Does EU crypto regulation lay out the red carpet for banks?

As crypto markets are brought under the regulatory umbrella, banks may find it easier to enter the field. Yet a number of issues still need to be resolved

The introduction of an EU regulatory framework for crypto assets edged one step closer in March as the European Parliament adopted the Markets in Crypto Assets Regulation (MiCAR). We discussed the layout of MiCAR extensively here, but in this article, we focus on the implications for banks.

As crypto markets have grown and developed in recent years, so has bankers’ interest in them. Some banks are openly pondering the idea of offering crypto-related services, and some have stuck a toe in the water. The arrival of MiCAR would certainly make it easier for banks to offer crypto-related services, should they wish. MiCAR will make sure that separating the good and regulated from the potentially bad and ugly becomes a lot easier for customers, but that also applies to banks. They can transact and partner with fully regulated crypto counterparties. But it’s by no means plain sailing from here onwards. Here are a few considerations for banks:

  • Prudential treatment: MiCAR does not include the prudential treatment of crypto-exposures on banks’ balance sheets. That will be covered instead by the EU Capital Requirements Regulation, which in turn is based on guidance by the Basel Committee. A first Basel consultation ran last year, but it will be some time before the framework is fleshed out.
  • DeFi: Should banks want to step into “decentralised finance” (DeFi), they will find that MiCAR has very little to say on lending and borrowing based on crypto protocols.
  • Stablecoin issuance: MiCAR stipulates that stablecoin issuance requires an e-money license (for small stablecoins) or a banking license. Arguably this makes banks well-placed to consider issuing stablecoins from a regulatory perspective. Yet bank stablecoin issuance will likely have to take place via a separate, dedicated legal entity. The reason is that a stablecoin issuer is only allowed to invest in a restricted set of high quality and liquid assets, unlike a “normal” bank. So it is unlikely that an existing bank will be allowed to issue stablecoins alongside its deposits. In theory, some form of ring-fencing could be applied like with covered bonds or asset-backed securities, yet this does not appear to be what the drafters of MiCAR had in mind.
  • Business model: While interest remuneration on stablecoin liabilities is prohibited, the restriction to high-quality liquid assets means that the interest margin to be made is limited. There may be a better business in offering stablecoin-related services to clients, than in issuing them.
  • Uncertainty: The strong power MiCAR bestows on central banks to effectively ban stablecoin if they become too influential is a sword of Damocles hanging over any stablecoin initiative.
  • Central bank competition: While Facebook has given up on its Libra/Diem initiative that motivated policymakers’ restrictive approach to stablecoins, policymakers are not all of a sudden becoming stablecoin fans. The European Central Bank (ECB) is researching a central bank-issued “digital euro”, which is a potential direct competitor to euro-stablecoins. ECB president Christine Lagarde has said she is “confident that we will move ahead” with the digital euro.
  • Sustainability: Banks have to work out how they can reconcile their sustainability objectives with crypto energy use. If crypto energy use were to find its way in the EU taxonomy regulation one way or another, banks may face further incentives to engage in some crypto activities, but not in others.

While upcoming EU crypto regulation is a very welcome step forward and a key prerequisite for regulated financial institutions, it does not address all questions. For example, MiCAR has very little to say about DeFi lending. Another important question is to what extent stablecoins and central bank digital currencies will be allowed to co-exist. How crypto assets will be integrated into the EU’s sustainability framework will also shape traditional financial institutions’ presence in crypto services.

Regulation and the coming of age of Europe’s crypto markets

The upcoming EU crypto regulation is very welcome as it brings much-needed clarification of responsibilities. Yet as the crypto-universe develops very fast, a number of questions remain unanswered

Why it’s time to take note of the EU’s crypto regulation framework

Once upon a time, cryptoland was a sort of digital Wild West where it was entirely up to each individual to separate the good from the bad and the ugly. But those days are numbered. The EU already introduced anti-money laundering regulations a few years ago. More recently, financial sanctions have put the spotlight on the crypto universe, with some policymakers calling for accelerated regulation for the sector, though crypto companies are already obliged to implement sanctions just like any other business.

The US government recently decided to centralise and streamline the development of crypto regulation. But Europe is further ahead 

It is true though that crypto regulation remains lacking in important other areas. The US government recently decided to centralise and streamline the development of crypto regulation. But Europe is further ahead. The European Commission launched its proposal for a Markets in Crypto Assets Regulation (MiCAR) back in September 2020. The European Parliament’s Economic and Monetary Affairs Committee adopted MiCAR with amendments on 14 March, and the regulation will now move to discussions among the  European Commission, Parliament and Ministers of Finance (the so-called “trilogue”). Once they converge, MiCAR can be established. Of course at that point supervisors will need time to prepare the new regulatory regime and draft technical standards, explaining how they will interpret and apply concepts in MiCARs. Based on the European Council’s MiCAR draft, provisions on stablecoins would start to apply in early 2024, while other provisions would apply in early 2025.

That sounds like a long time, especially in the fast-evolving crypto universe. In the meantime, we could, for instance, witness another boom-bust cycle or the rise to fame of a completely new category of crypto asset. But two years is not that long either from a business planning perspective. This means now is the right time to get acquainted with MiCAR. 

How do crypto assets fit into the financial regulatory edifice?

So what kind of rules does MiCAR establish exactly? Since the fifth EU anti-money laundering directive (AMLD5) came into force in early 2020, crypto services providers are subject to its provisions. For anti-money laundering purposes, and separately of MiCAR, the European Commission has made proposals to subject crypto-asset transfers to the same requirements as wire transfers. An important issue in this proposal, that we won’t discuss further here, is how to ensure sufficient information is collected on self-hosted wallets (crypto wallets that people manage themselves, instead of relying on a third party) while keeping requirements proportionate.

From the regulatory edifice perspective, anti-money laundering was only the first step. Regulation in other areas (see box) is practically non-existent in the crypto universe. This is set to change with MiCAR, which introduces crypto to the other three pillars.

Financial services regulation serves a number of distinct purposes

The financial regulatory edifice can be broken down into four main pillars:

  1. Customer protection: This includes, for example, suitability and fitness assessments for investors, responsible publicity and transparent information about product risks and costs (think about the prospectus for securities, for instance).
  2. Financial market integrity: this includes trade execution obligations and trade monitoring to prevent market manipulation.
  3. Financial stability: This includes microprudential regulation to safeguard the financial health of individual institutions, such as capital and liquidity buffer requirements for banks and insurers. It also extends to macroprudential rules, which maintain the stability of the financial system as a whole. Operational resilience and cybersecurity are also aspects that safeguard financial stability.
  4. Measures to counter financial crime (anti-money laundering and counter financing of terrorism or AML/CFT for short). These include “customer due diligence”, record keeping and an obligation to report suspicious transactions.

These four pillars constitute regulation specific to the financial sector. The sector is also subject to broader regulation and supervision, to guarantee fair competition and proper handling of data and privacy. As societal demands and technological possibilities evolve, regulation tends to become more stringent over time as well.

Given the breadth of policy goals, it should not come as a surprise that policy goals are sometimes conflicting and require a trade-off. Well-known trade-offs are between competition and financial stability (a monopoly might be financially stable, but undesirable from a competition perspective), and between privacy and AML/CFT. Such trade-offs are becoming apparent in MiCAR as well. Finally, it should be noted that promoting innovation is also a goal of MiCAR, by increasing customer confidence, reducing legal uncertainty and promoting a single EU market for crypto assets and services.

An important step forward is that MiCAR will introduce “passporting”, meaning that a coin notified or a crypto service authorised in one country can operate across the EU without having to register separately in each country. Furthermore, MiCAR aims to be complementary, meaning that where possible, crypto assets and service providers are to be covered by existing regulations. This means that when attempts would be made to “tokenise” securities trading, for example, the desired regulatory outcome would be that the tokens are considered securities from a regulatory perspective, with all the investor rights and issuer obligations (such as availability of a prospectus) that come with it.

If it looks, talks and waddles like a duck, we shall regulate it like a duck

Policymakers also tried to make MiCAR future-proof by making the regulation “technology-neutral”. This means applying the principle “same business, same risks, same rules”, which can be roughly translated as “if it looks, talks and waddles like a duck, we shall regulate it like a duck. No matter whether it’s a green or yellow duck, whether it dresses itself up as a pigeon or thinks of itself as a goose”.

