Yesterday the European Securities and Markets Authority (“ESMA”) and the European Banking Authority (“EBA”) each released a report on crypto-assets. ESMA’s report sets out ESMA’s advice to EU policymakers on initial coin offerings and crypto assets. EBA’s report outlines its findings and advice in response to the EU Commission’s request to assess the applicability and suitability of EU law to crypt-assets.

ESMA Advice

The advice from ESMA sets out the current EU regulatory environment for crypto-assets. It outlines the gaps and issues in the regulation of crypto-assets and makes proposals to address them.

ESMA’s advice is based on a survey of National Competent Authorities (“NCAs”) in 2018 to establish the approach taken by them to crypto-assets. The survey found that, although the majority of NCAs categorised certain types of crypto-assets as transferable securities under the Markets in Financial Instruments Directive (“MiFID”), there is a clear divergence in the classification of crypto-assets. This is due to the different approaches taken by the NCAs in the implementation of MiFID, including the interpretation of the term “financial instrument”.

As regards crypto-assets that qualify as MiFID financial instruments, ESMA found:

  • a lack of clarity/consistency in the interpretation of existing requirements across EU Member States;
  • a lack of clarity around types of services which may qualify as custody / safekeeping services under EU financial services rules;
  • a lack of clarity around concepts of settlement and settlement finality across the EU; and
  • risks specific to the underlying technology which ought to meet minimum reliability and safety requirements and, more generally, novel cyber security risks which should be assessed

ESMA considers that these gaps and issues should be addressed at Directive level (Level 1) appropriately complemented by technical standards (Level 2 measures) and ESMA guidance (Level 3 measures).

As regards crypto-assets that do not qualify as MiFID financial instruments or electronic money, ESMA found:

  • the most significant risks are those relating to fraud, cyber-attacks, money laundering, and market manipulation;
  • a lack of safeguards (e.g. from deposit protection schemes) afforded under existing EU financial services rules; and
  • a lack of homogeneity in the EU financial services framework should individual Member States create their own bespoke regimes for non-MiFID crypto-assets.

ESMA is of the view that the implementation of an EU-wide bespoke regime for specific types of crypto-assets that do not qualify as MiFID financial instruments or electronic money would be the most appropriate course of action. ESMA advises that, at this stage, such regime should focus on warning buyers about risks of crypto-assets rather than creating a separate regulatory regime for, and thereby legitimising, crypto-assets that are not financial instruments. ESMA further considers (i) an extension of anti-money laundering (“AML”) rules and (ii) the imposition of risk disclosure requirements (including with regards to the issuer, the project, the rights attached to crypto assets) as high priorities.

EBA Report

The EBA report is more limited in scope. It examines specifically the applicability of the Electronic Money Directive and the Payment Services Directive and looks at issues arising in the context of crypto-asset wallet providers and crypto-asset trading platforms. It also looks at the money-laundering and terrorist finance risks associated with crypto-assets and the extent to which various institutions are involved in crypto-asset related activities.

The EBA notes that typically crypto-assets fall outside the scope of existing EU financial services regulation although they may fall within the scope of national laws, leading to an unlevel playing field in the regulation of crypto-assets across the EU.

The EBA believes there are risks in relation to consumer protection, operational resilience, market integrity and financial stability. The report focuses on the consumer protection risks posed by crypto-asset trading platforms and custodian wallet providers, such as inadequate disclosures or suitability checks, and their inadequate operational resilience, such as a weak cyber security system. The report also sets out risks in relation to market integrity arising from, amongst other things, inadequate pricing mechanisms, and that the potential AML risk may cause issues to the resilience of the financial system.

To address these risks, the EBA advises that the European Commission:

  • carry out a cost/benefit analysis on whether action at EU level is appropriate and feasible to address the issues identified; and
  • have regard to the latest recommendations issued by the Financial Action Task Force as part of a holistic review, including an assessment of the need to extend the EU regulatory perimeter for these purposes.

The EBA further observes that there appears to be a need to clarify the accounting treatment of crypto-assets and that, pending further work being undertaken by the Basel Committee of Banking Supervision, the prudential treatment of financial institutions’ exposure to crypto-assets may need to be reassessed.

The EBA intends to develop a “common monitoring template” which NCAs can issue to financial institutions for information-gathering purposes relating to their crypto-asset activity and related risks.


Both the ESMA advice and the EBA report confirm, from an EU-wide perspective, a range of issues and action points which the UK Cryptoassets Taskforce already identified in its report published at the end of October 2018 (see our article of 2 November 2018). This applies in particular with regards to proposals to clarify the regulatory perimeter of existing rules and regulations, the need to bring certain instruments and activities (e.g. services provided by crypto-asset exchanges) within scope of regulation in the interest of consumer protection and the prevention of financial crime, and the need for a coordinated international approach. In many ways therefore, the two reports do not contain any “surprises” for UK businesses, lawmakers, and regulatory bodies.

The UK will likely look at the creation of a bespoke regulatory regime for crypto-assets that do not qualify as financial instruments (or electronic money) with some caution as such regime will bring its own challenges taking into account the inherent complexities, range of hybrid models, and the speed at which technology is developing in this space.

The Financial Services Authority (“FCA”) announced last year that it intended to consult by the end of 2018 on bringing in guidance to clarify the application of the existing regulatory perimeter to crypto-asset activity, and to consult on a potential prohibition of the sale to retail consumers of derivatives referencing certain types of crypt-assets. We are expecting to see a FCA consultation paper on these topics in due course. HM Treasury is also planning to consult early this year on extending the regulatory perimeter to certain crypto-assets that are akin to specified investments and how exchange tokens might be regulated if necessary.