20 June 2023 • 66 minute read

MiCA & TFR: the two new pillars of the EU crypto-assets regulatory framework

Written by:Pierre E. Berger Martijn Boeve Nicolas Kalokyris

After a long and much-debated legislative process, the Markets in Crypto-assets Regulation and the Transfer of Funds Regulation were finally officially published in the European Official Journal on 9 June 2023.

The Markets in Crypto-assets Regulation sets out a comprehensive and harmonised framework for the regulation of crypto-asset markets across the EU. It will regulate crypto-asset issuers and Crypto-assets service providers. The revised Transfer of Funds Regulation requires crypto-asset service providers to accompany transfers of Crypto-assets with information on the originators and beneficiaries.

These two new European Regulations lay the foundation for a new regulatory framework for Crypto-assets in the EU.

In this alert we analyse the key elements of these two new regimes, assess their impact for the market and highlight the opportunities they will bring.

1. Introduction and context

In 2018, the European Commission presented its FinTech Action Plan,¹ by which it asked the European Supervisory Authorities to further work on Crypto-assets.

The European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) both published a report² in January 2019, in which they found out that only a limited portion of Crypto-assets could qualify as financial instruments under Directive 2014/65/EU on markets in financial instruments³ (MiFID II), or e-money under Directive 2009/110 on electronic money institutions⁴ (Electronic Money Directive II or EMD II). But the majority of Crypto-assets is likely to fall outside the existing European financial services regulations. This means that, until now, there were no rules harmonized at European level, other than those in respect of anti-money laundering, for the provision of services related to such unregulated Crypto-assets.

The absence of such rules left holders of those Crypto-assets exposed to risks, in particular in fields not covered by consumer protection rules. It could also result in substantial risks to market integrity, including in terms of market abuse and financial crime. Finally, the absence of an overall EU framework for markets in Crypto-assets also meant there was a lack of user confidence in those assets (in particular for incumbent financial institutions and institutional investors), which could significantly hinder the development of a market in those assets and lead to missed opportunities in terms of innovative digital services, alternative payment instruments or new funding sources for EU companies.

On the side of anti-money laundering, transfers of Crypto-assets were not included in the scope of Regulation (EU) 2015/847 on information accompanying transfers of funds, which only applied to transfers of funds (eg banknotes or coins). The latest changes introduced in June 2019 in the FATF standards introduced new and similar obligations for crypto-asset service providers, with the purpose of facilitating the traceability of transfers of Crypto-assets.

A new dedicated and harmonised framework for markets in Crypto-assets was necessary at EU level to provide specific rules for Crypto-assets and related services and activities that are not yet covered by EU legislative acts on financial services. It would also have to include the transfers of Crypto-assets in the scope of the existing rules on anti-money laundering.

Digital Finance Package

In September 2020, the European Commission presented the Digital Finance Package, a package of measures aimed at developing and regulating the use of digital finance in the EU. The Digital Finance Package contained several legislative proposals on Crypto-assets , including a proposal for a Regulation on markets in Crypto-assets , a proposal for a Regulation on a pilot regime for market infrastructures based on distributed ledger technology (DLT Pilot Regime), and a proposal for a Regulation on digital operational resilience for the financial sector (DORA).

AML Package

In July 2021, the European Commission also presented the AML Package, a new package of measures to overhaul the European anti-money laundering regulatory framework, which contains a proposal to recast the Regulation 2015/847 of 20 May 2015 on information accompanying transfers of funds⁵ to include Crypto-assets transfer in its scope. This aimed at extending the information requirements currently applying to wire transfers to Crypto-assets transfers, with the necessary adjustments needed due to the differences in some of their features.

2. The Markets in Crypto-assets Regulation: Harmonization of the European Crypto-assets markets’ regulation

Regulation (EU) 2023/1114 of 31 May 2023 on markets in Crypto-assets⁶ (the Markets in Crypto-assets Regulation or MiCA) introduces a dedicated and harmonised comprehensive framework for markets in Crypto-assets at EU level in order to provide specific rules for Crypto-assets and related services and activities. Its objective is to support innovation and fair competition, while ensuring a high level of protection of retail holders and the integrity of markets in Crypto-assets . Adopted under the form of a European Regulation, MiCA will be directly applicable in all EU Member States.

