In Short

The Situation: On January 9, 2019, the European Securities and Markets Authority ("ESMA") issued advice to the EU Commission, Council, and Parliament on initial coin offerings ("ICOs") and crypto assets.

The Result: ESMA provided guidance on the existing EU rules applicable to crypto assets that qualify as MiFID II financial instruments. It also highlighted certain gaps in the EU regulatory framework, in particular the fact that investor protection rules are not generally applicable to crypto assets that do not qualify as financial instruments.

Looking Ahead: We expect that the EU regulatory framework will be amended in order to close some or all of the gaps identified by ESMA.

On January 9, 2019, ESMA issued advice to the EU Commission, Council, and Parliament on ICOs and crypto assets (ESMA50-157-1391). For the purposes of the advice, ESMA defines crypto assets as "a type of private asset that depends primarily on cryptography and distributed ledger technology ("DLT") as part of their perceived or inherent value." The advice highlights specific challenges that market participants and regulators face when determining if, and how, existing regulatory frameworks apply to crypto assets. The advice then provides a detailed analysis of the risks and potential benefits of various crypto asset-related business models, as well as risks and potential benefits of different kinds of crypto assets.

Legal and Regulatory Status of Crypto Assets

ESMA's conclusion is that, currently, the status of any particular crypto asset has to be assessed separately for each token (in the absence of a legal definition of crypto assets under EU law). The approach is the same when assessing whether any particular asset qualifies as a regulated financial instrument. Classification may also depend on the law of EU member states, in particular as a result of national implementation of MiFID II (Directive 2014/65/EU) with the result of inconsistencies in respect of the regulatory treatment of crypto assets across various jurisdictions.

If crypto assets qualify as a MiFID II financial instrument, then the EU legal framework for the regulation and supervision of financial instruments will apply. In addition to MiFID II/MiFIR, this may include the Prospectus, Transparency, and the Settlement Finality Directives, as well as the Market Abuse, Short Selling, and the Central Securities Depository Regulations (Directives 2003/71/EC, 2004/109/EC, 98/26/EC, Regulations (EU) No 596/2014, No 236/2012, No 909/2014). ESMA highlights that in each case, it is necessary to consider all aspects and features of any crypto asset. This can be a particular challenge given the extent of asset diversity. Also, many have "hybrid" features (e.g., mixed debt and equity features) which may not occur in traditional financial instruments.

Risks and Issues for Consideration by Regulators

Regardless of whether a crypto asset qualifies as financial instrument, ESMA notes that regulators should consider the individual risks that a crypto asset may pose to the objectives of investor protection and market integrity, specifically the likelihood that businesses issuing tokens will fail, lack of liquidity, and fraud risk. Of particular relevance are:

  • General risks related to trading platforms regarding fair and orderly trading without discrimination and safeguards to provide sound price discovery and pre- and post-trade transparency are not unique to crypto assets but may be exacerbated because of their high price volatility and often low liquidity.
  • Custody risks attached not only to wallet providers but also to centralized platforms which take control of client crypto assets and fiat money on their behalf.
  • Counterparty risk vis-à-vis trading platforms where settlement happens only in the books of the platform and is not recorded on DLT (off-chain settlement) as confirmation of the transfer of ownership lies with the platform only.
  • Legal risk where the use of consensus to validate transactions and of self-executing pieces of codes requires clear responsibilities and liabilities (e.g., in case of errors or malevolent activities).

ESMA has reached a similar view to many national financial regulators—including the UK's Financial Conduct Authority, France's Autorité des marchés financiers, and Germany's Federal Financial Supervisory Authority—that crypto assets do not currently pose a threat to financial stability due to their small size on the global financial market. ESMA also agrees that ICOs, tokenization, and crypto assets can provide economic benefits to EU market participants if the right regulatory safeguards are in place.

General Application of AML Rules

ESMA suggests that anti-money laundering laws should apply to all activities involving crypto assets and that appropriate risk disclosure should be put in place to protect consumers. This approach is consistent with the changes made to the FATF Recommendations in October 2018 in respect of "virtual assets," which the EU has already substantially reflected in the Fifth Money Laundering Directive (Directive (EU) 2015/849).

EU-Wide Approach

ESMA's advice also highlights its preference for an EU-wide approach to crypto assets. While several EU jurisdictions have introduced specific regulation for nonfinancial instrument crypto assets, ESMA considers an EU-wide approach is optimal, taking account of the cross-border nature of crypto assets.

Four Key Takeaways

  1. If the right regulatory safeguards are in place, ESMA considers that ICOs, tokenization, and crypto assets may provide economic benefits to EU market participants
  2. It is likely that the EU will adopt a regulatory framework for crypto assets which do not qualify as MiFID II financial instruments to safeguard the objectives of investor protection and market integrity.
  3. In the meantime, the application of the regulatory framework for financial instruments must be assessed on a case-by-case basis, considering national laws and national implementations of EU directives.
  4. Any EU-based activity related to crypto assets carefully should address the risks stemming from the underlying technology and include proper safeguards against money laundering.