article / 20 Apr 2023
The MiCA regulation – ten steps for crypto companies to consider
The EU regulators have now taken another step in its mission to regulate crypto-assets on the EU market following the final vote in the European Parliament for the adoption of the Markets in Crypto-Assets regulation (the “MiCA” regulation). Once the regulation enters into force, entities under scope will have 12-18 months to take measures to adapt to the new framework. Presumably, the provisions on stablecoins will start applying in July 2024 and the provisions on issuers of other crypto-assets and crypto-asset service providers in January 2025.
Ten steps to consider on the road to compliance:
Different rules will apply depending on the classification of the crypto-assets or what kind of services are provided. Don’t know where to begin? Below you will find ten legal steps for entities to consider on the road for compliance with the MiCA regulation:
- Understand the regulatory requirements applying to your business:
Entities operating in the crypto landscape will need to assess which specific rules applies to their business and analyze how it will impact their operations, products, and services. This will require a thorough understanding of the legal and regulatory landscape surrounding crypto-assets, and an assessment of the classification of different crypto-assets (and services) will be needed.
The MiCA regulation will create a harmonized framework within the EU and give rise to a new licensing regime and rules that will apply for issuers and offerors of certain kind of crypto-assets (including in such situations as when making an offer of crypto-assets to the public, or seek an admission of such crypto-assets for trading on a trading platform for crypto-assets in the EU), and crypto-asset service providers (e.g., operators of trading platforms and exchanges, custodians and wallet providers as well as transfer service providers, operating within the EU). Different rules are provided for under MiCA depending on, e.g., (i) what kind of business the entity is conducting, (ii) what kind of crypto-assets are provided by the entity and (iii) the significance of the operations (in terms of the value of crypto-assets issued or number of users of a crypto-asset service).
Three main asset categories may be identified under MiCA:
E-money-tokens (“EMT”) – this is a type of crypto-asset which main purpose is to be used as a means of payment and that purports to maintain a portfolio which ensures that the token maintains a stable value by reference to the value of one official currency. This asset class includes so called stablecoins backed by a single fiat currency. Do note that EMT which maintain the value of a fiat currency of the EU, shall be deemed to be electronic money under the second Electronic Money Directive (“EMD2”).
Asset-referenced tokens (“ART”) – this is a type of crypto-asset that purports to maintain a stable value by reference to any other value or right or a combination thereof, including one or more official currencies of a country. This includes stablecoins backed by two or more fiat currencies, but also crypto-backed stablecoins, and commodity-backed stablecoins.
Other crypto-assets – Crypto-assets not classified as EMT or ART will be labelled as “other crypto-assets”. This class includes so called “utility tokens”, meaning a type of crypto-asset which is used for the only purpose of providing access to a good or a service supplied by the issuer/offeror of that token.
MiCA provides for additional rules for issues of ART and EMT exceeding a set threshold value as well as for particularly large crypto-asset service providers (with reference to its number of users).
Some exceptions from the scope will apply (e.g., not all kinds of NFT will be under scope of MiCA). Also, crypto-assets or services already under the scope of EU legislation on financial services will not be covered, such as, e.g., crypto-assets being qualified as financial instruments which are already regulated under the second Markets in Financial Instruments Directive (MiFID II) where they meet the criteria and conditions to be deemed equivalent in substance to any of the instruments referred to in Section C of Annex I of MiFID II, irrespective of their form, and crypto-assets defined as electronic money under EMD2, save for EMT qualified under MiCA. Additional exceptions are provided for by the regulation, and the above shall not be regarded as an exhaustive list of exceptions.
- Establish an entity within the EU: Crypto-asset service providers and issuers/offerors seeking to issue crypto-assets or provide services within the EU must be a legal entity. For crypto-asset service providers and issuers/offerors of EMT and ART, a registered office in an EU member state (such as Sweden) is mandatory. Issuers/offerors of “other crypto-assets”, must be a legal entity established in the EU, a natural person having its residence in the EU, an entity established or having a seat in the EU and subject to the rights and obligations of the Union, or be a “decentralized autonomous organization” (i.e., a DAO).