Scope and taxonomy of Crypto-assets under MiCA

MiCA applies to the issuance, offering to the public, and admission to trading of Crypto-assets and the provision of certain crypto-asset services in the EU.

MiCA aims to apply to all Crypto-assets not already covered by other financial services legislations. It classifies Crypto-assets into three types, which should be distinguished from one another and subject to different requirements depending on the risks they entail. The classification is based on whether the Crypto-assets seek to stabilise their value by reference to other assets:

The first type is e-money tokens, ie Crypto-assets that aim to stabilise their value by referencing only one official currency. These Crypto-assets are electronic surrogates for coins and banknotes and are likely to be used for making payments.
The second type of Crypto-assets is asset-referenced tokens, which aim to stabilise their value by referencing another value or right, or combination thereof, including one or several official currencies. This second type covers all other Crypto-assets, other than e-money tokens, whose value is backed by assets, so as to avoid circumvention and to make MiCA future-proof.
Finally, the third type is a catch-all category of Crypto-assets other than asset-referenced tokens and e-money tokens, which covers a wide variety of Crypto-assets, including utility tokens.

MiCA also excludes certain Crypto-assets from its scope:

This is the case for crypto-assets that qualify as financial instruments as defined in MiFID II, which already fall within the scope of existing financial services legislations. To distinguish between Crypto-assets covered under MiCA and financial instruments under MiFID II, ESMA shall, by 30 December 2024, issue guidelines on the criteria and conditions for the qualification of Crypto-assets as financial instruments.
MiCA shall not apply to non-fungible tokens (NFTs), including digital art and collectibles. But if the de facto features of the tokens or features linked to their de facto uses make them either fungible or not unique, such Crypto-assets could still fall under the scope of MiCA.

The issuance of Crypto-assets

MiCA lays down rules for offerors and people seeking admission to trading of Crypto-assets , and for issuers of asset-referenced tokens and e-money tokens.

Issuance of Crypto-assets other than asset-referenced tokens and e-money tokens

When making an offer to the public of Crypto-assets (other than asset-referenced tokens or e-money tokens) or when seeking admission to trading of such Crypto-assets in the EU, offerors or people seeking admission to trading should draw up, notify to their competent authority and publish a crypto-asset white paper, an information document containing mandatory disclosures.

The content and form of the white paper is regulated under MiCA.

It should contain general information:

on the issuer, offeror or person seeking admission to trading;
on the project to be carried out with the capital raised;
on the offer to the public of Crypto-assets or on their admission to trading;
on the rights and obligations attached to the Crypto-assets;
on the underlying technology used for such Crypto-assets; and
on the related risks.

Some offers of Crypto-assets are not subject to the prior publication of a white paper. This is the case for offers to the public of Crypto-assets for free or that are automatically created in the context of a consensus mechanism. The same goes for Crypto-assets that can only be used in a limited network (ie limited network exemption) or for offers of Crypto-assets made to fewer than 150 people per Member State, that are addressed solely to qualified investors or whose total consideration does not exceed EUR1 million over a period of 12 months.

White papers for Crypto-assets (other than asset-referenced tokens or e-money tokens) should be notified to the national competent authority before being published but should not be approved. After publication, offerors and people seeking admission to trading of Crypto-assets should be allowed to offer and seek admission to trading of such Crypto-assets throughout the EU.

Issuance of asset-referenced tokens

Additional requirements apply for issuing or admitting to trading asset-reference tokens. Both require prior authorisation from the competent authority and approval of the relevant crypto-asset white paper. The authorisation requirement is also subject to some derogations (eg offer addressed solely to qualified investors or below EUR5 million). However, credit institutions duly authorised should not need another authorisation under MiCA to offer or seek the admission to trading of asset-referenced tokens. But they would still have to publish a white paper that must be approved by the national competent authority before publication.

Crypto-asset white papers for asset-referenced tokens should include information on the stabilisation mechanism, on the investment policy of the reserve assets, on the custody arrangements for the reserve assets and on the rights provided to holders.

Issuance of e-money tokens

Specific requirements apply for issuing e-money tokens. Issuers of e-money tokens should be authorised either as an electronic money institution or as a credit institution. E-money tokens should be deemed to be electronic money as that term is defined in the EMD II. And issuers should, in principle, comply with the relevant requirements set out in that Directive on issuance and redeemability of e-money tokens.

