European crypto rules will require compliance professionals to pivot to new environments and risks.
This article first published as Compliance in Focus on Markets Media. Compliance in Focus is a content series on regulatory topics for financial markets and the challenges compliance officers face in addressing surveillance and monitoring. Compliance in Focus is produced in collaboration with Eventus.
The European parliament recently approved comprehensive legislation to regulate the crypto assets market. The Markets in Cryptoassets (MiCA) regulation covers transparency, disclosure, and financial stability, and introduces common rules on supervision and customer protection so consumers are better informed about costs and risks. The regulation also introduces rules that aim to prevent market manipulation and market abuse which are similar to the Market Abuse Regulation (MAR).
The new rules will go into effect in July 2023 and phase in over two years. Having adopted the basic laws at Level 1, the European Supervisory Authorities and the Commission will now work on the Regulatory and Technical Standards. The expectation is that Regulatory Technical Standards (RTSs) about Asset Reference Tokens and E-money Tokens will be adopted in the next 12 months and the provisions related to the supervision and the CASPs will be adopted by the next 18 months. The first phase concerning stablecoins will come into force in July 2024 and requires operators to maintain local reserves and introduces trading caps on non-euro denominated tokens. Other parts of the legislation will come into force in early 2024.
MiCA will require firms offering crypto services, or issue tokens that are not financial instruments, to register in one of the EU member states to operate within the bloc. The European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) will oversee the market, ensuring compliance with the rules and adequate risk management and governance practices are in place. In a bid to restrict market manipulation, money laundering and terrorist financing, ESMA will set up a public register of non-compliant crypto assets service providers.
Jonathan Dixon, Eventus
In parallel to MiCA, the EU institutions already adopted the Transfer of Funds Regulation that transposes the FATF Recommendations on cryptoassets into the EU Law. The EBA is responsible for this file and we expect the Regulation to be in place by 2024. “Financial professionals now have certainty with regards to the regulatory landscape for crypto assets when it comes to authorization, licensing and ongoing compliance obligations whether that is in terms of identification and verification requirements for AML/KYC or ongoing risk assessments for this as well,” said Jonathan Dixon, Director of Regulatory Affairs, EMEA at Eventus. Compliance officers will notice that there will be some obligations for Crypto Asset Service Providers (CASPs) that are very much aligned with existing reporting requirements under both MiFID II and Market Abuse Regulation (MAR). “Whilst I doubt it will be the case that compliance professionals need to learn new skills; they will have to transpose existing skills to new environments and risks,” he added.
Much of the detail compliance officers will have to contend with will come in the level two phase of rulemaking, but professionals should know now that MiCA will be a “heavy” lift for two reasons, explains Dimitrios Psarrakis, founder of ValueVerse, a consultancy focused on the tokenization of financial and payment instruments and commodities within the EU’s legal and regulatory frameworks. Firstly, MiCA is sizable - bigger with more technical standards compared to MiFID II, for example. Secondly, there will be a learning curve for regulators as they get to grips with how crypto assets operate and the technology involved. As such, expect more market consultations from regulatory bodies as they work out the technical standards and actively seek out input from the industry, he added.
For compliance officers, the biggest challenges ahead revolve around anti-money laundering (AML) / know your customer (KYC) obligations, licensing and authorization and getting to grips with how regulation will evolve in the crypto assets space, said Dixon.
Interpretation, Implementation Uncertain
“European rules emphasise robust AML/KYC measures and officers need to ensure that their firms have effective AML and KYC policies and procedures in place to identify and mitigate potential risks associated with crypto-assets,” he said. For licensing and authorization, MiCA will require Crypto Asset Service Providers (CASPs) obtain licensing and authorization from national competent authorities; officers will need to understand the application process, requirements, and timelines for obtaining these licences. They must also ensure that appropriate policies, procedures, and controls are in place, Dixon added.
“Looking ahead, with new regulations there will also come potential uncertainties around interpretation and implementation. Officers will need to educate themselves, and their colleagues, on the provisions of MiCA and the implications for their firms,” he said.
On the market abuse front, there are three main areas compliance officers should keep in mind; systems and controls, transaction reporting and record-keeping and cross-border considerations, explained Dixon. Specifically, MiCA imposes reporting obligations on CASPs including the obligation to report suspicious transactions and orders to the relevant authorities; this, together with the record keeping requirements, will ensure that proper records of all orders, transactions and communications related to their activities should be kept. Additionally, firms will need robust systems and controls, which may require use of a regtech solution such as what Eventus provides, to detect and prevent market abuse. Finally, as MiCA's provisions apply across EU member states, cross-border consideration is necessary in combating market abuse, he said.
Dimitrios Psarrakis, ValueVerse
For Psarrakis, he warns that the biggest challenge ahead for both compliance officers and supervisory authorities comes down to establishing good terms of collaboration between the compliance officer and the business with decision-makers in the crypto asset space as essential to foster institutional trust.
“The difficult part of the story is about establishing a working relationship with the business leaders of the [crypto asset] industry who are not always very predictable when they run their firms. And because most of them do not necessarily have a background in financial services or compliance or anti money laundering, they are just responding to market trends and enthusiasm. This enthusiasm is good when you innovate in your value proposition and service offerings, but it's not always useful when you have to establish a framework which is stable and procedures that are repeatable,” he said.