The EU Regulatory Framework for Crypto Assets after the recent turmoil - a comparison between the EU MiCAR and the FSB recommendations

Written By

johannes wirtz Module
Johannes Wirtz, LL.M. (London)

Partner
Germany

As partner in our Finance & Financial Regulation Group in Frankfurt, I advise our national and international clients on banking regulatory issues and finance law.

giuseppe dagostino Module
Giuseppe D'Agostino

Of Counsel
Italy

I joined Bird & Bird in March 2020 as Of Counsel, taking up the position of Co-Head of the International Finance & Financial Regulation Practice with a focus on regulatory compliance and FinTech.

The recent turmoil in the world of crypto-assets has drawn the attention of key policymakers around the world to the need to subject the entire crypto-asset industry to an effective system of regulation and supervision. Indeed, the magnitude of the events raises important questions about the protection of those who have invested their savings in good faith in these digital assets and the need to avoid any spill over effects on financial markets in the future.

Introduction

The Financial Stability Board (FSB) published a set of recommendations on the regulation and supervision of crypto-asset activities for consultation on 11 October 2022, inviting feedback by 15 December 2022. The FSB will finalise the proposed recommendations by mid-2023 in light of the feedback received from the public consultation. 

On 24 September 2020, the European Commission published a proposal for a regulation on crypto-asset markets (MiCAR) as part of the digital finance package, with the aim of creating a European framework for crypto-assets, in order to promote innovation while ensuring consumer (investor) protection, market integrity and financial stability. On 5 October 2022, the Council published a final compromise text with a view to an agreement. Adoption is now subject to the position of the European Parliament at first reading.

Based on these two documents, we would like to take stock of these two approaches. In particular, we would like to highlight the rationale of the MiCAR structure in light of the FSB recommendations and provide some observations on possible shortcomings (and its potential effects).

Definition of crypto-assets

As a background to what MiCAR and the FSB’s recommendations aim to regulated, the definition of crypto-assets is important. There might be crypto-assets which are out of scope in  the proposals.

The FSB’s recommendations refer to an FSB document from October 2020: Regulation, Supervision and Oversight of “Global Stablecoin” Arrangements: Final Report and High-Level Recommendations. In such document, the definition of crypto-asset can be condensed to ‘a digital representation of value, which can be used for payment or investment purposes that depends primarily on cryptography and distributed ledger or similar technology. This does not include digital representations of fiat currencies’.

The MiCAR (compromise text) defines crypto-assets as ‘a digital representation of a value or a right which may be transferred and stored electronically, using distributed ledger technology or similar technology’. Thereby, it does not only go beyond the current EU regulation for virtual assets as set out in Directive (EU) 2018/843 (AMLD5), but is also broader than the term used by FSB.

MiCAR – The European approach

The European Union has a stated and confirmed policy interest in developing and promoting the adoption of transformative technologies in the financial sector, including distributed ledger technology (DLT). Crypto-assets are one of the main applications of DLT that have the potential to bring significant benefits to both market participants and retail holders.

A primary condition for the development of crypto-asset markets is the creation of a 'dedicated and harmonised' legal framework to provide legal certainty for issuers and providers of crypto-asset services that fall outside the scope of current EU financial services legislation. The legislative measure will take the form of a regulation to be binding in its entirety and directly applicable in all Member States.

The absence of harmonised rules applicable in the EU (with the exception of anti-money laundering rules, for providers of crypto-asset services) such as exchanges/trading platforms, custodian wallet providers, exposes consumers and actual investors to substantial risks but could also jeopardise the possibilities for future market development, if its integrity is ever damaged.

The MiCAR approach is holistic: it takes into account all participants in the crypto-asset market (consumers/investors, issuers, service providers), as well as national competent authorities and European authorities (EBA and ESMA).  MiCAR is constructed as a special regulatory and supervisory regime for crypto-asset offerings and services provided to the public, largely inspired by the approach of the financial sector regulatory framework (Mifid II, Prospectus Regulation, Market Abuse Regulation), as evidenced by several comparable specific requirements for issuers/offerors of crypto-assets/service providers and rules on the powers of the competent authority (e.g. product intervention powers).

