Requirements for Crypto-Asset service providers under the new MiCA Regulation
The regulation of crypto-asset services has become a topic of increasing interest and concern within the European Union (EU). In response to this need, the MiCA Regulation (Markets in Crypto-Assets) has been established to define the requirements that crypto-asset service providers must meet to operate in the EU.
In this article, we will explore the key requirements presented in the MiCA Regulation concerning the authorization of crypto-asset service providers.
Authorization to provide Crypto-Asset Services
Article 59 of the MiCA Regulation establishes that crypto-asset services can only be provided within the European Union if the entity offering them has been properly authorized. This authorization can be granted to legal entities or other companies that meet the requirements outlined in Article 63 of the regulation.
Alternatively, certain financial entities such as credit institutions, investment firms, and others, may provide crypto-asset services under specific conditions and authorizations that are applicable to them.
Crypto-asset service providers must fulfill a series of requirements to obtain authorization under the MiCA Regulation:
- Registered Office and Actual Management: Authorized crypto-asset service providers must have a registered office in an EU member state where at least part of their crypto-asset services are provided. Furthermore, their actual management must take place within the Union.
- Resident Directors: At least one of the directors of the entity must be a resident of the European Union.
- Protection of Third-Party Interests: Entities that are not legal persons may provide crypto-asset services if their legal form ensures a level of protection of third-party interests equivalent to that provided and required of legal persons. These entities must be subject to prudential supervision adapted to their legal form.
- Ongoing Compliance: Crypto-asset service providers must comply at all times with the conditions established for their authorization.
Required Information for Authorization
The application process for authorization as a crypto-asset service provider is outlined in Article 62 of the MiCA Regulation, and, in summary, includes the following:
- Identification Information: Applicants must provide comprehensive information about their entity, including its name, legal form, website, contact address, and other identification details.
- Activities Program: They must describe the types of crypto-asset services they intend to offer, as well as how these services will be marketed.
- Prudential Safeguards: Applicants must demonstrate compliance with the prudential safeguard’s requirements set out in Article 67 of the regulation.
- Governance and Experience: Members of the management body must have the required integrity, knowledge, and experience necessary for the management of the entity.
- Internal Control and Risk Management: A description of internal control mechanisms, policies, and procedures for risk management, including anti-money laundering and counter-terrorism financing measures, is required.
- Technology and Security: Technical systems and security provisions must be described in detail using non-technical language.
- Custody and Asset Management: If planning to offer custody and administration services for clients’ crypto-assets, an appropriate custody and administration policy must be in place, subject to evaluation by the supervisory body.
- Trading Platforms and Other Services: For managed trading platforms and other services, relevant rules and procedures must be described.
As for the application process, the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) are currently in the process of developing technical standards to establish the required information in the authorization application. These standards must be submitted to the Commission by June 30, 2024.
The MiCA Regulation sets rigorous requirements to ensure the protection of user interests and financial stability in a rapidly growing crypto-asset services environment.
With the appropriate authorization and ongoing compliance with conditions, crypto-asset service providers will be able to operate throughout the EU, fostering a secure and reliable environment for participants in the crypto-asset market and providing users with confidence to engage in cryptocurrency transactions.
In addition to the outlined requirements, it’s important to note that crypto-asset service providers are also considered obliged entities, as stated in Article 2 of Law 10/2010, of April 28, on the prevention of money laundering and terrorist financing.
Therefore, they must comply with the requirements and obligations imposed by this law to prevent money laundering and terrorist financing scenarios, which, due to the anonymity offered by blockchain technology, have become useful tools for organized criminal gangs and as a means of funding certain terrorist groups.
If you are considering registering an exchange or offering services related to cryptocurrencies, at Letslaw we can assist you and put our knowledge and experience in Digital Law at your disposal.
Letslaw es una firma de abogados internacionales especializada en el derecho de los negocios.