ESMA publishes its opinion on global crypto firms using their non-EU execution venues

The Market in Crypto-Assets Regulation (Regulation (EU) 2023/1114) (“MiCAR”) starts to apply in full on 30 December 2024. As we go, more and more clarity is brought by the European Supervisory Authorities (“ESAs”) on application of various parts of the MiCAR. Bird & Bird have covered it in client alerts that can be found here and here and has published a document dedicated to MiCAR: The Road to MiCAR. While ESAs provide clarity mostly for EU-based institutions that will be subject to MiCAR, one of the ESAs - the European Securities and Markets Authority (“ESMA”) - has on 31 July 2024 published its opinion aiming at global crypto firms, Opinion to support the convergent application of MiCA (ESMA75-453128700-1048) (“Opinion”). 

What is the Opinion about? 

The Opinion is addressed to national competent authorities in the Member States (“NCA”) and aims to tackle regulatory and supervisory arbitrage risks stemming from specific business setups of so called Multifunction Crypto-asset Intermediaries (“MCIs”) whereby MCIs would only seek authorisation under MiCAR for brokerage services (e.g. reception and transmission of orders, execution of orders for crypto-assets on behalf of clients and/or exchange of crypto-assets for funds or for other crypto-assets) while keeping a substantial part of their group activities (intra-group execution venues) outside the European Union (“EU”), and thus outside of MiCAR. The objective of the Opinion is therefore to share relevant criteria to promote supervisory convergence and support NCAs’ assessment of the intended business model and activities as well as the ongoing assessment of how such activities are carried out. 

Concerns raised in the Opinion are not new – similar concerns were raised already in the statement published by ESMA on 17 October 2023 where ESMA anticipated that MCIs (referred to as global firms in this statement) might seek operating under MiCAR framework “using group structures that tend to be complex and opaque”, thereby highlighting that these entities may engage in regulatory arbitrage. In light of these concerns, ESMA finds it important and necessary to offer clarifications in respect of certain provisions of MiCAR, in particular, in relation to MCIs and application processes under MiCAR. 

According to ESMA the envisaged risks are similar to what the NCAs encountered in the context of the UK’s decision to withdraw from the EU (Brexit), namely that the UK firms searched to maintain access to the EU market by creating EU entities or relocating activities to the EU – similar to that non-EU crypto-asset service providers (“CASP”) may seek to establish entities in the EU in order to retain access to the EU market while minimising the effective transfer of activities or functions to the EU. Consequently, given the similarity of the underlying issues and risks, the general principles developed by ESMA in so-called "Brexit Opinion" shall also apply in the context of MiCAR. In essence, the following principles shall be considered as guiding principles for NCAs when considering authorisation under MiCAR; 

1. Principles 2-8 in the Brexit Opinion, and 
   
2. Principles in sections 4-8 in the Opinion. 

Principles 2-8 in the Brexit Opinion

Principles 2-8 in the Brexit Opinion concern general principles to be applied by NCAs when assessing applications, which will also apply to applications pursuant MiCAR.  

Principle 2: Applications shall contain detailed information that is sufficient to assess the compliance with applicable rules. NCAs should apply strong scrutiny to, inter alia, the entities’ governance structure, human and technical resources, geographical distribution of activities, as well as outsourcing and delegation arrangements. NCAs should not grant authorisations where the intended activity indicates clearly that the entity has opted for the legal system of a Member State for the purpose of evading the stricter standards in force in another Member State within the territory of which it intends to carry on the greater part of its’ activities.  

NCAs should ensure that conditions set by the relevant legislation are met from day one of the authorisation. 

Principle 3: NCAs are expected to check that the planned EU-based activity is the main driver for relocation. The entity’s programme of operations should provide a clear justification for relocating to the Member State. NCAs shall specifically scrutinise applications where it appears that an entity intends to pursue the greater part of its activities in other Member States and will only grant authorisation if fully satisfied that the Member State of establishment was not chosen for the purpose of evading stricter standards in force in other Member States. 

Principle 4: Special attention should be granted to outsourcing arrangement and, in particular, oversees outsourcing, to avoid letter-box entities. 

Principle 5: Outsourcing and delegation to third countries is only possible under strict conditions; the responsibility for the outsourced parts will always remain with the financial company and it shall have full control of the outsourced activities. 

Principle 6: NCAs shall ensure that substance requirements are met meaning that the outsourcing arrangements shall be clearly structured and set up in a way that allows to efficiently and effectively supervise the outsourcing, should not impact business continuity, confidentiality and conflicts of interest. Certain key activities and functions should be present in the EU, in particular when these are key to the proper functioning of the regulated entity and consequently cannot be outsourced or delegated outside the EU.  

When it comes to crypto-asset services it is yet to be seen how this principle is to be applied by the NCAs since Distributed Ledger Technology (DLT) and blockchain systems introduce challenges to this principle. Given the rapid evolution of digital technologies, imposing strict centralised requirements may be at odds with the decentralised nature of DLT and blockchain systems, which typically operate cross-border as (public) open networks. This decentralised structure may make it difficult to ensure that key activities remain within the EU, as required by Principle 6. Additionally, the lack of clear regulatory guidance for fully decentralised systems could complicate enforcement and supervision, as traditional governance models may not apply effectively. Therefore, NCAs will need to find a balance between maintaining regulatory oversight and accommodating the unique, global characteristics of such technologies, adopting a flexible approach to regulation.

Principle 7: NCAs should ensure sound governance of the EU entities inter alia by ensuring that the board and management of the EU entity have the effective decision-making powers in relation to its compliance, even where it is a part of a corporate group. ESMA expects that the key executives and senior managers of EU authorised entities are employed in the Member State of establishment and work there to a degree proportionate to their envisaged role (though some flexibility may be accepted based on a case-by-case assessment). 

