20 апреля Европарламент approved the regulation MiCA, covering regulation of many components of the crypto industry in the European Union. On the same day the EU also adopted another act affecting companies in the sector and crypto holders. It concerns the regulation of information accompanying transfers of funds and certain crypto-assets.
Updated regulation could entail stricter tracking of digital currency transactions. This obligation is also the result of pressure from the Financial Action Task Force (FATF) to apply the so-called ‘travel rule’.
To implement the latter, the EU formulated provisions for the Transfers of Funds Regulation (TFR) in addition to MiCA. The regulation will take effect in January 2025 (eighteen months after it enters into force). Under this act, CASP will be able to identify addresses under sanctions and ensure full identification and tracing of crypto-asset transfers.
“Crypto-asset transactions will be tracked in the same way as traditional money transfers,” the European Parliament noted.
For more details on MiCA and the TFR, ForkLog UA spoke with attorney, CEO and founder of Manimama Legal & Growth Agency Anna Voevodina.
Creating a single European market for virtual assets
Regulation of European crypto markets is one of the most significant and far-reaching documents in the regulation of virtual assets, says Voevodina. It was developed as part of broader regulatory measures, including initiatives such as the Digital Operational Resilience Act (DORA), the pilot regime for distributed ledger technology (DLT), and the regulation of transfers of funds (TFR).
Before the regulation was adopted at EU level there were no common rules governing crypto markets. Current rules are based on disparate legal acts, interpretations and guidelines in the laws of various EU member states. There are separate anti-money-laundering rules for services related to unregulated crypto assets, including platforms for trading, exchanging or storing cryptocurrencies.
Moreover, the EU lacks a unified legal definition of the nature of crypto assets. This situation leaves their owners exposed to risks, hampers market development, and limits the potential of innovative digital services and alternative payment instruments, becoming a platform for market manipulation and a basis for financial crime.
MiCA aims to change that.
- MiCA was first proposed in September 2020 as part of a broad package regulation of digital finance designed to boost the EU financial sector’s competitiveness and to give consumers broader access to innovative products.
- On 24 November 2021 the Council of the EU approved the negotiating mandate for MiCA.
- The next step was negotiations between lawmakers that began on 31 March 2022 and concluded with a provisional agreement on 30 June 2022.
- MiCA and the TFR are expected to enter into force in July 2023. Provisions on the regulation of stablecoins will apply from July 2024, with the rest (together with the TFR) taking effect in January 2025.
MiCA will apply across the EU without the need for national implementing laws. This approach serves consumer protection and provides an effective and harmonised access to the innovative crypto-asset segment in the market. Thus MiCA will be a regulation with direct effect.
Key concepts of MiCA
Types of crypto-assets
According to the regulation, a “crypto-asset” means a digital representation of value or rights that can be transmitted and stored electronically using distributed ledger technology or similar.
MiCA defines three token types:
- utility tokens — crypto-assets intended to provide access to the issuer’s goods or services;
- asset-referenced — crypto-assets designed to maintain a stable price based on the value of several fiat currencies, commodities, crypto-assets or a combination of such assets;
- e-money — crypto-assets whose primary purpose is to be used as a means of exchange and which must maintain a stable price linked to the value of a fiat currency that is legal tender.
For the latter two MiCA introduces the notion of “significance”. Significant asset-referenced and e-money tokens are assets that exceed certain thresholds of use and meet higher prudential, governance and liquidity requirements.
Issuers
An issuer of crypto-assets is a legal entity that offers to the public any type of crypto-asset or seeks to ensure their admission to a trading platform.
Among the main requirements for issuers of the three asset types are the development of a detailed white paper and notification to the competent authority, avoidance of potential conflicts of interest, etc.
Requirements for CASP
A crypto-asset service provider or CASP is any person that provides one or more crypto-asset-related services to third parties on a professional basis.
Among such services:
- holding and administering crypto-assets, executing orders on their behalf from third parties;
- operating a trading platform for crypto-assets;
- exchanging crypto-assets for fiat currency that is legal tender, or for other digital assets;
- issuing crypto-assets;
- providing advice on virtual assets.
CASPs must register a office in one of the EU member states, obtain provider authorization, comply with organizational and reputational requirements, as well as with minimum custody standards. The minimum share capital should range from €50,000 to €150,000 depending on the services provided.
Will tracing transfers end anonymity?
The regulation on information accompanying transfers of funds and certain crypto-assets will apply to transactions that are directed to or received by a CASP in the EU, states in the explanatory memorandum of the European Parliament:
“It should also apply to crypto-asset transfers conducted via crypto-asset ATMs, if the crypto-asset service provider, the initiator’s intermediary, or the beneficiary has a registered office in the EU.”
The regulation shall not apply if:
- the initiator and the recipient are the crypto-asset service providers themselves;
- in transfers of crypto-assets between individuals conducted without involvement of service providers.
Voevodina noted that EU CASPs will be required to comply with the money-transfer rule in every transaction, regardless of its amount.
The de minimis threshold does not apply, and there are no simplified transaction requirements within the EU.
Meanwhile, the amount of information about the sender and recipient that CASP must provide does not vary with the transaction size. Article 27 of the regulation explains this approach, citing the “inherent borderless character and global reach of crypto-asset transfers and the provision of related services.”
It also notes that it “complies with the FATF requirement to treat all crypto-asset transfers as cross-border,” which makes any difference in the scope of obligations for transactions inside and outside the EU moot.
Second, CASPs must fulfill travel-rule obligations before executing a transaction. Under the TFR, CASP-originators are required to transmit information to the CASP-receiver before sending the relevant crypto-asset transfer. In turn, the recipient must ensure that the necessary information has been received before making the transfer available to the end customer.
Operations with non-custodial wallets
Transactions between individuals with non-custodial wallets (self-hosted wallet/unhosted wallet) above €1000 require wallet-owner verification.
Under FATF guidelines, transactions with such wallets fall under the TFR. When operating with self-hosted wallets, European CASPs must collect the necessary information about the sender and recipient, and also perform the following additional wallet-verification obligations for transfers above €1000:
- when sending a transfer to a non-custodial wallet, the sender must verify whether this wallet belongs to the sending client or is controlled by them;
- when receiving a transfer from a non-custodial wallet, the recipient must ensure that the receiving client is the owner or controller of the sending wallet.
The non-custodial wallet identification tool defines the jurisdictional requirements for each transaction. It collects data about client-counterparties from the withdrawal page, creating an archive for sanctions compliance, record-keeping and suspicious-activity reporting.
Next comes the question: how can non-custodial wallets be brought into line with the FATF rules on funds movement?
The funds-movement rule requires providers of virtual-asset transfer services (VASP) to collect and transmit certain data about their customers and the transactions processed. This information includes the name and address of the sender and recipient of the transaction, as well as their account numbers. The rule applies to all VASPs, including those that work with non-hosted wallets.
One approach to align non-custodial-wallet operations with FATF funds-movement rules is to use a third-party service provider specializing in compliance with these norms.
Such providers can act as intermediaries between non-hosted-wallet users and VASPs, collecting and transmitting the necessary information on behalf of users. This allows users to continue using them while complying with the rules.
Another approach is that non-custodial-wallet users must collect and transmit the required data themselves. They can use a standardised data format and ensure secure transmission to the VASP participating in the transaction. This approach may be more complex but allows non-custodial-wallet users to retain full control over their accounts and transactions.
Complying with FATF travel-rule is an ongoing process, so VASPs and non-custodial-wallet users must remain vigilant to ensure compliance as the rules evolve.
In conclusion, CASPs will be required to properly verify all clients:
- conduct customer identification (name, address, date of birth, place of birth, etc.);
- ensure that the client is not subject to sanctions;
- store personal data and information related to AML/CTF;
- transmit the data with the transaction;
- depending on whether the CASP processes a transaction on behalf of the sender or the recipient, it must collect and transmit the personal data and AML/CTF information, or receive it from the sender and verify it.