MiCA and ToFR: The EU moves to regulate the crypto-asset market
On the last day of June, the European Union reached an agreement on how to regulate the crypto-asset industry, giving the green light to Markets in Crypto-Assets (MiCA), the EU's main legislative proposal to oversee the industry in its 27 member countries. A day earlier, on June 29, lawmakers in the member states of the European Parliament had already passed the Transfer of Funds Regulation (ToFR), which imposes compliance standards on crypto assets to crack down on money laundering risks in the sector.
Given this scenario, today we will further explore these two legislations that, due to their broad scope, can serve as a parameter for the other Financial Action Task Force (FATF) members outside of the 27 countries of the EU. As it’s always good to understand not only the results but also the events that led us to the current moment, let's go back a few years.
The relation between the FATF and the newly enacted EU legislation
The Financial Action Task Force is a global intergovernmental organization. Its members include most major nation-states and the EU. The FATF is not a democratically elected body; it is made up of country-appointed representatives. These representatives work to develop recommendations (guidelines) on how countries should formulate Anti-Money Laundering and other financial watchdog policies. Although these so-called recommendations are non-binding, if a member country refuses to implement them, there can be serious diplomatic and financial consequences.
Along these lines, the FATF released its first guidelines on crypto assets in a document published in 2015, the same year when countries like Brazil started debating the first bills on cryptocurrencies. This first document from 2015, which mirrored the existing policies of the United States regulator the Financial Crimes Enforcement Network, was reassessed in 2019, and on October 28, 2021, a new document titled “Updated Guidance for a risk-based approach to virtual assets and VASPs” came out containing the current FATF guidelines on virtual assets.
This is one of the reasons why the EU, the U.S. and other FATF members are working hard to regulate the crypto market, in addition to the already known reasons such as consumer protection, etc.
If we look, for example, at the 29 of 98 jurisdictions whose parliaments have already legislated on the “travel rule,” all have followed the FATF's recommendations to ensure that service providers involving crypto assets verify and report who their customers are to the monetary authorities.
The European digital financial package
MiCA is one of the legislative proposals developed within the framework of the digital finance package launched by the European Commission in 2020. This digital finance package has as its main objective to facilitate the competitiveness and innovation of the financial sector in the European Union, to establish Europe as a global standard setter and to provide consumer protection for digital finance and modern payments.
In this context, two legislative proposals — the DLT Pilot Regime and the Markets in Crypto- Assets proposal — were the first tangible actions undertaken within the framework of the European digital finance package. In September 2020, the proposals were adopted by the European Commission, as was the Transfer of Funds Regulation.
Such legislative initiatives were created in line with the Capital Markets Union, a 2014 initiative that aims to establish a single capital market across the EU in an effort to reduce barriers to macroeconomic benefits. It should be noted that each proposal is only a draft bill that, to come into force, needs to be considered by the 27 member countries of the European Parliament and the Council of the EU.
For this reason, on June 29 and June 30, two “interim” agreements on ToFR and MiCA, respectively, were signed by the political negotiation teams of the European Parliament and the Council of the European Union. Such agreements are still provisional, as they need to pass through the EU's Economic and Monetary Affairs Committee, followed by a plenary vote, before they can enter into force.
So, let's take a look at the main provisions agreed to by the political negotiation teams of the European Parliament and the European Council for the crypto market (cryptocurrencies and asset-backed tokens such as stablecoins).
Main “approved” topics of the Transfer of Funds Regulation
On June 29, the political negotiation teams of the European Parliament and the Council of the European Union agreed on provisions of the ToFR on the European continent, also known as the “travel rules.” Such rules detailed specific requirements for crypto asset transfers to be observed between providers such as exchanges, unhosted wallets (such as Ledger and Trezor) and self-hosted wallets (such as MetaMask), filling a major gap in the existing European legislative framework on money laundering.
Among what has been approved, following the FATF recommendation line, the main topics are as follows: 1) All crypto asset transfers will have to be linked to a real identity, regardless of value (zero-threshold traceability); 2) service providers involving crypto assets — which the European legislation call Virtual Asset Service Providers, or VASPs — will have to collect information about the issuer and the beneficiary of the transfers they execute; 3) all companies providing crypto-related services in any EU member state will become obliged entities under the existing AML directive; 4) unhosted wallets (i.e., wallets not held in custody by a third party) will be impacted by the rules because VASPs will be required to collect and store information about their customers' transfers; 5) enhanced compliance measures will also apply when EU crypto asset service providers interact with non-EU entities; 6) regarding data protection, travel rules data will be subject to the robust requirements of the European data protection law, General Data Protection Regulation (GDPR); 7) the European Data Protection Board (EDPB) will be in charge of defining the technical specifications of how GDPR requirements should be applied to the transmission of travel rules data for cryptographic transfers; 8) intermediary VASPs that perform a transfer on behalf of another VASP will be included in the scope and will be required to collect and transmit the information about the initial originator and the beneficiary along the chain.
Here, it is important to note that European ToFR seems to have fully followed the recommendation enshrined in FATF Recommendation 16. That is, it is not enough for Virtual Asset Service Providers to share customer data with each other. Due diligence must be performed on the other VASPs with which their customers transact, such as checking whether other VASPs perform Know Your Customer checks and have an Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) policy, or facilitate transactions with high-risk counterparties.
In addition, this agreement on the ToFR must be approved in parallel by the European Parliament and Council prior to publication in the Official Journal of the EU, and will commence no later than 18 months after it enters into force — without having to wait for the ongoing reform of the AML and counter terrorism directives.
Main “approved” points of the Markets in Crypto-Assets
MiCA is the key legislative proposal regulating the crypto sector in Europe, although it is not the only one within the European digital finance package. It is the first regulatory framework for the crypto-active industry on a global scale, as its approval imposes rules to be followed by all 27 member countries of the bloc.
As already mentioned, negotiators from the EU Council, the Commission and the European Parliament, under the French presidency, reached an agreement on the supervision of the Markets in Crypto-Assets (MiCA) proposal during the June 30 political trialogue.
The key points approved in this agreement are as follows:
- Both the European Securities and Market Authority (ESMA) and the European Bank Authority (EBA) will have intervention powers to prohibit or restrict the provision of Virtual Asset Service Providers, as well as the marketing, distribution or sale of crypto assets, in case of a threat to investor protection, market integrity or financial stability.
- ESMA will also have a significant coordination role to ensure a consistent approach to the supervision of the largest VASPs with a customer base above 15 million.
- ESMA will be tasked with developing a methodology and sustainability indicators to measure the impact of crypto assets on the climate, as well as classifying the consensus mechanisms used to issue crypto assets, analyzing their energy use and incentive structures. Here, it is important to note that recently, the European Parliament's Committee on Economic and Monetary Affairs decided to exclude from the MiCA (by 32 votes to 24) proposed legal provision that sought to prohibit, in the 27 EU member countries, the use of cryptocurrencies powered by the “proof-of-work” algorithm.
- Registration of entities based in third countries, operating in the EU without authorization, will be established by ESMA based on information submitted by competent authorities, third country supervisors or identified by ESMA. Competent authorities will have far-reaching powers against listed entities.
- Virtual Asset Service Providers will be subject to robust Anti-Money Laundering safeguards.
- EU VASPs will have to be established and have substantive management in the EU, including a resident director and registered office in the member state where they apply for authorization. There will be robust checks on management, persons with qualifying holdings in the VASP or persons with close ties. Authorization should be refused if AML safeguards are not met.
- Exchanges will have liability for damages or losses caused to their customers due to hacks or operational failures that they should have avoided. As for cryptocurrencies such as Bitcoin, the brokerage will have to provide a white paper and be liable for any misleading information provided. Here, it is important to know the difference between the types of crypto assets. Both cryptocurrencies and tokens are types of crypto assets, and both are used as a way to store and transact value. The main difference between them is logical: cryptocurrencies represent “embedded” or “native” transfers of value; tokens represent “customizable” or “programmable” transfers of value. A cryptocurrency is a “native” digital asset on a given blockchain that represents a monetary value. You cannot program a cryptocurrency; that is, you cannot change the characteristics of a cryptocurrency, which are determined in its native blockchain. Tokens, on the other hand, are a customizable/programmable digital asset that runs on a second or third generation blockchain that supports more advanced smart contracts such as Ethereum, Tezos, Rostock (RSK) and Solana, among others.
- VASPs will have to segregate clients' assets and isolate them. This means that crypto assets will not be affected in the event of a brokerage firm's insolvency.
- VASPs will have to give clear warnings to investors about the risk of volatility and losses, in whole or in part, associated with crypto-actives, as well as comply with insider trading disclosure rules. Insider trading and market manipulation are strictly prohibited.
- Stablecoins have become subject to an even more restrictive set of rules: 1) Issuers of stablecoins will be required to maintain reserves to cover all claims and provide a permanent right of redemption for holders; 2) the reserves will be fully protected in the event of insolvency, which would have made a difference in cases like Terra.
First introduced in 2020, the MiCA proposal went through several iterations before reaching this point, with some proposed legislative provisions proving more controversial than others, such as NFTs remaining outside the scope but being able to be reclassified by supervisors on a case-by-case basis. That is, nonfungible tokens have been left out of the new rules — although, in the MiCA settlement discussions, it was pointed out that NFTs may be brought into the scope of the MiCA proposal at a later date.
In the same vein, DeFi and crypto lending were left out in this MiCA agreement, but a report with possible new legislative proposals will have to be submitted within 18 months of its entry into force.
As for stablecoins, a ban on them was considered. But, in the end, the understanding remained that banning or fully limiting the use of stablecoins within the EU would not be consistent with the goals set at the EU level to promote innovation in the financial sector.
Shortly after the ToFR and MiCA agreements were reported, some criticized the ToFR, pointing out, for example, that while legislators had done their part, the approved origin and recipient identification measures will only reach central bank digital currencies, but not privacy-focused blockchain networks like Monero and Dash.
Others have argued for the need for a harmonized and comprehensive framework like the MiCA proposal, which brings regulatory clarity and boundaries for industry players to be able to operate their businesses safely across the various EU member countries.
Do you think European policymakers have been able to use this opportunity to build a solid regulatory framework for digital assets that promotes responsible innovation and keeps bad actors at bay? Or do you think that new means of transactions will emerge to impede the traceability of crypto assets with zero threshold? Do you see a need for regulation to prevent the loss of more than $1 trillion in value of the digital asset industry in recent weeks caused by the announced risk of algorithmic stablecoins? Or do you believe that market self-regulation is sufficient?
It is true that market adjustment is shaking up many scammers and fraudsters. But unfortunately, it is also hurting millions of small investors and their families. Regardless of positioning, as an industry, the crypto sector needs to be mindful of accountability to users, who can range from sophisticated investors and technologists to those who know little about complex financial instruments.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.