Issuers of e-money tokens should also draw up a crypto-asset white paper and notify it to their competent authority. The crypto-asset white paper should expressly refer to the right of holders of e-money tokens to redeem their e-money tokens for funds denominated in the official currency that the e-money tokens reference at par value and at any time.

Regulatory requirements

MiCA further subjects offerors and people seeking admission to trading of Crypto-assets, asset-referenced tokens or e-money tokens to compliance with specific regulatory requirements. They should identify, prevent, manage and disclose conflicts of interest, and should have effective administrative arrangements to ensure their systems and security protocols meet EU standards. Offerors of Crypto-assets should also have effective arrangements in place to monitor and safeguard the funds or other Crypto-assets raised during their offer to the public.

Issuers of asset-referenced tokens should have robust governance arrangements, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility and effective processes to identify, manage, monitor and report the risks to which they might be exposed. The members of the management body of issuers should be fit and proper and the shareholders or members that have qualifying holdings in such issuers should be of sufficiently good repute. Issuers of asset-referenced tokens should establish a business continuity policy that aims to ensure, in the case of an interruption to their systems and procedures, the performance of their core activities related to the asset-referenced tokens. They should also have strong internal control mechanisms and effective procedures for risk management, as well as a system that guarantees the integrity and confidentiality of information received.

Issuers of asset-referenced tokens are also subject to own funds requirements, which should be proportionate to the issuance size of the asset-referenced tokens. They should constitute and maintain a reserve of assets matching the risks reflected in such liability and set up an adequate custody policy which shall ensure that the reserve assets are fully segregated from the issuer’s own assets at all times.

As e-money tokens should be deemed to be electronic money under the EMD II, their issuers should, in principle, comply with the relevant requirements set out in that Directive for the taking up, pursuit and prudential supervision of the business of electronic money institutions.

Finally, asset-referenced tokens and e-money tokens will be subject to more stringent requirements if they are deemed as “significant”. This will be the case when they meet, or are likely to meet, certain criteria, including a large customer base, a high market capitalisation, or a large number of transactions. In particular, issuers of significant asset-referenced tokens should be subject to higher capital requirements, to interoperability requirements and they should establish a liquidity management policy.

The provision of Crypto-assets services

In addition to the offer and admission to trading of Crypto-assets, MiCA provides for operational, organisational and prudential requirements at EU level applicable to crypto-asset service providers.

Crypto-asset services

MiCA provides for a list of services and activities relating to any crypto-asset , which will become regulated services. The list includes among others:

providing custody and administration of Crypto-assets on behalf of clients;
operating a trading platform for Crypto-assets;
exchanging Crypto-assets for funds or other Crypto-assets;
executing orders for Crypto-assets on behalf of clients; or
providing advice on Crypto-assets.

CASP authorisation

To provide any of the crypto-asset services regulated under MiCA, an authorisation as crypto-asset service provider (CASP), a new regulated status of the EU, will first need to be obtained. To this end, an application for authorisation as crypto-asset service provider must be submitted to the competent authority of the Member State where the entity has its registered office.

MiCA requires CASPs to comply with certain prudential requirements, including strong organisational requirements. The members of the management body of crypto-asset service providers should be fit and proper and the shareholders or members that have qualifying holdings in such issuers should be of sufficiently good repute. CASP should employ management and staff with adequate knowledge, skills and expertise. They should have sound internal control and risk assessment mechanisms as well as adequate systems and procedures to ensure the integrity and confidentiality of the information received. Further requirements may also apply depending on the crypto-asset services to be provided and due to the specific risks raised by each type of services.

Where an authorisation is granted, it should be valid for the entire EU. This is the principle of the financial passport, according to which the authorisation granted to provide certain regulated services by a national competent authority is valid across all Member States. And it allows the entity to provide services across all other Member States. Under MiCA, once authorised, CASPs will be allowed to provide crypto-asset services throughout the EU, either through the right of establishment, including through a branch, or through the freedom to provide services (ie on a cross-border basis).

