Financial Services

ESMA delivers Opinion to support the convergent application of MiCAR

Written by

Dr. Michael Huertas

RegCORE – Client Alert | EU Digital Single Market

QuickTake

As discussed in extensive Thought Leadership coverage from our EU RegCORE as well as wider coverage across the PwC Network, the EU’s Markets in Crypto-Assets Regulation (MiCAR) marks a significant step in harmonising how crypto-asset issuers (CAIs) and service providers (CASPs) are supervised. MiCAR creates a new chapter in the EU’s Single Rulebook but effectively also creates the world’s largest single market for crypto-assets. MiCAR’s legislative and regulatory regime went live for stablecoin issuers on 30 June 2024 with further remaining rules coming into force for all CASPs on 30 December 2024.

The European Securities and Markets Authority (ESMA) has a number of new powers under MiCAR. More crucially, ESMA is one of the three European Supervisory Authorities (ESAs) that act as the gatekeepers of the Single Rulebook for financial services (and now crypto-assets). The ESAs drive (i) the harmonisation and calibration of rules plus (ii) supervisory convergence in the “European System of Financial Supervision” (ESFS). One of the key tools to facilitate supervisory convergence are the ESA’s power to deliver opinions that, even when directly addressed to (national) competent authorities (NCAs) are important to market participants as well.

On 31 July 2024, ESMA made use of its supervisory convergence power by delivering a publication titled “Opinion to support the convergent application of MiCA” (defined herein as ESMA’s MiCAR Convergence Opinion – available here). Eagle eyed readers will likely have noticed that ESMA had saved this PDF file titled “Opinion on Broker Models” and the Press Release (available here) headlines “ESMA delivers opinion on global crypto firms using their non-EU execution venues”. In some ways ESMA’s MiCAR Convergence Opinion delivers on all three of those titles in the supervisory expectations that it succinctly sets out in seven pages. This Client Alert assesses the key takeaways, viewed from a legal perspective, along with the key considerations and challenges for firms as well as the outlook ahead.

Key takeaways from ESMA’s MiCAR Convergence Opinion

ESMA’s MiCAR Convergence Opinion focuses on the regulation of CAIs and CASPs, in particular what are defined by ESMA therein as “multi-function crypto-asset intermediaries” (MCIs).Which ESMA had previously, in a Supervisory Statement on MiCAR go live readiness and supervisory convergence (available here) published in October 2023, conceptually referred to as “global crypto firms”, which is ultimately a misnomer.Show Footnote ESMA acknowledges that trading platforms hold an important role in the functioning of the crypto-asset ecosystem in particular MCIs. ESMA considers MCIs to be those persons:

“…offering a large variety of services, products and functions, at the level of an individual entity or group of affiliated entities, typically centred around the operation of a trading platform, are an essential point of attention considering the impact they have on the functioning of crypto-asset markets, as demonstrated by the very large-scale effects of the FTX collapse.”

Under MiCAR (notably Article 76) comprehensive conduct of business requirements apply to CASPs operating trading platforms. These include but are not limited to such firms:

(i)    having detailed operating rules; 

(ii)    ensuring resilient systems and procedures; 

(iii)    adhering to pre-trade and post-trade transparency requirements; 

(iv)    maintaining a transparent fee structure; 

(v)    setting rules, procedures and criteria promoting fair and open access to the trading platform for clients willing to trade; and 

(vi)    ensuring fair and orderly trading and efficient execution of orders.

MiCAR’s intention, which the ESAs (notably ESMA) and the NCAs are tasked to enforce, is that these rules are adhered to by trading platforms for crypto-assets operating in the EU so as to ensure investor protection, market integrity and financial stability. A non-EU headquartered CASP operating a trading platform must therefore ensure that each of the limbs above exist but also meet the requirements set out in MiCAR both in content and look and feel expected by the ESAs and NCAs for CASPs operating into or within the EU.

