MiCA is the acronym for “Markets in Cryptoassets”, i.e. cryptoassets markets, which have been regulated through Regulation 2023/1114 of May 31 of the European Parliament and the Council.
Since it has been legally adopted in the form of a Regulation, it will not be necessary for Spain to “transpose” it into national legislation. In other words, MiCA entered into force 20 days after the publication of its text in the OJEU (Official Journal of the European Union), which took place on June 9, 2023, and is directly applicable in all Member States. However, this regulation has a phased applicability, as explained in the following sections.
MiCA became effective on June 29, 2023, but its contents are not enforceable since then. On the contrary, the different titles will be enforceable on different dates depending on the type of obligor concerned.
For issuers of Stablecoins (asset backed tokens) and E-Money tokens (electronic money tokens), the effective implementation date is June 30, 2024.
For the rest, it is necessary to keep the following in mind:
The obligations to be fulfilled by the various parties in order for their application for authorization to operate in the European markets to be approved are different and varied, especially depending on the business model they operate. These include:
DORA Regulations (Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on the digital operational resilience of the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011) is a regulation that will become mandatory from January 2025.
Specifically, the DORA Regulation applies to the following entities:
Credit institutions. Payment entities. Account information service providers. Electronic money institutions. Investment services companies. Cryptoasset service providers (authorized under the MiCA Regulation). Central securities depositories.
Central counterparties. Trading centers. Operations records. Alternative investment fund managers. Management companies. Data delivery service providers. Insurance and reinsurance companies. Insurance, reinsurance and complementary insurance intermediaries. Employment pension funds. Credit rating agencies. Crucial benchmark index managers. Providers of participative financing services. Securitization registers. Third-party information and communication technology service providers.
It is already in force – we have until January 17, 2025 to adapt, because from that date it will be applicable.
The purpose of DORA is to create requirements that allow the regulated entities to comply with it, to build, ensure and review its integrity and operational reliability ensuring, directly or indirectly, through the use of services provided by third-party IT service providers, the full range of ICT-related capabilities necessary to preserve the security of networks and information systems.
For this purpose, the following requirements, among others, must be met:
On January 16, the European Banking Authority published the new revised guidelines modifying the current guidelines on customer due diligence and the factors that financial and credit institutions should consider when determining a level of risk in their business relationships and/or occasional transactions, establishing criteria that may reduce or increase risk.
Although the guidelines are somewhat broad in some respects, they are aimed in particular at crypto-asset services providers (CASPs) and services involving transactions to or from self-managed addresses or decentralized platforms.
In the coming months these new guidelines will be translated into the different languages of the European Union and a deadline will be given for review by the authorities of each member country. These guidelines are expected to come into force on December 30, 2024.
Risk system based on:
Products, services and transactions:
Any risk analysis must be based on an internal risk policy adapted to the particularities of the business.
Depending on the customer:
Any risk analysis must take into account two main factors: the nature of the customer (whether the company is an individual or a legal entity, whether it is newly created, its turnover, etc.), and customer behaviorThe analysis by the obligor is required to determine the risk of its operations. Behavior that increases risk:
Based on geographic or international criteria.
The origin and/or destination of the operations, as well as of the clients, must be taken into account, especially if they come from territories that have been assigned a high risk in terms of prevention of money laundering and financing of terrorism or if they are countries or territories that appear on international black/gray lists.
All this is not an extensive list, since it contemplates different cases that must always be appropriate to the activity of the obligor. Likewise, it is always recommended that risk factors should not only be limited to these guidelines but that the obligor should have its own risk policy.
Enviar email a: