Market in crypto assets regulation: where we stand now

On 29 June 2023, the European Union’s (EU) Markets in Crypto Assets Regulation (MiCA) entered into force. It is being implemented in stages depending on the provisions, between June and December 2024. The regulation, which provides clearer rules for crypto-asset service providers and token issuers, is much needed for this fast-changing industry. The rapidly approaching application, however, brings compliance challenges for some firms, especially the smaller ones. This article provides an overview of MiCA and how it might affect the industry.

MiCA is only one of three legislative texts of the Digital Finance Package

MiCA is one of three legislative texts that form part of the European Commission’s Digital Finance Package. The others are the Pilot regime for market infrastructures based on distributed ledger technology (DLT Pilot Regime), and the Digital Operational Resilience Act (DORA).

MiCA establishes a single EU-wide comprehensive regulatory framework for digital assets. The overarching objective of the regulation is the provision of legal certainty, investor protection, market integrity and financial stability for participants in the digital assets industry.

Taxonomy of crypto-assets under MiCA

The regulation defines crypto assets as “a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology”.

Stablecoins, tokens whose value purports to the value of another asset, covered by the regulatory text include:

  • Asset-referenced token (ART) – references the value of several fiat currencies, one or several commodities, one or several crypto-assets, or a combination of such
  • Electronic money token (EMT) –references the value of one fiat currency, which is legal tender

The text defines the rest as “other crypto-assets” – a catch-all category (including virtual currencies), capturing all types of crypto assets that are not ARTs or EMTs. In addition, utility tokens are identified as a digital asset which provides access to a good or service on the DLT supplied by the issuer.

The regulation clearly states that it does not cover, security tokens which qualify as financial instruments, structured deposits, securitisations or e-money under other relevant EU regulations (i.e. MiFiD II, CRR, CRD, EMD2), digital currencies issued by central banks (CBDC) or by other public international organisations (i.e. IMF). MiFiD II has been transposed by each EU member-state, while MiCA is a directly applicable EU law. Effectively, this might bring one tokenised financial instrument under MiFiD II in one member-sate and under MiCA in another.

Unique non-fungible tokens (NFTs) are also excluded, however, fractionalised NFTs fall under MiCA, and NFTs qualifying as financial instruments fall under MiFID II. While this is a good starting point, having in mind the relevance of all types of NFTs in the digital assets’ space, policy guidance should be supplied for them.

Regulatory regime for issuers of stablecoins

The issuers of ARTs and EMTs are subject to additional requirements outlined in a bespoke regulatory regime.

The issuers of ARTs may be either a credit institution or a legal entity incorporated in the EU and authorised under MiCA. To obtain such special authorisation, the entity shall comply with various prudential requirements (i.e. minimum capital, reserve requirements) as well as conduct, governance, and organisational requirements.

The issuers of EMTs should be authorised either as a credit institution (2013/36/EU), or as an e-money institution (2009/110/EC).

For both types of stablecoins, the authorised entity must issue a white paper including particular data and share it with the National Competent Authority (NCA) and the public. Similar to the existing EU-passporting rules for financial institutions, their authorisation is valid through all EU member states.

The reserve assets that form the stabilising mechanism of an ART token, must be maintained and safeguarded in a strictly defined manner and custodied with a MiCA-licensed custodian, investment firm, or credit institution (depending on the asset nature). There should also be a clear policy for the applied stabilisation mechanism, and the holders of tokens must be provided with permanent redemption rights at any moment. A reporting and control mechanism must be in place with the issuing entity so that the local NCA receives the requested data quarterly.

The issuer of an EMT token is required to be ready to redeem at any moment and par value the monetary value of EMTs in circulation. Certain details outline that a minimum of 30% of the received funds must be deposited with a credit institution, while the rest are invested in low-risk high-liquidity instruments denominated in the token-referenced currency.

Based on certain criteria, the EBA will be able to classify some ART/EMT tokens as significant and will have direct supervisory authority over their issuers. The rest will be supervised by the NCA of the country of establishment. The introduction of a new supervisory regime like MiCA presents the need for new supervisory roles and resources. In a press release from September 2022, the EBA Chairperson, José Manuel Campa, announced the institution’s firm intent to be ready for this new mandate. In addition, the development of an oversight and supervisory capacity for MiCA is listed as a main EBA priority in their 2024 work programme.

Regulatory regime for issuers of other crypto-assets

Before a crypto-asset is offered to the public in the EU, the offeror has to publish a white paper, which follows a defined format and content requirements. The document must include information regarding the issuer, the digital asset, and all rights and obligations attached to it, a fair description of the inherent risks, the underlying technology, the investments, and adverse environmental implications of the applied consensus mechanism.

The NCA of the member state where the issuer will be offering the asset must be notified at least 20 days before the issuance of the white paper and all the EU countries where the asset will be offered must be listed (that’s how the issuer can take advantage of the EU-passporting regime). Although the issuer does not need a supervisor’s approval to offer a token, the supervisory authority retains the power to suspend or prohibit an offer at any time if the rules stipulated in MiCA are breached.

The regulation contains additional requirements on marketing communications as well as a clause requiring member states to hold the issuers liable under applicable national law (civil liability) for the provided information.

Regulatory regime for Crypto Assets Service Providers (CASPs)

MiCA introduces a long list of requirements that apply to CASPs. CASPs’ are defined as legal persons (or other undertakings) whose occupation or business is the provision of one or more of the following services:

  • Custody and administration of crypto-assets on behalf of clients
  • Operation of a trading platform for crypto-assets
  • Exchange of crypto-assets for fiat currency that is legal tender
  • Exchange of crypto-assets for other crypto-assets
  • The execution of orders for crypto-assets on behalf of clients
  • Placing of crypto-assets
  • Reception and transmission of orders for crypto-assets on behalf of clients
  • Providing advice on crypto-assets
  • Providing portfolio management on crypto-assets
  • Providing transfer services for crypto-assets on behalf of clients

The regulatory text defines also an authorisation scheme which follows the existing principles of licensing for financial institutions in the Union and allows for EU-wide passporting. The text defines key requirements covering capital levels (prudential), governance, complaints handling and conflict of interest, outsourcing, market abuse, safeguarding of clients’ funds and ESG disclosures. Additional requirements are listed for specific CASPs –  i.e. crypto-custodians, trading platform operators, provision of advice, etc.

A register of all authorised CASPs in the EU will be maintained by ESMA and publicly available.

Equivalence regime  

MiCA creates an equivalence regime for certain regulated institutions and allows them to provide crypto-asset services based on their existing licenses. Examples are MiFID II investment firms and market operators, credit institutions under CRD/CRR, electronic money institutions under EMD II, UCITS management companies or AIFM, and central securities depositories. This obviously presents an advantage for such already-regulated institutions that plan to get involved in the digital assets industry.

Ongoing consultations

Although MiCA entered into force in June 2023, the regulation includes a substantial number of level 2 and level 3 measures, which need to be developed before the new regulatory regime starts applying (in June and December 2024). Level 2 measures involve more detailed rules – regulatory technical standards (RTS), which are developed to implement the MiCA framework. Level 3 measures – implementing technical standards (ITS), are about consistent implementation and application of all the rules across the EU.

As of now, EBA has published three consultation packages while ESMA has issued 2, and a third one is expected shortly. There are ongoing public hearings by the EBA on the topics discussed in the consultations. The final RTS and ITS documents should be readily available before the entry into the application of the new regime.

What does MiCA mean for the crypto-assets Industry?

Activity in recent years has shown that there is interest in the investment opportunities provided by crypto-assets Existing regulations were however until now not sufficiently tailored to this relatively recent industry. MiCA will now provide regulatory clarity and security that were not present before, providing issuers with a transparent and harmonised framework to comply with This is expected to enhance the market confidence to invest and engage with the technology and the assets available.

Although the introduction of MiCA introduces a much-needed regulatory framework for this fast-developing sector, the regulatory burden suddenly also increases. The requirements introduced for issuers are far-reaching and will have a broad range of strategic, operational, and cost implications for firms. This is expected to be particularly challenging for smaller firms that may not have been subject to other financial services regulations.

To stay in business, firms will either have to build their own internal capacity and resources to comply or develop synergies with other, possibly bigger, players in the market. Failures to comply may lead to fines or even exiting the EU market altogether.

Only time will show how the institutionalisation of this industry will develop under these new and evolving regulatory requirements. Meanwhile, firms need to ensure they fully understand the implications of these new requirements and invest in getting ready.    

Meglena Grueva

Head of Digital Assets Solutions, Mazars in Germany - Frankfurt