Author: Bai Zhen, Song Kewei; Source: Mankiw Blockchain Legal Services
On December 30, 2024, the EU Crypto-Asset Market Regulation Act (hereinafter referred to as the "MiCA Act") officially came into effect, marking a new era for the European crypto-asset compliance framework. In our previous series of articles, we have introduced the key definitions of the MiCA Act. Interested readers can click on "Interpreting the EU MiCA Act, How Can Virtual Currency Custody Services Comply? 丨Mankiw Web3 Legal Education" to view it. For the majority of Web3 practitioners, especially those interested in the European market, how should they respond after the MiCA Act comes into effect? Today, Mankiw lawyers will take you to find out.
Article 2 of the MiCA Act defines the scope of application of the Act, namely natural persons, legal persons and other enterprises engaged in the following activities within the EU:
1. Issuance: creating new crypto assets.
2. Offer to the Public: offering crypto assets to the public for subscription.
3. Admission to Trading: allowing crypto assets to be listed and traded on trading platforms (such as crypto asset exchanges).
4. Provide Services Related to Crypto-Assets: involving various services provided for crypto assets, including custody, buying and selling matching, transaction execution, wallet management, etc.
The MiCA Act basically covers all activities related to crypto assets. In short, as long as the subject hopes to carry out crypto asset-related activities within the EU, it may fall within the scope of regulation of the MiCA Act. We have already sorted out the scope of 10 different crypto asset-related service businesses in previous articles. Readers can click "Web3 Interpretation | One article explains why Web3 companies need EU MiCA and Dubai VARA licenses" to check.
It is worth noting that no matter where the virtual asset service provider (CASP) is registered or established, as long as its services involve European interests (serving European interests), it may fall within the scope of regulation of MiCA.
According to the relevant EU regulations, the execution of MiCA is divided into the EU level and the member state level:
There are two main regulatory agencies responsible for the enforcement of MiCA, namely: The European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA).
ESMA is the regulator of the EU financial market. The role positioning is similar to that of my country's Securities Regulatory Commission. According to the Financial Times, "ESMA hopes to expand its power to regulate major stock exchanges and other key parts of the EU's financial infrastructure, striving to become the European version of the US Securities and Exchange Commission (SEC)." In the foreseeable future, ESMA will play a more important role in the European financial market.
EBA is the EU banking regulator. The role positioning is similar to that of my country's former China Banking Regulatory Commission. Establish unified regulatory standards for the European banking industry.
ESMA and EBA have the following differences:
· Different regulatory areas: EBA is mainly responsible for the supervision of the banking industry, while ESMA is responsible for the supervision of the securities market.
· Different functional focuses: EBA pays more attention to bank operations and depositor protection, while ESMA focuses on investor protection and the orderly operation of the market.
Originally, each EU member state independently designated its own national agency to formulate regulatory policies and impose penalties on crypto assets within its jurisdiction. The names and responsibilities of the regulatory agencies in each EU member state are different. For example, Poland's financial regulatory agency is called the Polish Financial Supervision Authority (PFSA), and Malta's is the Malta Financial Services Authority (MFSA). The MiCA Act encourages regulatory agencies between EU member states to work together with EU institutions to improve the efficiency of the enforcement of the Act and closely monitor possible violations in the market. In the foreseeable future, the regulatory framework for crypto assets will be more unified and improved in the EU. So for Web3 practitioners who plan to or have already started business in the EU, what are the core points of the MiCA Act?
If the license is compared to a passport, then the direct benefit of the MiCA Act is that Web3 practitioners can travel around Europe with a "Schengen visa".
In the past, the Web3 compliance systems of EU countries were independent of each other and could not form a unified regulatory framework; now, MiCA has established a unified framework and standards for EU member states. In the foreseeable future, whether it is the issuer, operator or encrypted asset service provider of virtual currency, it will reduce duplicate applications and improve compliance efficiency.
Compared with the previous regulatory frameworks of different countries, the MiCA Act is generally more detailed and imposes higher compliance requirements on Web3 businesses in Europe. For crypto asset service providers, MiCA has formulated comprehensive rules for them, covering everything from governance and capital requirements to custody and management. For example, to obtain authorization, CASPs must have at least one director based in the EU and a registered office in the EU. In terms of marketing, special attention is paid to regulating false statements, complying with the rules on marketing communications and information activities, and conducting activities in a fair manner, otherwise, regulators will issue corresponding warnings and penalties.
In order to prevent the occurrence of systemic financial risks in the crypto market, MiCA has formulated special requirements for the issuance of stablecoins, stipulating that the issuer must hold sufficient reserve assets to support its value stability to ensure the value stability of stablecoins.
Therefore, stablecoin issuers need to maintain sufficient capital and liquidity reserves to cope with potential market fluctuations and redemption needs; in particular, for stablecoin issuers, it is necessary to ensure that there are sufficient reserves to support the issued tokens. If readers are interested in learning more about the compliance requirements of stablecoin issuers in the EU, they can move to Mankiw's previous research article: "Mankiw Research: Compliance Points for European Stablecoin Issuers Facing MiCA"
The MiCA Act attaches importance to and prevents possible illegal and criminal activities in the crypto market, such as insider trading and market manipulation. It also requires all crypto asset service providers to implement anti-money laundering (AML) and counter-terrorist financing (CTF) measures, including strict KYC procedures and transaction monitoring, to prevent criminals from engaging in illegal activities through the crypto market. Crypto asset service providers must implement strict customer due diligence (CDD) procedures, monitor suspicious transactions, and report to relevant authorities to prevent money laundering and terrorist financing activities.
For Web3 practitioners, the most important concern is whether the project can be carried out normally. The reason for pursuing compliance is that the cost of non-compliance is high. After sorting out, lawyer Mankiw summarized the penalties of the MiCA Act into the following 4 categories:
Warning has a warning effect, reminding practitioners of the importance of compliance. The EBA will formally issue a warning that the issuer has failed to fulfill one or more obligations stipulated in the MiCA regulations.
· Nature:A warning is a formal administrative notice, which, as a formal administrative record, indicates that the regulator has noticed that there is a problem with the issuer.
· Applicable circumstances: It is usually used when the violation is relatively minor, or occurs for the first time, and the issuer shows a cooperative attitude to correct it. For example, it may involve untimely disclosure of information, minor non-compliance in marketing communications, small defects in internal management processes, etc.
· Impact: The warning itself may not directly lead to business interruption or financial loss, but it will have a negative impact on the issuer's reputation and may lead to stricter regulatory scrutiny. If the issuer fails to take corrective measures in a timely manner after receiving the warning, it may face more severe penalties.
· Example: ESMA warned an issuer that the white paper it published lacked certain necessary disclosures and required it to supplement it within a specified period.
Fines and daily penalties are both economic sanctions, and their differences are as follows:
In short, fines (Fine) are retroactive, punishing past violations, while daily penalties (Periodic Penalty Payments) are prospective, deterring continued or future non-compliance by imposing daily penalties until the obligations are fulfilled.
Suspension or prohibition of activities is a more severe punishment than warning, which will have a direct impact on the business operations of the issuer.
·Suspending Activities: refers to temporarily prohibiting the issuer from carrying out one or more specific activities within a certain period of time. For example, suspending public offerings, suspending trading on trading platforms, suspending marketing activities, etc.
Duration: There is usually a clear period of time, such as the "single maximum period of no more than 30 consecutive working days" mentioned in Article 130.
Applicable Circumstances: It is usually used when the violation is serious or the issuer fails to effectively correct the problems pointed out in the previous warning. For example, it involves misleading publicity, failure to manage reserve assets in accordance with regulations, and serious insufficiency of internal control.
Impact:Suspending activities can lead to business interruption, loss of revenue, loss of customers, and serious damage to the issuer's reputation.
·Prohibiting Activities: refers to permanently prohibiting the issuer from conducting one or more specific activities. For example, a permanent ban on the public issuance of a certain token, a permanent ban on trading on a specific platform, etc.
Nature: This is a very severe penalty, which means that the issuer's business in this area will not be able to continue.
Applicable Situations: Usually used when the violation is very serious, or the issuer has repeatedly violated the regulations and refused to correct them. For example, it involves major violations such as fraud, money laundering, or behavior that seriously harms the interests of investors.
Impact: Prohibited activities will cause a devastating blow to the issuer's business and expand the company's operating risks.
Delisting or revocation of license is the most severe penalty in the MiCA Act.
·Nature: Refers to the regulator's formal revocation of the issuer's operating license obtained under the MiCA Act, making it lose the qualification to provide relevant services in the EU.
·Applicable circumstances: Usually used when the most serious violations occur, such as:
Serious violation of the core provisions of the MiCA Act, causing significant damage to the stability of the financial market or the interests of investors.
Providing false information to obtain authorization for licensing.
Continuous and repeated violations of regulations, which have not been corrected even after repeated warnings and penalties.
The company is insolvent or facing bankruptcy liquidation.
· Impact: Revocation of authorization means that the issuer must immediately cease all relevant business in the EU and may face further legal proceedings and penalties. This is a fatal blow to the issuer, which will not only lead to the complete termination of business, but also cause irreparable damage to its reputation and future development.
In summary, the four penalties constitute a multi-level penalty system for violations under the MiCA Act. Regulators can choose appropriate penalties according to the specific circumstances of the violations, or combine multiple measures to achieve the best regulatory effect. Of course, the four types listed above are not exhaustive. For the disclosure of information and Web3 practitioners under the MiCA Act, understanding these penalties will help better understand the compliance requirements of the MiCA Act and take necessary measures to avoid violations.
As far as virtual asset service providers (VASPs) are concerned, the MiCA Act reserves a grace period for practitioners who have registered before it comes into effect to transition to the time limit specified in the MiCA Act. Each country is different. For example, in Poland, if a company is a registered VASP (old license), it will be allowed to provide services under the VASP license during the grace period until June 30, 2025 (estimated date).
However, for virtual asset service providers who have never applied for a VASP license, it is necessary to apply for a CASP license before commencing operations.
No matter how long the grace period stipulated by EU countries is, the MiCA Act currently stipulates that all crypto asset service providers (CASPs) must complete the license application before July 2026.
Of course, the MiCA Act is not static. The regulator will submit a publicly released report to the European Parliament and the Council every year to report on the modification of regulations and the direction of regulatory changes based on market changes and the actual application of the Act. At that time, Mankiw will continue to follow up and provide Web3 practitioners with the latest and most comprehensive compliance guidelines in major crypto regions around the world.
▲Image source ESMA
While MiCA introduces strict regulatory standards, it also creates opportunities for companies to expand into the European market and gain competitive advantages. By proactively meeting compliance requirements, in the short term, Web3 practitioners can obtain official endorsements and seize the initiative; in the long run, in a more transparent and standardized business environment, it is also conducive to the sustainable development of the project.
Thousands of instances of AI-generated content are being discovered weekly, presenting a potential avenue for terrorist groups and violent extremists to evade automated detection systems, warn experts.
JixuIn a plot twist, Taiwanese singer Nine Chen, entangled in a web of investments, now faces legal repercussions. Initially a witness, Chen now finds himself a defendant, adding an unexpected layer to his challenges. Known for his business savvy, Chen diversified into streetwear, restaurants, NFTs, escape rooms, and cyber poker. While his streetwear venture thrives with an eight-figure annual turnover, others yield mixed results.
JoyTaiwanese prosecutors discover new suspects in the JPEX saga, complicating legal proceedings and worrying financial regulators.
Hui XinOver 2,800 cyber police personnel have undergone extensive training in advanced cryptocurrency forensics. This aligns with broader efforts to modernize law enforcement in the digital era and fortify legal frameworks against emerging technology misuse.
AaronTotal losses are still being calculated as of time of writing, with some estimates placing it above $100 million.
DavinThe Chinese government emphasises that theft of digital collections constitutes a breach of protection laws and infringes upon the legal interests associated with the unauthorised acquisition of computer information system data.
KikyoBinance Russia users will have only until 31 January 2024 to withdraw their rubles from the exchange.
CatherineFTX initiates legal action against Bybit and associates in a $953 million asset recovery effort, amidst broader bankruptcy proceedings and ongoing efforts to reclaim funds.
Hui XinThis crypto exchange presents a self-custodial solution that incorporates a multiparty computation technique, ensuring the utmost security for entrusted funds.
KikyoBinance CEO Changpeng Zhao discloses a $12.5 million crypto heist, raising security concerns in the cryptocurrency space.
Hui Xin