- Establish, maintain and implement policies and internal procedures: To ensure compliance, companies will need to establish compliance policies and internal procedures, including compliance of its managers and employees. E.g., business continuity plans, policies for governance and procedures for management of complaints. Depending on the asset category, policies and procedures specifically related to crypto may be required, concerning e.g., the protocols and validation of transactions and the functioning of the issuer-/offeror’s proprietary DLT as well as the mechanisms to ensure the liquidity of the crypto-asset, etc. All entities will need to ensure it has procedures, on different levels, as required by MiCA for the purpose of protecting consumers and investors. Anti-money laundering (AML) and anti-terrorist financing control mechanisms and procedures as well as know-your-customer (KYC) procedures will be mandatory for issuers/offerors as well as for crypto-asset service providers. Also, certain requirements will apply for outsourcing of the functions of a crypto-asset service provider. Finally, rules for the prevention of market abuse will apply, and policies and procedures to ensure compliance is strongly recommended. Note that the above shall not be considered as an exhaustive list.
- Review and update of systems and security: Companies will need to review its systems and security access protocols to ensure it is in line with appropriate EU standards, e.g., in order to safeguard the security, integrity and confidentiality of information.
- Ensure the required amount of reserve assets, own funds and/or certain prudential safeguards: Depending on the classification on crypto-assets to be issued, entities will need to constitute and maintain a reserve of assets, and ensure they have own funds equal to a specific sum related to, e.g., the average amount of the reserve assets. Crypto-asset service providers need to have prudential safeguards equivalent to a certain amount.
- Create and publish a crypto-asset white paper: Issuers/offerors will need to establish and publish a crypto-asset white paper containing comprehensive information about, e.g., the issuer/offeror and contact details, the project, a summary of key financial information regarding the issuer, and information regarding the offer to be made to the public. Also, the whitepaper should outline the underlying technology and protocol, as well as a description of the risks associated with the crypto-asset. Where the proof-of-work model is used as underlying validation mechanism of the DLT, the whitepaper shall include an independent assessment of the likely energy consumption of the crypto-asset and information on sustainability indicators related to the issuance of the crypto-asset, including whether it has been mined in compliance with the EU sustainable finance taxonomy. Additionally, the whitepaper should, in some cases, include a warning to investors. The required content and form of the white paper will differ depending on the classification of the crypto-asset.
- Prepare for sharing information with consumers and investors (and authorities): Crypto-asset issuers/offerors and service providers will need to prepare marketing materials and be ready to share information with consumers and investors. For ART and EMT, information shall be shared on an ongoing basis meaning that policies and processes need to be in place. All actors under scope will need to prepare for contact with the relevant authorities and prepare the necessary descriptions, documents and other information needed.
- Apply for and obtain a permit, authorization, or certification: Issuers/offerors of “other crypto-assets” need to seek and receive authorization from the national authorities before issuance of crypto-assets. Crypto-asset service providers and issuers/offerors of ART need to seek authorization from national authorities in order to operate or issue crypto-assets, while issuers/offerors of EMT shall seek and obtain certification as a credit institution or an electronic money institution before issuance. For issuance of ART which is decentralized crypto-assets or whose issuers are established in third countries, a crypto-asset service provider operating a trading platform may also be authorized as an offeror following certain requirements.
- Notify authorities: All issuers/offerors are required to notify national authorities prior to issuance of crypto-assets. Issuers/offerors of EMT even need to notify the authorities prior to publication of their whitepaper.
- Keep yourself informed of additional requirements: We can expect further clarification in form of guidelines and details of the requirements of MiCA from relevant authorities (such as the European Banking Authority (EBA) and national authorities), as well as from other relevant stakeholders and EU institutions. Also, by 1 January 2025, the EU Commission shall include crypto-asset mining in the economic activities that contribute substantially to climate change mitigation in the EU Sustainable Finance Taxonomy, in accordance with Article 10 of
Regulation (EU) 2020/852. As with every legal framework, it is vital to keep track of case law and interpretations of the law by courts and supervisory authorities. Actors in the crypto sector will do wise to keep up with the development of this area of law.
The ten steps provided for above is examples of what crypto companies will need to do to prepare for the MiCA regulation once it is adopted, and it shall not be seen as an exhaustive list of requirements and actions. Especially for crypto-asset service providers, MiCA provides for special rules for different kind of services.
Does it seem like there is a lot to do to prepare for the new rules? We can only agree. But don’t worry – Setterwalls is here to help you to navigate in this new regulatory landscape and help you with preparing for MiCA. Curious to know more? Don’t hesitate to reach out to our dedicated team.