As ESMA however points out:

“The disintermediated nature of the services offered is a fundamental characteristic and a key selling point used by MCIs to promote their services. Such MCIs may thus try to gain access to EU clients without moving their activities to the Union, whilst simultaneously preserving the disintermediated aspect of their business model. In such cases, the brokerage model may be used by such MCIs to achieve regulatory arbitrage and lead to an unlevel playing field between (i) trading platforms located in a third-country but trying to gain access to EU clients and (ii) MiCA[R]-regulated EU trading platforms.”

The above is a long-standing concern of the ESFS as expressed across all types of financial services activity, namely that EU law has extra-territorial effect and that respective regulated activities should be conducted from the EU when servicing EU counterparties, clients and customers, as opposed to making use of exemptions (often inappropriately) and/or otherwise (over-) relying on resources operating in third-countries.

ESMA also notes that:

“Certain applications for authorisation as crypto-asset services providers anticipated under MiCA[R] bear some similarities with some applications received by NCAs in the context of the UK’s decision to withdraw from the EU. Indeed, just as UK firms may have sought to maintain access to the EU market by creating EU entities or relocating activities to the EU, crypto-asset service providers under MiCA[R] may seek to establish entities in or relocate activities to the Union in order to retain access to the EU market while minimising the effective transfer of activities or functions to the Union.”

During the Brexit negotiations and since the finalisation of the UK’s disengagement, the ESFS (in particular the ESAs and the Banking Union supervisors) published extensive (i) “supervisory principles on relocations” (SPoRs)See extensive publications by Michael Huertas (while at previous law firms) on the SPoRs.Show Footnote as well as (ii) supervisory expectations on the requirements on authorisation (in the EU) versus the tolerance of the use of reverse solicitation of EU clients by third-country firms (an item that ESMA has also published its own supervisory expectations on).See EU RegCORE Client Alert on this subject available here (applicable to financial services more generally) and here (applicable to MICAR specifically).Show Footnote These set out supervisory expectations so as to limit window dressing, empty shells and other inappropriate use of back-branching and tied agents. In some instances the ESFS set strict conditions on authorisations being applied to firms. Moreover, the ECB’s Desk Mapping Review,See also practitioner journal contribution here.Show Footnote a more recent supervisory exercise to push mind and matter of where trading teams (and in particular material risk takers and other decision makers) are located, has begun to see some moves to the EU. ESMA is now faced with the same issue under MiCAR, namely how to compel moving mind and matter to the EU and how to force firms (in particular MCIs) to fulfil MiCAR obligations in full as opposed to focus on how to use exemptions.

Accordingly, ESMA’s MiCAR Convergence Opinion assesses regulatory and supervisory arbitrage risks stemming from specific business setups whereby MCIs would:

  1. only seek authorisation under MiCAR for brokerage services (e.g., reception and transmission of orders, execution of orders for crypto-assets on behalf of clients and/or exchange of crypto-assets for funds or for other crypto-assets); but
  2. intend to leave a large part of the group activities (and in particular the operation of a trading platform for crypto-assets) outside of MiCAR.

ESMA’s objective in its MiCAR Convergence Opinion is therefore to share relevant criteria to promote supervisory convergence and support (a) NCAs’ assessment of the business model and activities that the applicant MCIs intend to carry out, as well as (b) the ongoing assessment of how such activities are carried out.

Key regulatory expectations for NCAs and thus for firms

In order to deliver on ESMA’s overall objective, the MiCAR Convergence Opinion communicates supervisory expectations of NCAs in their engagement with MiCAR firms (CAIs, CASPs and MCIs). While ESMA is clear that this may call “…for a case-by-case assessment” the supervisory expectations can be summarised as specifically concerning:

  1. Assessment of business models: NCAs are expected to conduct a thorough assessment of CASPs but in particular MCI’s business models and activities. This includes scrutinising group structures that may be considered complex and opaque, with the potential for engaging in regulatory arbitrage. NCAs should ensure that authorisations are not used as a ‘legal cover’ for third-country firms to solicit EU clients indirectly. 
  2. Focus on substance over form and prevention of regulatory arbitrage: NCAs should look beyond the legal structure and focus on the activities carried out by MCIs, especially those involving routing and executing orders. ESMA outlines specific indicators of potential regulatory arbitrage, such as systematic routing of orders to non-EU execution venues, heavy reliance on the brand of a non-EU exchange, and revenue flows that significantly diverge from what would be expected in an independent broker-execution venue relationship. Whilst MiCA does not prohibit crypto-asset service providers from routing, executing or hedging orders on non-EU execution venues, NCAs are responsible for assessing whether this constitutes solicitation of EU clients and provision of services in the Union by non-authorised entities in breach of Article 59 of MiCAR.
  3. Tolerating the compliant use of reverse solicitation: ESMA uses the opinion to recap earlier supervisory expectations and clarifies the narrow framing of the ‘reverse solicitation’ exemption under Article 61 of MiCAR. NCAs must ensure compliance with this exemption and prevent its misuse as a means to circumvent MiCAR’s requirements. It is conceivable that some NCAs (and/or ESMA itself) might use mystery shopping toolsSee extensive coverage from our EU RegCORE on mystery shopping and in particular in the case of ESMA’s 2023 CSA – availalable here.Show Footnote to test how CASPs and MCIs comply with respective expectations.
  4. Conflicts of interest: Article 72 MiCAR requires CASPs to identify, prevent, manage, and disclose conflicts of interest. ESMA reminds NCAs that they must supervise compliance with this requirement, paying particular attention to MCIs that may attempt to create synergies between different activities at the expense of their clients. This applies specifically to those operating brokerage services and trading platforms within the same group. ESMA clarifies that the decision to execute orders on the group’s platform, mainly when located outside the EU, should be considered a strong indication of inadequately managed conflicts of interest.
  5. Best execution obligations: Under Article 78 of MiCA, CASPs executing orders on behalf of clients must take all necessary steps to obtain the best possible result for their clients. NCAs should ensure that EU brokers have procedures in place to execute transactions with the best possible results for their clients, considering price, costs, speed, likelihood of execution, and settlement. Relying solely on one execution venue, especially when offering a wide variety of crypto-assets, is unlikely to meet this requirement. It should be noted that ESMA on 16 July 2024 launched a consultation, which closes on 16 October 2024 on order execution policies (under MiFID II) but which has some implications and possible lessons applicable for MiCAR related activity.[Available here.]
  6. Custody and administration of crypto-assets: Article 75(9) of MiCAR requires that any entity providing custody and administration of crypto-assets on behalf of clients must be authorised as a CASP in the EU. NCAs must ensure that non-EU execution venues do not take custody or administration of EU clients’ crypto-assets in violation of this provision. 
  7. Promotion of common supervisory approaches: ESMA is committed to promoting common supervisory approaches and practices across the EU. It plans to establish practical convergence tools, including forums for NCAs to report and discuss applications by market participants seeking to provide crypto-asset services in the EU. ESMA may also flex its muscle further by launching thematic reviews (applicable to MiCAR firms – and specifically MCIs as a whole) and/or Common Supervisory Actions (CSAs) together with NCAs (targeting a specific set of named firms) or indeed encourage NCAs to make use of any on-site inspections (OSIs). 

Outlook and next steps

ESMA’s rolling out of existing supervisory principles and concepts to MiCAR firms along with new clarifications on (lack of) tolerance of certain structures/behaviour that NCAs may come across in their authorisation and supervision of CASPs (in particular MCIs) should not be unsurprising. While this marks a stricter supervisory environment the clarifications are useful in providing greater legal certainty and a harmonised supervisory approach. Firms will now want to:

  1. Reassess how they are able to evidence they meet the detailed expectations communicated by ESMA to the NCAs and that any use of exemptions are fully legitimate and thus actually capable of being justifiable and seen to be in the best interests of clients;
  2. A more strategic (re-)assessment of firms’ business models of by NCAs may mean certain firms will want to review and be able to explain their group structures, operational practices, and service offerings and how they meet MiCAR’s requirements and avoid regulatory arbitrage.
  3. Building on the above, some firms will want to ensure that they can demonstrate their business activities within the EU are substantive and do not circumvent MiCAR and other EU legislative and regulatory requirements. Some firms may also need to consider how they evidence that for EU related business, a genuine transfer of decision-making and risk management functions to the EU, along with the necessary human and technical resources is effectively maintained.
  4. Firms providing custody services must ensure that any third-party entities involved in the custody or administration of crypto-assets are also authorised under MiCAR. This includes verifying that non-EU execution venues do not assume custody or control over EU clients’ assets at any point in the transaction process. Another area of focus will be on evidencing compliance with the EU’s implementation of the Travel Rule.
  5. To manage the increased regulatory burden, firms should consider investing in RegTech solutions that can assist in monitoring compliance with MiCAR requirements. These tools can help firms stay abreast of regulatory changes, impacts on target operating models, manage internal and counterparty/client-facing documentation and ensure that these are consistently applied across the organisation.
  6. Conduct self-initiated mystery shopping exercises across the product lifecycle and customer journey so to proactively ascertain where respective NCAs might perceive shortcomings and areas for improvement prior to NCAs conducing such activities themselves.
  7. Firms should anticipate and prepare for supervisory reviews, thematic inspections, CSAs and OSIs by NCAs or ESMA. This includes maintaining comprehensive records of compliance efforts, decision-making processes and client interactions (in particular in respect of reverse solicitation and any policies and/or operating procedures.

It is worth noting that the ESFS (and notably the Banking Union supervisors) have been gradually sharpening the tone of their supervisory engagement and conducting more intrusive scrutiny. This has been pushing many firms to rethink their global legal entity and regulatory footprint and perhaps commit more activity along with mind and matter to the EU so as to reduce the EU authorities’ regulatory and supervisory arbitrage concerns. This shift applies to incumbent firms and their post-Brexit planning as well as to new market entrants into the EU, including respect of third-country firms. MiCAR’s full operationalisation by 31 December 2024 marks another wave in authorisation applications and license extensions by both digital asset native firms as well as traditional financial services providers looking to make use of the benefits offered by MiCAR.

Equally it is also worth noting that certain third countries’ (often aggressive) use of enforcement measures, notably in the crypto-asset sector, are driving many firms to adopt a multi-financial centre strategy. MiCAR offers a number of opportunities for those that embrace and comply with it in full. In terms of enforcement in the EU by the ESFS, what however is (perhaps crucially) missing in ESMA’s MiCAR Convergence Opinion (as was missing in each of the SPoRs) is an indication of when the ESFS will change its enforcement strategy.

The threat to impose bolder use of fines (i.e., closer to the levels adopted by certain third-countries) has always existed but never been used as fully and if then only as a last resort. That being said, both ESMA and other ESFS members have a number of lessons learned from Brexit. It is not a mere coincidence that ESMA’s MiCAR Convergence Opinion equates MiCAR applications received and reviewed to Brexit activity. Given some of those experiences and the view that MCIs may be operating in jurisdictions with much lower to no regulatory standards similar to the robustness offered by MiCAR means that they may not delay to resort to greater use of enforcement measures. Such a change would also perhaps serve as a stark warning and strong means to more fully and effectively deter what the ESFS would consider an inappropriate use of exemptions, anti-circumvention of compliance or simply just bad behaviour. With that risk in mind, certain aspiring MiCAR applicants may want to redouble their efforts.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 1,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award”.

PwC Legal and PwC’s Blockchain Capital Markets Advisory Team have also developed “LORA” a “Legal Obligations and Regulatory Analytics” offering specifically for MiCAR firms that is available upon request to eligible clients. LORA is backed by a suite of managed (legal) services that maps out clients’ regulatory obligations in line with building compliant target operating models throughout the respective design, deployment and delivery stage in the EU and further afield.

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.