June 27, 2023
Click for PDF
The EU Markets in Cryptoassets Regulation (“MiCA”) was published in the EU’s official journal on 9 June 2023 and will enter into force on 29 June 2023, the 20th day following the date of its publication. As a result, the provisions on stablecoins (asset-referenced tokens and e-money tokens) will become applicable 12 months after this date, and will apply from 30 June 2024. The other provisions will apply from 30 December 2024.
MiCA establishes a harmonised pan-EU regime for cryptoassets. This new regulatory framework aims to protect investors and preserve financial stability, while allowing innovation and fostering the attractiveness of the cryptoasset sector. It will apply directly across the EU member states replacing the existing domestic laws and harmonising all national legislation in the area of cryptoassets and activities related to them.
MiCA sets out the framework for the regulation of cryptoassets in the EU but certain details will be settled in technical standards and delegated acts. The European Banking Authority (the “EBA”) is required to develop draft regulatory technical standards by 30 June 2024 to establish standard forms, templates and procedures for the cooperation and exchange of information between national competent authorities, as well as issuing guidelines that cryptoasset service providers should consider when conducting assessments and risk mitigation measures. This client alert provides an overview of MiCA, how it impacts on different market participants and what steps cryptoasset firms need to take now to ensure compliance.
Which cryptoassets are in-scope?
MiCA defines a crypto-asset as “a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology”. Although a limited number of cryptoassets are regulated under existing legislation, MiCA catches previously unregulated cryptoassets that did not fall within the regulatory perimeter. MiCA creates a hierarchy of cryptoassets based on the perceived risks posed by these different tokens.
- Defined as: “A type of cryptoasset that is intended to provide digital access to a good or service, available on DLT, and is only accepted by the issuer of that token.”
- Deemed as less risky than stablecoins and, therefore, a lighter touch regime applies to them.
- While issuers of these tokens do not need to be authorised, they must comply with the obligations set out in Title II of the MiCA.
Stablecoins (being “asset-referenced tokens” and “e-money tokens”)
- Defined as: “A type of cryptoasset that purports to maintain a stable value by referring to the value of several fiat currencies that are legal tender, one or several commodities or one or several cryptoassets, or a combination of such assets.”
- They are a type of stablecoin. However, the definition excludes algorithmic stablecoins and central bank digital currencies (“CBDCs”).
- The EU considers that they pose increased risks in terms of consumer protection and market integrity compared to other cryptoassets and so issuers should be subject to more stringent requirements.
- The requirements that apply relate to: authorisation; governance; conflicts of interests; disclosure of stabilisations mechanism; investment rules; and additional white paper requirements.
- Defined as: “A type of cryptoasset the main purpose of which is to be used as a means of exchange and that purports to maintain a stable value by referring to the value of a single fiat currency that is legal tender.”
- Again, as e-money tokens are a type of stablecoin, the EU considers them to be of higher risk than utility tokens.
- E-money tokens can only be issued by credit institutions (i.e. banks) or authorised electronic money institutions. E-money token issuers must comply with both the Second Electronic Money Directive and MiCA.
Significant asset-referenced tokens or significant e-money tokens
- MiCA permits the European Banking Authority to identify tokens as “significant”.
- A significant token is a type of asset-referenced or e-money token which is considered to pose significant risks for financial stability and consumer protection across the EU.
- The criteria for determining whether a token is a significant token are set out at Article 43 of MiCA. At least 3 of the criteria must be met, including among others the size of the customer base or the issuer’s reserve, the value of the tokens issued or transactions, the significance of the cross-border activities of the issuer, or the interconnectedness with the financial system.
- Significant tokens are subject to the strictest requirements in MiCA.
MiCA leaves several components of the digital world outside its scope for now, including CBDCs and cryptoassets that are unique and non-fungible (“NFTs”). MiCA sets out potential areas for future regulation, and an assessment of the necessity and feasibility of regulating NFTs.
Who does MiCA apply to?
MiCA imposes obligations on issuers of in-scope cryptoassets (i.e., those offering cryptoassets to third parties). MiCA also imposes obligations on firms whose business it is to provide certain cryptoasset services to third parties on a professional basis (i.e., cryptoasset service providers or “CASPs”). In particular, the following services are listed and defined in MiCA:
- providing advice on cryptoassets;
- reception and transmission of orders for cryptoassets;
- execution of orders for cryptoassets;
- custody and administration of cryptoassets;
- operation of a trading platform for cryptoassets;
- exchange of cryptoassets for fiat; and
- placing of cryptoassets.
Cryptoasset lending is one key service not captured by MiCA. The European Commission is expected to publish a report on the need to regulate this service and, if necessary, a legislative proposal by 30 December 2024.
Non-EU businesses – MiCA applies to those engaged in the aforementioned services “in the Union”. Non-EU businesses wishing to carry on cryptoasset activities within the EU or for EU based customers should consider how the territorial scope of MiCA will impact their current and future business models. MiCA contains provisions which relate to “reverse solicitation” where a third-country firm provides cryptoasset services at the exclusive initiative of an EU customer. However, where a third-country firm solicits clients or potential clients or promotes or advertises crypto-asset services or activities to customers in the EU, the licence requirement will be triggered. Further guidelines will be developed which will specify when a third country firm is deemed to solicit clients within the EU to mitigate against an overreliance on reverse solicitation rules.
