Global M&A trends and risks
Powerful new forces shaping in the M&A landscape
You can withdraw your consent by clicking “manage cookies” and following the instructions shown.
Global | Publication | November 2020
On September 24, 2020 the European Commission published its long-anticipated Digital Finance package, comprising legislative proposals and non-legislative communications. One of the legislative proposals published included a draft regulation on markets in crypto-assets (MiCA). MiCA is the first European-level legislative initiative aiming to introduce a harmonized and comprehensive framework for the issuance, application and provision of services in crypto-assets. The draft legislation provides a set of prescriptive rules that, once formally adopted, will shape conduct of business in European markets in crypto-assets. In this briefing series we aim to provide a comprehensive overview of the proposed rules as intended to apply to various categories of participants in the crypto-asset markets. This article focuses on the provision of services in crypto-assets.
This article is relevant to providers of services in crypto-assets that are not financial instruments within the meaning of the revised Markets in Financial Instruments Directive (MiFID II). This includes providers of one of eight types of services in crypto-assets as defined in MiCA and including:
This article also is relevant to all such persons located or established in the European Economic Area (EEA) or established outside the EEA (including in the United Kingdom once the transition period expires) and having clients located in the EEA. It is also relevant to investment firms providing investment services or performing investment activities in crypto-assets that, albeit not subject to MiCA authorization requirements, will have to comply with certain prudential and organizational requirements.
The proposed regulation provides for the first time in European law a harmonized set of definitions applicable to markets in crypto-assets. Some of the key definitions relevant to the scope of this article include:
Only legal persons that have a registered office in one of the European Union (EU) Member States and have obtained an authorization from the relevant national competent authorities as crypto-asset service providers in accordance with MiCA will be permitted to provide services in crypto-assets. An authorization in one Member State will be valid for the entire EU, in accordance with a “passporting” mechanism familiar from other pieces of European markets legislation. However, and this is an important distinction in comparison to other European financial services legislation, MiCA does not provide for a separate third country regime. This means that persons located in a non-EU jurisdiction and wishing to actively promote and/or advertise their services to clients in the EU will have to obtain full authorization. Otherwise they could rely on a very restrictive reverse solicitation provision.
In respect of the authorization requirement, MiCA sets out a long list of information that a person will need to provide for the purpose of the application procedure. This will include a program of operations, a description of internal control mechanisms, a procedure for risk assessment and business continuity plan, and proof that the applicant meets the relevant prudential safeguards. In terms of the authorization procedure, the national competent authorities will have 25 days to assess the completeness of the application and subsequently three months to review it in detail and grant or refuse an authorization. All authorized crypto-asset service providers will be listed on a central register that will be maintained by the European Securities and Markets Authority (ESMA).
Crypto-asset service providers will be obliged to act honestly, fairly and professionally in accordance with the best interests of their clients and prospective clients. This will include making their pricing policies publically available. In respect of prudential requirements, crypto-asset service providers will be obliged to have in place prudential safeguards equal to the amounts specified in MiCA and composed of own funds and an insurance policy. Interestingly, the obligation to maintain such prudential safeguards will also apply to investment firms providing services in crypto-assets, but it is unclear at this stage how this obligation is intended to interact with the prudential requirements as set out in Regulation (EU) 2019/2033 on the prudential requirements for investment firms (IFR). MiCA is also quite prescriptive in respect of the types of risks the insurance policy must cover, which will include loss of documents, acts, errors or omissions resulting in a breach of the duty to act honestly, fairly and professionally towards clients, as well as where applicable, gross negligence in safeguarding clients’ crypto-assets and funds.
Crypto-asset service providers will have to have in place resilient and secure ICT systems, including internal control mechanisms and procedures for risk assessments, set up in accordance with the proposed regulation on digital operational resilience in financial services (DORA) (a high-level summary of DORA is available on our Regulation Tomorrow blog). In addition to other organizational requirements such as record keeping, complaints handling procedures and procedures for prevention, identification, management and disclosure of conflict of interests, crypto-asset service providers will need to have in place systems, procedures and arrangements to monitor and detect market abuse. They will need to report any suspicion that “there may exist circumstances that indicate that any market abuse has been committed, is being committed or is likely to be committed”. Finally, crypto-asset service providers relying on third parties for the performance of operational functions will need to comply with the rules on outsourcing as set out by MiCA.
In addition to the requirements applicable to all types of crypto-asset service providers as set out in earlier parts of this article, MiCA foresees specific requirements that will apply according to the type of their permission. Key points to note include:
Once adopted, MiCA is intended to become applicable 18 months following its entry into force. European legislators – the European Parliament and the Council of Ministers – have already begun their review of MiCA. Assuming that the legislative review will take approximately 18 months and MiCA will be published in the EU Official Journal in Q4 2021, it will become applicable in Q2 2023. That said, it is impossible to predict exactly the duration of the legislative review (complex files tend to take longer) and the phase in periods may be amended in the course of legislative review.
Our team has extensive experience in advising European, UK and third-country market participants in crypto-assets, including operators of trading venues, custodians and post-trade service providers, as well as a variety of other companies active in the broader FinTech sector. Unlike most other law firms, we offer a blend of legal, compliance and government relations skills in one cohesive team. This means we can help clients to prepare for legislative change by advising on legal and regulatory requirements, as well as on practical aspects of their implementation from the perspective of operational systems and controls adaptation.
Nina Varumo is a freelance portrait and documentary photographer based in Stockholm. A recent project of hers Kvinnor till sjöss (‘Women at sea’) is on ongoing photo series highlighting the working life of female seafarers in order to change the stereotypical image of what and who is a seafarer.
Companies have been publicly reporting on their financial performance for over a hundred years. However, they are increasingly having to make public non-financial disclosures relating to sustainability and environmental, social and governance (ESG) matters as a result of rules, laws and regulations issued by stock exchanges, governments and regulators worldwide.
© Norton Rose Fulbright LLP 2023