Crypto-Assets, Distributed Ledger Technologies and Disintermediation in Finance: Overcoming Impediments to Scaling: A View from the EU

Abstract

The chapter presents an overview of the European Commission’s flagship legislative proposals for a new regulatory framework for crypto-activities in the European Union (EU) and a pilot regime to facilitate DLT experimentation by market infrastructures. To provide some context for the proposals, the chapter reflects on some of the issues industry, regulators and supervisors have encountered in seeking to reconcile innovative DLT applications with EU and national financial services law. The chapter goes on to outline the key elements of the legislative proposals, which are intended to mitigate risks effectively and facilitate the scaling-up of DLT and crypto-asset applications in the EU.

The views expressed in this paper those of the author and should not be taken to represent those of the European Banking Authority (EBA) or to state EBA policy. Neither the EBA nor any person acting on its behalf may be held responsible for the use to which information contained in this paper may be put or for any errors which, despite careful preparation and checking, may appear.

Introduction

Over the last decade, applications of distributed ledger technologies (DLT) and crypto-assets have been increasingly observed in the European Union (EU).¹ However, regulatory fragmentation and legal uncertainty have dampened levels of investment and limited scaling cross-border. This chapter reflects on the key challenges and goes on to consider initiatives intended to facilitate the scaling-up of DLT and crypto-asset applications in the EU while mitigating effectively the risks.

Part I: In Search of Clarity and Consistency: One Application, One Set of Rules?

From a technological perspective, successful experimentation and pilot projects have demonstrated the reliability and potential utility of DLT in multiple financial sector use cases, such as the issuance and settlement of bonds and other securities, the creation and management of crypto-assets, derivatives transactions, cross-border payments and trade finance.² However, technological success is not by itself sufficient to guarantee technological transformation. Instead, compliance and legal teams must respond satisfactorily to questions such as “what are the legal risks?”, “how will this be viewed by the supervisor?”, “do we need another licence?” and “can we do this cross-border?” in order to secure a green light for investment. For firms seeking to roll out DLT and crypto-asset applications in EU Member States these questions will not have been easy to answer in recent years due to challenges in reconciling emerging technologies with existing EU and national regulatory and supervisory approaches. Variations from one jurisdiction to another will have also posed further complications for those firms seeking to scale up their applications cross-border.

The reconciliation of emerging technology use cases with existing regulatory and supervisory approaches has also posed challenges for EU financial regulators and supervisors. In general, financial regulation and supervision should not prefer or prevent the adoption of a specific technology but where activities present similar risks, regardless of the technology used, they should be subject to similar regulation and supervision (technological neutrality and the “same risk, same rule” principle).³ However, increased market experimentation with DLT and crypto-asset applications has exposed inconsistencies in the application and interpretation of EU and national law and demonstrated a need for clarifications of, and in some cases changes to, regulatory and supervisory approaches.⁴

In this part we outline five key challenges with which firms, regulators and supervisors have had to grapple and which have informed initiatives intended to mitigate risk and facilitate responsible experimentation with, and the cross-border scaling of, DLT and crypto-asset applications in the EU (see Part 2—a Digital Finance Strategy for Europe).

Challenge 1: Establishing a Dialogue—Building a Culture of Openness to Experimentation

Following the emergence of so-called cryptocurrencies in 2008, regulators and supervisors in the EU initially focussed their efforts on mitigating money laundering risks and consumer detriment, notably with the European Supervisory Authorities (ESAs)⁵ issuing warnings to EU consumers and financial institutions about the risks posed by virtual currencies and advising on actions to strengthen the EU framework for anti-money laundering (AML) and counter-financing of terrorism (CFT).⁶

Against this background, firms seeking to pilot DLT and crypto-asset applications within the EU financial sector reported that they initially encountered varying levels of openness towards experimentation and challenges in obtaining early steers about possible supervisory acceptance and compliance expectations.⁷ As DLT and crypto-asset applications began to gain traction in a wider set of use cases and started to demonstrate real potential for efficiency gains (e.g. in the context of trade finance, cross-border payments and the trade and post-trade settings), regulators and supervisors started to augment their approach.

Notably, and against a wider background of accelerating technological innovation in the EU financial sector, many supervisors established innovation facilitators (typically in the form of regulatory sandboxes⁸ and innovation hubs⁹) to provide greater proximity with the industry to enable a more open and real-time dialogue about the opportunities and risks presented by novel technological applications in the financial sector.

These opportunities for closer dialogue via innovation facilitators are much welcomed by industry, but challenges remain. First, when engaging with supervisors via innovation facilitators communications tend to be bilateral, reflecting traditional approaches to the design of access points for innovation facilitators (typically, telephone lines, online portals and application processes operated by supervisory authorities). Second, of course supervisors express views as regards the application and interpretation of the regulatory perimeter and supervisory measures applicable in the Member State concerned. This means that a firm seeking to roll out a DLT solution cross-border may need to engage separately with supervisory authorities via their respective innovation facilitators, potentially receiving from each authority rather different steers as to acceptability of the application and supervisory expectations (see further Challenge 3).¹⁰

To help address these challenges, measures are now in place in the EU to help facilitate greater cross-border cooperation and coordination between innovation facilitators via the establishment of the European Forum for Innovation Facilitators (EFIF).¹¹ The EFIF provides a platform for supervisors to meet regularly to share experiences from engagement with firms through innovation facilitators, to share technological expertise and to reach common views on the regulatory treatment of innovative products, services and business models, thereby promoting multilateral discussion and consistency in supervisory approach towards applications of innovative technologies in the EU financial sector.

However, a common framework for cross-border experimentation monitoring is not yet in place and firms continue to have to engage with supervisors on a largely bilateral basis, potentially slowing down experimentation and roll-out of applications cross-border. Second, and crucially, although supervisors can exercise existing levers for proportionality in the context of the operation of regulatory sandboxes, they cannot use their powers to disapply regulatory requirements mandated under EU law.¹² This may mean that some potential technological applications cannot be tested, even under tightly controlled sandbox conditions, because of technical breaches of EU law; yet without the opportunity to test the case for regulatory change may not be borne out (a so-called “chicken and egg” situation). Finally, prior to the coming into force of an EU-wide approach (see further Part 2), challenges continue to arise from variations in the approach to regulating and supervising DLT and crypto-asset applications as explored below.

Challenge 2: Squaring the Circle: Traditional Intermediary and Process Requirements and Potential New Alternatives

The body of EU financial services law evolves continuously, tracking and in some cases even facilitating, the disintermediation of financial services from a relatively limited to a much broader range of market participants, and new business models and delivery mechanisms for financial services. For example, changes to the regulatory framework have enabled a disintermediation of some types of financial service, notably payment services,¹³ and market forces have prompted a rise in activity by “other financial intermediaries”, including those carrying out lending activity pursuant to schemes of national regulation.¹⁴

Taking account of the different consistent parts of the EU financial services sector, EU financial services law assumes, or in some cases even requires, the use of specific intermediaries (e.g. a central securities depository) or procedures (e.g. book entry) for risk management. However, applications of DLT may offer alternative processes for effective risk management. In this context, firms, regulators and supervisors face the challenge of determining whether these processes are capable of being reconciled with requirements under existing EU (and in some cases national) law, or whether clarifications or legislative changes are needed in order to achieve a fully technological neutral and harmonized approach in light of these technological advancements.

This challenge can be illustrated by a simple example drawn from the securities and markets context. Let’s assume a bond (a “transferable security” within the meaning of EU securities and markets law¹⁵) is to be issued and traded on a regulated trading venue using DLT. In accordance with Article 3(2) of the Central Securities DepositoriesRegulation (Regulation (EU) 909/2014) (CSDR),¹⁶ where a transaction in transferable securities takes place on a trading venue, the issuer must arrange for the securities to be represented in book-entry form with an authorized central securities depository as defined under Article 2(1) CSDR. EU legislation does not prescribe any particular method for initial book-entry form recording (so, potentially DLT could be used) but national rules may make specific provision which have the effect of precluding, for example, DLT-based records.¹⁷ In this case, although the EU legislation is “technology neutral” in the sense of not prescribing a specific mode for record keeping, the absence of specific provision leaves room for national discretion that may mean, depending on where a firm is established, DLT may or may not be used for this purpose, highlighting a challenge firms, regulators and supervisors are facing in reconciling DLT with existing regulation and navigating different approaches at the national level.¹⁸

Challenge 3: Identifying the Applicable Regulatory Requirements Where Activities Involve Crypto-Assets

Continuing the theme of challenge 2 (fragmentation), industry and regulatory and supervisory communities have had to grapple increasingly with the question of whether and how EU financial servicesregulation applies to applications of DLT entailing crypto-assets.

In the EU there is not yet an established “taxonomy” of crypto-assets.¹⁹ Instead, a case-by-case assessment must be carried out to determine whether: (a) a crypto-asset falls within the scope of EU financial services law, in which case specified activities involving such assets must be carried out in accordance with EU regulation, and (b) a crypto-asset falls within the scope of any Member State bespoke national law.²⁰

In terms of applicable EU financial services law, it is relevant to consider whether a crypto-asset qualifies as:

• “electronic money” pursuant to the second Electronic Money Directive (Directive 2009/110/EC), or

• a “financial instrument” under the Markets in Financial Instruments Directive (Directive 2014/65/EU).²¹

If a crypto-asset falls within either of these categories then a person carrying out specified activities involving such assets is required to be authorized or registered pursuant to EU law and to conform to a wide range of regulatory requirements.²² Additionally, “passporting” arrangements apply such that services can be extended across the EU enabling the firm to carry out services beyond its home Member State without the need for separate authorization or registration. However, analysis by the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA)²³ has exposed that the majority of crypto-asset activities currently in circulation fall outside the scope of this EU law, resulting in uncovered risks (e.g. to consumers and investors) and, in the absence of common EU measures, fragmentation as to the acceptability and regulation of activities within the Member States noting, in particular, that some Member States, such as France and Malta have adopted bespoke national regimes²⁴ as interim measures in the absence of an EU-wide scheme.

Overall, this means that firms face considerable challenges in navigating regulatory requirements, face considerable uncertainties about supervisory acceptance and expectations regarding crypto-asset applications, and sometimes incur significant additional compliance costs as firms seek to conform to different local prudential or conduct of business requirements in the Member States in which they wish to operate.

For supervisors, this divergent approach poses problems for the cross-sector monitoring of risks, oversight of crypto-assets ecosystems (for example, involving issuers, wallets and exchanges) and coordination of supervisory actions. Different levels of regulation also leave scope for forum shopping, regulatory arbitrage and vulnerabilities to financial crime across the Single Market. Finally, consumers face challenges in understanding the regulatory status of crypto-assets and in navigating differential standards of protection depending on where they engage crypto-asset services, often being left confused by a lack of clarity and consistency concerning their rights (e.g., in the event of a complaint or the need for redress) impeding demand.²⁵

Challenge 4: Reconciling the Operation of DLT with EU Data Protection Law

Another of the challenges that has received extensive attention is the reconciliation of DLT use with the EU’s flagship data protection rules established by the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and applied since May 2018.²⁶

The GDPR regulates the processing²⁷ (including by automated means) of personal data²⁸ with the objective of facilitating the free movement of personal data between Member States²⁹ while protecting the fundamental rights and freedoms of natural persons, in particular, the right to the protection of personal data as enshrined in Article 8 of the Charter of Fundamental Rights.³⁰ This is achieved through the imposition of obligations on data controllers³¹ and specific rights for individuals, for instance, to obtain access to personal data³² and to request that personal data be erased when it is no longer needed or where processing has been found to have taken place unlawfully.³³

Early DLT experimentation involving the processing of personal data (e.g. in the context of payment transactions and identity verification) has exposed challenges in reconciling the operation of DLT with data protection authorities’ interpretation of the requirements of the GDPR,³⁴ highlighting the need, on the one hand, for developers to have an early cognizance of GDPR obligations to implement compliance by design³⁵ and, on the other, the need for public authorities to provide guidance on the acceptability of different technological solutions for GDPR compliance.