Provision of crypto-asset services by regulated financial entities

Some financial firms that are already regulated in the EU should be allowed to provide all or some crypto-asset services without having to obtain an authorisation as a CASP under MiCA, subject to certain notification requirements. For example, banks are allowed to provide any of the crypto-asset services, but investment firms may only provide crypto-asset services considered as equivalent to the investment services and activities for which they are already authorised under MiFID II.

Specific considerations for non-EU firms

One of the requirements to be authorised as crypto-asset service provider under MiCA is to have a registered office in a Member State in which at least part of the crypto-asset services are carried out. Crypto-asset service providers should therefore have their place of effective management in the EU, and at least one of the directors should be resident in the EU. This implies that non-EU companies (which have their registered office in a foreign jurisdiction) are not allowed to provide crypto-asset services in the EU. Should they wish to do so, they will need to establish a company (eg subsidiary) in an EU Member State. And the company will have to apply for authorisation as CASP with the national competent authority.

However, MiCA also provides for a reverse solicitation regime allowing third-country firms to answer to requests from EU consumers looking to receive crypto-asset services by a third-country firm on their own initiative. In other words, under this passive servicing regime, where a client established or situated in the EU initiates at its own exclusive initiative the provision of a crypto-asset service or activity by a third‐country firm, the latter is not required to obtain an authorisation as CASP to provide such crypto-asset service or activity. But this regime does not apply where a third-country firm solicits clients in the EU or promotes or advertises crypto-asset services or activities in the EU. ESMA is mandated to issue, by 30 December 2024, guidelines to specify the situations in which a third-country firm is deemed to solicit clients established or situated in the EU.

Other considerations

ESG

During the legislative process, a much-debated point was the potential ban of proof of work mining techniques, due to the intense energy consumption of the consensus mechanism. Although this has not been adopted, the European legislator finally decided that any principal adverse impact that consensus mechanisms might have on the climate, and any other environment-related adverse impact, must be adequately identified and disclosed by issuers of Crypto-assets and crypto-asset service providers. ESMA and EBA received the mandate to develop draft regulatory technical standards to further specify the content, methodologies and presentation of information in relation to sustainability indicators with regard to adverse impacts on climate and other environment‐related adverse impacts, and to outline key energy indicators.

Market abuses

Finally, MiCA also lays down specific rules to deter market abuse for Crypto-assets that are admitted to trading on a trading venue as defined in MiFID II. The regime introduced by MiCA prohibits certain behaviours that are likely to undermine user confidence in markets in Crypto-assets and the integrity of those markets, including insider dealing, unlawful disclosure of inside information and market manipulation related to Crypto-assets.

Supervision

Member States must each designate the competent authorities responsible for carrying out the supervisory functions and duties provided for in MiCA.

MiCA grants competent authorities with powers to supervise the issuance, offer to the public and admission to trading of Crypto-assets, and to supervise crypto-asset service providers. Those powers include the power to suspend or prohibit an offer to the public or an admission to trading of Crypto-assets or the provision of a crypto-asset service, and to investigate infringements of the rules on market abuse. Competent authorities also have the power to impose penalties on issuers, offerors or persons seeking admission to trading of Crypto-assets, including asset-referenced tokens or e-money tokens, and on crypto-asset service providers.

Entry into force and application

MiCA enters into force on 30 June 2023 and will apply from 30 December 2024. The provisions related to the asset-referenced tokens and e-money tokens will apply from 30 June 2024.

3. The revised Transfer of Funds Regulation: Inclusion of transfers of Crypto-assets

Along with MiCA, on 9 June 2023 Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain Crypto-assets and repealing Regulation (EU) 2015/847⁷ (the Transfer of Funds Regulation or TFR) was also officially published. Giving effect to the Financial Action Taskforce (FATF)’s recommendations on virtual assets, the revised TFR will extend to crypto-asset service providers the obligation to accompany transfers of Crypto-assets with information on the originators and beneficiaries.

Scope

In addition to existing rules on transfers of funds, the TFR introduces new rules on the information on originators and beneficiaries accompanying transfers of Crypto-assets . The new rules are to prevent, detect and investigate money laundering and terrorist financing where at least one of the crypto-asset service providers involved in the transfer of Crypto-assets is established in the EU. In addition, the TFR lays down rules on internal policies, procedures and controls to ensure implementation of restrictive measures.

