ESMA and the EBA publish documents considering the application of the EU regulatory regime to crypto-assets and ICOs.

Key Points:

  • ESMA highlights the importance of taking a technology-neutral approach to regulation, to ensure that similar activities and assets are subject to the same or very similar standards regardless of their form.
  • Neither ESMA nor the EBA believe that the crypto-assets sector raises financial stability issues, but they are concerned that it may pose risks to investor protection and market integrity.
  • ESMA and the EBA acknowledge that a significant portion of crypto-assets do not fall within the scope of existing EU financial services law, and even where they do, there are gaps and issues in regulatory application.
  • Regulators in different Member States are taking different approaches to the classification of crypto-assets as financial instruments, which creates challenges to both the regulation and supervision of crypto-assets.
  • Some Member States have implemented or are considering rules in relation to crypto-assets that do not qualify as financial instruments. Both ESMA and the EBA are concerned that due to the cross-border nature of crypto-assets, Member State-specific rules would result in an uneven playing field across the EU. Therefore, in the long-term an EU-wide approach is preferable.
  • In the shorter-term, EU policymakers are persuaded to review the scope of anti-money laundering requirements to incorporate the risks posed by crypto-assets, and address consumer protection concerns through awareness-raising exercises.

On 9 January 2019, ESMA and the EBA each published documents in relation to the application of EU financial services rules and law to crypto-assets and initial coin offerings (ICOs). ESMA’s advice outlines its position on: (i) the existing gaps and issues when crypto-assets qualify as financial instruments; and (ii) the unaddressed risks if crypto-assets do not qualify as financial instruments. The EBA’s report considered the qualification of crypto-assets as electronic money, and the issues surrounding such qualification.

ESMA Advice on ICOs and Crypto-Assets

In late 2017, ESMA identified ICOs and crypto-assets as an issue requiring consideration, and subsequently issued two statements on ICOs and a joint warning on virtual currencies (with the EBA and EIOPA). ESMA was concerned about the speculation around ICOs and crypto-assets, their high price volatility, and the fact that each was operating outside of the regulated market, particularly because of the growth in capital raised through ICOs, the market capitalisation of crypto-assets, and the number of crypto-assets (according to ESMA, there are more than 2,050 crypto-assets outstanding, representing a total market capitalisation of approximately €110 billion as of the end of December 2018).

Subsequently, ESMA prepared an assessment of the suitability of the current regulatory framework in relation to crypto-assets through a survey of 29 National Competent Authorities (NCAs), which included 27 Member States (all except Poland), Lichtenstein and Norway (the Survey). The Survey covered the NCAs’ position in relation to a sample of six real-life crypto-assets, including investment-type, utility type, and hybrids of investment-type, utility-type, and payment-type (the Sample Crypto-Assets). Notably, the Sample Crypto-Assets did not include pure payment-type crypto-assets (such as Bitcoin), despite Bitcoin representing around half of the total market value of crypto-assets, as ESMA deemed payment-type crypto-assets to be unlikely to qualify as financial instruments and because payment-type crypto-assets have been considered in a separate EBA report on electronic money (see below).

The Survey highlighted that an entire crypto-asset ecosystem is emerging within an EU regulatory system that was not designed to accommodate such instruments or markets. Consequently, ESMA noted that a significant number of issues prevail, requiring both the consideration of, and action from, policymakers, including the European Parliament, the Council, and the Commission. The Advice outlines some suggested courses of action for EU policymakers, which should serve as a clear roadmap for the EU Commission in determining whether to introduce specific EU-wide legislation covering crypto-assets.

Key Aspects of ESMA’s Advice Risks and issues for consideration

The Advice raises a number of risks and issues that regulators should consider in relation to the issuance, distribution, trading, safekeeping, life-cycle, and underlying technology of crypto-assets.  

Different types of crypto-assets

The Advice highlights that the large number of different crypto-assets, each with different features, causes particular issues regarding: 

  • Maintaining a consistent approach — As some crypto-assets fall within the current regulatory framework and others do not, inconsistency arises. In addition, due to the differing characteristics and range of crypto-assets, there is a question of whether each type of crypto-asset should be distinguished in regulation.
  • Investor perception — Retail investors may perceive certain crypto-assets that are outside the scope of EU regulation as security-like investments, as they can be traded on secondary markets. Further, as some traditional assets are starting to be issued as crypto-assets, the lines are blurring between crypto-assets and traditional assets.

Risks to investor protection and market integrity

The Advice asks EU policymakers to consider whether investors truly understand the primary risks they are being exposed to prior to investing in crypto-assets. ESMA highlights a sample of ICOs from 2017, which suggests that 30% have lost all of their value, whilst the vast majority are valued below their ICO price. Further, the Advice notes widespread reports and concerns around fraudulent ICOs, which could represent up to 80% of ICOs. The Advice suggests that the risks to investor protection and market integrity stem from secondary trading, custody/safekeeping, and the underlying technology of cryptoassets.

  • Secondary trading — Crypto-asset trading platforms may not have the necessary resources to, amongst other things, effectively conduct their activities, address risks that arise (including market abuse risk), maintain fair and orderly trading, and prevent conflicts of interest. In addition, as investors typically access crypto-asset trading platforms directly, there are doubts regarding the ability of platforms to complete effective conduct checks on all such investors. If the trading platform is centralised, transaction settlements occur at platform level as opposed to on distributed ledger technology (DLT). In addition, the platform may hold fiat money and crypto-assets on behalf of clients. Consequently, the investor will be exposed to: (i) a material counterparty risk in the trading platform completing any transfer/transaction accurately; and (ii) the risk that the platform does not sufficiently segregate and safeguard client assets.
  • Custody/Safekeeping of crypto-assets — Issues arise regardless of how an investor stores their crypto-assets. If they choose to store them with a custodial wallet provider there is a risk that the provider may not adequately safeguard and segregate the assets, whereas, if the investor chooses to hold their crypto-assets themselves they may lose or forget their private key without remedy (estimates suggest up to 30% of Bitcoin have been lost in this way).
  • Underlying technology — Crypto-assets are based on what is still a nascent technology that is largely untested in financial markets. Therefore, there is a risk of flaws in the technology and that the coding may have errors or may be tampered with. There are very few people with the expertise to fully understand the technology, which increases the cybersecurity risk and the risk of fraud. Further inherent issues include: (i) the data privacy implications of the distributed ledger system; (ii) the absence of clear responsibility and liability for error; (iii) the reliance on miners; and (iv) the concentration of mining activities in the hands of a few parties (for example, the six largest miners of Bitcoin control 75% of Bitcoin’s hash rate).

Risk to financial stability

Despite broad coverage and publicity of ICOs and crypto-assets, such markets are still relatively small (the total market capitalisation, as of the end of December 2018, for crypto-assets was approximately €110 billion, whereas the S&P500 was US$22 trillion). Consequently, ESMA does not believe that cryptoassets represent a threat to financial stability. However, ESMA believes in the importance of monitoring the potential macro financial risks that may stem from crypto-assets (for example, from an increase in leveraged acquisitions of crypto-assets).

Legal qualification of crypto-assets

The legal treatment of crypto-assets is a prevailing cause of uncertainty, not least because “cryptoassets” is not currently defined in EU financial securities law. Clarity is required at both EU and Member State level. ESMA has identified the application of MiFID II to crypto-assets as a key consideration in their legal qualification, and therefore posed the question of whether any of the Sample Crypto-Assets can be considered financial instruments, amongst other things, to Member State NCAs. The key findings from the Survey are as follows:

  • Most NCAs assessed that five of the six Sample Crypto-Assets (including investment-type and hybrids of investment-type, utility-type, and payment-type crypto-assets) could be deemed either a transferable security (under Article 4(1)(44) of MiFID II — i.e., classes of securities that are negotiable on the capital market, with the exception of instruments of payment), or another type of financial instrument. No NCA labelled the utility-type asset as a transferrable security and/or financial instrument, which suggests that pure utility-type crypto-assets fall outside of the existing regulatory framework.
  • Based on the above finding, ESMA cautiously suggests that 10% to 30% of the total number of crypto-assets may qualify as transferable securities and/or other types of financial instruments.
  • Most NCAs agree that the crypto-assets that are deemed financial instruments should be regulated as such. However, the vast majority of NCAs do not believe that their national rules would capture any of the Sample Crypto-Assets.
  • A majority of NCAs consider that profit rights alone are sufficient to qualify crypto-assets as transferrable securities.
  • A number of NCAs suggest that a review of the regulatory framework and changes to existing legislation may be required, in order to respond to the unique characteristics of the crypto-asset sector and ensure the clearing, settlement, safekeeping, and record of ownership provisions are operating effectively.
  • The vast majority of NCAs agree that whilst all crypto-assets should be subject to some form of regulation, the qualification of all crypto-assets as financial instruments is not desired. The reasons given for this included that acknowledging all crypto-assets as financial instruments would grant potentially unwanted legitimacy, and the supervisory tools and resources to regulate all crypto-assets may not be in place.

