Professor Katja Langenbucher
FTX, Kraken, TerraLuna, and similar cases have recently prompted the SEC to move ahead with a long list of enforcement actions. While some applaud the securities regulator‘s push ahead, others criticize its lack of explicit rule-making. Yet some would prefer a banking regulator to step in and authorize a national trust bank charter for issuers of stablecoins. Against this background, the upcoming EU Markets in Crypto Assets Regulation (MiCA) provides an illustration of a tailor-made regime combining elements of securities and banking regulation.
MiCA is part of the larger EU digital finance package which includes rules on operational resilience (DORA), a DLT pilot regime for security tokens, and amendments to several financial services Directives. Arguably, the “libra/diem-scare” to monetary autonomy was a main driver pushing the EU Commission to consider new legislation. Additionally, the differing speed of legislators across EU Member States brought about the risk of unhelpful regulatory competition, suggesting a level playing field strategy instead.
The proposal tries to fit in tokens with existing financial regulations, rather than create an entirely novel approach. The Capital Requirements Directive, the E-Money Directive, the Prospectus Regulation, and the Market Abuse Regulation (MAR) all provide elements, which MiCA integrates and adapts to tokens. The Markets in Financial Instruments Directive (MiFID II) remains the relevant framework for security tokens, which are outside the scope of MiCA. Furthermore, MiCA does not apply to central bank digital currency tokens, non-fungible tokens, or fully decentralized, “issuer-less” tokens.
Against that background, MiCA targets issuers, service providers, and markets for (only) three types of tokens, grouped under the newly introduced term “crypto asset:” e-money tokens, asset-referenced tokens, and utility tokens. Compliance requirements vary according to perceived risks for consumers and monetary autonomy.
The most flexible framework applies to utility tokens. Only a legal entity with a registered office in the EU may issue a utility token or seek access to trading. Drawing on elements of prospectus regulation, MiCA requires the issuer to publish a white paper and notify it to the competent authority. Liability ensues for incomplete, unfair, unclear, or misleading information. Consumers have fourteen calendar days to exercise their right of withdrawal and there are basic rules in place to safeguard funds, ensure issuers act in the best interest of consumers, and prevent conflicts of interest.
For e-money tokens, the Commission’s angst facing libra/diem is felt most acutely. These are crypto assets that purport to maintain a stable value by referencing to the value of one “official currency,“ such as a private “digital Euro” or “digital Dollar.” Only authorized credit institutions or e-money institutions are allowed to issue e-money tokens. White paper and liability rules are in place. Referencing the E-Money Directive, a basic set of banking regulatory rules on conduct and governance, operational, and prudential requirements applies.
MiCA includes a mandatory private right of holders of e-money tokens against the issuer to redeem “at any moment and at par value the monetary value of the e-money tokens held in funds other than e-money.” The Regulation prohibits interest-bearing accounts. Furthermore, there are rules on how to invest funds received in exchange for e-money tokens. MiCA requires safeguarding in line with the E-Money Directive. Funds may only be invested in secure, low-risk assets denominated in the same currency as the one referenced by the e-money token and deposited in a separate account in a credit institution. A minimum of 30% of the funds received shall always be held in a separate account. If an e-money token is considered significant, further rules apply.
What MiCA calls “asset-referenced tokens” covers most other stablecoins. MiCA defines these as a crypto asset “that purports to maintain a stable value by referencing to any other value or right or a combination thereof, including one or more official currencies.” Like utility tokens, an issuer must be a legal entity and publish a white paper, backed up by liability for damages. Corresponding to e-money tokens, holders of an asset-referenced token have redemption rights. For asset-referenced tokens, these rights include payment of the market value of the tokens or delivery of the referenced assets. MiCA extends this to rights on the reserve assets if the issuer fails to perform.
Issuers of asset-referenced tokens need authorization from one Member State, which leads to passporting across the Union. As to own funds held by the issuer, MiCA sets minimum standards and requires stress-testing and audits. In addition, issuers must have a reserve of assets and insulate it from both, the issuer’s own estate and a reserve he may hold for other tokens, should he offer more than one type. Composition and management of the reserve must look to covering risks arising from the assets which the token references as well as liquidity risks. If the issuer invests a part of the reserve, he may only consider “highly liquid financial instruments with minimal market risk, credit risk and concentration risk.” The custodian to which the reserve assets are entrusted must be a legal person different from the issuer. Interest-bearing accounts are prohibited, and additional rules apply to significant asset-referenced tokens.