Passporting – MiCA provides for passporting across the EU, in line with other EU single market measures. However, as mentioned, there are no provisions on third country equivalence, which may cause issues for service providers seeking to offer services globally.
Impact to existing licensed CASPs – Some EU member states already have in place national regulatory frameworks regulating CASPs. MiCA therefore leaves open a possibility for member states to apply a simplified procedure for applications for authorisation submitted by those entities that are already authorised under national law. In such cases, the national competent authorities will be required to ensure that these applicants comply with key requirements under MiCA. While some firms that are currently operating under national frameworks in some EU member states (i.e. Germany or Malta) will likely be able to leverage their existing internal frameworks to obtain a MiCA licence, non-regulated firms need to be prepared to dedicate a sufficient amount of time, financial and human resources to meet the new regulatory requirements under MiCA.
What areas of MiCA should be key areas of focus for cryptoasset firms?
(1) Offering and marketing of cryptoassets (other than asset-referenced tokens and e-money tokens)
- White paper – Subject to certain requirements, issuers may offer such cryptoassets to the public in the EU or apply for admission to a trading platform. Namely, there is a requirement to draw up, notify regulators of, and publish a cryptoasset white paper.
- Exemption from the requirement to publish a white paper – In summary, the white paper requirements do not apply where:
(i) the cryptoassets are offered for free, they are created through mining, are unique and not fungible with other cryptoassets;
(ii) are offered to fewer than 150 persons (natural or legal) per member state where such persons are acting on their own account;
(iii) an offer does not exceed EUR 1 million; or
(iv) the offer is solely addressed to qualified investors.
- Marketing communications – Marketing communications relating to an offer of cryptoassets to the public or admission to trading must be: (i) clearly identifiable as such; (ii) fair, clear and not misleading; (iii) consistent with the white paper; and (iv) clearly state both that the white paper has been published and an address of the website of the issuer concerned.
- Modifications to white paper / marketing communications – The white paper and marketing communications must be updated where there has been a change or new fact that is likely to have a significant influence on the purchase decision of any potential purchaser of the cryptoasset, or on the decision of holders of such cryptoassets to sell or exchange such cryptoassets.
(2) Obligations applying to issuers of asset-referenced tokens
- Authorisation procedure – Issuers of asset-referenced tokens will need to be authorised under MiCA and comply with various conduct of business and prudential requirements. Note that issuers must be EU-established legal entities in order to be granted authorisation. Note that there are certain exemptions for small-scale asset-referenced token and where tokens are marketed, distributed and held exclusively by qualified investors.
- Enhanced white paper requirements – Issuers of asset-referenced tokens must include additional information in white papers to that described above and the white paper must be pre-approved by national competent authorities. The white paper will need to contain certain mandatory disclosures before it can be issued, offered or marketed while issuers of other tokens need only notify the regulator and provide a copy of their white paper before doing so. The white paper will need to be supported by a legal opinion as to why the asset-referenced token is not an e-money token nor a token excluded from MiCA’s scope.
- Prudential and conduct requirements – Issuers must act honestly, fairly and professionally in the best interest of asset-referenced token holders. Requirements also relate to marketing, provision of information, complaints handling, conflicts of interest, governance arrangements, prudential requirements, and maintenance and segregation of reserve assets.
- Claims for damages – MiCA contains provisions that allow for asset-referenced token holders with minimum rights to claim damages against an issuer and its management body for certain infringements.
- Change in control approval – MiCA contains regulatory change in control approval provisions in advance of acquiring a “qualifying holding in an issuer of asset-referenced tokens”.
(3) Additional requirements relating to significant asset-referenced tokens
- Supervision by the EBA – Issuers of significant asset-referenced tokens will be supervised by the EBA given the significant risks they present to financial stability and consumer protection.
- Remuneration policy – Issuers must adopt, implement and maintain a remuneration policy that promotes sound and effective risk management and does not create incentives to relax risk standards.
- Interoperability – Issuers must ensure that such tokens can be held in custody by different crypto-asset service providers.
- Liquidity management policy – Issuers must establish, maintain and implement a liquidity management policy and procedures to ensure that the reserve assets have a resilient liquidity profile that enables issuers of to continue operating normally under scenarios of liquidity stress. Issuers must conduct liquidity stress testing on a regular basis.
(4) Obligations applying to issuers of e-money tokens
- Authorisation – Issuers of e-money tokens will need to be authorised as a credit institution or as an e-money institution under the second Electronic Money Directive (2009/110/EC).
- White paper requirements – Issuers of e-money tokens must ensure that their white papers contain certain required information as specified in Annex III.
