Various forms of financial crime also result from unregulated crypto-assets, including money-laundering, terrorist financing, and other illicit activities. Without appropriate regulations and monitoring mechanisms, these risks remain unchecked.
The cabinet of Dr Caligari
The EU Markets in Crypto-Assets Regulation (MiCA) is a significant step towards preventing cybercrime and creating a safer digital space, especially in the digital single market.
The statute not only aims to regulate emerging digital financial markets assets, but also embed robust provisions against cyber-crime. The regulation is a landmark EU legislative framework designed to govern the rapidly evolving domain of crypto-assets.
The statute, when implemented, will harmonise the regulatory environment for crypto-assets in the EU.
Here’s an introduction and overview detailing the purpose and goals of the statute, drawn from its preamble.
Regulatory harmonisation
MiCA seeks to eliminate inconsistencies in national frameworks governing crypto-assets, facilitating a unified market for digital assets across the EU. Standardising regulations will enhance legal certainty and foster a conducive environment for innovation and investment in the cryptoassets sector.
Consumer protection
A central goal of the MiCA Regulation is to safeguard consumers from the risks associated with the volatile crypto-assets market. This includes implementing stringent transparency requirements for issuers of crypto-assets and service providers, ensuring that consumers have access to clear, comprehensive information about the risks and costs involved.
Market integrity
The regulation is designed to uphold market integrity and promote the stability of the financial system by introducing robust oversight mechanisms for crypto-assets activities.
This includes measures to prevent market manipulation, fraud, and other illicit practices that could undermine investor confidence and financial stability.
Innovation and competition
Recognising the potential of blockchain and other distributed ledger technologies to transform the financial sector, the MiCA Regulation aims to create a supportive environment that encourages innovation while ensuring that it does not compromise the security, efficiency, and stability of financial markets.
Anti-money-laundering
MiCA will integrate crypto-assets into the EU’s framework for combating money-laundering and terrorist financing. By extending existing standards to cover all types of crypto-assets, the EU seeks to close loopholes that could be exploited for illicit purposes.
Financial inclusion
MiCA provides clear rules for the issuance and operation of both crypto-assets and stablecoins, enhancing access to financial services. This supports the EU’s broader objectives of financial inclusion and the digital transformation of finance.
The omen
MiCA lays down uniform requirements for public offerings and admission to a trading platform of crypto-assets, as well as requirements for crypto-asset service providers. The statute divides crypto-assets into two main types:
- Crypto-assets other than asset-referenced tokens and e-money tokens,
- Asset-referenced tokens and e-money tokens.
We will primarily discuss the new regulations for crypto-assets other than asset-referenced tokens and e-money tokens, because this type of asset is more likely to be used by scammers and cyber-criminals in their criminal activities.
Articles 4 and 5 of MiCA provide rules for offering crypto-assets (other than asset-referenced tokens or e-money tokens, also known as ‘stable coins’) to the public within the EU.
Those seeking to offer crypto-assets to the public must:
- Be a legal entity (a company),
- Create a detailed document called a white paper that follows specific rules (set out in articles 6-9 of MiCA),
- Notify authorities about the white paper, publish it, and ensure any marketing also follows certain guidelines, and
- Meet other specified requirements for making offers to the public (contained in articles 4 and 5 of MiCA).
MiCA provides detailed rules for who can offer and trade certain types of cryptoassets in the EU, outlining the necessary steps, exceptions, and specific scenarios that exempt some from these regulations. These rules are designed to make the digital single market a safer place for consumers of crypto-assets.
CASPar the friendly ghost
MiCA holds crypto-asset offerors accountable for providing incomplete, unfair, or misleading information in crypto-asset white papers, a measure aimed at preventing abuses.
Individuals responsible for such infringements, including members of administrative, management, or supervisory bodies, will be held personally liable for any resulting losses incurred by crypto-asset holders (article 15).
Under MiCA, this personal liability cannot be contracted away. Personal liability for the information contained in white papers will help ensure that those seeking to market crypto-assets are acting in good faith.
A major part of MiCA is the establishment of an authorisation framework for cryptoasset service providers (CASPs). Simply put, CASPs are companies that help their clients control, trade, or save their crypto-assets.
Only authorised entities are permitted to offer such services (article 59). These include CASPs authorised under article 63, as well as certain financial institutions specified in article 60. CASPs authorised under article 63 must have a registered office and effective management within the EU, with at least one director residing in the EU.
Competent national authorities granting authorisations to CASPs must specify the services authorised providers can offer. These providers have the freedom to operate throughout the EU.
This framework aims to ensure the integrity and safety of crypto-asset services within the EU. Consumers can look for information on legitimate authorisations from competent authorities before making investment in crypto-assets, which will hopefully prevent many forms of crypto-scams, including pump and dumps, impostors, and Ponzi scheme (see panel below).
Bride of the gorilla
Attempting to prevent crypto-asset-related criminality, MiCA places obligations on CASPs, emphasising honesty, fairness, and professionalism.
Under MiCA, CASPs are obliged to prioritise the best interests of clients and prospective clients, acting with integrity and professionalism:
- Clients must be provided with transparent and non-misleading information, including in marketing materials, to prevent deliberate or negligent misrepresentation of crypto-assets’ advantages,
- Clients must be warned about the risks associated with crypto-asset transactions, and providers must furnish hyperlinks to relevant crypto-asset white papers when offering trading, exchange, advice, or portfolio management services,
- Policies regarding pricing, costs, and fees must be made publicly available on providers’ websites,
- Providers are required to disclose information on the climate and environment-related impacts of the consensus mechanisms used to issue crypto-assets they handle. This information, sourced from crypto-asset white papers, must be prominently displayed on their websites.
These measures aim to enhance transparency, mitigate risks, and ensure responsible conduct within the crypto-asset service sector.
MiCA also seeks to enact comprehensive governance regulations for crypto-asset service providers to ensure integrity and safeguard client interests.
Key provisions for governance are contained in article 68 and include:
- Members of management bodies and shareholders must possess good repute and appropriate knowledge, skills, and experience, with no convictions related to money-laundering or terrorist financing. Authorities will intervene if shareholder influence threatens sound management.
- Providers must adopt effective policies and procedures to comply with regulations and employ knowledgeable personnel.
- Management bodies must regularly review policy effectiveness and address deficiencies.
- Providers must ensure continuity and regularity in service performance, employing resilient ICT systems and implementing business continuity plans.
- Mechanisms, systems, and procedures must be in place to comply with national laws and safeguard data integrity and confidentiality.
- Records of all services, activities, orders, and transactions must be kept for supervisory purposes, provided to clients upon request, and retained for up to seven years.
These provisions place obligations on CASPs to ensure that their governance structures are robust and that CASPs are able to comply with MiCA and other regulatory requirements.
Requirements for appropriate corporate governance structures help protects consumers by ensuring that firms are reputable and their employees are acting in good faith.
Article 70 of MiCA establishes a framework to ensure the secure handling of clients’ crypto-assets and funds by service providers:
- Providers holding clients’ crypto-assets must implement measures to safeguard ownership rights, particularly in cases of provider insolvency, and prevent the misuse of clients’ assets.
- For providers holding clients’ funds, adequate arrangements must be in place to protect ownership rights and prevent the use of funds for the provider’s benefit.
- Funds received from clients (excluding e-money tokens) must be deposited with a credit institution or central bank by the following business day. Providers must ensure these funds are held separately and identifiable from their own accounts.
- Authorised providers or third parties (Directive (EU) 2015/2366) may offer payment services related to their crypto-asset services. Clients must be informed of the nature, terms, and conditions of these services, as well as whether they are provided directly by the provider or through a third party.
These regulations aim to enhance client protection and prevent misuse of client funds.
Deliver us from evil
Beyond rules incumbent on crypto-asset providers themselves, MiCA also introduces rules to address market abuses concerning crypto-assets, aiming to ensure transparency and integrity within financial markets.
Inside information disclosure: Inside information encompasses precise, non-public data likely to significantly affect crypto-asset prices. It includes information from clients regarding pending orders.
CASPs must promptly disclose inside information, ensuring accessibility and accuracy. They must not combine this with marketing activities and must maintain such information on their websites for at least five years.
CASPs may delay disclosure under specific conditions, provided it does not mislead the public and confidentiality is ensured. They must inform the competent authority of any delays and provide explanations.
