Crypto & Proposals for new European Regulation

The Build-Up

It is now more than a decade since bitcoin was created and some are asking whether the cryptocurrency world will attract some form of specialised regulatory coverage. If so, will it be treated like FX, which in many countries is unregulated as regards trading on a spot basis, but often regulated in terms of derivatives and funds? Will it be bespoke or will some other regime apply?

Legal and regulatory development has lagged far behind technological development in this area. Development of appropriate law and regulation has been sporadic and uncoordinated internationally. Commercially, bitcoin is very much the market leader, but there are now hundreds of cryptocurrencies in issue. Commercial use has started developing and you can now pay school fees or professional bills in cryptocurrency. Central Banks are debating about introducing their digital currencies and the Chinese have started their first trial use.

Regulation usually follows the emergence of a new asset class, and cryptocurrency looks like it will be no exception. The region of the world which has the most experience of coordinating legislation and regulation across countries is the European Union, so it should be no surprise that the EU is leading the way in this area too. The EU published its proposed Regulation on Markets in Crypto Assets (MiCA) on 24th September. It is the the most comprehensive approach of anywhere to date. This blog focuses on the key points unless you would like to read all 188 pages of the proposal (see here). This is within the EU Digital Finance Strategy published the same day (see here).

The EU is trying to find the sweet spot between encouraging innovation, protecting customers (and the crypto markets), and achieving a commonality of approach across Europe. This represents a tough challenge, but the good thing is that the EU is open to ideas and argument in the formulation of any regulatory regime.

Cryptoassets EU style

All those involved in crypto assets tend to have their view as to what a crypto asset is, and there is as yet no accepted global definition. From the EU’s perspective, with 24 official languages, taxonomy is important. Note also that this proposal is a regulation of direct applicability across the EU rather than a directive requiring implementation in each Member State. It is proposed that all those issuing crypto assets not just in the EU, but into the EU from elsewhere, will be subject to MiCA. As to crypto-assets, coverage will include utility tokens, payment tokens, stable coins (those referenced to an asset to try and reduce volatility), and e-money tokens. There are some carve-outs, so MiCA will not apply to crypto-assets which are already covered by other EU legislation, such as security tokens. MiCA will also not apply to CBDCs, Central Bank Digital Currencies. This is to try to ensure that Central Banks retain control over monetary policy, and are able to handle any particular risks which may pertain to their use of this new asset class.

Cryptoasset Services across the EU

There are few surprises in relation to proposed regulation of crypto asset services across the EU. The proposed regime mostly mimics the current regimes applicable to financial and payment services, so proposed coverage is:

• custody and administration of crypto assets

• operation of a trading platform for crypto assets

• exchange of crypto assets for fiat currency (e.g. Euro, Sterling, etc.)

• exchange of crypto assets for other crypto assets

• execution of orders for crypto assets on behalf of third parties

• placement of crypto assets

• reception and transmission of orders for crypto assets

• advice on crypto assets

If you plan to provide payment services as part of your crypto asset services, you will also need payment service authorisation under the regime known as PSD2. Otherwise, you will have to appoint a PSD2 authorised institution to provide that part of your service.

If you are regulated under MiCA then you will be able to conduct your business across the EU under the “passporting” arrangements. In essence, this means you will need an operation incorporated in one of the EU Member States, which will give your operation the necessary EU legal personality. The passport enables you to establish a branch, or provide cross border services into, another EU Member State, without having to be separately authorised in that host Member State.

Member State legislation and regulation may not be rendered otiose by MiCA. For example, spot FX trading falls outside the scope of EU regulation and the UK regulation, but not in certain other states like Germany and the Netherlands, so bear this in mind in planning. It may also be that local advertising and other rules apply, and there may be linguistic, logistical and cultural considerations to take on board to give your plan a chance of success.

If you are outside the EU, only deal with non-EU entities and have no element whatsoever of your business running through the EU then you will be subject to whatever regulation may apply in the countries and jurisdictions in which you do operate.

Impact of Regulation

Many fear regulation, particularly innovators. Yet regulation, if done well, can have a number of benefits. It can act as a badge and increase consumer confidence, thus encouraging markets to grow. Regulators and law enforcement do take steps to keep bad actors at bay. Many of the rules are the legislative embodiment of what a sensible strong company should be doing. Setting up your regulatory function so as to be effective and efficient, as well as scalable and agile, from ground zero, will help your long term growth and profitability.

In practical terms, regulation will entail:

• authorisation in one of the Member States to obtain EU legal personality, or in one of the EEA/non-EU states, or in the UK or other jurisdiction if there is an agreement to do so

• initial and ongoing capital adequacy requirements

• fitness and propriety of staff

• operational trading and settlement procedures

• IT system capability, security, resilience and redundancy

• robust risk management procedures, including risks pertaining to the outsourcing of any key functions

• record keeping and reporting

• procedures to protect clients, especially their assets, treat them fairly, avoid conflicts of interest and handle any complaints

• marketing procedures such that marketing is legal, decent, honest and truthful, including appropriate risk warnings

• anti-financial crime procedures (against money laundering, corruption, fraud, etc.)

• ongoing training (as opposed to awareness) in order to ensure the above works and continues to do so

These are the generic requirements, and more specialised requirements may apply if you are doing something a bit more specialised than general crypto-asset services, such as running a crypto exchange. If you are the entity issuing the crypto assets, do be aware of other specialised regulation, so you will have to issue something more akin to a mini prospectus as opposed to the white papers which have been seen so far in the crypto sector. Don’t forget other general business-related regulation on matters such as employment, data protection, tax, or corporate disclosure. This might seem like an extensive shopping list, but there are over 600 regulated banks in the UK, and 25,000 other financial institutions, so all is possible.

Impact of Brexit

At time of writing, the likely impact of Brexit is hard to gauge. If there is a deal between the UK and EU (which was looking somewhat unlikely), there may be a chance that the passporting possibility will continue, though most have been preparing for the lack of such a deal (branches of EU banks have been converting to UK entities, for example). The terms of any deal will also be crucial. There was an argument in the UK that Brexit would enable the UK to make its own rules. This is true, but in economic terms, if the UK rules were to diverge too far from those in the EU (and there will be plenty of EU Member States watching and analysing UK rules), the EU would not grant “equivalence” to the UK, which would make EU/UK trade much harder. The history of UK financial regulation over the last few decades has painted a different picture, however, with the UK Parliaments and ministries keen to “gold plate” (or should that be “lead weight”) UK rules to make them “stronger” than elsewhere. It certainly appears that there will be no implementation period so market participants will be unable to plan in the usual way and will need to keep all options open (no pun intended). If EU crypto asset markets are perceived to be a safer place for investment and operation, the UK could start to diminish. The economic gravitational pull of one of the world’s largest markets so close to the UK shores will likely mean that UK rules will be incapable of massive difference if the UK wants to maintain its role in the global financial system. The upcoming consultation on the UK regulation of stable coins (which was announced on 9th November by the Chancellor, Rishi Sunak) will be a potentially useful guide to UK government thinking on a future UK crypto asset regulatory regime.

Conclusion

Like it or not, regulation is on its way, so the best strategy is to keep an eye on its development, and add your input where necessary. EU measures are known for their longer consultation processes than the individual Member States and there is usually an implementation period, as well as carve-outs for lighter touch regimes where needed. This is the fastest-growing area of financial markets and is likely to remain so for some time to come.

This is a guest blog post by Quentin Downes. Quentin has a long career and a multitude of experience in risk and compliance recruitment spanning over 17 years and his company Twenty84 is a specialist financial recruitment firm providing retained, permanent and contract resourcing services across risk, compliance, financial crime and regulatory change in the cryptocurrency, digital assets, fintech, and regtech sectors. Twenty84 is a fellow member of CryptoUK, the self-regulatory trade association for the UK crypto asset industry, established to promote higher standards of conduct.