Principle 8: NCAs must be in a position to effectively supervise and enforce EU law and ensure that they have all the relevant information in order to properly supervise EU entities. 

Principles 4-8 in the Opinion 

Reverse solicitation: In accordance with MiCAR, third-country firms may not provide services in the EU with exception to the cases of so-called reverse solicitation, that is where the EU-based customer at own initiative contacts the third-country entity. Possibility to rely on reverse solicitation is a narrow exception that is further outlined through ESMA’s Draft Guidelines on reverse solicitation under MiCAR. The NCAs shall ensure compliance with Article 59 of MiCAR (authorisation requirements) and Article 61 of MiCAR (provision of crypto-asset services at the exclusive initiative of the client) both when assessing the authorisation application and on on-going basis and ensure that the application does not aim at obtaining a ‘legal cover’ in the EU for third-country firms which seek to solicit clients or prospective EU-based clients through a MiCAR-authorised entity (typically belonging to the same group), whilst still providing services from outside the EU. To that effect, when assessing applications of entities belonging to groups primarily established in third-countries, NCAs should review the current and planned organisation, structure and marketing policy of that group and assess how the overall activities fit within the group strategy and interact with the activities of the other entities of that group and also carefully consider during their assessment what the main activities conducted at group level are and ensure that these activities will not effectively be pursued and services be provided in the EU without relevant authorisation. In case of MCIs, NCAs should ensure that the applying entity would not seek to be authorised for MiCAR brokerage activities to be used for soliciting EU-based clients and thus providing services in the EU on behalf of a non-EU execution venue. Whilst MiCAR does not prohibit CASPs from routing, executing or hedging orders on non-EU execution venues, NCAs are responsible for assessing whether this constitutes solicitation of EU clients and provision of services in the EU by non-authorised entities in breach of Article 59 of MiCAR. The Opinion provides examples of circumstances that shall be regarded as very likely indications of unlawful solicitation of the EU-based customers, e.g. systematically routing orders to the group execution venue located outside the EU, limited sources of revenues (e.g. fees, commissions) for its brokerage activities with EU-based clients etc.

Conflicts of interests: In accordance with Article 72 of MiCAR, CASPs are required to identify, prevent, manage and disclose conflicts of interests, including activities of the group to which the CASP belongs. There is prominent risk of conflicts of interests in case of MCIs where these attempt to create synergies between their different activities by offering integrated services to the detriment of their clients. The combination of EU brokerage activities with execution venues belonging to the same group, especially the ones located in third countries and being subject to no or less strict requirements compared to MiCAR, should be regarded as a particularly risky combination of activities. NCAs should therefore pay particular attention to identification and handling of conflicts of interests by MCIs and not grant authorisations in cases where conflicts of interest have not been adequately managed. 

Best execution: Executing orders on a third country trading platform must comply with Article 78 of MiCAR that requires CASPs to take all necessary steps to obtain the best possible result when executing orders on behalf of clients, meaning that they must take into account the following factors: price, costs, speed, likelihood of execution and settlement, size, nature, conditions of custody of the crypto-assets as well as any other consideration relevant to the execution of the order. When assessing applications the NCAs shall pay particular attention to the application of this provision with respect to CASPs engaged in brokerage activities involving executing orders on behalf of clients and that are part of a group that includes execution venues (either through an entity executing orders on its own account and on a multilateral trading platform). Here it is essential to ensure that the EU broker has procedures and operational accesses that would allow it to execute transactions with the best possible results for its clients. 

Obligation to act honestly, fairly and professionally in the best interest of clients: Pursuant to Article 66 of MiCAR, CASPs shall act honestly, fairly and professionally in accordance with the best interests of their clients and prospective clients. When assessing CASPs acting as brokers the NCAs shall take into account the level of consumer protection offered by non-EU trading platforms (especially if not regulated) where the EU CASP intends to execute clients’ orders. 

Custody and administration of crypto-assets on behalf of clients: Where the execution process involves an execution venue (temporarily) taking custody of client assets, Article 75(9) of MiCAR prescribes that the CASP providing custody and administration of crypto-assets on behalf of clients relies on other entities to deliver that service, they should ensure that these entities have CASP authorisation in accordance with Article 59 of MiCAR, which means that where EU-authorised brokers route, execute or hedge orders and transactions on execution venues not authorised as CASPs in the EU, such execution venues are not allowed to at any point take custody of or administrate the crypto-assets belonging to EU-based customers, as this would not be compliant with Article 75(9) of MiCAR. 

Conclusions

Even though the Opinion is a so-called soft law, we expect that it will be treated seriously by the NCAs. It is addressed to NCAs, but market participants get a lot of valuable insights on how to prepare for the application processes and what needs to be addressed in the applications in order to comply with MiCAR, and obtain authorisation. Further, the Opinion also provides guidance for on-going MiCAR compliance. With just over four months to go until MiCAR starts to apply and some Member States having already started to accept licence applications, it is high time to start preparations for the application processes, even in such cases where Member States have chosen to allow grandfathering provisions to firms already in scope of local regimes. We expect that handling of CASP applications will be subject to thorough scrutiny by the NCAs, especially with view to the allegation that some NCAs might currently have a certain scepticism and limited understanding of crypto-asset services. 

As an international law firm, we recognise that the expansion of the regulatory space into previously unregulated areas, coupled with the maintenance of a siloed regulatory approach, may contribute to a perception of increased complexity within the financial marketplace. This complexity could potentially challenge the progress and implementation of 'product' and 'service' diversification strategies for our clients. Our role is to navigate this complex regulatory landscape and ensure that our clients are fully informed and strategically positioned to adapt to and comply with these evolving regulations while optimising their business opportunities.