MiCA

2024 is the year in which compliance with the Regulation begins to be required.

What is MiCA

MiCA is the acronym for “Markets in Cryptoassets”, i.e. cryptoassets markets, which have been regulated through Regulation 2023/1114 of May 31 of the European Parliament and the Council.

Since it has been legally adopted in the form of a Regulation, it will not be necessary for Spain to “transpose” it into national legislation. In other words, MiCA entered into force 20 days after the publication of its text in the OJEU (Official Journal of the European Union), which took place on June 9, 2023, and is directly applicable in all Member States. However, this regulation has a phased applicability, as explained in the following sections.

Of your interest

  • Utility token issuers (ICOs, Launchpads…etc.)
  • Issuers of stablecoins
  • Issuers of E-money tokens
  • Cryptoasset service providers, among which are:
    • Custody and administration of cryptoassets on behalf of clients.
    • Management of a crypto-asset trading platform
    • The exchange of cryptoassets for funds
    • The exchange of cryptoassets for other cryptoassets.
    • Execution of orders related to crypto-assets on behalf of clients.
    • The placement of cryptoassets
    • The reception and transmission of orders related to crypto-assets on behalf of clients.
    • Management of cryptoasset portfolios
    • The provision of crypto-asset transfer services on behalf of clients.

MiCA became effective on June 29, 2023, but its contents are not enforceable since then. On the contrary, the different titles will be enforceable on different dates depending on the type of obligor concerned.

For issuers of Stablecoins (asset backed tokens) and E-Money tokens (electronic money tokens), the effective implementation date is June 30, 2024.

For the rest, it is necessary to keep the following in mind:

  • There is a transition period or “grandfathering”: Article 143(3) grants the authorities responsible for the implementation and supervision of MiCA, in this case the CNMV, the use of a transition period of up to 18 months. Such period, if used, would allow cryptoasset service provider companies (CASPs) to continue providing services, without the authorization of the Regulation, until June 2026. Spain has decided to make use of 12 months, so the regulation will be enforceable in December 2025.
  • Possibility of application of “simplified procedures” for Cryptoasset Service ProvidersArticle 143(6) of the MiCA Regulation allows Member States to apply a simplified procedure to crypto-asset service providers that, before December 30, 2024, were authorized under the national regime. However, what is required is that this national regime be comparable in terms of obligations to that of MiCA. In other words, the system currently in place in almost all EU countries, based on a system of registers, is not acceptable for money laundering purposes.

The obligations to be fulfilled by the various parties in order for their application for authorization to operate in the European markets to be approved are different and varied, especially depending on the business model they operate. These include:

  • Obligations to act impartially, honestly and professionally.
  • Prudential own funds requirements
  • Governance requirements, honorability, knowledge and demonstrable competencies of the management body
  • Obligation to inform authorities
  • Guardianship and custody obligation
  • Complaint handling obligation
  • Obligation to manage conflicts of interest
  • Obligation to establish orderly liquidation plans and limitations to the outsourcing of the service.

Take the test

What is DORA

DORA Regulations (Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on the digital operational resilience of the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011) is a regulation that will become mandatory from January 2025.

Of your interest

Specifically, the DORA Regulation applies to the following entities:

Credit institutions. Payment entities. Account information service providers. Electronic money institutions. Investment services companies. Cryptoasset service providers (authorized under the MiCA Regulation). Central securities depositories.

Central counterparties. Trading centers. Operations records. Alternative investment fund managers. Management companies. Data delivery service providers. Insurance and reinsurance companies. Insurance, reinsurance and complementary insurance intermediaries. Employment pension funds. Credit rating agencies. Crucial benchmark index managers. Providers of participative financing services. Securitization registers. Third-party information and communication technology service providers.

It is already in force – we have until January 17, 2025 to adapt, because from that date it will be applicable.

The purpose of DORA is to create requirements that allow the regulated entities to comply with it, to build, ensure and review its integrity and operational reliability ensuring, directly or indirectly, through the use of services provided by third-party IT service providers, the full range of ICT-related capabilities necessary to preserve the security of networks and information systems.

For this purpose, the following requirements, among others, must be met:

  • having an internal governance and control framework in place to ensure effective and prudent ICT risk management; and
  • establish a system for notifying the competent authorities of serious ICT-related incidents.

What is Transfer of Funds

On January 16, the European Banking Authority published the new revised guidelines modifying the current guidelines on customer due diligence and the factors that financial and credit institutions should consider when determining a level of risk in their business relationships and/or occasional transactions, establishing criteria that may reduce or increase risk.

Of your interest

Although the guidelines are somewhat broad in some respects, they are aimed in particular at crypto-asset services providers (CASPs) and services involving transactions to or from self-managed addresses or decentralized platforms.

In the coming months these new guidelines will be translated into the different languages of the European Union and a deadline will be given for review by the authorities of each member country. These guidelines are expected to come into force on December 30, 2024.

Risk system based on:

Products, services and transactions:

  • Products or services that offer a higher degree of anonymity.
  • Transactions to or from addresses that are self-managed or have passed through mixers or tumblrs are allowed.
  • Those services where no limit is established with respect to the total volume or value of operations.

Any risk analysis must be based on an internal risk policy adapted to the particularities of the business.

Depending on the customer:

Any risk analysis must take into account two main factors: the nature of the customer (whether the company is an individual or a legal entity, whether it is newly created, its turnover, etc.), and customer behaviorThe analysis by the obligor is required to determine the risk of its operations. Behavior that increases risk:

  • That the customer uses a wide variety of payment methods for their crypto-asset transactions.
  • There is a lack of consistency between the means of payment used and the type of activity carried out.
  • That it uses cryptocurrency ATMs located in different locations.

Based on geographic or international criteria.

The origin and/or destination of the operations, as well as of the clients, must be taken into account, especially if they come from territories that have been assigned a high risk in terms of prevention of money laundering and financing of terrorism or if they are countries or territories that appear on international black/gray lists.

All this is not an extensive list, since it contemplates different cases that must always be appropriate to the activity of the obligor. Likewise, it is always recommended that risk factors should not only be limited to these guidelines but that the obligor should have its own risk policy.

Tell us what you need so we can help you.
Download the guide

GUÍA "CÓMO CONSEGUIR LA AUTORIZACIÓN PARA OPERAR"

Descarga la guía de MiCA añadiendo tu email y descubre "los 8 motivos por los que podrías NO conseguir la autorización".
DESCARGAR

Enviar email a:

He leído y acepto la Política de Privacidad.