25. Blockchain regulation versus innovation in the EU - 3.2.2

3.2.2. Traditional financial intermediaries as crypto-asset issuers and CASPs

-36. Are incumbent financial firms likely to issue crypto-assets other than ARTs and EMTs? It should first be noted that Title V, “Authorisation and operating conditions for crypto-asset service providers” distinguishes MiFID II-regulated entities in almost every article and grants them extensive waivers. It is therefore expected that many traditional financial institutions will develop a business line around providing crypto-asset services. Once such a business line is up and running, there are obvious synergies with also issuing specific crypto-assets other than ARTs and EMTs.

-37. Aside from a number of bureaucratic hurdles mentioned in section 2.2.3, which are likely to prove burdensome for scrappy start-ups but are no match for big financial firms, crypto-asset (other than ARTs and EMTs) issuance requirements are calibrated for small, frugal organisations and should thus be relatively easy to undertake for traditional financial firms.

-38. As the “decentralized” governance of blockchain technologies is rather unfamiliar to classical firms, it is expected that they’ll rather try to deploy private blockchains, and subsequently notice that the blockchain pattern is inefficient by design and not really worth using when the governance is centralized (see Part 1, par. 74). One interesting question is whether we’ll see financial firms perhaps attempting to issue tokens on the existing public blockchains, whether for publicity reasons or in order to reach what is expected to become a growing population of retail consumers interacting with them.

-39. Regardless of how many crypto-assets issued by traditional financial firm we’ll see (if any), it is almost assured that a significant number will develop an offer of crypto-asset services. Indeed MiCA’s Art. 60 “Provision of crypto-asset services by certain financial entities” sets the bar as low as it can by stipulating that a credit institution (1), a central securities depository (2), an investment firm (3), an electronic money institution (4), a UCITS management company or an alternative investment fund manager (5), or a market operator (6) can provide crypto-asset services by simply notifying the competent authority of the home Member State at least 40 working days before providing these services for the first time with the information referred to in (7). The crypto-asset services are “deemed equivalent” to their MiFID II analogs. There are 11 pieces of information required but paragraph (9) explains that whenever the information is identical to what had been already submitted to the competent authority, all that is needed is an express statement that the information is still up-to-date.

-40. Looking in more detail at the information requested for the notification, the third item (at letter (c)) stands out:

(c) the technical documentation of the ICT systems and security arrangements, and a description thereof in non-technical language;

-41. It should be reminded that it is specifically the ICT systems and the security arrangements that are at the core of the difference between classical securities and crypto-assets. Whereas securities holdings are recorded in closed, centralized systems, crypto-asset holdings are recorded in open systems based on asymmetric cryptography where the security of the “private key” is paramount. CASPs are not as much into the business of managing databases of securities accounts as in the business of managing the access to cryptographic private keys. In this respect it is somewhat surprising that the concept of “wallet” does not appear in the initial proposal (and is only mentioned twice in the exploratory memorandum and the legislative financial statement), that it appears only once in the final version of the regulation, in recital (83), and that the regulation does not distinguish between “cold wallets” and “hot wallets”, although such distinction, and related requirements might hopefully be introduced later in the regulatory technical standards of ESMA and EBA.

-42. In terms of consumer protection, having appropriate standards in place to protect access to the private-keys-holding wallets of the CASPs is by far the most important aspect on which the regulation should have focused, as illustrated by the event that befell Binance, the biggest global CASP, which I described in section 3.1.1 above.

-43. The financial entities specified by Art. 60 cannot be refused the authorisation to provide crypto-asset services (Art. 63 does not apply to them), their authorisation can only be withdrawn upon withdrawal of their “main” authorisation as a “MiFID-type” entity (listed in paragraphs (1) to (6) of article 60), and the prudential requirements laid down in Art. 63 do not apply to them either.

^{MiCA acts as a "regulatory moat" protecting the incumbents}

-44. Overall, the obligations to which the CASPs are subjected, such as the obligation to “act honestly, fairly and professionally in the best interest of the clients” (Art. 66), to appoint to their management body persons with good repute and appropriate knowledge, skills and experience, to employ competent personnel, to take all reasonable steps to ensure continuity and regularity, to keep records and assess and manage risks (Art. 68), and many others, are obligations to which MiFID II already subjects the actors of traditional finance, which should greatly facilitate their entry into the CASP market.

-45. To sum it up, Title V makes it as easy as possible for MiFID II- regulated entities to develop an offer of crypto-asset services, to the point of failing to highlight the particularities and differences between servicing classical financial instruments and servicing crypto-assets.

---