Prohibition of insider dealing and unlawful disclosure: Insider dealing occurs when someone uses inside information to acquire or dispose of crypto-assets, including modifying orders. This prohibition extends to recommendations or inducements related to such activities.
Unauthorised disclosure of inside information is prohibited, except in the normal course of employment or profession.
Prohibition of market manipulation: Market manipulation includes various activities aiming to deceive and affect crypto-asset prices. This encompasses fictitious devices, dissemination of false information, and taking advantage of media access to influence prices.
Market manipulation includes actions such as disrupting trading platforms, creating false signals, and exploiting media influence without disclosing conflicts of interest.
Prevention and detection of market abuse: Entities involved in arranging or executing crypto-asset transactions must have effective systems to prevent and detect market abuse.
They must report any suspicious orders or transactions to the relevant authorities. These regulations aim to foster fair, transparent, and orderly markets, protecting investors and maintaining market integrity in the crypto-asset sphere.
The golem
MiCA is a landmark regulation that reflects the EU’s proactive and balanced approach to governing emerging technologies and digital assets. The statute not only aims to protect the digital economy and its participants, but also to set a global benchmark for the responsible and ethical use of crypto-assets.
As these regulations evolve and are implemented, they will undoubtedly shape the future of digital innovation and security within the European Union and beyond.
When set in the context of other EU statutes governing the single digital market (such as the Digital Services Act package and the new AI Act), MiCA can be seen as part of a comprehensive approach to digital governance, where safety, transparency, and integrity across all facets of digital innovation are paramount.
While tackling vulnerabilities associated with the burgeoning crypto-assets market, together with other digital regulations, MiCA helps create a unified regulatory approach that prioritises the protection of fundamental rights, data privacy, and consumer safety across the digital domain, all while providing a cohesive regulatory environment conducive to sustainable digital advancement.
Leo Twiggs is a policy advisor at the Law Society of Ireland
FROM HELL IT CAME
In the swiftly developing world of crypto-currency, investors are constantly on the lookout for the next big opportunity. This digital gold rush has also attracted a new breed of cyber-criminals, eager to exploit the unwary.
Below are brief examples of the most common types of crypto-scams making headlines:
‘Pump-and-dump’: By artificially inflating the price of little-known cryptocurrencies on social media, scammers lure investors into buying while the price is high. Once the price peaks, the scammers sell off their holdings, causing the price to plummet and leaving new investors with significant losses.
ICO impostors: Fraudsters impersonating legitimate crypto-traders advertise initial coin offerings (ICOs) of promising blockchain projects. These impostors create fake websites and white papers to lure investors into sending them crypto-currency. Scams like these have duped investors out of millions, with many victims attracted by the promise of early investment returns.
Ponzi schemes reimagined: The digital age has seen the resurgence of a classic scam – the Ponzi scheme, rebranded for the crypto era. Scammers promise high returns on crypto-currency investments, with payouts supposedly generated by new investors’ funds. As these schemes unravel, the architects disappear, leaving investors with nothing.
Insider dealing: An employee of a crypto-asset service provider uses confidential information about an upcoming partnership announcement to buy a large quantity of the crypto-asset before the news becomes public, aiming to sell it at a higher price post-announcement. This manipulates the market unfairly and undermines investor confidence.
Cyber-security breaches: A cyberattack on a crypto-asset exchange results in unauthorised access to the exchange’s digital wallets, leading to the theft of millions in various crypto-currencies. The attackers exploit vulnerabilities in the exchange’s security systems, highlighting the need for robust cybersecurity measures.
Ransomware attacks: A ransomware attack targets a crypto-asset service provider, encrypting its operational data and demanding a ransom in crypto-currency to release the data. This disrupts the provider’s services, affecting thousands of users and exposing the need for comprehensive cyber-security defences and back-up systems.
Money-laundering: Investigators uncover a scheme where criminals use a crypto-asset platform to launder money from illegal activities. The platform failed to perform adequate customer due diligence and report suspicious transactions, violating anti-money-laundering (AML) regulations.
While there are many risks lurking in the digital frontier, especially when it comes to crypto-assets, the lure of profit-making will continue to draw many into the market. And as the crypto-currency market continues to grow, investors must stay informed and cautious, safeguarding their digital assets against the ever-evolving tactics of online scammers.