Part II - New rules governing the issuance of crypto-assets and the provision of crypto-asset services

 November 6, 2024 | Blog

The Markets in Crypto-Assets Regulation (MiCA) lays down uniform requirements for the issuance of crypto-assets and providers of crypto-asset services. MiCA will apply in full effect from 30 December 2024.

  • Part I of this trilogy discussed the rules laid down with respect to the issue of crypto-assets and the admission to trading of such assets.
  • This Part II examines the rules with respect to crypto-asset service providers, or CASPs for short.
Definitions

A good understanding of MiCA requires knowledge of a number of terms. The definitions of the various crypto-assets were reviewed in Part I. For the purposes of this Insight, a key fact to be aware of is that MiCA defines a "crypto-asset service provider" as: a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59 MiCA. There are CASPs that fall outside the scope of MiCA, such as persons that exclusively offer intragroup crypto-asset services.

MiCA defines a "client" as any natural or legal person to whom a CASP provides crypto-asset services.

The definition of "crypto-asset service" covers ten services and activities relating to any crypto-asset, those ten being:

  1. providing custody and administration of crypto-assets on behalf of clients;
  2. operation of a trading platform for crypto-assets;
  3. exchange of crypto-assets for funds;
  4. exchange of crypto-assets for other crypto-assets;
  5. execution of orders for crypto-assets on behalf of clients;
  6. placing of crypto-assets;
  7. reception and transmission of orders for crypto-assets on behalf of clients;
  8. providing advice on crypto-assets;
  9. providing portfolio management on crypto-assets;
  10. providing transfer services for crypto-assets on behalf of clients.
Authorisation requirement

Title V of MiCA will apply from 30 December 2024. This means that no crypto-asset services may be provided unless (i) the legal person concerned has been authorised by the AFM as a CASP in accordance with MiCA; or the provider is (ii) a credit institution, central securities depository, investment firm, market operator, electronic money institution, UCITS management company, or an AIF manager.

It follows that the institutions listed under (ii) are not required to apply for an authorisation under MiCA. However, they are obliged to notify specific information to the AFM at least 40 days before providing crypto-asset services from the first time. This information includes, for example, a description of their internal control mechanisms and a business continuity plan. Only when the AFM has concluded that all information has been notified is the institution concerned allowed to provide crypto-asset services, to which it is added that credit institutions are then allowed to provide all crypto-asset services.  As for the other institutions, MiCA regulates for each type of institution which services they are allowed to provide.

Those parties that are not listed under (ii) and that are therefore required under (i) to apply to the AFM for an authorisation under MiCA are subject to the additional requirements that (a) they have a registered office in a Member State where they carry out at least part of their crypto-assets services, (b) they have their place of effective management in the EU, and (c) at least one of their directors is resident in the EU. 

Passporting

Authorised CASPs are allowed to provide their services throughout the EU. If a CASP has plans to provide its services in multiple Member States, it must notify the competent authority of its home Member State and provide specific information.

Third-country providers

Where a client established in the EU on its own exclusive initiative asks a third-country firm - meaning a firm established in a country that is not a member of the EU - to provide crypto-asset services on its behalf, the authorisation requirement imposed by MiCA does not apply. Obviously, any requirements imposed by the authorities of the home country of such firm must be complied with.

Transitional period

In principle, CASPs with registered office in the Netherlands that provided crypto-asset services prior to 30 December 2024 are subject to an 18-month transitional period under MiCA. The Netherlands has, however, decided to exercise the available Member State option and to reduce this period to six (6) months. Consequently, the relevant CASPs must be authorised in accordance with MiCA by 1 July 2025 at the latest.

Authorisation requirements

CASPs that have to apply for authorisation to the AFM are required to provide extensive information with the application. This includes proof that the applicant CASP meets the requirements for prudential safeguards (see below). In addition, as is the case for many other regulated parties, they must submit proof that the proposed management body is of sufficiently good repute and possess the appropriate knowledge, skills and experience to manage the CASP. Among the other information to be provided, applicant CASPs must submit a description of their internal control mechanisms, policies and procedures to identify, assess and manage risks (including money laundering and terrorist financing risks).

Obligations for all CASPs

Chapter 2 of Title V of MiCA sets out the obligations that apply to all CASPs. Four of those obligations are discussed below.

Duty of care

CASPs must act honestly, fairly and professionally in accordance with the best interests of their clients (and prospective clients). CASPs are also obliged to warn clients of the risks associated with transactions in crypto-assets. On top of that, CASPs are to provide transparency and make their policies on pricing, costs and fees publicly available, in a prominent place on their website.

Prudential requirements

In line with issuers of crypto-assets, CASPs must at all times have in place financial buffers (referred to in MiCA as prudential safeguards) equal to an amount of at least the higher of the following: (I) the amount of permanent minimal capital requirements, which - depending on the type of crypto-asset services provided - is EUR 50,000, EUR 125,000 or EUR 150,000; or (ii) one quarter of the fixed overheads of the preceding year, reviewed annually. These safeguards can take the form of own funds, an insurance policy or a combination thereof.

Governance arrangements

The governance rules of MiCA require that managers of a CASP are of sufficiently good repute, meaning that they have not been convicted of offences relating to money laundering or terrorist financing, to name a few. This requirement extends to shareholders and members, whether direct or indirect, that have qualifying holdings in the CASP.

In addition, CASPs must adopt policies and procedures that are sufficiently effective to ensure compliance with MiCA.

Complaints-handling procedures

CASPs must establish and maintain effective and transparent procedures for the prompt, fair and consistent handling of complaints received from clients. Descriptions of those procedures must be published.

Obligations in respect of specific crypto-asset services

Depending on the type of crypto-asset service provided, specific additional obligations apply to CASPs. For illustration purposes, we will review below a number of the obligations that apply to two (2) types of crypto-asset services.

Providing custody and administration of crypto-assets on behalf of clients

CASPs providing custody and administration of crypto-assets on behalf of clients must conclude an agreement with those clients to specify their duties and responsibilities. The 

agreement is to include clauses on such matters as the custody policy and the fees, costs and charges applied by the CASP. CASPs must also keep a register recording all positions opened and all movements following client instructions. And at least once every three months, CASPs must provide their clients with a statement of position of the crypto-assets recorded in their name.

Reception and transmission of orders for crypto-assets on behalf of clients

CASPs receiving and transmitting orders for crypto-assets on behalf of clients must establish and implement procedures and arrangements that provide for the prompt and proper transmission of those orders. CASPs providing this service are not allowed to receive any commission or fee, in the form of a remuneration or discount, for example, in return for routing orders to a crypto-asset trading platform or another CASP.

Conclusion

If this blog post has piqued your interest in the consequences MiCA will have for Dutch legislation, then stay tuned! In our third and final instalment of our series on MiCA, we will delve into the impact these new rules will have on Dutch laws and regulations. Curious how these changes will affect your company and what the best way is to prepare for them? You will find out here. The third and final instalment of this trilogy is soon to be released.

For a complete overview, read the other blogs in this series:

Part I: The regulatory framework on the issuance and admission to trading of crypto-assets.

Part III: The Dutch legislation and regulations required for the implementation and enforcement of MiCA.

The Markets in Crypto-Assets Regulation (MiCA) lays down uniform requirements for the issuance of crypto-assets and providers of crypto-asset services. MiCA will apply in full effect from 30 December 2024.

  • Part I of this trilogy discussed the rules laid down with respect to the issue of crypto-assets and the admission to trading of such assets.
  • This Part II examines the rules with respect to crypto-asset service providers, or CASPs for short.
Definitions

A good understanding of MiCA requires knowledge of a number of terms. The definitions of the various crypto-assets were reviewed in Part I. For the purposes of this Insight, a key fact to be aware of is that MiCA defines a "crypto-asset service provider" as: a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59 MiCA. There are CASPs that fall outside the scope of MiCA, such as persons that exclusively offer intragroup crypto-asset services.

MiCA defines a "client" as any natural or legal person to whom a CASP provides crypto-asset services.

The definition of "crypto-asset service" covers ten services and activities relating to any crypto-asset, those ten being:

  1. providing custody and administration of crypto-assets on behalf of clients;
  2. operation of a trading platform for crypto-assets;
  3. exchange of crypto-assets for funds;
  4. exchange of crypto-assets for other crypto-assets;
  5. execution of orders for crypto-assets on behalf of clients;
  6. placing of crypto-assets;
  7. reception and transmission of orders for crypto-assets on behalf of clients;
  8. providing advice on crypto-assets;
  9. providing portfolio management on crypto-assets;
  10. providing transfer services for crypto-assets on behalf of clients.
Authorisation requirement

Title V of MiCA will apply from 30 December 2024. This means that no crypto-asset services may be provided unless (i) the legal person concerned has been authorised by the AFM as a CASP in accordance with MiCA; or the provider is (ii) a credit institution, central securities depository, investment firm, market operator, electronic money institution, UCITS management company, or an AIF manager.

It follows that the institutions listed under (ii) are not required to apply for an authorisation under MiCA. However, they are obliged to notify specific information to the AFM at least 40 days before providing crypto-asset services from the first time. This information includes, for example, a description of their internal control mechanisms and a business continuity plan. Only when the AFM has concluded that all information has been notified is the institution concerned allowed to provide crypto-asset services, to which it is added that credit institutions are then allowed to provide all crypto-asset services.  As for the other institutions, MiCA regulates for each type of institution which services they are allowed to provide.

Those parties that are not listed under (ii) and that are therefore required under (i) to apply to the AFM for an authorisation under MiCA are subject to the additional requirements that (a) they have a registered office in a Member State where they carry out at least part of their crypto-assets services, (b) they have their place of effective management in the EU, and (c) at least one of their directors is resident in the EU. 

Passporting

Authorised CASPs are allowed to provide their services throughout the EU. If a CASP has plans to provide its services in multiple Member States, it must notify the competent authority of its home Member State and provide specific information.

Third-country providers

Where a client established in the EU on its own exclusive initiative asks a third-country firm - meaning a firm established in a country that is not a member of the EU - to provide crypto-asset services on its behalf, the authorisation requirement imposed by MiCA does not apply. Obviously, any requirements imposed by the authorities of the home country of such firm must be complied with.

Transitional period

In principle, CASPs with registered office in the Netherlands that provided crypto-asset services prior to 30 December 2024 are subject to an 18-month transitional period under MiCA. The Netherlands has, however, decided to exercise the available Member State option and to reduce this period to six (6) months. Consequently, the relevant CASPs must be authorised in accordance with MiCA by 1 July 2025 at the latest.

Authorisation requirements

CASPs that have to apply for authorisation to the AFM are required to provide extensive information with the application. This includes proof that the applicant CASP meets the requirements for prudential safeguards (see below). In addition, as is the case for many other regulated parties, they must submit proof that the proposed management body is of sufficiently good repute and possess the appropriate knowledge, skills and experience to manage the CASP. Among the other information to be provided, applicant CASPs must submit a description of their internal control mechanisms, policies and procedures to identify, assess and manage risks (including money laundering and terrorist financing risks).

Obligations for all CASPs

Chapter 2 of Title V of MiCA sets out the obligations that apply to all CASPs. Four of those obligations are discussed below.

Duty of care

CASPs must act honestly, fairly and professionally in accordance with the best interests of their clients (and prospective clients). CASPs are also obliged to warn clients of the risks associated with transactions in crypto-assets. On top of that, CASPs are to provide transparency and make their policies on pricing, costs and fees publicly available, in a prominent place on their website.

Prudential requirements

In line with issuers of crypto-assets, CASPs must at all times have in place financial buffers (referred to in MiCA as prudential safeguards) equal to an amount of at least the higher of the following: (I) the amount of permanent minimal capital requirements, which - depending on the type of crypto-asset services provided - is EUR 50,000, EUR 125,000 or EUR 150,000; or (ii) one quarter of the fixed overheads of the preceding year, reviewed annually. These safeguards can take the form of own funds, an insurance policy or a combination thereof.

Governance arrangements

The governance rules of MiCA require that managers of a CASP are of sufficiently good repute, meaning that they have not been convicted of offences relating to money laundering or terrorist financing, to name a few. This requirement extends to shareholders and members, whether direct or indirect, that have qualifying holdings in the CASP.

In addition, CASPs must adopt policies and procedures that are sufficiently effective to ensure compliance with MiCA.

Complaints-handling procedures

CASPs must establish and maintain effective and transparent procedures for the prompt, fair and consistent handling of complaints received from clients. Descriptions of those procedures must be published.

Obligations in respect of specific crypto-asset services

Depending on the type of crypto-asset service provided, specific additional obligations apply to CASPs. For illustration purposes, we will review below a number of the obligations that apply to two (2) types of crypto-asset services.

Providing custody and administration of crypto-assets on behalf of clients

CASPs providing custody and administration of crypto-assets on behalf of clients must conclude an agreement with those clients to specify their duties and responsibilities. The 

agreement is to include clauses on such matters as the custody policy and the fees, costs and charges applied by the CASP. CASPs must also keep a register recording all positions opened and all movements following client instructions. And at least once every three months, CASPs must provide their clients with a statement of position of the crypto-assets recorded in their name.

Reception and transmission of orders for crypto-assets on behalf of clients

CASPs receiving and transmitting orders for crypto-assets on behalf of clients must establish and implement procedures and arrangements that provide for the prompt and proper transmission of those orders. CASPs providing this service are not allowed to receive any commission or fee, in the form of a remuneration or discount, for example, in return for routing orders to a crypto-asset trading platform or another CASP.

Conclusion

If this blog post has piqued your interest in the consequences MiCA will have for Dutch legislation, then stay tuned! In our third and final instalment of our series on MiCA, we will delve into the impact these new rules will have on Dutch laws and regulations. Curious how these changes will affect your company and what the best way is to prepare for them? You will find out here. The third and final instalment of this trilogy is soon to be released.

For a complete overview, read the other blogs in this series:

Part I: The regulatory framework on the issuance and admission to trading of crypto-assets.

Part III: The Dutch legislation and regulations required for the implementation and enforcement of MiCA.