MiCAR: requirements for crypto asset service providers

In the first article of our “MiCAR unveiled” blog post series, we presented the assets and services impacted by MiCAR and a brief introduction to the licensing procedures.

Besides these illustrated topics, the MiCAR sheds light on general and crypto asset services’ specific requirements, which are summarized in this article:

General requirements for crypto asset services

MiCAR´s general obligations must be adhered to by crypto asset services providers (CASPs) providing crypto asset services, as shown in Figure 1. The general obligations include organizational duties. Furthermore, service-specific obligations must be fulfilled by the respective CASPs offering that service (see Chapter 2).

crypto asset services providers: organizational duties Figure 1: Organizational duties for CASPs

Any provider of such services must comply with the following obligations:

  • Behavioral/Communication requirements for CASPs (Art. 66): Service providers must act honestly, fairly and professionally in the best interests of their existing and prospective clients. They must communicate in a fair, clear and non-deceptive manner, and warn clients of the risks associated with transactions in crypto assets. The latter includes making their policies on pricing, costs, and fees publicly available in a prominent place on their website.
  • Compliance with minimum capital requirements for CASPs (Art. 67): CASPs need to ensure that their safeguards meet either the specified capital thresholds or a portion of their previous year’s fixed costs (for further details see our article: MiCAR: the regulatory framework for crypto assets has been fleshed out).
  • Organizational duties (Art. 68):
    • Professional suitability and experience of the management and staff[1]
    • Establishment of a business continuity plan
    • Control and risk assessment mechanisms
    • Documentation and recordkeeping obligations
    • Market abuse detection system
  • Information to competent authorities (Art. 69): Crypto-asset services providers must promptly notify their regulatory authority about any changes to their management body before new members engage in activities.
  • Safekeeping of clients’ crypto-assets and funds (Art. 70): Crypto-asset services providers must ensure clients’ ownership rights and prevent the use of clients’ crypto-assets for their own benefit, particularly in case of insolvency.
  • Complaints-handling procedures (Art. 71): Providers must establish transparent and effective procedures for handling client complaints and promptly publish descriptions of these procedures. Furthermore, they must ensure that client complaints can be filed without any charges.
  • Identification, prevention, management, and disclosure of conflicts of interest (Art. 72): Providers must establish effective policies to identify and prevent conflicts of interest.[2] CASPs are responsible for informing the client and providing general transparency to the public.
  • Outsourcing (only if applicable) (Art. 73): Outsourcing should not delegate the core responsibility of the CASPs nor alter the relationship with clients or their obligations. The authorization conditions must remain unchanged. Third parties cooperating with competent authorities should allow for effective supervision. Providers must retain expertise and resources for quality assessment and risk management. Direct access to relevant information on outsourced services is essential. Third parties must meet data protection standards. CASPs must consolidate their efforts in an outsourcing policy.

Specific requirements for crypto asset services

MiCAR-specific requirements for selected crypto asset services Figure 2: MiCAR-specific requirements for selected crypto asset services

MiCAR-specific requirements are defined along crypto asset services. These requirements include the four crypto asset services shown in Figure 2. This article focuses on the specific requirements for crypto custody services.

Custody and administration of crypto assets (Art. 75)

The MiCAR defines the following requirements for custody and administration services of crypto assets:

  • Contractual relationship: A contractual relationship must exist between the client and the crypto custodian. This includes the identity of the contracting parties, the applicable law of the contract, a description of the type of service, security systems, custody strategy (upon request of the client), specification of the client’s means of communication and authentication, and transparency regarding the fees charged for the service.
  • Inventory management and client reporting: A register of opened positions and all movements of crypto assets on behalf of the client must be kept by the crypto custodian. Additionally, the custodian shall provide a report consisting of all crypto assets of each client held in custody (crypto value, holdings, value, and movements) at least every 3 months and at any time upon the client’s request.
  • Crypto custody strategy and internal procedures: A specific crypto custody strategy, including derived internal instructions and process flows of crypto assets, must be defined by the crypto custodian. The secure storage of crypto assets and keys and the return of crypto assets to the client must always be guaranteed. A legal and operational segregation of crypto assets held for clients and the crypto custodian’s holdings of crypto assets must also be ensured. In case of making use of third-party CASP services, the third-party CASP must be authorized.
  • Liability: In the event of malfunction or loss of cryptocurrencies held in custody due to hacking, the crypto custodian is liable to its clients up to the market value of the lost crypto assets (excluding DLT-related external issues).

Reception, transmission, and execution of orders for crypto assets on behalf of third parties

Crypto custodians must manage the deposit and delivery of client orders as well as the execution of deposit and delivery orders via blockchain. As the management of deposits and delivery of client orders may also include the interaction with other crypto services providers, crypto custodians must comply with the following MiCAR requirements:

  • Order execution (Art. 78): The execution of orders should generate the appropriate results for the clients. The factors of price, cost, speed, probability of execution, and settlement and conditions of the custody must be taken into consideration. The crypto custodian must provide clients with adequate and clear information on the order execution policies and any material changes to these policies, and must prevent the misuse of information about client orders. Upon client request, crypto custodians must be able to demonstrate best execution practices and regularly monitor executions.
  • Order reception/transmission (Art. 80): The crypto custodian must establish procedures and arrangements for the prompt and proper transmission of client orders for execution to other crypto asset services providers. For such transmissions, neither financial nor non-financial benefits are granted. The prevention of client order information misuse must always be ensured.

For further information on licensing procedures, stay tuned for our upcoming MiCAR article!

You can find an overview of our series here:

MiCAR: crypto asset regulation in the EU
MiCAR unveiled: our comprehensive guide to crypto asset regulation in the EU
An overview of the European Markets in Crypto-Assets Regulation
Read more »

[1] These include having the appropriate knowledge, skills and experience, both individually and collectively, to perform their duties. Specifically, the management body and shareholders (with more than 20% of the share capital) must not have been convicted of any offences with regards to AML / terrorist financing

[2] These may occur between the service providers themselves, their shareholders, management members,
employees, or clients.

Feel free to contact us!

Julian Schmeing / author BankingHub

Julian Schmeing

Partner Office Munich
Hendrik Büchel / author BankingHub

Hendrik Büchel

Senior Consultant Office Münster
Christian Rößler / author BankingHub

Christian Rößler

Senior Consultant Office Frankfurt

The news you can look forward to on Mondays

Analyses, articles and interviews about trends & innovation in banking delivered right to your inbox every 2 weeks

Share article

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

BankingHub-Newsletter

Analyses, articles and interviews about trends & innovation in banking delivered right to your inbox every 2 weeks

Send this to a friend