- Issuance and redeemability – Upon request by a holder of an e-money token, the issuer must redeem the token, at any time and at par value, by paying in funds, other than electronic money, the monetary value of the e-money token held to the holder of the e-money token. Issuers must prominently state the conditions for redemption in their white paper.
- No interest to token holders – Issuers of e-money tokens shall not grant interest to token holders in relation to e-money tokens.
- Marketing communications – Marketing communications relating to a public offer or to trading of an e-money token must be (a) clearly identifiable; (b) fair, clear and not misleading; (c) consistent with the white paper, and (d) set out certain information about the white paper and the issuer.
- Treatment of funds received – At least 30% of the funds received by issuers in exchange for e-money tokens must be deposited in separate accounts in credit institutions. The remaining funds are to be invested in secure, low-risk assets that qualify as highly liquid financial instruments with minimal market risk, credit risk and concentration risk.
(5) Additional requirements relating to significant e-money tokens
- Dual supervision – Issuers of significant e-money tokens will be subject to dual supervision from national competent authorities and the EBA.
- New obligations for e-money institutions – E-money institutions issuing significant e-money tokens will not be subject to the own funds and safeguarding requirements under the E-Money Directive (2009/110/EC), but will instead be subject to the requirements specified under MiCA.
(6) Requirements for CASPs
- Authorisation procedure – CASPs will need to be authorised under MiCA and have a registered office in the EU. Once authorised in one member state, a CASP will be allowed to provide cryptoasset services throughout the entire EU. Certain institutions which are already authorised under existing financial services legislation do not also need to also be authorised under MiCA to provide cryptoasset services, but must follow certain notification requirements as per Article 60 of MiCA.
- Prudential and conduct requirements – CASPs must act honestly, fairly and professionally in the best interest of their clients and prospective clients. Requirements also relate to (among others) marketing, provision of information, prudential requirements, governance arrangements, complaints handling, conflicts of interest, and custody and administration of assets.
- Requirements for specific types of CASPs – Chapter 3 of MiCA also sets out specific requirements in respect of different crypto-asset services, including but not limited to: (a) providing custody and administration of cryptoassets; (b) operating a trading platform for cryptoassets; (c) exchanging cryptoassets for funds or other cryptoassets; (d) placing of cryptoassets; and (e) providing advice on, and portfolio management of, cryptoassets.
- No new anti-money laundering obligations – MiCA does not include anti-money laundering (AML) provisions with respect to CASPs. However, the Fifth Money Laundering Directive ((EU) 2018/843) (MLD5), which came into force in 2018, contains AML provisions with respect to cryptoasset exchanges and custodian wallet providers. The EU Council also recently agreed its position on a new AML directive (AMLD6), which would extend AML provisions to all CASPs.
(7) Market abuse regime for cryptoassets
Title VI of MiCA establishes a bespoke market abuse regime for cryptoassets. It defines the concept of inside information in relation to cryptoassets and requires the public disclosure of inside information for issuers and offerors seeking admission to trading. It prohibits insider dealing, the unlawful disclosure of inside information, and market manipulation, and expressly imposes requirements relating to systems, procedures and arrangements to monitor and detect market abuse.
When will MiCA enter into force?
MiCA will enter into force 20 days after its publication in the Official Journal of the European Union. The majority of the requirements will apply 18 months after it enters into force. However, the asset-referenced tokens and e-money token requirements will apply 12 months after the entry into force date.
Issuers of asset-referenced tokens other than credit institutions that issued asset-referenced tokens in accordance with applicable law before 12 months after MiCA enters into force may continue to do so until they are granted or refused an authorisation, provided that they apply for authorisation before 13 months after MiCA enters into force. Credit institutions that issued asset-referenced tokens in accordance with applicable law before 12 months after MiCA enters into force may continue to do so until the cryptoasset white paper has been approved or rejected, provided that they notify their competent authority before 13 months after MiCA enters into force.
CASPs already legally providing their services at the date on which MiCA applies may continue to do so until 18 months after the date or they are granted or refused an authorisation, whichever is sooner.
What steps should cryptoasset firms take now?
Firms that are potentially in-scope of MiCA should perform a gap analysis and impact assessment of MiCA on their business models. Ensuring compliance with MiCA is likely to constitute a significant undertaking for firms and firms should not underestimate the time it will take to implement MiCA, including applying for authorisation and implementing MiCA requirements into their systems and processes The first step firm’s should take is consider whether their existing activities fall within scope of MiCA. If so, they will be required to either notify the relevant national regulator or seek authorisation depending on whether they are already authorised financial institutions. Gibson Dunn’s lawyers have a current, substantive and technical understanding of the ever-evolving world of digital assets and would be delighted to assist you with you MiCA implementation projects.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact the following members of Gibson Dunn’s Global Financial Regulatory teams in London and Dubai:
Michelle M. Kirschner – London (+44 (0) 20 7071 4212, email@example.com)
Martin Coombes – London (+44 (0) 20 7071 4258, firstname.lastname@example.org)
Sameera Kimatrai – Dubai (+971 4 318 4616, email@example.com)
© 2023 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice. Please note, prior results do not guarantee a similar outcome.