The Council of the European Union has dealt with the digital financing package relatively intensively and for a long time, so green is a milestone for both proposals. The European Parliament in particular is currently on the move, and the document will be discussed and voted on early next year. It is then time to transpose it into national legislation. Who will be most affected by the new regulations?
First a little summary and a bit of history
The objective of the Crypto-Asset Markets Regulation (MiCA), which began to take shape in 2020, was to create a regulatory framework for the crypto-asset market that does not hinder innovation in the sector (not in all respects) and protects investors and, in the words of EU officials, “preserves financial stability”, thus not jeopardizing the current financial system.
The Digital Operational Resilience Regulation (DORA), which is directly related to MiCA, is not so well known, as it is infrastructural in nature and does not look so cool in the media. In fact, it’s pretty cool. For the first time in the history of the Union, this proposal introduces comprehensive regulation of security requirements for networks and information systems used by financial service providers (including cryptocurrencies).
In other words, it is a unification of European requirements for risk reduction (identification, protection, prevention, detection, response and recovery, training and development in the field) in the field of information technology. information for the financial sector.
Will financiers become security?
The regulations practically force financial players to be cybersecurity experts at the same time, if not downright proactive. Anyone wishing to provide financial services in digital form in the EU will need to ensure that they are able to withstand all types of ICT disruptions and threats and effectively prevent cyber threats.
The legislation concerns all financial market participants, including crypto-active entities, auditors and audit firms, but also, for example, information and communication technology service providers for the financial sector.
While banks and large entities are likely to cope with the new regulations easily, as most of the requirements are already required by PSD2 or European Banking Authority guidelines, for many smaller players, especially in the cryptocurrency environment, this can be interesting and essential nuts.
In this regard, although the Regulation provides for the application of the principle of proportionality, that is to say that everyone only meets the requirements insofar as this is proportionate to the activity they carry out, the experience local to date is such that everyone ultimately measures the same meter, which clearly favors banks and other large established institutions. On the contrary, for small innovative players, the new regulations may be an insurmountable barrier, as they will not achieve the required license at all, or they will be deprived of millions of costs just for the necessary security infrastructure.
Additional costs will be at your expense compliance, DORA significantly increases the reporting burden. This will reinforce the obligation for financial entities to report all significant IT incidents to the competent authorities, to publish initial, intermediate and final reports on the incidents and – which is a positive message at least from the consumer – to inform their users and customers about incidents.
The last obligation applies to all situations where there is a risk that a security incident could affect the financial interests of the client. The regulation also provides for the sharing of information between entities in order to raise risk awareness and proactively monitor risks.
In short, DORA is a well-intentioned intention to make the digital part of the European financial sector safer, more homogeneous and more transparent, but its unintended consequence could be at least a partial suppression of the crypto-fintech revolution and a return to the status quo. quo of the financial monopolies of the 20th century.
Then, of course, there’s the MiCA itself, which we paid a lot of attention to at Lupa, especially last year when it was just beginning to ferment, and what would come out of it at the end n was not entirely clear. The two regulations complement each other in some respects.
Regulation of crypto-asset markets
The first blow of the regulatory framework for crypto-assets in Europe appeared before the pandemic, i.e. in December 2019. Debugging took place throughout the first half of the following year and in September 2020 it was adopted by the European Commission under the legislative regime proposal , abbreviated as MiCA) as well as a proposal on a pilot project for market infrastructures based on distributed ledger technology (DLT), both within the framework of the so-called digital financial package.
MiCA regulates the treatment of crypto-assets that fall outside the scope of current European financial market legislation, namely MiFID II. The subject of MiCA is such as the regulation of cryptoactive auctions, the rules for issuing tokens whose value is reflected from a certain basket of fiat currencies or other assets (these are stablecoins), the issuance of electronic money tokens and the licenses and requirements for their issuers.
However, future crypto regulations also regulate the provision of other crypto-related services, and the bad news for their operators is that most of them will now require a special license. The newly defined market is to be supervised by two authorities – the European Market Supervisory Authority (ESMA) and the European Banking Authority (EBA).
Even after two years, MiCA still has flies. Despite repeated reservations, for example, it still does not sufficiently reflect the existence of the DeFi sector. Technically, MiCA does not contain any DeFi-specific provisions, but its requirements practically rely on DeFi – but also other smart contract-based applications (like NFT) – so to speak, outlawing.
MiCA was also discussed early on with a proposal for a pilot regime for market infrastructures based on “distributed ledger technology”, which is nothing more than a broad definition of the term blockchain.
This proposal addresses the issue of trading in selected crypto-assets, which by their nature fall under MiFID II. It solves the connection of cryptoassets to the formal financial system and fully regulated market infrastructure.
Currently, central securities depositories (CSDs) cannot be created on European soil to enable the trading and settlement of crypto-assets on traditional regulated financial markets. But the new directive should change that. The central securities depository and multilateral trading systems will be able to apply for a new license to trade cryptoassets. Under the pilot scheme, this should work so they can apply for pre-arranged exemptions to current EU rules.
The proposed regulations are anchored in the European “Fintech Action Plan” of March 2018 and have four main objectives: to provide legal certainty (to create a legal framework that clearly defines the regulatory treatment of all crypto-asset products not covered by current legislation ); to ensure market security, integrity and an adequate level of protection for investors and users, and to ensure financial stability. The last point mainly concerns the issue of stablecoins.
On the other hand, what the MiCA does not regulate at all are cryptoactive assets, which qualify as financial instruments within the meaning of Article 4 of European Directive 2014/65/EU. This is good news for Bitcoin and most first generation cryptocurrencies.
It also does not regulate electronic money (as defined in Article 2 (point 2) of Directive 2009/110/EC), with the exception of electronic money tokens as defined in this directive. Deposits (as defined in Article 2 of Directive 2014/49/EU), structured deposits (in accordance with Article 4 of Directive 2014/65/EU) and securitization (see Article 2 of EU Regulation 2017/2402) are not regulated either.
Despite childhood illnesses, MiCA is a relatively conservative and positive initiative that transparently sets the playing field, protects end users, and tries not to interfere too much in a hitherto unregulated market. Unfortunately, in Europe today, there are more and more voices calling for more radical surveillance of the sector. We will see in which direction the EU will eventually go.