The introduction of the MiCA regulation undoubtedly emphasizes the importance of security, transparency, and compliance, aiming to build a safer and more trustworthy digital asset management framework.
Written by: Bai Zhen, Mankun Law Firm
The European Union's Markets in Crypto-Assets Regulation (MiCA) represents a significant development in the regulatory framework for digital assets. It aims to provide a clear and consistent regulatory environment for EU member states, covering key areas of the virtual asset ecosystem, including the operations and responsibilities of virtual asset custodians. This article explores specific considerations custodians need to take into account when complying with the latest regulatory environment.
MiCA Overview
MiCA aims to harmonize the regulation of crypto assets in the EU, providing legal certainty for issuers and service providers. It includes a framework for regulating cryptocurrencies, stablecoins, and other digital assets, establishing the rights and obligations of virtual asset custodians. These custodians are responsible for protecting and managing digital assets on behalf of clients and will be subject to stringent regulatory requirements to ensure security, transparency, and legal compliance.
* Image source: Screenshot from ESMA official website
The European Commission proposed the MiCA regulation in 2020, and the legislation came into effect on June 30, 2023. However, not all MiCA rules are immediately applicable—the rules regarding stablecoin issuers will take effect on June 30, 2024, while other provisions will come into effect on December 30, 2024.
As MiCA is about to take effect, the legislation provides a "transitional period," meaning that if a crypto asset service provider is currently providing services (before December 30, 2024), it can continue to do so until July 1, 2026, after which it must hold a license. However, the exact length of the transitional period is determined by the relevant EU member states.
Key Definitions of MiCA
Before discussing the compliance requirements for custodians, let's quickly review some key definitions from MiCA:
Crypto Asset
Refers to a digital representation of value or rights that can be transferred and stored electronically using distributed ledger technology or similar technology.
Asset-Referenced Token
Refers to a type of crypto asset that is not an electronic money token and claims to maintain a stable value by referencing another value or right or a combination thereof (including one or more official currencies).
Crypto Asset Service Provider
Refers to a legal entity or other enterprise that provides one or more crypto asset services to customers in a professional manner and is authorized to provide crypto asset services under Article 59.
Crypto Asset Services
Refers to the following services or activities related to any crypto asset:
- Custody and management of crypto assets on behalf of clients;
- Operation of a crypto asset trading platform;
- Exchange of crypto assets for fiat currency;
- Exchange of crypto assets for other crypto assets;
- Execution of crypto asset orders on behalf of clients;
- Offering crypto assets;
- Receiving and transmitting crypto asset orders on behalf of clients;
- Providing advice on crypto assets;
- Providing crypto asset portfolio management;
- Providing crypto asset transfer services on behalf of clients.
Custody and Management of Crypto Assets on Behalf of Clients
Refers to the manner of holding or controlling crypto assets or accessing such crypto assets on behalf of clients (if applicable, in the form of private keys).
Operation of a Crypto Asset Trading Platform
Refers to managing one or more multilateral systems that bring together or facilitate the bringing together of multiple third-party buying and selling interests in crypto assets and lead to contracts in the system based on its rules, resulting in the exchange of fiat currency or crypto assets.
Reserve Assets
Refers to a basket of reserve assets that guarantees claims against the issuer.
Custodian Compliance Requirements
As mentioned above, virtual asset custodians are defined as any entity that protects private keys and manages clients' digital assets on their behalf. This includes both centralized and decentralized custodians, regardless of their storage methods (e.g., hot wallets, cold wallets, or multi-signature solutions).
MiCA introduces significant changes for European crypto asset custodians. Under MiCA, custodians face stricter obligations to enhance transparency and security for clients. This includes requirements such as maintaining segregated accounts for client assets, robust internal custody procedures, and more detailed client agreements to clarify responsibilities and security measures. Additionally, custodians are now explicitly liable for any loss of crypto assets or loss of access to keys, increasing accountability for breaches or security failures. Prior to MiCA, the regulatory environment for custodians was relatively fragmented, often operating under the civil or contractual laws of individual EU member states. This shift towards a more structured and coordinated regulatory approach significantly alters the way custodians operate, providing greater legal certainty while demanding higher compliance standards.
Custodians will be required to meet several key regulatory obligations, involving the following matters:
Governance
As part of the application for authorization as a Crypto Asset Service Provider (CASP), applicants must include a description of the governance arrangements of the applicant CASP. In particular, the applicant CASP will need to consider the following:
- Do the members of its governing body have a good reputation? Do they possess the appropriate knowledge, skills, and experience (both individually and collectively) to perform their duties?
- Have the members of its governing body ever been convicted of crimes related to money laundering/terrorist financing or other offenses that could damage their good reputation?
- Do its shareholders and members (whether directly or indirectly) have a good reputation, and have they ever been convicted of money laundering/terrorist financing or other crimes?
- If its shareholders or members hold qualifying shares in the CASP, could their influence adversely affect the sound and prudent management of the CASP? If so, the competent authority must take appropriate measures to address such risks, such as:
a. Seeking judicial orders or imposing judicial penalties on directors and relevant management
b. Suspending the exercise of voting rights associated with shares held by relevant shareholders/members
- Has it established sufficiently effective policies and procedures to ensure compliance with MiCA's regulatory requirements? Is it able to assess and regularly review the effectiveness of such policies and procedures?
- Does it employ personnel with the necessary knowledge, skills, and expertise to fulfill their assigned responsibilities, considering the scale, nature, and scope of the crypto asset services provided?
- Does it have resilient and secure ICT systems? Are there appropriate business continuity policies covering ICT business continuity, addressing interruptions to ICT systems?
As mentioned above, business continuity policies are crucial for protecting custodians from potential liabilities under the new MiCA regime. This is because, in the event of loss of crypto assets or loss of means to access crypto assets, crypto asset custodians may be held liable to their clients. In such cases, it must be demonstrated that such losses are attributable to the custodian. Therefore, a suitable and effective business continuity plan that adequately addresses security measures and is regularly maintained is essential.
Capital
Under MiCA, crypto asset service providers must always maintain prudential safeguards equal to the higher of the following amounts:
- The permanent minimum capital requirement specified in Annex IV (€125,000);
- One quarter of the fixed expenditure from the previous year, reviewed annually.
* Image source: Annex IV of REGULATION (EU) 2023/1114 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 31 May 2023
Disclosure of Conflicts of Interest
MiCA provides clear guidance on conflicts of interest. But first, what exactly are conflicts of interest in a CASP? Conflicts of interest may arise between the CASP and itself or between the CASP and the following parties:
- Its shareholders/members;
- Any persons directly or indirectly associated with it or its shareholders/members;
- Members of its governing body;
- Its employees; or
- Its clients.
Conflicts of interest may also arise if there are conflicting common interests between two or more clients of the CASP.
In the presence of conflicts of interest, MiCA stipulates that the CASP must disclose the general nature and sources of the conflicts of interest to its clients and potential clients, as well as the measures taken to mitigate the conflicts of interest. Such disclosures must be prominently displayed on the CASP's website. Additionally, such electronic disclosures must include sufficient detail, considering the nature of each client, so that each client can make informed decisions based on the type of crypto asset services arising from the conflicts of interest.
Agreement Between Custodian/Manager and Its Clients
For CASPs wishing to provide custody and management services for crypto assets on behalf of clients, they need to outline at least the following matters in a written agreement (contract):
- The parties to the agreement;
- The nature of the crypto asset services provided and a description of those services;
- Custody policies;
- The communication methods between the crypto asset service provider and the client, including the client authentication system;
- A description of the security systems used by the crypto asset service provider;
- The fees, costs, and charges levied by the crypto asset service provider; and
- Applicable laws.
Custody Policies
The aforementioned "custody policies" refer to policies designed to minimize the following risks:
- Loss of clients' crypto assets;
- Loss of rights associated with those crypto assets; or
- Loss of means to access crypto assets due to fraud, cyber threats, or negligence.
Custody policies do not necessarily need to be included in the initial agreement with clients but must be provided to clients in electronic format upon request.
Mankun Law Firm Summary
The introduction of the MiCA regulation undoubtedly emphasizes the importance of security, transparency, and compliance, aiming to build a safer and more trustworthy digital asset management framework. For custodians, while the new regulatory environment presents certain challenges, it also fosters new development opportunities. Adapting to the dynamic requirements of MiCA is crucial for maintaining competitiveness. Mankun Law Firm believes that although the MiCA legislation has not yet been fully implemented and its ultimate effects remain to be seen, we have reason to believe that as regulatory experience accumulates and market feedback is received, MiCA will continue to improve to better accommodate the particularities of crypto assets. In the future, more regulations may be needed to fill potential regulatory gaps.
As professionals deeply engaged in Web3 business compliance, Mankun Law Firm advises that to better respond to the changes brought by MiCA, custodians can take the following three actions immediately:
- Review and update internal processes. Ensure that existing operating procedures comply with MiCA's requirements, particularly regarding asset segregation, secure custody, and client agreements.
- Strengthen risk management. Identify and assess potential risk points and develop corresponding risk mitigation measures to prevent the loss of crypto assets or the leakage of access keys.
- Enhance compliance capabilities. Invest in compliance training and technology to ensure that the team understands and adheres to MiCA's regulations while maintaining ongoing attention to regulatory dynamics for timely strategy adjustments.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