According to Recital (12a) of MiCAR (compromise text), crypto-asset services provided in a fully decentralised manner do not fall within its scope. In MiCAR, however, this does not lead to an unregulated space in which service providers can act, for example, as gatekeepers; as another specification in the same MiCAR Recital shows, operators providing crypto-asset services and who do not have an identifiable issuer (i.e., those typically governed in a decentralised system) are 'fully covered by this Regulation'. This makes it clear that crypto-asset services relating to bitcoin falls under MiCAR. On the other hand, it is doubtful whether fully decentralised systems are actually in the market (or will be in future) or whether most of the systems labelled as ‘decentralised’ are merely so called ‘decentralisation theatre’ with a gate keeper and someone exercising control. In any case, the European Commission will review and assess the developments of decentralised finance within 48 months after MiCAR enters into force.

The decision to construct a regulatory space dedicated to serial (fungible and transferable) crypto-assets, other than those constituting the digital representation of products/services regulated by existing financial sector regulation, does not appear to be an entirely coherent move. Indeed, the reasons for this regulatory construction are to be found in the objective of ensuring an orderly market for crypto-assets that have potential financial implications for the European economic and financial system, as evidenced by the following circumstances:

  1. Two most important categories of crypto-assets regulated by MiCAR (e-Money Token and Asset-referencing Token) are in fact financial products;
  2. Exclusion from the scope of MiCAR of crypto-assets that are unique and non-fungible with other crypto-assets or that represent unique and non-fungible physical services or physical goods is justified by the fact that "[s]uch features limit the extent to which these crypto-assets can have a financial use, thus limiting risks to users and the system[....]" (Recital 6b);
  3. EBA and ESMA, i.e. two of the European Supervisory Authorities (ESAs) of the European System of Financial Supervision (ESFS), are called upon respectively, to oversee the supervision of so-called significant issuers of e-money tokens and asset-referencing tokens and to establish a register of crypto-asset white papers, asset-referenced token issuers, issuers of e-money tokens and crypto-asset service providers;
  4. Crypto-asset services should be considered 'financial services' as defined in Directive 2002/65/EC concerning the distance marketing of consumer financial services, if the criteria of that directive are met (recital 55); 
  5. It is envisaged that the national authorities responsible for the supervision of crypto-asset service providers (which fall within the scope of MiCAR) will be those in the financial sector;
  6. Reduced barriers of entry for regulated entities. Some of the categories of crypto-assets can only be issued by financial institutions (regulated under CRD or E-money Directive). In addition, financial institutions (regulated under CRD or MiFID) can provide crypto-assets services with only a notification requirement. 

However, the problem of the interaction between MiCAR and the existing financial regulatory framework is avoided by a formal 'stratagem': the scope of the MiCA regulation is limited to crypto-assets that do not qualify as financial instruments, deposits, funds under EU financial legislation, non-life or life insurance contracts, pension products, schemes and social security schemes under other EU sectoral legislation. Drawing the line between some financial instruments based on the blockchain and (currently) unregulated blockchain products has caused issues in the past which are not solved by MiCAR.

The classification of tokens is not an easy task: it is the responsibility of the issuer or offeror of crypto-assets to explain to the competent authority, at the time of notification of the white paper, why the crypto-asset described therein is not excluded from the scope of MiCAR. In any case, "competent authorities should be able to suspend a public offer or admission to trading of crypto-assets when identifying difficulties in the classification of crypto-assets” (Recital 65).

These difficulties are well considered by the EU co-legislators, who call on ESMA and EBA to “utilize their powers under the ESAs Regulation to ensure a consistent and coherent approach to such classification” (Recital 6a). In this regard, ESMA is to issue guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments within 18 months of the entry into force of MiCAR (Art. 2, MiCAR compromise text).

FSB’s recommendations

In contrast, the FSB directly calls on financial authorities to help establish a comprehensive and robust regulatory and supervisory framework for crypto-assets and related markets, as 'the crypto-asset ecosystem features a wide range of functions and activities, many of which resemble those in the traditional financial system”. 

