On June 30th 2022, the Council presidency and the European Parliament reached a provisional agreement on the markets in crypto-assets (MiCA) proposal which aims to develop a European approach that fosters technological development and ensures financial stability and consumer protection.

According to Consillium Europa, this regulatory framework will protect investors and preserve financial stability, while allowing innovation and fostering the attractiveness of the crypto-asset sector.

However, this framework will have significant implications on how crypto-based platforms can carry on providing their services to users.

In this article, we are exploring in detail:

• What MiCA is
• What MiCA entails
• What TFR is
• Crypto assets service providers (CASPs) affected by these regulations
• Decision about NFT regulation
• How businesses will be affected by MiCA and TFR, and what you can do about it

What is MiCA?

In a nutshell, MiCA to crypto is what GDPR is to data privacy. A framework that regulates the work of issuers of unbacked crypto assets, stablecoins, trading platforms, and wallets in which crypto assets are held.

MiCA regulates issuers and service providers of crypto-assets, as well as it features rules with regard to market abuse.

It is intended to harmonize the EU market, create regulatory certainty, improve customer protection, and strengthen financial stability.

What MiCA entails: Safeguarding users against crypto crashes

Once MiCA is implemented, crypto-asset service providers will have to respect strong requirements to protect consumers’ wallets and become liable in case they lose investors’ crypto-assets.

How

• MiCA will request stablecoin issuers to build a sufficiently liquid reserve that will have to be legally and operationally segregated and insulated and must also be fully protected in case of insolvency.
• Crypto-asset service providers (CASPs) will be liable for damages or losses caused by hacks or operational failures.
• Trading platforms will be required to provide a white paper for any tokens that don’t have a clear issuer, such as Bitcoin (BTC), and they could be held liable for any misleading information.
• There will also be warnings for consumers about the risks of losses associated with crypto assets and rules on fair marketing communications.

What is TFR?

The Transfer of Funds Regulation (TFR) is part of a package of legislative proposals to strengthen the EU’s anti-money laundering and countering terrorism financing (AML/CFT) rules, presented by the Commission on 20 July 2021 and will become applicable once MiCA does.

The TFR compliments MiCA by adding an anti-money-laundering layer to the user protection offering of the MiCA proposal.

How

The TFR agreement includes the following:

1. Travel rule — KYC/AML for transactions:

The travel rule, which already exists for traditional financial institutions, extends AML and CFT obligations to crypto transfers valued at 1k USD/EUR or more and applies to all CASPs. In short, it means that CASPs will need to collect and make available certain information about the source and destination of crypto transactions, which verifies that parties to the transaction are not sanctioned or subject to restrictive measures, ensuring traceability of crypto transfers and allowing better identification of possible risks of transactions being a money laundering or terrorism financing activity.

2. No threshold/exemption for transactions between CASPs:

This entails that regardless of the amount of crypto assets being transacted, the information of the source of assets will travel along the transaction.

• This legislation DOES NOT APPLY to P2P (unhosted wallets) transactions.
• If a transaction is held between a CASP and an unhosted wallet, CASPs will need to collect the information and apply risk-based AML measures.
• The verification of the information collected is only mandatory (i) when the wallet belongs to a CASP client; and (ii) the transfer is above 1,000 EUR

3. Unhosted wallets:

The travel rule also applies to unhosted wallets, also known as cold storages, when interacting with CASPs hosted wallets. If a customer sends or receives more than 1,000 EUR to or from their own unhosted wallet, the CASP needs to verify if such a wallet is effectively owned or controlled by this customer.

Who are crypto-assets service providers?

A crypto-assets service provider (CASP) is a person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis.

This covers businesses that provide one or more of the following activities:

• Exchanging crypto assets with fiat currency (e.g. exchanging USD for BTC).
• Exchanging one class of crypto assets for another (e.g. exchanging BTC for ETH).
• Custody and administration of crypto-assets on behalf of third parties.
• Operation of a trading platform for crypto-assets.
• Execution of orders for crypto-assets on behalf of third parties.
• Placing of crypto-assets.
• Reception and transmission of orders for crypto assets on behalf of third parties.
• Providing advice on crypto-assets.

The final category encapsulates the broad nature of MiCA as ‘providing advice’ and could be construed as a catch all for any operator in this space.

Will NFTs be covered by MiCA and TFR?

The current version of MiCA does not apply to NFTs, as they are considered unique and cannot be traded with each other. However, the text’s Recital mentions that crypto-assets issued as NFTs in large series or collection should indicate their fungibility regardless if the issuer gave them an unique identifier. Thus, in practice, that could mean that NFTs could fall within MiCA’s regulatory scope, especially in cases of fractionalized assets — when fungible tokens are issued to represent a NFT.

How will your business be affected by MiCA and TFR and what can you do about it?

If your business lies in one of the categories mentioned above and you are considered a CASP, then the way you operate your business will be significantly affected after MiCA and TFR go into effect soon and become applicable around 2024. Here’s how:

• User data collection and privacy: User data will need to be collected and presented — if needed, while GDPR principles remain applicable.
• Compliance: CASPs will be responsible for ensuring regulatory compliance in their transactions in terms of following up on sanctions and restrictions.
• Crypto-asset service providers, whose parent company is located in countries listed the EU list of third countries considered at high risk for anti-money laundering activities, as well as on the EU list of non-cooperative jurisdictions for tax purposes, will be required to implement enhanced checks in line with the EU AML framework.
• Climate footprint: CASPs will be obliged to disclose data, which will be specified by the European Securities and Markets Authority (ESMA) on the sustainability of crypto-assets and the consensus they provide services for.

Next Steps

In order to prepare for the extensive data collection and user identification processes, businesses may need to implement a KYC/AML solution to ensure that they comply with the aforementioned regulations.

If you are a web3 and crypto-oriented company that aims to provide users with privacy-preserving experiences and platforms, you can start preparing for the regulations by:

• Exploring Fractal’s identity management solution spectrum to identify the best solution for your business. Fractal ID provides a range of identity management solutions ranging from KYC/AML for regulatory compliance purposes, to liveness and uniqueness for ensuring sybil-resistance on web3 platforms.
• Deep diving into the use cases of decentralized identity solutions in these in-depth articles:

1. Decentralized identity for safer DeFI
2. Decentralized identity use cases for DAOs
3. Decentralized identity for sybil-resistant voting
4. Decentralized identity for verifiable NFT authenticity
5. Decentralized identity for safe and private metaverse

• Reaching out to our team of experts to explore which solution fits your business needs, and get you prepared for MiCA and TFR.

As a final note, this version of the leaked MiCA draft has been contested, according to CoinDesk, for not sticking to the political deal struck at the end of June. Thus, the current version of MiCA may witness in the future more modifications and updates.