The Build Up
It is now more than a decade since bitcoin was created and some are asking whether the cryptocurrency world will attract some form of specialised regulatory coverage. If so, will it be treated like FX, which in many countries is unregulated as regards trading on a spot basis, but often regulated in terms of derivatives and funds? Will it be bespoke or will some other regime apply?
Legal and regulatory development has lagged far behind technological development in this area. Development of appropriate law and regulation has been sporadic and uncoordinated internationally. Commercially, bitcoin is very much the market leader, but there are now hundreds of cryptocurrencies in issue. Commercial use has started developing and you can now pay school fees, or professional bills in cryptocurrency. There are now ATM machines. Central Banks are debating about introducing their own digital currencies and the Chinese have started their first trial use.
Regulation usually follows the emergence of a new asset class, and cryptocurrency looks like it will be no exception. The region of the world which has most experience of co-ordinating legislation and regulation across countries is the European Union, so it should be no surprise that the EU is leading the way in this area too. The EU published its proposed Regulation on Markets in Crypto Assets (MiCA) on 24th September. It is the most comprehensive approach of anywhere to date. This blog focuses on the key points, unless you would like to read all 188 pages of the proposal (see https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020PC0593). This is within the EU Digital Finance Strategy published the same day (see https://ec.europa.eu/info/publications/200924-digital-finance-proposals_en). The EU is trying to find the sweet spot between encouraging innovation, protecting customers (and the crypto markets), and achieving a commonality of approach across Europe. This represents a tough challenge, but the good thing is that the EU is open to ideas and argument in formulation of any regulatory regime.
Cryptoassets EU style
All those involved in cryptoassets tend to have their own view as to what a cryptoasset is, and there is as yet no accepted global definition. From the EU’s perspective, with 24 official languages, taxonomy is important. Note also that this proposal is a regulation of direct applicability across the EU rather than a directive requiring implementation in each Member State. It is proposed that all those issuing cryptoassets not just in the EU, but into the EU from elsewhere, will be subject to MiCA. As to cryptoassets, coverage will include utility tokens, payment tokens, stablecoins (those referenced to an asset to try and reduce volatility), and e money tokens. There are some carve outs, so MiCA will not apply to cryptoassets which are already covered by other EU legislation, such as security tokens. MiCA will also not apply to CBDCs, Central Bank Digital Currencies. This is to try to ensure that Central Banks retain control over monetary policy, and are able to handle any particular risks which may pertain to their use of this new asset class.
Cryptoasset Services across the EU
There are few surprises in relation to proposed regulation of cryptoasset services across the EU. The proposed regime mostly mimics the current regimes applicable to financial and payment services, so proposed coverage is:
- custody and administration of cryptoassets
- operation of a trading platform for cryptoassets
- exchange of cryptoassets for fiat currency (e.g. Euro, Sterling, etc.)
- exchange of cryptoassets for other cryptoassets
- execution of orders for cryptoassets on behalf of third parties
- placement of cryptoassets
- reception and transmission of orders for cryptoassets
- advice on cryptoassets
If your plan is to provide payment services as part of your cryptoasset services, you will also need payment service authorisation under the regime known as PSD2. Otherwise, you will have to appoint a PSD2 authorised institution to provide that part of your service.
If you are regulated under MiCA then you will be able to conduct your business across the EU under the “passporting” arrangements. In essence this means you will need an operation incorporated in one of the EU Member States, which will give your operation the necessary EU legal personality. The passport enables you to establish a branch, or provide cross border services into, another EU Member State, without having to be separately authorised in that host Member State.
Member State legislation and regulation may not be rendered otiose by MiCA. For example, spot FX trading falls outside the scope of EU regulation, and outside UK regulation, but not in certain other states like Germany and the Netherlands, so bear this in mind in planning. It may also be that local advertising and other rules apply, and there may be linguistic, logistical and cultural considerations to take on board to give your plan a chance of success.
If you are outside the EU, only deal with non-EU entities and have no element whatsoever of your business running through the EU then you will be subject to whatever regulation may apply in the countries and jurisdictions in which you do operate.
Impact of Regulation
Many fear regulation, particularly innovators. Yet regulation, if done well, can have a number of benefits. It can act as a badge and increase consumer confidence, thus encouraging markets to grow. Regulators and law enforcement do take steps to keep bad actors at bay. Many of the rules are the legislative embodiment of what a sensible strong company should be doing. Setting up your regulatory function so as to be effective and efficient, as well as scalable and agile, from ground zero, will help your long term growth and profitability.
In practical terms, regulation will entail:
- authorisation in one of the Member States to obtain EU legal personality, or in one of the EEA/non-EU states, or in the UK or other jurisdiction if there is an agreement to do so
- initial and ongoing capital adequacy requirements
- fitness and propriety of staff
- operational trading and settlement procedures
- IT system capability, security, resilience and redundancy
- robust risk management procedures, including risks pertaining to outsourcing of any key functions
- record keeping and reporting
- procedures to protect clients, especially their assets, treat them fairly, avoid conflicts of interest and handle any complaints
- marketing procedures such that marketing is legal, decent, honest and truthful, including appropriate risk warnings
- anti financial crime procedures (against money laundering, corruption, fraud, etc.)
- ongoing training (as opposed to awareness) in order to ensure the above works and continues to do so
These are the generic requirements, and more specialised requirements may apply if you are doing something a bit more specialised than general cryptoasset services, such as running a crypto exchange. If you are the entity issuing the cryptoassets, do be aware of other specialised regulation, so you will have to issue something more akin to a mini prospectus as opposed to the white papers which have been seen so far in the crypto sector. Don’t forget other general business related regulation on matters such as employment, data protection, tax, or corporate disclosure. This might seem like an extensive shopping list, but there are over 600 regulated banks in the UK, and 25,000 other financial institutions, so all is possible.
Impact of Brexit
At time of writing, the likely impact of Brexit is hard to gauge. If there is a deal between the UK and EU (which was looking somewhat unlikely), there may be a chance that the passporting possibility will continue, though most have been preparing for the lack of such a deal (branches of EU banks have been converting to UK entities, for example). The terms of any deal will also be crucial. There was an argument in the UK that Brexit would enable the UK to make its own rules. This is true, but in economic terms, if UK rules were to diverge too far from those in the EU (and there will be plenty of EU Member States watching and analysing UK rules), the EU would not grant “equivalence” to the UK, which would make EU/UK trade much harder. The history of UK financial regulation over the last few decades has painted a different picture, however, with UK Parliaments and ministries keen to “gold plate” (or should that be “lead weight”) UK rules to make them “stronger” than elsewhere. It certainly appears that there will be no implementation period so market participants will be unable to plan in the usual way and will need to keep all options open (no pun intended). If EU cryptoasset markets are perceived to be a safer place for investment and operation, the UK could start to diminish. The economic gravitational pull of one of the world’s largest markets so close to UK shores will likely mean that UK rules will be incapable of massive difference if the UK wants to maintain its role in the global financial system. The upcoming consultation on the UK regulation of stablecoins (which was announced on 9th November by the Chancellor, Rishi Sunak) will be a potentially useful guide to UK government thinking on a future UK cryptoasset regulatory regime.
Like it or not, regulation is on its way, so the best strategy is to keep an eye on its development, and add your input where necessary. EU measures are known for their longer consultation processes than individual Member States, and there is usually an implementation period, as well as carve outs for lighter touch regimes where needed. This is the fastest growing area of financial markets and is likely to remain so for some time to come.
This is a guest blog post by Quentin Downes. Quentin has a long career and a multitude of experience in risk and compliance recruitment spanning over 17 years and his company Twenty84 is a specialist financial recruitment firm providing retained, permanent and contract resourcing services across risk, compliance, financial crime and regulatory change in the cryptocurrency, digital assets, fintech, and regtech sectors. Twenty84 is a fellow member of CryptoUK, the self-regulatory trade association for the UK cryptoasset industry, established to promote higher standards of conduct.