By way of example, the GDPR is based on the assumption that data can be modified or erased where necessary (e.g. at the request of the data subject or in accordance with the purpose limitations specified in the GDPR). However, by its nature, DLT is intended to provide an immutable ledger to ensure data integrity and to increase trust in the network. Therefore, how can compliance with the GDPR be secured? For instance, are encryption methods sufficient if they have the effect of limiting the “public” visibility of the personal data? As observed by the European Data Protection Supervisor (EDPS), national data protection authorities have been cautious about expressing opinions,³⁶ leaving firms again exposed to the challenge of grappling with potentially divergent approaches at national level.

Challenge 5: Determining Governing Law

Finally, one critical legal issue has contributed to the limited cross-border scaling of DLT to date: the challenge of identifying governing law. Of course if DLT exists in a vacuum this question is irrelevant—it is just a technology. But in the financial sector, the creation, transfer and store of information using DLT has a function, indeed value. Financial counterparts need ex-ante certainty regarding their position for the scenario where things go wrong, in particular in cases of default, insolvency, error, or theft, including in the context of legal opinions for the purposes of establishing accounting and prudential treatment.³⁷

In this context, the virtue of DLT as a borderless technology enabling multiple parties in multiple jurisdictions to effect transactions can also be a vice: in the event of dispute, enforcement or insolvency proceedings counterparts may seek to assert different governing law—the conflict of law issue—and yet another challenge for firms seeking to roll-out the technology for use cross-border. This means that a financial institution in a dispute about, for example, who has rights over a token issued using DLT may first have to go through expensive and lengthy proceedings in order to establish which State’s law will be applied, before even getting to the determination of the dispute in accordance with the identified applicable law.

A full and proper explanation of why the conflict of law issue may arise justifies a book of its own. But, by way of illustration, let’s use the following simple example: A DLT system has been created to enable the issuance of securities-like tokens to investors. An issuer, located in State X, creates 5000 tokens using the DLT. A financial institution in State Y agrees to purchase 4000 tokens from the issuer. Transfer of the private keys for the agreed 4000 tokens to the purchaser’s “wallet” is expected to take place automatically on receipt of funds. However, the private keys for only 3500 tokens are received. The financial institution intends to take action to enforce its rights for the remaining 500 tokens. But which governing law applies: X, Y or another? Albeit impossible to answer in the abstract, the example highlights the problem of identifying the “hook” connecting the issue to a specific State’s legal system. Courts in different jurisdictions will go about the analysis in different ways but may find it relevant to consider matters such as:

• the white paper or documents (if any) regarding the issuance of the tokens in case a governing law is indicated;

• the place of incorporation of the issuer (lex societatis) (as, in this example, there is an identifiable issuer whereas for some “native” tokens there may be no identifiable issuer, just code (Bitcoin is a good example of such a token));

• the place of incorporation of the financial institution albeit in this scenario the private keys for tokens are held on DLT and are not physically in a vault or in a traditional custody account which would be the “normal” way of determining the location of securities (lex rei sitae);

• any other potentially relevant documentation such as the DLT Protocol in case it should indicate a governing law.

In the absence of well-established norms and practices for specifying or otherwise determining governing law for DLT and crypto-asset applications, legal outcomes are by no means predictable and stable thereby undermining confidence in DLT-based financial transactions.

In recognition of the conflict of law issue, some states have started to introduce domestic law to provide greater certainty for counterparts using DLT in specified circumstances. For example, under French law, issuers of initial coin offerings towards French investors are obliged to publish information documents indicating the law applicable to the tokens and the competent court.³⁸ For comparative purposes, under Liechtenstein law, local laws are applicable if (a) tokens are issued by an entity based in Lichtenstein (place of issuer) or (b) the parties agree that Liechtenstein law applies (choice of law).³⁹ However, these unilateral attempts to clarify the question of the governing law are of limited effect and firms continue to face challenges in identifying governing law.

Part II: A Digital Finance Strategy for Europe

Taking account of the stated priorities of the European Commission’s digital agenda,⁴⁰ the advice of the ESAs (including reflections on the challenges outlined above),⁴¹ the outcome of various public consultations⁴² and other important inputs,⁴³ on 24 September 2020 the European Commission published its Digital Finance Strategy accompanied by legislative proposals for a regulation on a pilot regime for market infrastructures based on distributed ledger technology (the Pilot Regime), a regulation on markets in crypto-assets (MiCA) and a directive and regulation on digital operational resilience (DORA).⁴⁴

The main objectives of the Digital Finance Strategy are to:

• tackle fragmentation in the Digital Single Market for financial services, thereby enabling European consumers to access cross-border services and help European financial firms scale up their technology-enabled business;

• ensure that the EU regulatory framework facilitates digital innovation in the interest of consumers and market efficiency;

• create a European financial data space to promote data-driven innovation, building on the European data strategy, including enhanced access to data and data sharing within the financial sector;

• address new challenges and risks associated with the digital transformation, in particular, to ensure conformity with the “same risk, same rule” principle.⁴⁵

The legislative proposals for the Pilot Regime and MiCA represent the first concrete actions within the Strategy’s identified priority of ensuring that the EU financial services regulatory framework is (a) innovation-friendly and does not pose obstacles to the application of innovative technologies that have the potential to benefit EU consumers, firms and the overall functioning of the EU financial system and (b) mitigates effectively risks posed by innovative technologies. In particular, the proposals are intended to secure appropriate levels of consumer and investor protection, legal certainty and, ultimately, ensure financial stability.⁴⁶

At the time of writing, the legislative proposals are subject to the co-legislative procedure (in the European Parliament and Council)⁴⁷ and the content may change as a result of this procedure and therefore the overview of the proposals that follows should be checked against the final texts when adopted.

The Pilot Regime

The legislative proposal for the Pilot Regime⁴⁸ has four general and related objectives which reflect four of the five challenges identified in Part 1 of this chapter. Firstly, the Pilot Regime is intended to facilitate DLT experimentation in the EU securities and markets sector by providing a common framework that enables, where appropriate and necessary, the disapplication of EU law that could otherwise impede experimentation. By so-doing this will facilitate the identification by regulators and supervisors of any areas of EU securities and markets law that pose potential obstacles to DLT and crypto-asset application and, as appropriate, determine the steps necessary to address these issues. In turn this:

• provides confidence and certainty in the capacity to experiment and, in turn, exposes and presents the evidence base for potential areas of the EU regulatory framework that may not be fit-for-purpose and warrant clarification or change;

• promotes the uptake of technology and responsible innovation by providing a designated and EU-wide regime for experimentation;

• secures consumer and investor protection and market integrity by specifying appropriate parameters to frame experimentation and mitigate risks (e.g. by limiting the types of financial instruments that can be traded);

• mitigates consistently any risk to consumers, investors and to financial stability by limiting the requirements under EU law that can be disapplied under the regime.⁴⁹

In summary, the Pilot Regime provides a time-limited framework,⁵⁰ that enables market participants who wish to operate (on a purely voluntary basis) a “DLT market infrastructure” (defined as a “DLT multilateral trading facility”⁵¹ or a “DLT securities settlement system”⁵²) for DLT transferable securities (i.e. crypto-assets that qualify as “transferable securities” within the scope of MiFID⁵³) to experiment with the DLT and crypto-assets for these purposes.

DLT market infrastructures must be operated in accordance with the conditions specified in the regulation intended to mitigate operational risks and risks to consumers and investors,⁵⁴ but benefit from two key privileges. First, operators may seek from their supervisory authorities temporary and duly limited exemptions from specific requirements under EU financial services legislation that could otherwise prevent the development of solutions for the trading and settlement of transactions in crypto-assets that qualify as financial instruments.⁵⁵ Second, operators of DLT market infrastructures can provide their services across the EU without needing to acquire a licence or registration beyond that required in their home Member State.

As a central element of the Pilot Regime, operators of DLT market infrastructures, supervisors and ESMA must cooperate closely in order that all parties can benefit from experience acquired with the operation of DLT market infrastructures, exemptions requested, granted or refused.⁵⁶ In particular, operators must report every six months to the relevant supervisor and ESMA on specified matters,⁵⁷ and ESMA is mandated to fulfil a coordination role between the supervisors with a view to building a common understanding of DLT and DLT market infrastructures as well as to help build a common supervisory culture and convergent supervisory approaches and outcomes.⁵⁸

Within five years following the entry into application of the regulation, ESMA is required to present a report to the European Commission on a wide range of matters relating to the application of the Pilot Regime, including the functioning of DLT market infrastructures, the exemptions requested and granted, benefits, risks and interoperability issues.⁵⁹ Based on this report, the European Commission must present a report to the European Parliament and Council on whether the regime for DLT market infrastructures should be extended, amended, made permanent or terminated, and may set out any proposed modifications to the EU framework on financial services legislation or proposed harmonization of national laws to facilitate the use of DLT in the financial services sector.⁶⁰

In its presentation of the legislative proposal for the Pilot Regime the European Commission acknowledges plainly that EU financial services legislation was not designed with DLT and crypto-assets in mind and that there are provisions of existing EU law that may preclude or limit the use of DLT in the issuance, trading and settlement of crypto-assets that qualify as MiFID financial instruments and that regulatory gaps may also exist resulting in uncovered risks.⁶¹ Through the creation of a framework that facilitates responsible experimentation, firms, regulators and supervisors will have the opportunity to learn together about the opportunities and risks posed by the application of the technologies in securities markets contexts thereby accelerating the identification of potential issues and potential legislative or non-legislative solutions thereby overcoming many of the challenges identified in Part 1.

Markets in Cryptoassets (MiCA)

The legislative proposal for MiCA⁶² is intended to bring in the scope of EU law activities that are not currently within scope and to address gaps in the framework for the regulation of crypto-assets in the form of “electronic money”.⁶³ Importantly, it does not extend to crypto-assets that qualify as “financial instruments” within the scope of MiFID (in view of the Pilot Regime).⁶⁴ Some other exclusions and exemptions are also proposed.⁶⁵

In presenting the legislative proposal, the European Commission emphasized the acceleration in crypto-asset experimentation and application in the EU financial sector and the need both to leverage the opportunities presented by DLT and crypto-asset technologies and address the risks identified in the advice the EBA and ESMA.⁶⁶ In particular, the European Commission highlighted that the majority of crypto-assets currently fall outside the scope of EU financial services law and that even where they do fall in scope effective application of the law is not always straightforward.⁶⁷ In light of these issues, and acknowledging the potential opportunities that some crypto-assets may offer and recent developments in relation to so-called stablecoins,⁶⁸ the European Commission identified the following as objectives for the proposal:

• to provide legal certainty by creating a sound legal framework that clearly defines the regulatory treatment of crypto-assets that do not currently fall within the scope of EU financial services law;

• to support innovation by establishing a consistent, safe and proportionate framework that enables services to be provided cross-border in accordance with common rules (MiCA will replace any bespoke frameworks under national law that extend to crypto-assets within the scope of MiCA⁶⁹);

• to instil appropriate levels of consumer and investor protection and market integrity, thereby enhancing confidence to engage crypto-asset products and services where appropriate; and

• to ensure financial stability by addressing risks in a consistent manner across the EU, including in relation to so-called stablecoins.

