The European Securities and Markets Authority (hereinafter, “ESMA”) has published on January 9, 2019 an Advice on ICOs and crypto-assets in order to clarify the existing legal regime applicable to crypto-assets that qualify as financial instruments.
After analyzing the different business models of crypto-assets, the risks, potential benefits and how they fit within the existing regulatory framework, ESMA has detected various problems related to the applicable regulatory framework. In this respect, ESMA differentiates between crypto-assets that qualify as financial instruments in accordance with the Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments (hereinafter, “MIFID II”) and crypto-assets that do not qualify as financial instruments.
Regarding the first category, ESMA highlights the existence of diverse regulatory requirements which should be reconsidered in order to allow an effective application of the existing legal regime. Regarding the second one, ESMA warns against the absence of an applicable legal regime and the potential risks that they imply for investors. In particular, ESMA notes that, at least, the requirements related to the prevention of money laundering should be applicable to all crypto-assets – whether or not they are qualified as financial instruments - and all activities in which they are involved.
ESMA’s Advice includes the following interesting points:
ESMA analyses the legal provisions that can be potentially applied to crypto-assets that qualify as financial instruments. In particular:
As the EU’s existing regulatory framework was not created with crypto-assets in mind, the national authorities with competencies in securities markets are now facing a new challenge: interpreting the existing requirements, which may not apply consistently across Member States, and trying to avoid regulatory arbitrage.
First, ESMA considers greater clarity about the types of services and activities that may be defined as “custody/safekeeping services” under the EU financial regulation. In ESMA’s opinion, having control of private keys on behalf of the clients could be considered equivalent to custody/safekeeping activities and, therefore, the existing requirements should apply to those who provide these services. In the meanwhile, some technical changes on requirements are needed in order to provide clarity on their interpretation.
Second, ESMA considers need for greater clarity concerning the concepts of “settlement” and “settlement finality” when applied to crypto-assets. In particular, ESMA considers that there should be a distinction between those DLT considered “permissioned” and those considered “permissionless”. This said ESMA has identified some governance issues within permissionless DLTs, making them less suitable to the processing of financial instruments. Another related issue ESMA has identified is the role of the “miners” as, given their novel and fundamental role in the settlement process, it is still unknown how they will be treated under the existing legislation.
Third, the ESMA has identified specific risks in the underlying technology, which may need an update in the requirements. ESMA believes that protocol and intelligent contracts that support encryption activities should be guaranteed somehow, in order to comply with the minimum reliability and security requirements. In addition, we must take into account new cybersecurity responses, including hacking risks, in order to assess if they are appropriately addressed by the existing set of rules.
This said, many of these issues would require Level 1 measures, which would be complemented by Level 2 technical standards and Level 3 measures adopted by ESMA.
Other issues that ESMA is concerned about are:
ESMA warns that a very small volume of currently issued crypto-assets are likely to qualify as financial instruments under the MiFID II Directive. In relation to this type of crypto-assets, ESMA is aware that some Member States are considering the implementation of legal regimes which could be applicable. Nevertheless, ESMA is concerned about the inexistence of a harmonized legal regime.
In view of this situation, ESMA proposes two options: