MiCAR – Final guidelines on qualification of crypto-assets as financial instruments

RegCORE – Client Alert | Digital Single Market

QuickTake

The EU’s Market in Crypto-Assets Regulation (MiCAR) became fully operational as of 30 December 2024. As explored in PwC Legal’s EU RegCORE’ series covering developments across the “EU’s Digital Single Market, financial services and crypto-assets” MiCAR marks a momentous achievement in creating (i) a new chapter of the EU’s Single Rulebook for certain types of crypto-assets that are not classified as “financial instruments” and (ii) concurrently extending existing chapters of the Single Rulebook to those crypto-assets that do qualify as “financial instruments”.

The EU’s legislative policymakers’ approach has been to use MiCAR’s legislative text to divide the regulation and supervision of crypto-assets between those that are not “financial instruments” and thus subject to MiCAR and those that qualify as “financial instruments” and thus subject to traditional financial services legislation. Such an approach makes sense, at least from a legislative drafting standpoint. It serves to cement the concept that crypto-assets (and activity in respect thereof) which “act like a transferrable security should be supervised like a transferrable security”.This does not however equate to the principle of “same risk, same regulatory treatment” as a listed equity security may have a different risk and thus regulatory treatment to a tokenised representation of that listed equity security.Show Footnote However, a key practical issue that EU financial services policymakers have had to grapple with is how to improve the consistency of the application of what a “financial instrument” is let alone a “transferrable security”.Financial instruments are legally enumerated in Section C of MiFID II Directive. This Section includes:
(1) Transferable securities;
(2) Money-market instruments;
(3) Units in collective investment undertakings;
(4) Options, futures, swaps, forward rate agreements and any other derivative contracts relating to securities, currencies, interest rates or yields, emission allowances or other derivatives instruments, financial indices or financial measures which may be settled physically or in cash;
(5) Options, futures, swaps, forwards and any other derivative contracts relating to commodities that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event; 
(6) Options, futures, swaps, and any other derivative contract relating to commodities that can be physically settled provided that they are traded on a regulated market, a Multilateral Trading Facility (MTF), or an Organised Trading Facility (OTF), except for wholesale energy products traded on an OTF that must be physically settled;
(7) Options, futures, swaps, forwards and any other derivative contracts relating to commodities, that can be physically settled not otherwise mentioned in point 6 above and not being for commercial purposes, which have the characteristics of other derivative financial instruments;
(8) Derivative instruments for the transfer of credit risk;
(9) Financial contracts for differences;
(10) Options, futures, swaps, forward rate agreements and any other derivative contracts relating to climatic variables, freight rates or inflation rates or other official economic statistics that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event, as well as any other derivative contracts relating to assets, rights, obligations, indices and measures not otherwise mentioned in Section C, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are traded on a regulated market, OTF, or an MTF; and
(11) Emission allowances consisting of any units recognised for compliance with the requirements of Directive 2003/87/EC (Emissions Trading Scheme)
 
The MiCAR definition of crypto-assets is also distinct from the definition of “DLT financial instruments” introduced by the EU’s DLT Pilot Regime (PDMIR) and which refers to the limited types of financial instruments that can be admitted to trading or recorded on a DLT market infrastructure under this Pilot Regime.Show Footnote Both are core definitions used in EU financial services law, regulation and supervision, notably in the context of the EU’s Markets in Financial Instruments Directive (MiFID in 2004 as replaced by MiFID II in 2014). The challenge is further compounded by the overlap with other “traditional” financial services and capital markets legislative, regulatory and supervisory frameworks, such as the EU Prospectus Regulation, and many others, which uses the term “securities” or the EU’s Market Abuse Directive and Regulation, which use the term financial instruments and thus both tie back to the term as used in MiFID II.

Unlike MiCAR – an EU Regulation which applies across the EU without need for transposition, i.e., implementation into Member States’ respective legislative frameworks, MiFID and MiFID II are EU Directives. Divergences across Member States due to different approachesAs ESMA notes, some Member States employ a restrictive list of examples, while others use concept-based definition.Show Footnote in the national transposition of the MiFID framework into national laws has resulted in there being no commonly adopted definition of “financial instrument” in the EU. While this remains a known and frustrating problem (that EU policymakers would do well to redress promptly so as to rectify previous shortsightedness) further complications arise when distributed ledger technology (DLT) comes into play in terms of an assets’ design features and means of how market participants can interact with it. The European Securities and Markets Authority (ESMA) had been tasked under MiCAR to tackle this question and to publish supervisory guidelines providing clarity and certainty as to when a crypto-asset is to be categorised and thus qualified as a financial instrument.

On 17 December 2024, ESMA published its Final Report containing, in Annex III, the now final Guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments (the CAFI Guidelines).Available here – see Annex III for the text of the CAFI Guidelines.Show Footnote ESMA ran a consultation on a draft version of the CAFI Guidelines between January and April 2024 and received 68 responses from industry as well as advice from ESMA’s Securities and Markets Stakeholder Group (the SMSG). These responses have been reflected in the 18 pages that make up the CAFI Guidelines and in the 31 pages of the Final Report setting out the context and rationale for the changes plus industry and SMSG feedback. This provides useful context to ESMA’s and other supervisors’ expectations of (all) market participants when they assess, how to classify a crypto-asset in terms of a statutory interpretation ahead of economic, technological and a comparative (functional) analysis.For a further analysis of some of these considerations please see the insightful paper from Lehman, Matthias and Schinerl, Fabian “The Concept of Financial Instruments: Drawing the Borderline between MiFID and MiCAR”, Capital Markets Law Journal, 2024, 19, 330-351 available here.Show Footnote

The CAFI Guidelines aim to definitively delineate when crypto-asset activity would be subject to (a) regulation and supervision by either MiCAR or (b) the existing “traditional financial services” legislative chapters of the EU’s Single Rulebook. However, there areas discussed below, certain crypto-assets (and activity related to them) that fall outside of MiCAR and traditional financial services legislation altogether – the CAFI Guidelines do not address that question directly.

This Client Alert assesses the key takeaways for traditional financial services firms and for crypto-asset service providers (CASPs) as well as crypto-asset issuers (CAIs) resulting from ESMA’s commentary set out in the Final Report and in the principles communicated in the CAFI Guidelines. This Client Alert should be read in conjunction with further analysis on MiCAR and in particular a number of further supervisory clarifications provided by ESMA along with its sister European Supervisory Authorities (ESAs) comprised of the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) as well as the European Central Bank (ECB).

Key takeaways from ESMA’s CAFI Guidelines

ESMA was granted a mandate pursuant to Article 2(5) to issue supervisory guidelines on the conditions and criteria for the classification of crypto-assets as financial instruments, as defined in Article 4(1), point (15), of MiFID II. This categorisation is crucial as it determines the regulatory treatment of crypto-assets, influencing their issuance, trading and management within the EU and financial markets (including those outside of the EU).

Crypto-assets, that do not come under other EU financial instrument regulations, are likely but not automatically subject to MiCAR. Accordingly, while MiCAR closes the crypto-asset regulatory gap, it does not cover all types. Equally, exemptions under MiCAR Article 2(4) go beyond financial instruments. Crypto-assets that qualify as financial instruments, deposits, funds, securitisation positions, insurance, pension, occupational pension, individual pension, PEPP, or social security schemes are exempt from MiCAR and thus subject to traditional financial services legislation.

Fortunately, for everything else not excluded from MiCAR and the delineation whether it is to be subject to MiCAR or traditional financial services legislation, ESMA emphasises a technology-neutral approach. This ensures that similar activities and assets are subject to the same rules regardless of their form. Accordingly, the CAFI Guidelines in Part 5 para. 11 state that:

“The technological format of crypto-assets should not be considered a determining factor by national competent authorities and financial market participants when assessing the qualification as financial instruments. Following this, the process of tokenisation of financial instruments should not affect the classification of such assets.” The process of tokenisation of financial instruments is reiterated by ESMA as being “the digital representation of financial instruments on distributed ledgers or the issuance of traditional asset classes in tokenised form to enable them to be issued, stored and transferred on a distributed ledger.”

Part 5 para. 12 of the CAFI Guidelines goes on to state that, in keeping with Recital 9 of MiCAR:

“Tokenised financial instruments should continue to be considered as financial instruments for all regulatory purposes. National competent authorities should take a technology-neutral approach, a principle referred to in MiCAR, to ensure that similar activities and assets are subject to the same rules regardless of their form.” Accordingly, a crypto-asset should qualify as a financial instrument if it falls within the definition of a transferrable security provide by MiFID II.

The principles above are crucial for maintaining regulatory consistency and avoiding arbitrage within the EU’s Single Market, its Single Rulebook and thus equally the single supervisory culture that is being operationalised for the supervision of crypto-assets generally as well as how crypto-assets, that are financial instruments and thus subject to the body of the traditional (non-crypto) financial services legislative, regulatory and supervisory parts of the Single Rulebook, are designed to operate.

Therefore, the CAFI Guidelines adopt a substance-over-form approach, focusing on the inherent characteristics and rights conferred by the crypto-assets rather than their technological representation. This approach reinforces investor protection by ensuring that the classification is based on the actual economic and legal profiles of the assets. However, this requires a comprehensive (and periodically reviewed) case- by-case (re-)assessment of how a particular crypto-asset is to be categorised and how that might change over time.

For a crypto-asset to be classified as a transferable security under MiFID II as opposed to a crypto-asset under MiCAR, it must cumulatively fulfil the following three criteria:

• Not be an instrument of payment: crypto-assets used primarily as a medium of exchange are excluded;
• Be in one or more “classes of securities”: the crypto-assets must be issued by the same issuer and be interchangeable (i.e. fungible), granting equivalent rights to holders; and 
• Be negotiable on the “capital market”: the crypto-assets must be capable of being transferred or traded freely. The reference to “capital markets” is not defined but as a concept ESMA embraces it as intentionally broad to include all contexts where buying and selling interests in securities (and by extension financial instruments) meet. It does not limit the scope to securities/financial instruments listed or traded on regulated markets.

The CAFI Guidelines also clarify that (national) competent authorities (NCAs) and market participants should, as part of their assessments, also consider that a crypto-asset may have design features that apply to a crypto-asset’s negotiability and/or transferability. Transferable securities should only be considered “freely negotiable” if before admission to trading no restrictions exist which prevent the transfer of crypto-assets in a way that would disturb “creating a fair, orderly and efficient market”. Thus, the fact that investors must be whitelisted should not prevent a crypto-asset from being a transferable security, which must be determined individually. If there is no specific market for the commodity or a temporary lock-up period, the abstract possibility of transfer or trade should be considered sufficient. ESMA notes that most crypto-assets meet MiFID II’s Article 4(1), point (44), negotiability criterion since the DLT allows seller-to-buyer ownership transfers. NCAs and financial market participants should also consider that a crypto-asset can be constructed to prevent capital market transfers. Holders may not be able to negotiate or transfer crypto-assets to anybody other than the issuer. Any limits on crypto-asset transfers must be addressed individually since their nature and impact may render the instrument untradable. Issuer-imposed restrictions may hinder crypto-asset transferability. Time-lock transfers can prevent asset transfers before a specified date or occurrence. Geographic constraints restrict transfers to specific regions or jurisdictions, frequently to conform with local legislation. Technical restrictions, like covenants, may require certain conditions (e.g., holding periods, usage constraints) to be met before allowing transfers in smart contracts. Accordingly, any such restrictions should be evaluated individually. NCAs and financial market participants should also consider other restrictions that may not prevent a crypto-asset from being traded (e.g., whitelist-only transfers, selling restrictions for a specified time, lockup, specific country limitation).

In addition to the above, the CAFI Guidelines provide detailed examples and scenarios to aid in the practical application of the three criteria above by ensuring consistent interpretations across different jurisdictions. Specifically, the CAFI Guidelines set out the following principles with respect to crypto-assets and their:

• Classification as money-market instruments and thus as a financial instrument: to qualify as money-market instruments, crypto-assets must exhibit characteristics similar to traditional money-market instruments, such as treasury bills or certificates of deposit. These characteristics include a predefined maturity date, stable value, minimal volatility, and returns aligned with short-term interest rates. The CAFI Guidelines emphasise the importance of these features in distinguishing money-market instruments from other types of crypto-assets. 
• Classification as units in collective investment undertakings i.e. a fund unit and thus as a financial instrument: for a crypto-asset to be classified as a unit in a collective investment undertaking, it must involve the pooling of capital from multiple investors, with the purpose of investing this capital in accordance with a defined investment policy, and with a view to generating a pooled return for the investors. The CAFI Guidelines clarify that utility tokens, which serve a commercial or industrial purpose, should not be classified as financial instruments simply because they provide some form of participatory rights in a blockchain project. 
• Classification as derivative contracts and thus as a financial instrument: the CAFI Guidelines provide criteria for classifying crypto-assets as derivative contracts, emphasising the importance of the underlying reference point, such as rates, indexes, or instruments relevant under MiFID II. The unique characteristics of certain crypto-native derivatives, such as perpetual futures, are also considered. The CAFI Guidelines ensure that these instruments are assessed against the criteria set out in MiFID II, acknowledging their growing significance in the crypto-asset markets. 
• Classification as emission allowances and thus as a financial instrument: crypto-assets classified as emission allowances must represent a right to emit a certain quantity of greenhouse gases and be recognised for compliance with the EU Emissions Trading Scheme. The CAFI Guidelines ensure that only those crypto-assets that genuinely represent a right to emit greenhouse gases are classified as emission allowances, preventing the misclassification of other types of tokens, such as voluntary carbon credits.  
• Classification of NFTs and hybrid tokens: the CAFI Guidelines reconfirm that non-fungible tokens (NFTs) are generally excluded from the scope of MiCAR, except under certain conditions (in particular the degree of non-fungibility). The classification of hybrid tokens, which display features of financial instruments, should take precedence in their classification. The CAFI Guidelines recommend a periodic reassessment of hybrid tokens to ensure that their regulatory treatment remains appropriate throughout their lifecycle.

In addition to a number of key implications for firms, it is important to note even with the CAFI Guidelines, the underlying (unrectified) issue of diverging understanding of a financial instrument means that firms engaged in cross-border activities within the EU or beyond should be acutely aware of the potential for differing interpretations by NCAs of when a crypto-asset (in particular a hybrid token) is considered a financial instrument or not. As noted by ESMA, who will undoubtedly play an active adjudicating role, this inconsistency can lead to challenges in ensuring compliance with the appropriate regulatory framework, whether it be MiFID II or MiCAR.

Key implications for firms

The CAFI Guidelines have several key implications for regulated firms (whether as CASPs, CAIs or traditional financial services firms):

• Compliance obligations: firms must ensure that their crypto-asset offerings are correctly classified under the new criteria set by the CAFI Guidelines (including by way of comprehensive risk assessmentsThis includes conducting (a) comprehensive risk assessments to identify and mitigate any potential risks associated with the classification of crypto-assets as financial instruments and (b) evaluating the impact on the firm’s risk profile and implementing appropriate risk management strategies.Show Footnote and ongoing monitoringThis includes periodic reviews and reassessments to ensure that the classification remains accurate over time, especially for hybrid tokens whose characteristics may evolve.Show Footnote), which may involve legal reviews (including for crypto-assets previously admitted to trading on exchanges – including those outside of the EU), adjustments to internal processes (including collateral and custody considerations) and necessity for staff training.
• Investor protection, communication and disclosure: the CAFI Guidelines aim to enhance investor protection by ensuring that all relevant assets are appropriately classified and regulated, contributing to a safer and more transparent market environment. The ESAs, the NCAs and the ECB are all expected to address their focus on ensuring respective firms are able to evidence robust compliance and a dedication to ensuring investor protection. This, in particular, includes ensuring clear(er) investor disclosures and improved investor education. In practice this means (a) ensuring that all relevant information regarding the classification of crypto-assets is clearly disclosed to investors. This includes specifying whether a crypto-asset falls under MiCAR or MiFID II and providing detailed information on the rights and obligations associated with the asset; and (b) educating investors on the implications of the classification of crypto-assets as financial instruments. This includes explaining the regulatory protections and obligations that come with such classifications. Ultimately, ESMA takes the view that it is the responsibility of offerors or those seeking admittance to trading of crypto-assets (i.e. CAIs but at times also CASPs) to accurately classify these assets. ESMA points out that the categorisation may be disputed by the applicable NCAs, either prior to the offer’s publication or at any point subsequently. Accordingly, having a robust legal opinion may be useful and indeed many trading venues as well as investors may request one on the categorisation of crypto-assets as to its type and how it is regulated or unregulated.
• Operational adjustments: firms may need to adjust their operational processes to align with the CAFI Guidelines, which could involve system updates and process reengineering in particular for the reporting of crypto-asset categorisation to NCAs as well as other measures when crypto-assets “move” from the compliance obligations pursuant to the MiCAR framework over to the traditional financial services legislative and regulatory framework applicable in the EU.  
• Cross-border services (within the EU) and investor compensation schemes: the EU passporting system allows firms authorised in one Member State to provide services (without need for establishment) and/or to establish branches across the EU.  In light of the inconsistencies and difference in interpretation (however slight) around the definition of the term financial instrument, a firm might face legal and operational challenges. As noted by ESMA, for example, if a crypto-asset is not considered a financial instrument by the home NCA but is considered one by the host NCA, the firm might be restricted from providing services related to that crypto-asset in the host Member State under MiCAR, thus challenging the freedom of provision of services in the EU. As equally flagged by ESMA, different approaches to the concept of financial instruments may also imply different coverage levels provided by investor compensation schemes (themselves in need of reform) within the EU. This can affect the level of investor protection and the firm’s obligations towards its clients.
• Cost efficiencies: fortunately, a harmonised classification approach across the EU should promote supervisory convergence, reduce the complexity and variability of compliance requirements across different jurisdictions and thus yield cost-efficiencies for firms as well as engagements by and with counterparties, clients and customers.  