MiCA defines a “crypto-asset” as a digital representation of value or rights which may be transferred and stored electronically using DLT or similar technologies and establishes regulatory regimes for specified activities involving different sub-categories of crypto-asset:

• “asset-referenced token”: a type of crypto-asset that purports to maintain a stable value by referring to the value of several fiat currencies that are legal tender, one or several commodities or one or several crypto-assets, or a combination of such assets⁷⁰;

• “electronic money token” or “e-money token”: a type of crypto-asset the main purpose of which is to be used as a means of exchange and that purports to maintain a stable value by referring to the value of a fiat currency that is legal tender⁷¹;

• “utility token” a type of crypto-asset which is intended to provide digital access to a good or service, available on DLT, and is only accepted by the issuer of that token⁷²;

• other: crypto-assets which are not asset-referenced, e-money or utility tokens and not otherwise excluded from the scope of the regulation.⁷³

The term “stablecoin” is not used in the proposal, but depending on the features of the coin in question, the coin may fall within the definition of “asset-reference token”, “e-money token” or as other.

MiCA establishes regulatory regimes for:

• the issuance of crypto-assets in the form of asset-referenced tokens and e-money tokens (respectively, Titles III and IV);

• crypto-asset services,⁷⁴ including custody and administration of crypto-assets and the operation of crypto-asset trading platforms and exchanges (to fiat or to other crypto-assets) (Title V).

Firms will be required to obtain (national) authorization as “crypto-asset service providers” and to conform with a wide range of regulatory requirements (including governance, operational resilience, and consumer protection requirements) in order to carry out in the EU crypto-asset services such as exchange or wallet provision.⁷⁵ Firms will also be required to obtain authorization and conform to a more extensive set of regulatory requirements⁷⁶ in order to issue asset-referenced tokens and, in the case of e-money tokens, must be authorized either as an electronic money institution or as a credit institution.⁷⁷ Authorization is not required to offer other types of crypto-asset (e.g. utility tokens) to the public or seek to admit them for trading on a crypto-asset trading platform, however, some limited regulatory requirements are foreseen, including the requirement to have prepared and published a white paper in conformity with the regulation (Title II).

Firms benefitting from authorization from their home authority as crypto-asset service providers and issuers of asset-referenced and e-money tokens will be able to offer their services across the EU without the need for additional authorization or a registration in the host states in which they wish to operate.

Typically supervision will be carried out at the national level. However, it is proposed that supervision will be elevated to the EU level and be carried out by the EBA for issuers of “significant asset-referenced tokens”⁷⁸ and issuers of “significant e-money tokens”⁷⁹ (but only in relation to compliance with provisions of MiCA),⁸⁰ or where the issuer wishes to voluntarily submit to EU-level supervision,⁸¹ with significance determined on the basis of criteria established in the regulation (supplemented as appropriate by a delegated act of the European Commission), including:

• the size of the customer base of the promoters and shareholders or other relevant third parties;

• the value of the tokens or, where applicable, their market capitalization;

• the number and value of transactions;

• the significance of cross-border activities;

• interconnectedness with the financial system.⁸²

In relation to issuers of significant asset-referenced or e-money tokens, the EBA is required to establish supervisory colleges to facilitate coordinated oversight of the wider ecosystem for the issuance, store and exchange of the crypto-assets, bringing together supervisors of the most relevant crypto-asset service providers, ESMA, the ECB and relevant third country and other authorities as appropriate.⁸³ The supervisory colleges are intended to support the early identification of issues, and coordination of any necessary remedial actions, that could otherwise undermine the operational resilience of the ecosystem, consumer protection, market integrity and financial stability.