This principle sounds clear and sensible but is a lot harder to implement in practice. In fact, it is almost inevitable that regulation is always trailing behind developments in the field. This applies in particular to a fast-evolving area like crypto. Still, it is likely that a substantial part of cryptocurrencies and stablecoins that we know today will move in scope of MiCAR, although it is much less clear to what extent decentralised finance will be in scope (see below). Utility tokens, granting access to a good or service provided by the issuer, are exempted from MiCAR under certain conditions. The same goes for non-fungible tokens (NFTs). The treatment of decentralised organisations also remains problematic. That being said, MiCAR distinguishes a few broad categories that will be subject to regulation. These are:

1. Classic cryptocurrency issuance

The main requirement for issuers of new cryptocurrencies is the need to publish a white paper containing “mandatory disclosures”. Regulators have clearly thought about the prospectus that must accompany each securities issuance but thought it better to adopt the terminology of the field. Notifying national financial markets supervisors about a white paper is enough, although supervisors can come back and demand a revision if the information contained in the white paper does not meet minimum standards.

Notifying national financial markets supervisors about a white paper is enough

Policymakers are struggling with what to do with crypto assets that are not issued by a legal entity – such as bitcoin. The draft versions of MiCAR by Commission, Council and Parliament differ on this point, and we’ll have to await what the final requirements will be. In any case, existing crypto assets are exempted from some requirements. In other words, bitcoin won’t be in violation of MiCAR by not having a fully compliant white paper.

The European Parliament has considered several provisions on sustainability, including a requirement for proof-of-work crypto assets to include an independent energy consumption assessment in their white paper (see paragraph below).

2. Stablecoin issuance

Stablecoins are subject to a heavier regime. From a customer protection perspective, the claim of “stable value” warrants demands about asset investment and redemption. From a financial stability perspective, stablecoins potentially claim a bigger role as means of payment. Mandatory investment by stablecoin issuers in low-risk liquid assets may also impact financial markets, by reducing the supply available. MiCAR distinguishes two types of stablecoins (while, by the way, avoiding the term as such):

  • “Asset-referenced tokens” (ARTs). These are stablecoins tracking basically any asset except for the euro or another EU country currency. This includes dollar-denominated stablecoins, but also stablecoins tracking, for example, a basket of currencies or gold.

The European Central Bank (ECB) and national central banks have the authority to limit the scope of ARTs or even ban them altogether if the ART threatens the “smooth operation of payment systems, monetary policy transmission, or monetary sovereignty”.

Algorithmic stablecoins tracking currencies or other assets will be considered ARTs. When an algorithm only endogenously manages coin supply in response to demand and does not aim to maintain stable value vis-à-vis an external asset, the coin may not qualify as ART.

  • “E-money tokens” (EMTs), stablecoins denominated in euros (or another EU country currency). Because they have a very high potential to function as a means of payment, requirements are strict. EMTs should be immediately redeemable at par value. Importantly, the holder of EMTs has a claim on the issuer. This makes EMTs very much like bank deposits, which also constitute a claim on the bank. Unsurprisingly then, issuing EMTs will require either an e-money institution license or a bank license. An interesting question remains whether a bank-licensed EMT issuer would be obliged to participate in a deposit guarantee scheme. The contributions required in that case would undermine the business model.

For both ARTs and EMTs, the assets the issuer invests in should be high quality, low risk and liquid. This may include central bank reserves, but also Treasury bonds, among others. Unlike bank deposits, ARTs and EMTs cannot be backed by mortgages and corporate lending. Interest remuneration is not allowed, to avoid use as means of saving. Following the E-Money Directive, issuers should have a buffer (“own fund requirement”) of 2% of their reserve assets, with a minimum of €350.000. Above certain thresholds (specified in size and usage in transactions), ARTs and EMTs can be labelled “significant”. In that case, stricter requirements apply for capital buffers, interoperability and liquidity management policies.

3. Crypto asset Service Providers

Crypto asset service providers (CASPs) include, among others, custodians, exchanges and brokers. CASPs always need to be an authorised, EU-based legal entity. Their obligations include suitability and fitness assessments of their clients, and to always act “honestly, fairly and professionally in the best interest of their clients.” Like traditional exchanges, crypto-asset trading platforms are subject to various requirements to ensure market integrity, including trade transparency requirements. CASPs will also have a degree of liability for client losses as a result of hacks and outages.