In addition to the specific aspects that firms should consider, it is very likely that ESMA, working together with the NCAs and other members of the European System of Financial Supervision (as well as with competition authorities) will focus their MiCAR operationalisation efforts in stepping up systematic intra-authority information sharing. Timely exchanges of information amongst such authorities may lead to improving best practices (and greater degree of regulatory and supervisory certainty) but equally a tougher tone of supervisory engagement, including where there are targeted measures applied to detect malpractice, non-compliance and other forms of financial crime (other than market abuse, money laundering and terrorist financing), in particular where there is a cross-border element involved. 

Timing considerations

In terms of immediate next steps, the CAFI Guidelines are set to be translated into each of the official languages of the EU and published on the ESMA website. The publication of these translations will trigger a two-month period in which NCAs must notify ESMA whether they intend to comply with the CAFI Guidelines. The CAFI Guidelines will apply from three months after the publication of the translations. All firms should however consider getting to grips with the CAFI Guidelines’ implications earlier rather than later. This also applies to those that may look to make use of MiCAR’s overall grandfathering period(s) – again an area where national options and discretions have hardwired potential for divergence.

While MiCAR’s full operationalisation starts 30 December 2024, an 18-month transitional phase i.e., a grandfathering period applies until 1 July 2026. These transitional measures (e.g. grandfathering and simplified procedure) apply in those Member States who have opted in.ESMA has published this list here.Show Footnote Entities in participating Member States are permitted to make use of the simplified CASP authorisation procedure (in Art. 143(6) MiCAR) but must acquire an authorisation in accordance with Article 63 of MiCAR by then. This grandfathering period varies from Member State to Member State with some having lower periods than the full 18 months (either at 6 or 12 months) and others yet to announce what they will offer. Notwithstanding this grandfathering period, the CAFI Guidelines will apply as per the timeline above, so for firms making use of grandfathering, they will still need to assess compliance with the CAFI Guidelines.

Outlook

The CAFI Guidelines are pivotal for existing and aspiring regulated firms engaging in crypto-asset activity as they provide clarity on the classification of crypto-assets, ensuring consistent legislative, regulatory and supervisory treatment across EU Member States. As with other ESMA guidelines, it is conceivable that the CAFI Guidelines may need to be amended and/or supplemented over time, including in light of further reforms to the MiCAR regime and the EU’s Single Rulebook.

Given the above, the evolving nature of the regulatory landscape necessitates that firms remain vigilant and proactive in their compliance efforts, leveraging tools and resources to stay ahead of potential changes. This dynamic environment underscores the importance of continuous monitoring and adaptation to ensure that firms can navigate the complexities of crypto-assets as well as other regulation effectively, in particular where it crosses over further to tokenisation of real world assets and decentralised finance offerings.

Moreover, the implementation of the CAFI Guidelines is expected to foster greater regulatory convergence and supervisory cooperation across the EU. This harmonisation will likely reduce the compliance burden on firms operating in multiple jurisdictions, promoting a more streamlined and efficient regulatory framework. However, firms must also be prepared for a potentially tougher supervisory stance, as authorities enhance their efforts to detect and address non-compliance and financial crime, in particular in cross-border contexts.

The emphasis on a technology-neutral approach and the substance-over-form principle will be crucial in maintaining a level playing field and ensuring that investor protection remains at the forefront of regulatory priorities. So too will be the need for frequent periodic re-assessments of crypto-asset categorisations supported by demonstrable independent legal, technical and operational assessments of respective crypto-assets. Equally, as the market for crypto-assets continues to evolve, some firms may need to improve efforts on how they engage with counterparties, clients and customers for their MiCAR and/or traditional financial services legislative governed crypto-assets.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients to navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.  

In order to assist firms in staying ahead of their compliance obligations we have developed a number of RegTech and SupTech tools for supervised firms. This includes PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,000+ legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.  

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.   

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award”. 

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.