Regulatory implications if a crypto-asset qualifies as a financial instrument

The Advice provides a summary of the legal provisions that are potentially applicable to crypto-assets if they are deemed to be transferable securities or other types of financial instruments, these include: (i) the Prospectus Directive; (ii) the Transparency Directive; (iii) MiFID II; (iv) the Market Abuse and Short Selling Regulation; (v) the Settlement Finality Directive and the Central Securities Depositories Regulation; (vi) the regimes relating to safekeeping and record-keeping of the ownership of securities and the rights attached to securities; (vii) AIFMD; (viii) the Directive on investor-compensation schemes; and (ix) the fifth Anti-Money Laundering Directive. However, the prevalence of gaps between the market reality of cryptoassets and the existing regulatory framework complicates the full application of many of these provisions to crypto-assets.

Gaps and issues for consideration by EU policymakers Potential gaps and issues in the existing EU financial services rules in relation to crypto-assets, if they qualify as MiFID financial instruments

The Advice highlights that the existing regulatory framework was not designed with crypto-assets in mind. Consequently, if crypto-assets qualify as transferable securities or any other type of MiFID financial instrument, significant gaps and issues with the application of the regulatory framework prevail. Of these, ESMA highlights the following three issues as requiring Level 1 measures, which may be complemented by Level 2 technical standards and Level 3 measures adopted by ESMA:

  • The types of crypto-asset-related services that may qualify as safekeeping services, or similar, under EU financial services rules requires clarification. ESMA considers that having control of private keys on behalf of clients could be equivalent to safekeeping services, and therefore the existing regulatory framework should apply to the providers of such services.
  • Crypto-asset settlement and finality of settlement require greater certainty. Particularly with regard to: (i) the distinction between settlement on permissioned and permissionless DLTs (the difference between the two being that permissioned DLTs require participants to meet certain requirements, whereas no such requirements exist in permissionless DLTs); and (ii) the fundamental role of miners to the settlement process.
  • The integrity of the underlying technology should be ensured through appropriate provisions. Such provisions should cover: (i) ensuring that protocol and smart contracts underpinning crypto-assets meet minimum reliability and safety requirements; and (ii) cyber security risks (e.g., the risk of hacks) are considered and adequately addressed.

ESMA highlights a number of other gaps and issues that require the consideration of EU policymakers, including:

  • A lack of clarity regarding the application of the current regulatory framework to the decentralised and hybrid model platforms that are trading crypto-assets. Extending MiFID II/MiFIR to such trading platforms would either require a brand new section in the Level 1 text, amendments to the current definition of multilateral trading venue, or a new definition of crypto-asset trading platform.
  • The pre- and post-trade transparency requirements have been drafted for traditional financial instruments, and must be amended in order to be applicable to venues trading crypto-assets. Current pre- and post-trade transparency requirements are based on liquidity and the size of an order/transaction. Consequently, such thresholds will need to be set for the applicable crypto-assets, which may prove a significant challenge. 
  • The Regulatory Technical Standards regarding data reporting and record-keeping must be amended to incorporate crypto-assets alongside traditional financial instruments. Until such amendments are made, certain market participants will not be able to comply with the relevant provisions as the current information required may be insufficient and/or inappropriate for crypto-assets.
  • The application of the classification and identification standards (such as the CFI code and ISIN code) must be adapted to cover crypto-assets. Until such time, market participants will not be able to obtain the codes required by regulation and will not be able to comply with the relevant reporting requirements.
  • The broader community of market participants will need to adapt their reporting systems in conjunction with the aforementioned changes in data standards and reporting.
  • An analysis is required to determine whether any gaps exist between crypto-assets and traditional financial instruments in relation to the application of MAR and SSR. In particular, whether the application of MAR to crypto-assets adequately addresses potential risks.
  • The disparity between different Member State NCAs regarding the transposition of MiFID into national law must be assessed. In particular, the definition of “financial instrument”, which has broad interpretations in some jurisdictions and restrictive interpretations in others, may need to be harmonised with regards to crypto-assets to prevent a disparity in the supervision and regulation of crypto-assets in future. 

Potential gaps and issues in the existing EU financial services rules in relation to crypto-assets, if they do not qualify as MiFID financial instruments

The Advice states that only a fraction of the broad range of crypto-assets currently being issued are likely to qualify as MiFID financial instruments. Consequently, the majority of crypto-assets will not be subject to EU financial services rules. ESMA is particularly concerned about this issue due to the absence of investor protection against the potential risks of fraud, cyber-attack, money-laundering, and market manipulation.

ESMA acknowledges that some Member States wish to implement their own provisions covering cryptoassets that do not qualify as MiFID financial instruments. However, ESMA is concerned that action on this matter at Member State level will lead to an incoherent approach across the EU. With this in mind, ESMA has proposed the following two options to EU policymakers:

  • Implement a bespoke regime for specific types of crypto-asset — ESMA believes the most appropriate option for EU policymakers is to implement a regime that focuses on warning buyers about the risks of crypto-assets that are not financial instruments, instead of a more elaborate regime. Whilst a broader regime could provide bespoke rules for the specific risks such crypto-assets pose, it would also risk legitimising crypto-assets and their wider adoption, and increase the supervisory resources required by regulators. As part of this recommendation, ESMA also advises EU policymakers to review the scope of the AML requirements to take in to account the DLT markets, providers of crypto-to-crypto exchange services, and providers of financial services for ICOs.
  • Do nothing — Although this is not ESMA’s preferred option with regard to crypto-assets that are not financial instruments, it considers doing nothing and allowing NCAs to decide what is within their remit as a viable option.

EBA Report With Advice for the European Commission on Crypto-Assets

On 9 January 2019, the EBA published a report with advice for the European Commission on cryptoassets. The EBA’s report focused on whether crypto-assets qualify as electronic money, and the accompanying issues with such an assessment.

The application of EMD2 and PSD2 to crypto-assets

In assessing whether the second Electronic Money Directive (2009/110/EC) (EMD2) and the second Payment Services Directive (2015/2366/EU) (PSD2) apply to crypto-assets, a case-by-case “substance over form” approach should be adopted, to acknowledge the differing characteristics of different cryptoassets.  

With regard to the application of PSD2, the EBA confirmed that if a firm proposes to carry out a “payment service” (as listed in Annex I of PSD2) with a crypto-asset that qualifies as “electronic money”, such activity would fall within the scope of PSD2 by virtue of being deemed “funds”. However, the establishment of a crypto-asset as electronic money is less certain. 

Five NCAs provided the EBA with a small number of examples of crypto-assets that the NCAs believe satisfy the definition of electronic money under EMD2 (i.e., electronically or magnetically stored monetary value as represented by a claim on the issuer, which is issued on receipt of funds for the purpose of making payment transactions, and which is accepted by a natural or legal person other than the electronic money issuer). Whilst the EBA acknowledged these examples as valid, it nonetheless contends that a significant portion of crypto-assets do not fall within the scope of existing EU financial services law. The EBA reiterates its view that a crypto-asset likely will fall within the definition of electronic money if its value is pegged to the value of fiat currency and if the crypto-asset is redeemable for the fiat currency. This view is important in the context of assessing whether some stable coins fall within the scope of electronic money.

Crypto-asset trading venues and wallet providers

Further to warnings issued by the EBA in 2013, 2014, and 2016 the EBA highlighted the risks arising from crypto-asset trading and custodian wallet provision. In particular, the risks surrounding consumer protection, money laundering, and the financing of terrorism. In the report the EBA supports the findings of the previous warnings and notes the legislative action considered and taken by some Member States to create a new class of crypto-asset trading platform to address consumer protection concerns.

The EBA contends that the current regulatory position gives rise to potential risks and issues surrounding consumer protection and the balance of the EU-wide playing field. Further, the EBA asserts that the fact that a crypto-asset may fall within the scope of current EU financial services law does not necessarily mean that all risks associated with the crypto-asset activity concerned are effectively mitigated. The EBA believes further analysis of the issues surrounding crypto-assets is warranted.

Next Steps

The ESMA Advice and EBA Report will now be considered by EU policymakers, including the European

Parliament, the Council, and the Commission. Whilst there is no certainty that EU policymakers will adopt ESMA and the EBA’s proposals, the advice will certainly be persuasive. Nevertheless, it seems likely that the regulation of crypto-assets in one form or another is on the horizon in Europe.