Finally, it is worth highlighting the regulatory requirements applicable to issuers of asset-referenced tokens which include obligations to prepare and publish a white paper,⁸⁴ to provide clear, fair and transparent marketing and other communications to holders/prospective holders of tokens,⁸⁵ to have in place complaints handling procedures, sound governance and organizational arrangements,⁸⁶ to hold own funds in accordance with the requirements of the regulation (higher in the case of issuers of significant asset-referenced tokens),⁸⁷ and to maintain a reserve of assets in conformity with the requirements of the regulation to which holders of tokens may have rights as specified in clear and detailed policies and procedures⁸⁸; additional obligations apply in the case of issuers of significant asset-referenced tokens.⁸⁹ In the case of e-money tokens, as issuers are required to be authorized as credit institutions or as electronic money institutions, they are subject to already extensive obligations under existing EU law (e.g. regarding governance, own funds and conduct of business requirements). Additional requirements are proposed to apply under MiCA, which are intended to address specific risks relating to the issuance of crypto-assets, including the obligation to issue a whitepaper and in relation to marketing and communications. ⁹⁰

Overall MiCA represents a bold and important step in creating a harmonized, proportionate and robust framework for the regulation of crypto-asset activities in the EU (thereby addressing the majority of the challenges set out in Part 1) and is expected to promote confidence on both the supply and demand side for crypto-asset products and services by instilling high levels of confidence in the governance, prudential and operational resilience, and conduct of business of crypto-asset issuers and service providers.

Importantly, the legislative proposals for the Pilot Regime and MiCA demonstrate that the European Commission will not hesitate to act, on the one hand, to remove obstacles to financial innovations where they are shown to have real potential benefits for consumers, businesses or for the functioning of the EU financial system and, on the other, to address inconsistently covered or uncovered risks. These initiatives also signal the European Commission’s priority to make Europe fit for the digital age and ambition to leverage the full potential of innovative technologies and are part of a long-term strategy to embrace and lead the digital revolution.⁹¹

Other Actions Underway

Pending the outcome of the legislative process, the ESAs are continuing to monitor DLT and crypto-asset developments in the EU and, in the context of the EFIF, promote cross-sectoral knowledge-sharing, coordination and consistency of approaches to the acceptance and supervision of DLT and crypto-asset applications in the EU.⁹² The EBA and ESMA are also continuing to monitor emerging crypto-assets with a view to supporting the European Commission in the preparation of interpretative guidance on the application of existing EU rules to crypto-assets.⁹³ The ESAs are also continuing to contribute to international work underway on DLT, crypto-assets and so-called stablecoins, including that of the Financial Stability Board (FSB), the Basel Committee on Banking Supervision (BCBS), the Financial Action Task Force (FATF) and Committee on Payments and Market Infrastructures and the International Organisation of Securities Commissions (CPMI-IOSCO). Additionally, following industry calls for clarity about DLT and the GDPR, the European Data Protection Board (EDPB)⁹⁴ indicated in its 2019/20 work program possible work on blockchain⁹⁵ which could result in guidelines, best practices or the issuance of recommendations to the European Commission for legislative clarification. The EDPB and EDPS are also continuing to monitor innovative technologies,⁹⁶ including the evolution of blockchain, noting compliance challenges in areas such as storage limitation, controllership and the rights of individuals. It is also relevant to note that the European Commission is working with the ESAs to strengthen the EFIF, in particular, to offer by mid-2021 a procedural framework for launching cross-border testing and other mechanisms to facilitate firms’ interactions with supervisors from different Member States.⁹⁷ The European Commission and ESAs are also continuing to monitor and support the exploratory work of central banks, including the European Central Bank (ECB),⁹⁸ on the feasibility of retail central bank digital currencies (CBDC).⁹⁹ Finally, in the course of 2021, the European Commission is likely to publish its legislative proposal to strengthen the framework for mitigating money laundering and terrorist financing risk and, in the context of that proposal, is likely to extend AML/CFT obligations to the categories of new regulated firm established by MiCA.