency, fraud, theft or cyberattacks. The safeguarding requirements vary depending on the type of crypto-asset service or activity provided or performed and the type of crypto-asset involved.
- Anti-money laundering and counter-terrorism financing (AML/CTF) obligations: CASPs must comply with AML/CTF obligations, such as applying customer due diligence measures, monitoring transactions, reporting suspicious activities, keeping records, and cooperating with the competent authorities. The AML/CTF obligations are aligned with the Fifth Anti-Money Laundering Directive 2018/843/EU (AMLD5) and the Sixth Anti-Money Laundering Directive 2018/1673/EU (AMLD6), which apply to other obliged entities in the financial sector.
The transitionary provisions and exemptions under MiCAR
- MiCAR provides for some transitionary provisions and exemptions for crypto-asset issuers and CASPs that are already operating in the EU before the application date of MiCAR.
- Grandfathering clause: Crypto-asset issuers and CASPs that are authorised or registered under national regimes in one or more member states before the application date of MiCAR may continue to provide or perform their services or activities in those member states until 30 June 2025, without obtaining an authorisation under MiCAR. However, they must comply with the relevant national rules and regulations and notify the competent authorities of their intention to continue their operations. They must also apply for an authorisation under MiCAR by 30 June 2024, if they wish to provide or perform their services or activities in the EU after 30 June 2025.
- Pilot regime for distributed ledger technology (DLT) market infrastructures: MiCAR establishes a pilot regime for DLT market infrastructures, which are a new type of market participants that use DLT to provide both trading and settlement services for crypto-assets that qualify as financial instruments. The pilot regime aims to test the use of DLT in the trading and post-trading of crypto-assets, while ensuring a high level of investor protection and market integrity. The pilot regime will apply for five years from the application date of MiCAR, with a possibility of extension. DLT market infrastructures must obtain an authorisation from the competent authority of their home member state and comply with specific requirements under MiCAR. They are also subject to the supervision and cooperation of the European Securities and Markets Authority (ESMA) and the EBA. The pilot regime will allow DLT market infrastructures to operate in a sandbox environment, where they can benefit from certain exemptions and derogations from existing EU financial services legislation, such as the Markets in Financial Instruments Directive 2014/65/EU (MiFID II), the Central Securities Depositories Regulation 909/2014/EU (CSDR) and the Settlement Finality Directive 98/26/EC (SFD).
- Exemptions for central banks and public authorities: MiCAR does not apply to crypto-assets that are issued or guaranteed by central banks, member states, third countries or public international organisations. It also does not apply to crypto-asset services or activities that are provided or performed by central banks or other public authorities in the performance of their public tasks or functions. These exemptions aim to preserve the monetary sovereignty and policy of the EU and its member states, as well as to facilitate the development of central bank digital currencies (CBDCs) and other public initiatives in the crypto-asset space.
The implications of MiCAR for investment firms and the travel rule
MiCAR also has some implications for investment firms and the travel rule, which are relevant for the crypto-asset market.
- Investment firms: Investment firms are natural or legal persons who provide or perform investment services or activities on a professional basis, such as reception and transmission of orders, execution of orders, portfolio management, investment advice, underwriting or placing of financial instruments. Investment firms are subject to the MiFID II framework, which regulates their authorisation, conduct of business, organisational and prudential requirements, and supervision. MiCAR allows investment firms that are authorised under MiFID II to provide or perform crypto-asset services or activities in relation to crypto-assets that qualify as financial instruments, without obtaining an additional authorisation under MiCAR. However, they must comply with the relevant MiFID II rules and regulations, as well as some specific requirements under MiCAR, such as the safeguarding and AML/CTF obligations. Investment firms that wish to provide or perform crypto-asset services or activities in relation to crypto-assets that do not qualify as financial instruments must obtain an authorisation under MiCAR and comply with its rules and regulations.
- Travel rule: The travel rule is a requirement that obliges financial institutions to exchange certain information about the originator and the beneficiary of a funds transfer, such as their names, addresses, account numbers and transaction amounts. The travel rule aims to prevent money laundering and terrorist financing, as well as to facilitate the traceability and transparency of funds transfers. The travel rule applies to crypto-asset transfers under MiCAR, which are defined as any transaction that results in the change of ownership of one or more crypto-assets from one person to another person. MiCAR requires CASPs that are involved in crypto-asset transfers to exchange the following information with other CASPs:
- The name and account number of the originator
- The name and account number of the beneficiary
- The originator’s address, official personal document number, customer identification number or date and place of birth
- The beneficiary’s address, official personal document number, customer identification number or date and place of birth
- The amount and type of crypto-asset transferred
- The date and time of the crypto-asset transfer
- Any other information required by the competent authorities
The CASPs must ensure that the information is accurate and complete, and that it is transmitted securely and confidentially. They must also keep records of the information for at least five years. They must implement the travel rule by 30 June 2024, which is the same date as the application of the Financial Action Task Force (FATF) standards on virtual assets and virtual asset service providers.
The leading EU jurisdictions for MiCAR compliance and regulatory arbitrage
MiCAR’s objective is to establish an equitable environment and a unified market for crypto-assets and associated services within the EU. This is to be achieved by standardizing and simplifying the current national regulatory frameworks, thereby eradicating regulatory fragmentation and uncertainty. Nonetheless, MiCAR acknowledges the need for a degree of regulatory flexibility and discretion at the national level, which opens the door to regulatory arbitrage and competition among EU member states in specific areas.Some of the areas where MiCAR grants national discretion and flexibility are:
- The definition and treatment of crypto-assets that qualify as financial instruments, deposits, structured deposits, electronic money, securitisation positions, insurance products or pension products under existing EU financial services legislation. MiCAR does not provide a clear and uniform definition of these crypto-assets, nor does it harmonise their classification and regulation across the EU. Therefore, the member states may adopt different approaches and interpretations, which may affect the scope and applicability of MiCAR.
- The authorisation and supervision of crypto-asset issuers and CASPs. MiCAR establishes a home member state principle, which means that the crypto-asset issuers and CASPs are authorised and supervised by the competent authority of the member state where they have their registered office or head office. The authorisation is valid in all member states and allows the crypto-asset issuers and CASPs to passport their activities across the EU. However, the member states may have different procedures and criteria for granting or refusing the authorisation, as well as different supervisory practices and enforcement actions, which may create regulatory divergence and inconsistency.
- The fees and charges for the authorisation and supervision of crypto-asset issuers and CASPs. MiCAR allows the competent authorities of the member states to charge fees or charges for the authorisation and supervision of crypto-asset issuers and CASPs, in order to cover their costs and expenses. However, MiCAR does not specify the amount or the calculation method of the fees or charges, nor does it impose any limits or caps. Therefore, the member states may set different levels and structures of fees or charges, which may affect the competitiveness and attractiveness of their crypto-asset markets.
Given these areas of national discretion and flexibility, some of the leading EU jurisdictions for MiCAR compliance and regulatory arbitrage are:
- France: France is one of the first and most proactive EU member states to adopt a national regime for crypto-assets and related services, under the PACTE law of 2019. The PACTE law provides an optional registration and an optional licence for CASPs, as well as a mandatory approval for initial coin offerings (ICOs). The PACTE law also recognises crypto-assets as intangible property and grants them legal and tax certainty. France has a supportive and innovative regulator, the Autorité des Marchés Financiers (AMF), which has issued several guidance and recommendations on crypto-assets and related services. France is also a founding member and a key player of the European Blockchain Partnership (EBP), which aims to develop a European Blockchain Services Infrastructure (EBSI) that supports the delivery of cross-border digital public services. France is likely to maintain and enhance its leading position in the crypto-asset market under MiCAR, as it has a solid and flexible national regime, a favourable and stable legal and tax environment, and a strong and cooperative regulator.
- Germany: Germany is another pioneer and leader in the crypto-asset market, as it has a comprehensive and advanced national regime for crypto-assets and related services, under the Banking Act of 1961 and the Securities Trading Act of 1998. The Banking Act defines crypto-assets as financial instruments and subjects them to the MiFID II framework, while the Securities Trading Act regulates the issuance and trading of crypto-assets that qualify as securities. The Banking Act also requires CASPs to obtain a licence from the Federal Financial Supervisory Authority (BaFin), which is a competent and experienced regulator that has issued several guidance and circulars on crypto-assets and related services. Germany has a robust and diversified crypto-asset ecosystem, with several established and emerging players, such as Bitwala, Bison, Bitbond, Nuri and Neufund. Germany is expected to retain and strengthen its leading role in the crypto-asset market under MiCAR, as it has a clear and consistent national regime, a reliable and efficient legal and tax framework, and a reputable and supportive regulator.
- Malta: Malta is a small but ambitious EU member state that has positioned itself as a global hub for crypto-assets and related services, under the Virtual Financial Assets Act of 2018. The Virtual Financial Assets Act provides a comprehensive and bespoke regime for crypto-assets and related services, which covers the issuance, offering and admission to trading of crypto-assets, as well as the licensing and supervision of CASPs. The Virtual Financial Assets Act also introduces the concept of a virtual financial asset (VFA) agent, which is a person who acts as an intermediary between the crypto-asset issuers or CASPs and the regulator, the Malta Financial Services Authority (MFSA). The MFSA is a proactive and forward-looking regulator that has issued several rules and guidance on crypto-assets and related services, as well as a VFA framework that sets out the principles and best practices for the crypto-asset industry. Malta has attracted and hosted several prominent and innovative players in the crypto-asset market, such as Binance, OKEx, BitBay and ZBX. Malta is likely to continue and expand its leading role in the crypto-asset market under MiCAR, as it has a comprehensive and bespoke national regime, a favourable and attractive legal and tax framework, and a proactive and forward-looking regulator.
Conclusion
MiCAR is a landmark legislation that aims to create a harmonised and comprehensive framework for the regulation of crypto-assets and related services in the EU.
They will introduce legal certainty, consumer protection, market integrity and financial stability, as well as foster innovation and competition, by enabling cross-border activities and passporting rights for crypto-asset issuers and CASPs within the EU. However, MiCAR also poses some challenges and obligations for crypto-asset issuers and CASPs, as well as for other financial institutions and investors that interact with crypto-assets.
I look forward to see the development of this framework.