Q4 2024 Regulatory Update

December has seen a flurry of crypto-related regulatory activity mostly dominated by the EU authorities. As the world awaits the US change in power and the related and well-anticipated crypto regulatory activity in the US, this year wraps up with EU as the main standard setter when it comes to crypto.

European Union 

1. MiCA licensing requirements and Travel Rule provisions are fully applicable to EU CASPs as of 30th December 2024

With the end of December milestone looming for crypto assets services providers (CASPs) operating in the EU, the European Banking Authority (EBA) was active in issuing crypto-related guidance during the month of December.

In particular, in its efforts to bring the crypto-related regulatory regime in line with that applicable to EMIs (electronic money institutions) and PSPs (payment services providers) operating in the EU, the EBA has issued an explainer summarising key regulatory milestones and guidance applicable to CASPs in the EU.

A quick summary of requirements for EU CASPs: 

 ¹ Licensing regimes and requirements are established by individual EU member states with main principles and requirements mandated by MiCA. Such requirements include adequate control mechanisms and risk management procedures concerning their operation, organisation and governance, including from an AML/CFT or financial crime perspective.  

2. GUIDANCE ON THE “GRANDFATHERING REGIME” FOR CASPS WHICH HAVE ALREADY BEEN OPERATING IN THE EU 

A key clarification included in the EBA’s non-legally binding explainer is that CASPs that have already been operating in the EU under pre-MiCA rules before 30 December 2024 are allowed to continue their operations until 1 July 2026 (depending on the deadlines imposed by the national regulators, whichever is earlier) while they are pursuing full licensing under MiCA – the so-called “grandfathering regime”.

These CASPs are obliged to ensure AML/CTF measures under the EU Anti-Money Laundering Directive (AMLD) in addition to complying with the Travel Rule, while they are also seeking a full license under MiCA.

The explainer also stressed that this grandfathering regime includes a wide spectrum of CASPs that have already been operating in the EU, such as those involved in issuing, the offering to the public and the admission to trading of crypto-assets, and to the provision of services in relation to crypto-assets (so not only custodial wallet providers and crypto-fiat exchanges as per the initial crypto provisions of the AMLD.

Later in the month of December the European Securities and Markets Authority (ESMA) published a list of grandfathering periods as already decided by EU member states. ESMA reminded that EU Member States may decide not to apply the grandfathering regime for CASPs or to reduce its duration.

As per the document, the shortest grandfathering periods have been established by Lithuania (5 months), and Latvia, Hungary, Netherlands, Poland, Slovenia, Finland (6 months). The longest transition period of 18 months has been communicated by Czechia, Denmark, Estonia, France, Croatia, Cyprus, Luxembourg, Malta, Romania.
 

3. Guidance on addressing varying lengths of grandfathering regimes and transition periods

ESMA has issued a statement on MiCA transition measures covering the challenge of inconsistent lengths of grandfathering regimes across EU countries, emphasising that the burden of managing this challenge is placed on crypto firms themselves.

As per the statement, the different transitional periods should be taken into account by CASPs providing services in more than one EU Member State when they transition to MiCA. For example, a CASP seeking a MiCA authorisation in Member State A, with a 12-month transitional period, while also serving clients in Member State B, with a 6-month transitional period, should take action to ensure compliance with the applicable law of Member State B.

Particularly, a situation where the MiCA authorisation in Member State A (and passporting rights in the European Union) is obtained after the 6-month transitional period in Member State B ends would create an interim period (of up to 6 months) in which the CASP would not have the required authorisation to provide crypto-asset services to clients in Member State B.

Given the potentially disruptive nature of such a situation, CASPs are expected to make all possible effort to be compliant and undertake all possible steps to avoid detriment to their clients, market participants, and the integrity of the market, while also adhering to applicable AML/CFT requirements. 

4. CORRESPONDENCE BETWEEN THE DG FISMA OF THE EUROPEAN COMMISSION, THE EBA AND ESMA ON THE INTERPLAY BETWEEN MICA AND PSD2

Letters have been exchanged between the EU Commission, the EBA and ESMA whereby the EU Commission has tasked the EBA and ESMA to work on removing inconsistencies created by the dual application of both MiCA and PSD2 (Payment Services Directive). The EBA replied saying their response will be published by April 2025.

While EMT issuers already require authorisation under MiCA, depending on the business model, some operations with EMTs by CASPs may be unintentionally considered as a payment service under PSD2 and therefore require an authorisation under this directive, placing increased burden on both CASPs and national Competent Authorities. The interplay between MiCA and PSD2 can also create regulatory arbitrage issues and impact consumer protection.

The EU Commission has stated in the letter that where CASPs provide payment services with EMTs, they need to either hold an authorisation as a payment service provider (PSP), or partner with a PSP having an authorisation to provide the respective payment services. A PSP authorisation would generally be required in cases where the CASP is processing EMT-enabled payments involving third parties or peer-to-peer transfers.

By contrast, an authorisation as a PSP would generally not be required where a CASP which provides the service of “exchange of crypto-assets for funds” or “exchange of crypto-assets for other crypto-assets” does not act as an intermediary between a payer and a payee, but in its own name, as seller/buyer of the EMTs, and does not provide other transfers of EMTs on behalf of its clients.

However, other cases where EMTs are not used as a means of payment or for peer-to-peer (P2P) payment transactions, but rather for investment or trading purposes, may inadvertently fall under the application of PSD2, creating unnecessary burden for affected businesses and national authorities. This is the area on which the EU Commission has requested an opinion from the EBA and ESMA. 

5. REPORTING REQUIREMENTS FOR CASPS UNDER MICA CLARIFIED

The EBA published templates, guidelines, and an explainer summarising various reporting requirements for ART and EMT issuers under MiCA (covering credit institutions (e.g. banks), EMIs engaged in crypto, and CASPs).

The documents were issued by the EBA because MiCA sets out a wide range of regulatory requirements, including authorisations, conduct and prudential requirements for issuers of ARTs and EMTs, and mandates the issuers of certain tokens to report certain data points to the national Competent Authorities under Article 22 MiCA.

6. FATF MUTUAL EVALUATION REPORT ON ARGENTINA

The Financial Action Task Force (FATF) has published a mutual evaluation report on Argentina, the second largest crypto market by virtual asset adoption in South America after Brazil. Following the assessment, Argentina is placed on “enhanced follow-up” and will report back to the FATF in one year.

The report covers crypto firms (using virtual asset services providers, or VASPs, as the term) particularly in the context of VASPs being added as reporting entities for AML and CTF purposes by Argentina, as well as in relation to asset recovery and investigations.