The FSB's recommendations apply to all types of crypto-asset activity and related issuers and service providers, including those conducted through DeFi protocols.

The term DeFi ("Decentralized Finance") refers to an open, decentralized, permissionless and autonomous DLT-based financial ecosystem. In reality, since many self-defined DeFi protocols involve centralization in one or more areas, the FSB takes the view that financial supervisors should inquire into the nature of DeFi systems, i.e., whether there are persons in a position to exercise effective control, including by granting access to DeFi protocols and/or having the power to change their rules. 

To avoid circumvention of financial regulation, according to FSB, developers of a DeFi protocol (not just players) should also be subject to regulation and supervision.

Although the degree of interconnectedness with the crypto-assets markets is still low, the FSB fears that further developments in this area could have a significant impact on the regulated financial system, with unpredictable effects on the real economy.

Therefore, the FSB believes that the risks to financial stability arising from contagion effects can be contained and managed by creating a level playing field between regulated financial market participants and largely unregulated crypto-asset intermediaries and service providers, in light of the 'same business, same risk, same regulation' principle. The very recent cases of collapse of large crypto-asset service providers call for initiatives to address the vulnerabilities of the crypto-asset ecosystem fuelled by, inter alia, inadequate business models, weak governance, inadequate risk management system and inadequate consumer and investor protection. 

To this end, the FSB has made regulatory recommendations on transparency, accountability, market integrity, investor / consumer protection, anti-money laundering and anti-terrorism protection across the crypto-asset ecosystem. 

Furthermore, the FSB provided recommendations for uniform and comprehensive supervisory and oversight approaches based on increased international cooperation, coordination and information sharing between authorities, given the global nature of crypto-asset activities. Indeed, national supervisors have only a partial and potentially inaccurate picture of the risk scenario arising from crypto-asset activities, due to a significant lack of information and data.

FSB recommendations and MiCAR

Comparing the FSB recommendations on the powers to be given to the competent authorities with the MiCAR provisions on the same subject, no structural differences can be seen.

However, the FSB's activities considered in the scope of regulatory and supervisory authorities also include, inter alia, the following activities not included in MiCAR:

  1. Protocol development, smart contract design and choice of consensus mechanism;
  2. Operating the infrastructure and validating transactions;
  3. Noncustodial wallet provisioning (including the sale of software and hardware for non-custodial wallet);
  4. Use as collateral to borrow other crypto-assets, including stablecoins;
  5. Loans in crypto-assets; and
  6. Insurance of digital assets (e.g. crypto-assets wallets). 

 FSB recommendations for the regulation, supervision and oversight of crypto-asset activities and markets

 

 
1. Regulatory powers and tools

Authorities should have appropriate powers and tools and adequate resources to regulate, supervise and control crypto-asset activities and markets.


 2. General legal framework

Authorities should apply to crypto-asset activities and markets effective regulation, supervision and oversight proportionate to the risk to financial stability they pose, in line with the principle 'same business, same risk, same regulation'.

 
3. Cross-border cooperation, coordination and information sharing

Authorities should cooperate and coordinate with each other, both domestically and internationally, to promote efficient and effective communication, information sharing and consultation to support each other, where necessary, in fulfilling their respective mandates and to encourage consistency in regulatory and supervisory outcomes.

 
4. Governance

The authorities should require crypto-assets issuers and service providers to have and disclose a comprehensive governance framework.


 5. Risk Management

Authorities should require crypto-asset service providers to have in place an effective risk management framework that comprehensively addresses all material risks (including technological risks) associated with their activities, commensurate with the risk, size, complexity and systemic importance of those activities and the risk to financial stability that may be posed by the activity or market in which they participate.

 
6. Data collection, recording and reporting
  • Authorities should require that crypto-assets issuers and service providers have robust facilities for the timely and accurate collection, storage, safeguarding and reporting of data, including the necessary policies, procedures and infrastructure.
  • Authorities should have access to data to the extent necessary and appropriate to fulfil their regulatory, supervisory and oversight mandates.

 7. Disclosure

The authorities should require that crypto-assets issuers and service providers disclose full, clear and transparent information to users and stakeholders about their operations, risk profiles and financial conditions, as well as the products they provide and the activities they conduct.


 8. Addressing risks to financial stability from interconnections and interdependencies
  • Authorities should identify and monitor relevant interconnections, both within the crypto-asset ecosystem and between the crypto-asset ecosystem and the broader financial system.
  • The authorities should address the risks to financial stability that arise from these interconnections and interdependencies.
 9. Comprehensive regulation of crypto-asset service providers with multiple functions
Authorities should ensure that crypto-asset service providers that combine multiple functions and activities, e.g. crypto-asset trading platforms, are subject to appropriate regulation, supervision and oversight that comprehensively address the risks associated with individual functions and the risks arising from the combination of functions, including requirements regarding the separation of certain functions and activities, as appropriate.

 

Final considerations

The sense that the regulatory effort of the European institutions in this field has been important and good to regulate this area of activity has so far lacked operational limits, rules of conduct and controls on international level. The choice made is to create a special regime for crypto-assets that do not fall under the notion of financial services. However, some fundamental issues related to MiCAR crypto-assets remain unresolved, while the designed regulatory solutions create friction with similar existing regulations in the financial sector.

A general observation is that, despite the declaration of the Union's interest in 'developing and promoting the adoption of transformative technologies in the financial sector', MiCAR focuses only on Distributed Ledger Technology (DLT)[1] and similar technology. While in MiCAR, it remains unclear what ‘similar technologies’ are, it does not explicitly cover activities that take place in infrastructures based on other, unsimilar types of technologies. Particularly the following:

  1. Clear guidance on the exercise of ownership rights over tokenized assets is needed to address open questions regarding the legal status of tokens and settlement finality (i.e., EU member states need to create a private law of crypto-assets);
  2. The introduction of ad-hoc rules on market abuse, the content of the White Paper on public offer and admission to trading of crypto-assets as well as the organisation and conduct rules and prudential requirements of crypto-asset service providers, will create a burdensome regulatory cross-over with equivalent financial sector regulations;
  3. Issuers of asset-referenced tokens are comparable to investment fund managers, in that MiCAR provides a permanent redemption right for their holders (against which a compounded and managed asset reserve must be set up to address liquidity risks);
  4. The differences are notable in the case of crypto-asset activities conducted entirely through DeFi protocols, which are not subject to MiCAR, a circumstance that tends to create a large room for legal arbitrage and considerable differences on the identification of the playing field for technological reasons[2]; and
  5. The regulatory provision stating that crypto-asset service providers for which the issuer is not identifiable (such as bitcoin) are fully subject to MiCAR is to be welcomed, as it curbs the possibility of market fragmentation.

Indeed, unlike the FSB's approach, the special regime defined by MiCAR for crypto-assets seems to challenge the general principle of technology regulatory neutrality that has always been a pillar of EU financial sector regulation. So much so that DORA, designed to harmonise the regulation of technology risk for financial institutions, also applies to crypto-asset service providers licensed under MiCA and to asset-referenced token issuers. 

It is therefore to be expected (and desirable) that the current MiCAR text will be extensively revised in a few years' time.

 

[1] The definition of a DLT, contained in Article 2 of Regulation (EU) 2022/858 on a pilot scheme for market infrastructures based on distributed ledger technology, is: information repository that keeps records of transactions and that is shared across, and synchronised between, a set of DLT network nodes using a consensus mechanism”.

[2] The problem is also well in the minds of the co-legislators, since the European Commission is required to submit a report - 48 months after the entry into force of the regulation - to the European Parliament and the Council on the application of MiCAR, including, among other topics, an assessment of the necessity and feasibility of regulating decentralised finance.

 
 

Latest insights

More Insights
Bank card propped up against laptop

Germany: BaFin updates AML guidance

Dec 19 2024

Read More
Colourful building

FinTech Features December 2024

Dec 18 2024

Read More
digital data security

Online Safety: Illegal Harms Codes of Practice and categorisation thresholds laid before Parliament, new critical deadlines for digital services

Dec 16 2024

Read More