Decentralised assets, organisations and finance remain elusive

Current regulatory frameworks are based on legal entities. In other words, rules apply to companies with an office address in the EU. Those companies can be authorised, held accountable, fined or if needed banned, while their offices can be visited and checked by supervisory staff. It often doesn’t work like that though in the decentralised crypto universe. True, a lot of crypto assets and organisations that claim to be decentralised really aren’t. Arguably, of the thousands of crypto assets and services providers out there, a large majority is a centralised venture in the end. They will be in scope of MiCAR.

But things get more complicated if, for example, a group of coders is collaborating voluntarily and on an unpaid basis on Github, releasing open-source wallets or client trading software. Where is the legal entity to license? Perhaps these coders have put a governance structure in place, voting on code changes and with admins signing off on them. Are those admins the “issuer” or CASP from a MiCAR perspective? Or the voting coders?

Another difficult example is the category of automated protocols creating decentralised exchanges. Sometimes there is a company that initially built the protocol but has released it in the public domain, and is not hosting or otherwise facilitating the protocol. Can the company be regarded as the CASP?

Then there is the universe of “decentralised finance” (DeFi), which largely emerged after the European Commission delivered its first draft of MiCAR. Indeed, financial services like lending and borrowing are not in scope of MiCAR. It should be noted that the EU framework includes other directives covering lending to households, and also a recent regulation covering crowdfunding. It remains to be seen to what extent decentralised finance fits within these rules. 

MiCAR is clearly struggling with all of these issues. As yet, it is unclear how MiCAR will deal with decentralised coin issuance, decentralised autonomous organisations (DAOs) or DeFi. As a follow-up, the European Parliament is asking the Commission to present a report about the latest in crypto-land sometime after MiCAR has entered into force, including decentralised aspects. In addition, the Parliament is aiming to insert some exemptions for DAOs.

Foreign issuers and service providers: it’s complicated

Government authority stops at the border, but the digital space is global. Other than issuing warnings, regulators can do little to stop EU citizens from shopping at their own initiative with CASPs headquartered outside the EU.

But allowing customers to casually walk in is quite different from actively soliciting EU customers or promoting and advertising services in the EU. This is only allowed for EU-based CASPs. Moreover, if a foreign crypto-asset issuer wants its coin to be offered or traded in the EU, it should notify a white paper just like EU-based issuers. If it’s an ART or EMT, EU legal presence is required as well. Alternatively, if an EU exchange wants to list a non-EU based coin the exchange can take on the obligation as if it were the EU-based issuer of the coin. In that case, under MiCAR the exchange will be treated, and held liable, as the EU issuer for that coin.

Sustainability and crypto carbon footprint

Bitcoin, in particular its “proof-of-work” mechanism to achieve consensus on the transactions to add to the blockchain (the process of mining), is energy-intensive. This in itself is hardly disputed. Yet there are many more nuances to this debate. Issues include the carbon footprint of the specific energy source used and the extent to which crypto electricity demand substitutes for other demand or whether otherwise wasted energy is used. A more normative question is whether bitcoin offering an independent, globally available, decentralised and censorship-resistant transaction ledger justifies its electricity use. And how does crypto energy use compare to data centre energy use for storage and distribution of social media, games and funny cat videos?

Several crypto protocols have limited energy use, but this typically comes at the cost of less decentralisation

While several crypto protocols have limited energy use by, for example, relying on alternative “proof-of-stake” consensus mechanisms, these alternatives typically come at the cost of more limited decentralisation. The community governing bitcoin’s codebase is likely to take a conservative stance, not pioneering alternative consensus mechanisms that compromise on decentralisation.

The discussion about crypto electricity consumption has probably been the most controversial aspect of crypto regulation in the European Parliament. An amendment to bar crypto assets based on environmentally unsustainable consensus mechanisms from trading in the EU did not make it, though it may reappear in further negotiations. Such a prohibition to trade energy-intensive cryptocurrencies would effectively boil down to a bitcoin ban, which would be a blow to the EU’s crypto sector. Bitcoin’s dominant position in the crypto-sphere may be eroding as other cryptocurrencies (stablecoins in particular) gain ground in “decentralised finance”, but bitcoin still functions as the reserve currency of crypto. A ban would push bitcoin-related activity to service providers outside of the EU, and hence out of sight of EU supervisors. A bitcoin ban would thus undermine the foundations of MiCAR.

A less controversial approach would be for cryptocurrency consensus mechanisms to be included in the EU taxonomy for sustainable activities. One way would be for some consensus mechanisms to be earmarked as positively contributing to climate change mitigation. This would provide some positive incentives for energy-conscious cryptocurrencies. It would not significantly hinder, let alone ban, energy-hungry ones.