Information requirements

Considering that the traceability of Crypto-assets can be a particularly important and valuable tool in the prevention, detection and investigation of money laundering and terrorist financing, the TFR obliges crypto-asset service providers to accompany transfers of Crypto-assets with information on the originator and the beneficiary.

The crypto-asset service provider of the originator should ensure that transfers of Crypto-assets are accompanied by:

the name of the originator;
the originator’s distributed ledger address or crypto-asset account number;
the originator’s address, including the name of the country;
official personal document number and customer identification number, or, alternatively;
the originator’s date and place of birth, and, subject to the existence of the necessary field in the relevant message format and where provided by the originator to its crypto-asset service provider;
the current LEI or, in its absence;
any other available equivalent official identifier of the originator.

The information should be submitted in a secure manner and in advance of, or simultaneously or concurrently with, the transfer of Crypto-assets . The same information must also be provided for the beneficiary.

The crypto-asset service provider of the beneficiary should implement effective procedures to detect whether the information on the originator or beneficiary is missing or incomplete. Those procedures should include, where appropriate, monitoring after or during the transfers.

Clarification on the interaction between the VASP registration under AMLD V and the CASP registration under MiCA

At present (and prior to the entry into force of MiCA), only two categories of crypto-asset service providers, namely, custodial wallet providers and providers engaged in exchange services between virtual currencies and fiat currencies (virtual asset service providers or VASP) are subject to the European anti-money laundering framework and to registration requirements under the fifth anti-money laundering directive (Directive (EU) 2015/849⁸ (as amended), AMLD V).

As a consequence, the TFR amends AMLD V to include all categories of crypto-asset service providers as defined under MiCA, which covers a broader range of crypto-asset service providers. In particular, the list of obliged entities is amended to include crypto-asset service providers within the category of financial institutions for the purpose of AMLD V.

Importantly, MiCA establishes a comprehensive regulatory framework for crypto-asset service providers which harmonises the rules pertaining to their authorisation and operation across the EU and to avoid duplication of requirements. So the TFR amends AMLD V to remove registration requirements in relation to those categories of crypto-asset service providers which will become subject to a single licensing regime under MiCA.

Entry into force

The TFR will also enter into force on 30 June 2023 and will apply from 30 December 2024, to coincide with the entry into force of MiCA.

4. Final considerations

The publication of MiCA and the TFR marks an important step in the future of markets in Crypto-assets in the EU.

Together, MiCA and the TFR will bring further legal certainty in the Crypto-assets sector. It is expected that such legal certainty will also bring more confidence in the sector and help the development of strategic crypto-related projects. Further, the introduction of a European passport for crypto-asset service providers, allowing them, once authorised, to provide crypto-asset services in all European jurisdictions, will enhance the possibility to scale-up crypto-projects at European level. This European passport will solve the current market fragmentation issue due to the lack of harmonisation at European level.

Any planned issuer of Crypto-assets and any crypto-asset service provider in scope of MiCA should immediately start with the implementation of MiCA and start to prepare an application file where applicable. They should also carefully identify and analyse the operational and legal consequences, management options and approaches and potential operational change requirements. In preparation for the general application date of 30 December 2024 of MiCA and the TFR, applicants will only have limited time to implement the various requirements of MiCA.

For more information regarding MiCA and the TFR and how these acts will affect your business, contact your usual DLA Piper advisor.

¹Communication from the Commission, FinTech Action plan: For a more competitive and innovative European financial sector, Brussels, 8 March 2018, COM (2018) 109 final.
²ESMA, Advice on Initial Coin Offerings and Crypto-assets , ESMA50-157-1391, 9 January 2019; EBA, Report with advice for the European Commission on Crypto-assets , 9 January 2019.
³Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (recast), OJ L 173/349, 12 June 2014.
⁴ Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC, OJ L 267/7, 10 October 2009.
⁵Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (Text with EEA relevance), OJ L 141 of 5 June 2015, p. 1–18.
⁶Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (Text with EEA relevance), OJ L 150, 9 June 2023, p. 40–205.
⁷ Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain Crypto-assets and amending Directive (EU) 2015/849 (Text with EEA relevance), OJ L 150, 9 June 2023, p. 1–39.
⁸Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (Text with EEA relevance), OJ L 141, 5 June 2015, p. 73–117.