A crypto-asset service provider‘s business includes, for instance, offering custody, operating an exchange or trading platform, executing orders, and providing advice or portfolio management on crypto assets. Under MiCA, these firms need authorization, except for those which are already subject to financial services legislation. A registered office in the Union is required. If the service provider has close links to a natural or legal person in a third country, the competent authority will grant authorization only if it does not expect difficulties as to the efficient exercise of its supervision. There is an exception if consumers at their own initiative request the services of a third-country firm. The firm may then provide (only) the requested service without applying for authorization.
MiCA establishes a minimum regime of prudential, conduct, operating, and governance requirements for all crypto asset service providers. These include a best-interest standard, conflicts of interest checks, safe-keeping of client’s assets, and a wind-down plan. Some crypto asset services which entail specific risks, for instance, exchanges and investment advisors, face additional requirements.
To prevent market abuse involving crypto assets, MiCA integrates and adapts elements of the Market Abuse Regulation. It requires prompt disclosure to the public of inside information relating to crypto assets and prohibits insider trading and market manipulation.
Public enforcement is in the hands of competent Member State authorities whereas specific rulemaking and guideline promulgation lies with various authorities such as banking (EBA), insurance (EIOPA), and financial markets (ESMA) watchdogs. ESMA and EBA have temporary intervention powers in cases of significant investor protection concerns, a threat to market integrity, or financial stability. Cooperation arrangements with supervisory authorities of third countries are encouraged.
In sum, the EU has decided to regulate crypto, rather than “let it burn,“ prohibit it outright or understand it as a form of gambling. Opting for a statutory approach rather than watching inconsistent regulation by enforcement unfold across Member States was a natural choice. Strictly speaking, there is no corresponding legislative urge in the US, with a highly centralized financial center in NYC and the prominent role of federal, rather than state, banking and financial services law. However, there seems to be some bi-partisan support to tackle at least the fall-out for retail crypto investors in cases such as FTX.
With this in mind, it is not only interesting to see what MiCA has proposed, but also perhaps even more so what it has not. In contrast to SEC’s Gensler, who claims that most cryptocurrencies are securities under US law, MiCA introduces a bespoke stablecoin regime. At first glance, this has to do with the MiFID II definition of a financial instrument. It is much less flexible than the US definition of a security and the Commission has not proposed to change that. This rules out a more holistic strategy, bringing crypto assets under MiFID II. Arguably, it will also bring about hard cases when drawing the line between a security token and a MiCA-token. Closer inspection reveals an advantage of this strategy. MiFID II is a directive, entailing Member State discretion and regulatory competition. MiCA is a regulation, hence promises more streamlined rule application and enforcement across the Union.
MiCA still imports core elements of financial markets regulation. The requirement to publish a white paper is modeled on prospectus regulation, rules on crypto markets abuse follow the MAR, and the conduct and governance framework has its analog in MiFID II. In that same spirit, as to crypto investor protection, MiCA counts on the willingness (and the financial literacy) to get informed before making an investment decision. For US regulators, it is a look at the details, where MiCA departs from MiFID II, which will be of interest when attempting to fine-tune existing securities law to tokens.
By contrast, MiCA‘s framework for e-money issuers takes a big step towards a banking regulatory framework that is more protective of crypto users and more vigilant as to financial stability. Only credit and e-money institutions are allowed to issue these tokens and further prudential elements apply. To those US commentators who have stressed the advantages of a banking, rather than a financial markets regulatory approach, seeing MiCA operate in practice might prove insightful. The same goes, again, for what MiCA does not propose; it has stopped short of requiring deposit insurance.
Katja Langenbucher is a law professor at Goethe-University’s House of Finance in Frankfurt, an affiliated professor at SciencesPo, Paris, and a long-term guest professor at Fordham Law School, NYC. She is also a SAFE Fellow with the Leibniz Institute for Financial Research SAFE.
The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright or this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).