A more intrusive approach would be for consensus mechanisms like bitcoins proof-of-work to be earmarked as unsustainable. Importantly, this first requires the inclusion of unsustainable activities in the EU taxonomy, which currently only identifies sustainable ones. If indeed proof-of-work would be qualified as “significantly harmful” to environmental sustainability, this would make it less attractive for financial institutions and other businesses to hold bitcoin. It would lower the sustainability score of their assets which they will need to disclose. While these disclosure requirements may not immediately deter dedicated crypto companies, they would provide a disincentive for more traditional financial institutions, in terms of reputation, but also in terms of funding costs.

For banks, major uncertainties remain

Some institutions in the “traditional” financial sector, including banks, have been openly pondering the idea of offering crypto-related services. But that is easier said than done. Banks have to figure out difficult issues, such as the business model of any crypto-related services and duty of care towards their clients. Moreover, the fact that the crypto space is unregulated except for AML makes it very difficult for banks, being arguably the most regulated institution around, to participate. MiCAR is an important step forward in reducing regulatory uncertainty. Another important aspect – the prudential treatment of any crypto-exposure on banks’ balance sheets – won’t be covered in MiCAR, but in the EU Capital Requirements Regulation (CRR). The Basel Committee issued a first consultation last year on prudential treatment.

MiCAR stipulates that stablecoin issuance requires an e-money license (for small stablecoins) or a banking license. Arguably this makes banks well-placed to consider issuing stablecoins from a regulatory perspective. Yet the business model of issuing a stablecoin is not evident. Stablecoin issuers will make an interest margin on their assets, given that interest remuneration on stablecoin holdings will be forbidden. Yet while a “normal” bank can lend to households and businesses, stablecoin issuers are confined to investing in high quality and liquid assets. This will limit their interest margin. There may be a better business in offering stablecoin-related services to clients, than in issuing them.

The strong central bank powers to effectively ban stablecoins, is a Sword of Damocles hanging over any initiative

Moreover, the strong power MiCAR bestows on central banks to effectively ban stablecoin if they become too influential is a Sword of Damocles hanging over any stablecoin initiative. The strong backlash against Facebook’s Libra (later Diem) makes clear that policymakers and supervisors will not necessarily be very welcoming towards stablecoins. Meanwhile, the ECB is working on the “digital euro”, which can at least in part be seen as an alternative or even competitor to private stablecoins. So the ECB, as likely future digital euro issuer and stablecoin assessor, has a potential conflict of interest that may not turn out well for prospective stablecoin issuers.

Does MiCAR fit the bill?

The EU’s Markets in Crypto Assets Regulation is meant to bring clarity for both customers and the crypto industry. Customers should be able to pay, invest or trade with confidence, while innovation should be promoted. So, does MiCAR meet these ambitious goals? The answer to that is nuanced:

Glass half emptyGlass half full
Regulation always trails technological advances and market developments, in particular in the fast-moving crypto world. MiCAR has regulatory white areas, such as new services developed in decentralised finance or truly decentralised organisations. It does not apply to most non-fungible tokens (NFTs). It will take another two to three years for it to apply in full. Meanwhile, the crypto universe will develop further.MiCAR provides a basis to work from and provides decent clarity on the direction authorities want crypto to evolve. A lot will depend on how supervisors will use the discretion they will inevitably have.
While MiCAR establishes a single EU framework, there are other applicable laws that largely work at a national level, in particular around money laundering and terrorism financing.MiCAR will allow “passporting”, meaning that authorisation in one member state allows coins and crypto services to be provided throughout the EU.
Authorities take a very strict approach towards stablecoins. Heavy licensing requirements and sweeping authority for central banks to intervene make the business case for a stablecoin uncertain. It is unclear if stablecoins will need to participate in deposit guarantee schemes, which would further weaken their business modelApplying bank regulation to larger stablecoins will provide customers with the necessary confidence in the coins being able to make good on their stability promise. A competitive and innovative field of payment services may develop on top of traditional bank deposits, stablecoins, and central bank digital currencies.

It is clear that MiCAR brings sweeping changes to the crypto sector. The arrival of a dedicated regulatory framework can be considered an important step in the coming of age of Europe’s crypto markets. 

First appeared on ING THINK