Interpreting the far-reaching impact of MiCA on Web3, DeFi, stablecoins and ICO projects

Source: AiYing Compliance

With the Crypto-Asset Market Regulation (MiCA) coming into effect on June 30, 2024, major cryptocurrency exchanges such as Binance, Kraken and OKX are considering delisting Tether's USDT on their European platforms. Binance announced that it will restrict the use of unauthorized stablecoins by users in the European Economic Area after MiCA comes into effect, and gradually guide users to use regulated stablecoins. Although existing unauthorized stablecoins will not be delisted, they will be set to "sell only" mode so that users can convert them to Bitcoin, regulated stablecoins or fiat currencies.

At the same time, member states are adjusting their respective regulations and regulatory frameworks to meet MiCA standards. Some countries have begun to train regulators for the implementation of MiCA and establish technical infrastructure to support the implementation of new regulations.

The EU Mica Act, most of the provisions will come into effect on December 30, 2024, some special provisions will be brought forward to June 30, 2024, and there are technical provisions that will take effect from June 29, 2023. This phased implementation arrangement is designed to ensure that the market has sufficient time to prepare and adjust, and to ensure a smooth transition and orderly development of the crypto asset market. (Phase-based, with a period of 12 to 18 months). As shown in the figure below:

The bill mainly covers the following main contents:

• Transparency and disclosure requirements for crypto assets in issuance, provision to the public and trading on trading platforms;

• Authorization and supervision requirements for crypto asset service providers, asset reference token issuers and electronic money token issuers, as well as their operation, organization and governance requirements;

• Protection requirements for holders of crypto assets during issuance, provision to the public and trading;

• Protection requirements for customers of crypto asset service providers;

• Measures taken to prevent insider trading, illegal disclosure of inside information and market manipulation to ensure the integrity of the crypto asset market.

Aiying will analyze the Mica Act through nine modules:

• Definition and scope of application of the act

• Transparency and disclosure requirements for the issuance of cryptocurrency projects

• License application and its obligations

• Requirements for measures to protect the rights and interests of investors and customers

• Requirements for preventing insider trading and market manipulation

• Penalties for violations

• International cooperation and coordinated supervision

• The possible impact of the Mica Act

• Can the Mica Act become a global standard?

I. Definition and Scope of Application of the Act 

1.Definition of the European Mica Act:

Here is a supplement to the Crypto-Asset Market Regulation (MiCA) that sets specific amounts and other relevant requirements for asset reference tokens (ARTs) and electronic money tokens (EMTs), as well as crypto-asset service providers (CASPs). The following are the specific amounts and requirements:

(1) Asset Reference Tokens (ARTs)

ARTs are a type of stablecoin whose value is linked to multiple currencies, commodities or other crypto assets. MiCA's specific requirements for ARTs include:

• Reserve requirements: Companies issuing ARTs must hold sufficient reserves to ensure the stability of the tokens. The reserve fund should be equal to or exceed the total value of the issued tokens.

• Amount limit: The daily trading volume of a single ART shall not exceed EUR 5 million. If the market value of ART exceeds EUR 500 million, the issuing company shall report to the regulator and take additional compliance measures.

• Transparency and reporting: The issuing company needs to disclose detailed information and financial statements of the reserve fund on a regular basis to ensure transparency. Report the issuance and reserve of tokens to the regulator on a monthly basis.

(2) Electronic Money Tokens (EMTs)

EMTs are a type of stablecoin whose value is pegged to a single fiat currency. MiCA's specific requirements for EMTs include:

Reserve requirements: Companies issuing EMTs must hold an equivalent amount of fiat currency reserves to ensure the stability of the tokens. The reserve fund should be equal to or exceed the total value of the issued tokens.

Amount limit: The daily trading volume of a single EMT shall not exceed EUR 5 million. If the market value of the EMT exceeds EUR 500 million, the issuing company must report to the regulator and take additional compliance measures.

(3) Crypto-asset Service Providers (CASP)

Need to comply with minimum requirements regarding their governance, asset custody, complaint handling, outsourcing, wind-down plans, information disclosure and, most importantly, prudential requirements - CASPs need to maintain a permanent minimum capital ("own funds"):

• Trading platforms need to maintain a minimum permanent capital ("own funds") of EUR 150,000

• Custodians and exchanges (brokers) need EUR 125,000

• All other CASPs need EUR 50,000

2. Scope of application

II. Transparency and disclosure requirements for crypto project issuance

The EU Crypto-Asset Market Regulation (EU) 2023/1114 stipulates transparency and disclosure requirements, ensuring market transparency of project issuance and protecting investors' rights and interests through detailed white paper writing and publishing processes, strict information update requirements and standardized marketing materials. The following are the detailed requirements for project issuance:

III. License application and its obligations

1.License application

(1)Eligibility for application:

• Only companies that meet specific conditions can apply for and obtain a license for crypto asset services. This includes the company having a sound legal structure, good financial status, a reliable management team, etc.

• For example, the company must be a legal entity or other legal form of enterprise.

(2) Application documents:

• When applying for a license, the company needs to submit a series of documents, including:

• Company name, legal entity identifier, website, contact information and physical address.

• The legal form and articles of association of the company.

• A detailed operating plan describing the types of crypto asset services planned to be provided and how and where they are marketed.

• Documents proving that the applicant meets prudential safeguard requirements.

• A description of the company's governance structure, including background check reports on management members to ensure that they are reputable and have the knowledge and experience to manage the company.

• The identity information of major shareholders or members and their shareholdings, and ensuring that these people are reputable.

• Description of internal control mechanisms, risk management procedures, anti-money laundering and counter-terrorist financing measures, and business continuity plans.

• Technical documentation of information and communications technology (ICT) systems and security arrangements.

• Description of procedures for separation of customer assets and funds.

• Description of procedures for handling customer complaints.

(3) Audit process:

• After receiving the complete application materials, the competent authority shall review and make a decision within the specified period.

• Once the authorization is obtained, it is necessary to specify the types of services that the crypto asset service provider is authorized to provide.

• The authorization information shall be notified to the European Securities and Markets Authority (ESMA) and recorded in a public register.

2. Obligations of license holders

(1) Compliance operation:

• License holders must continue to meet the authorization conditions and report their operations to the competent authorities on a regular basis.

• Companies must maintain sound internal control mechanisms and risk management procedures to ensure compliance and security of their operations.

(2) Cross-border services:

• License holders can provide services within the EU without having to set up a physical office in each member state, but they must notify and provide relevant information to the competent authorities of the destination member state.

(3) Management changes and business expansion:

• If there is a change in the company's management, it must immediately notify the competent authorities and provide all necessary information to assess its compliance.

• If the company wishes to add new types of services, it must apply to the competent authority for an extension of the license and supplement and update relevant information.

(4) Regular supervision and inspection:

• The competent authority has the right to conduct on-site inspections and request the provision of any information related to operations to ensure the company's continued compliance.

• The company must cooperate with the inspection of the competent authority and provide all necessary operational information and data.

(5) Violation handling:

• The competent authority may revoke the company's license under certain circumstances, including but not limited to:

• No use within 12 months after authorization.

• No crypto asset services for 9 consecutive months.

• Obtaining authorization through improper means.

• Failure to meet the authorization conditions and failure to take remedial measures within the prescribed period.

• Serious violations of regulations, including violations of customer protection and market integrity regulations.

IV. Measures to protect the rights and interests of investors and customers

1. Investor rights protection

(1) Information transparency:

• Companies issuing crypto assets must provide detailed and accurate information to let investors know what they are buying and what risks and benefits there are.

• This information includes details of the company, technical details of the crypto assets, trading and distribution methods, potential risks, etc.

(2) Fair treatment:

• The company must ensure that all investors are treated fairly during the transaction process without any form of discrimination.

• If there is special treatment, it must be clearly stated in the white paper and marketing materials to ensure transparency and fairness.

（3）Risk Disclosure:

• The company must fully explain all possible risks, including technical risks, market risks and legal risks, so that investors are aware of the risks of investment.

2. Customer Fund Protection

（1）Independent Custody:

• The company must manage the customer's funds and the company's funds separately to ensure the safety of the customer's funds.

• This is to prevent the company from misappropriating customer funds and to protect the interests of customers when the company has problems

（2）Compensation Mechanism:

• If the company has problems or defaults, there must be a clear compensation and indemnity mechanism to ensure that customers can be compensated in a timely manner.

• The company needs to have sufficient resources and arrangements for compensation.

（3）Transparent pricing:

• The company must disclose all fees and charges to ensure that customers know the details of each fee.

• This information should be posted in a prominent position on the company's website to ensure transparency.

3. Investor suitability assessment

（1）Customer information collection:

• When providing advice to customers or managing customer assets, service providers need to collect relevant information about customers, including investment experience, risk tolerance and financial status.

• This information is used to assess whether crypto assets are suitable for customers and to ensure that the advice is consistent with the customer's investment objectives and risk preferences.

（2）Risk Warning:

• Service providers need to clearly inform customers of the risks associated with crypto assets, including value volatility risk, liquidity risk and possible risk of total loss.

• Customers need to understand that crypto assets are not protected by traditional investor compensation schemes and deposit protection schemes.

（3）Regular Assessment:

• Service providers need to review their suitability assessments of customers regularly (at least every two years) to ensure that their advice and services always

• meet customers’ needs and risk tolerance.

4.Customer Complaint Handling

（1）Complaint Handling Procedure:

• Companies must have an effective complaint handling procedure to ensure that customer complaints can be handled promptly and fairly.

• Customers can submit complaints free of charge. The company needs to provide a complaint template and record all complaints and handling results.

(2) Complaint transparency:

• The company must disclose detailed information on the complaint handling procedure on its website so that customers can understand the complaint process and resolution path.

• The company needs to investigate all complaints within a reasonable time and notify customers of the results.

V. Prevention of insider trading and market manipulation

1.Prevention of insider trading

(1) Definition of insider information:

• Insider information refers to undisclosed information that is directly or indirectly related to one or more crypto assets or issuers, which, if disclosed, may have a significant impact on the price of these crypto assets.

(2) Prohibition of insider trading:

• Persons holding insider information shall not use this information to buy or sell crypto assets, and shall not recommend or induce others to engage in insider trading. Insider information holders shall not disclose this information to others unless the disclosure is made within the normal scope of their profession or position.

(3) Penalty measures:

• If insider trading is discovered, the relevant agency has the right to investigate the individuals or companies involved and impose penalties in accordance with laws and regulations, including fines, bans on business, etc.

2. Market Manipulation Prevention

(1) Definition of Market Manipulation:

Market manipulation includes but is not limited to the following behaviors:

• Creating false supply and demand signals to affect the price of crypto assets.

• Manipulating the price of crypto assets through false transactions, dissemination of false information, etc.

• Using market position to directly or indirectly fix buying and selling prices, or create unfair trading conditions.

(2) Typical Market Manipulation Behaviors:

• For example, disrupting the normal operation of the trading platform through a large number of buy and sell orders to create false market trends.

• Spreading false or misleading information in the media or on the Internet to affect the price of crypto assets.

• Use its dominant position in the market to directly or indirectly manipulate the buying and selling prices of crypto assets.

3. Prevention and detection mechanisms

(1) Prevention measures:

• Crypto asset service providers need to establish effective internal control systems to prevent market manipulation. These systems include monitoring trading activities and detecting abnormal trading behaviors.

(2) Detection and reporting:

• Once a service provider discovers suspicious trading behavior, it should immediately report it to the competent authority. These reports should include all relevant information, such as trading orders, the operation of the trading platform, etc.

(3) Cross-border cooperation:

• For cross-border market manipulation, the competent authorities of relevant countries need to coordinate and cooperate to jointly combat market abuse.

VI. Penalty provisions for violations

1. Administrative penalties and other administrative measures

(1) Scope of violations:

• The regulations clearly list the violations that need to be punished, including failure to release information in accordance with regulations, failure to comply with prohibitions on market manipulation and insider trading, and failure to cooperate with investigations.

(2) Penalty measures:

• Public statement: The competent authorities can issue a statement to explain the violating companies or individuals and their violations. This is equivalent to "naming and criticizing" the entire market.

• Corrective order: requires the offender to stop the violation and take measures to prevent it from happening again. This is similar to asking the offender to "correct the mistake immediately".

• Fines: Fines are imposed on natural persons (individuals) and legal persons (companies), and the amount of the fine is calculated based on the severity of the violation and the illegal benefits obtained. For example:

• The fine for an individual can be up to €700,000.

• The fine for a company can be up to €5 million, or 5% of its annual turnover.

(3) Particularly serious penalties:

In the case of particularly serious violations, such as repeated violations or serious impact on market stability, the competent authority may:

• Temporarily or permanently prohibit the relevant management personnel from continuing to engage in management work related to crypto assets.

• Revoke or suspend the company's operating license.

2. Publicity of penalty decisions

(1) Openness and transparency:

• For each penalty decision, the competent authority must publish it on its official website. This is equivalent to "public notification of criticism", so that all market participants know the violation and the results of the handling.

(2) Privacy protection:

• In some cases, if publishing the identity of the violator will cause disproportionate harm or affect the ongoing investigation, the competent authority may choose to publish the penalty decision anonymously or postpone the publication of the penalty decision.

3. Implementation of fines and other penalties

(1) Execution of fines:

• Fines and other penalties need to be implemented in accordance with the legal procedures of the country where they are located. If the person being punished does not pay the fine, the competent authority can enforce it through legal means.

(2) Purpose of fines:

• The fines collected will be included in the EU budget and used for public expenditure.

4. Right to appeal against penalties

(1) Appeal procedure:

• The person being punished has the right to appeal against the penalty decision. This is like a "reasonable complaint" and they can object to the penalty decision through the court.

• If the application for a license is rejected or the application has not been processed for more than six months, the applicant also has the right to appeal.

VII. International cooperation and coordinated supervision

Through these international cooperation and coordinated supervision measures, the EU hopes to ensure the consistency and effectiveness of global supervision of the crypto asset market. Through close cooperation and information sharing with regulators in other countries, cross-border violations can be better prevented and combated.

1. Cooperation between regulators

(1) Cooperation within the EU:

• Regulators in various countries need to work closely together to ensure consistent regulatory standards for crypto assets. This is like traffic police in different countries need to cooperate with each other to ensure that cross-border drivers follow the same traffic rules.

(2) Information sharing:

• Regulators in various countries must share information in a timely manner, especially when violations are discovered or need to be investigated. This is like the need for police stations to quickly pass on information about suspects so that timely action can be taken.

2. Cooperation with non-EU countries

(1) Cooperation with regulators in non-EU countries:

• Regulators in EU member states need to sign cooperation agreements with regulators in non-EU countries to exchange information and jointly enforce the law. This ensures that even cross-border crypto asset transactions can be effectively regulated, just as international police cooperate to combat transnational crime.

(2) Security of information exchange:

• These cooperation agreements must ensure the confidentiality and security of information exchange to prevent sensitive information from being leaked or abused. This is like when police from different countries share intelligence, they must ensure that the intelligence is not obtained by terrorists or criminals.

3. The role of the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA)

(1) Coordination and promotion of cooperation:

• ESMA and EBA are responsible for coordinating cooperation among EU regulators and developing standardized cooperation agreements and information exchange procedures. This is like Interpol coordinating actions between police forces in various countries to ensure that everyone follows the same standards and procedures.

(2) Development of technical standards:

• ESMA and EBA will develop technical standards to ensure that the format and content of information exchange are consistent and easy to use by regulators in various countries. This is like developing a unified language so that police from different countries can understand and use shared information.

4. Dealing with cross-border issues

(1) Cross-border investigation and supervision:

• When dealing with cross-border crypto asset violations, regulators in relevant countries need to jointly investigate and supervise. This is similar to police from multiple countries working together to catch transnational criminal gangs.

(2) Solving cooperation problems:

• If a country's regulator refuses to cooperate or fails to respond to information requests in a timely manner, other countries can report the problem to ESMA or EBA, which will coordinate and resolve it. This is like submitting the problem to Interpol and asking them to coordinate and resolve it.

Eight. The impact of the Mica Act

Impact 1: Delisting of privacy coins

Crypto assets with built-in anonymity features (such as "privacy coins" such as Monero and Zcash) can only be allowed on trading platforms if CASPs or relevant regulators can identify token holders and their transaction history. Since this is not actually possible, it is expected that EU-regulated cryptocurrency exchanges will delist privacy coins from their products.

Impact 2:CASPs that have obtained relevant European licenses will find it easier to obtain Mica's license

CASPs that have already obtained licenses under the national framework will benefit from a simplified MiCA authorization procedure and have up to 18 months to obtain a final MiCA license. For example, regulated crypto custodians in Germany may benefit from these simplified procedures and transitional measures. However, only MiCA-licensed CASPs will have the opportunity to provide services throughout the EU single market through so-called cross-regional licenses. That’s why it’s expected that most crypto businesses will apply for MiCA authorization as soon as possible.

Impact 3: Unification of the European Market

MiCA regulations will bring unified regulation, increased competitiveness and institutionalization. Until now, crypto companies in the EU had to apply to regulators in every country if they wanted to serve the entire EU market, which was costly and cumbersome. Under MiCA, the same binding EU requirements will apply to all 27 member states. Once a company obtains a MiCA license in one country, it will be able to provide licensed services throughout the EU single market through a “cross-region license.”

Impact 4: Offshore companieswill be restricted, EU businesses will benefit

After MiCA comes into effect, offshore, unregulated companies will not be able to actively attract EU customers. Even the rules for foreign companies to accept customers when actively contacted by EU users will become more stringent. This means that MiCA-regulated crypto companies will grab more EU market share from these unregulated overseas competitors.

Impact 5: MiCA promotes institutional participation, and European banks accelerate their layout

MiCA may lead to increased institutional adoption and activity in the EU crypto market. According to Bloomberg, only 4% of European institutional funds are exposed to crypto assets. Regulatory uncertainty is one of the main concerns that prevent institutions from entering this field. It is expected that in the next 48 months, major European banks will launch crypto asset services, whether it is custody, trading, or the issuance of electronic currency tokens or asset reference tokens.

Impact 6:MiCA's impact on stablecoin issuers

MiCA's new regulatory rules will bring significant compliance challenges to stablecoin issuers represented by Tether, especially considering that Tether has not been able to fully disclose the status and composition of its reserves, nor has it been fully audited by an authoritative independent agency. Tether has also been involved in multiple lawsuits and investigations, including a $18.5 million settlement with the New York Attorney General's Office and a rumored investigation by the U.S. Department of Justice for suspected bank fraud, money laundering, and illegal operations. In the future, stablecoin issuers represented by Tether will face greater compliance reform costs.

To meet these challenges, Tether should actively promote its own compliance process and establish a good cooperative relationship with EU regulators and third-party auditing agencies to improve its market credibility and competitiveness. Faced with increasingly stringent regulatory requirements, Tether has taken measures to promote compliance. For example, Tether recently announced that it will cooperate with the Italian branch of BDO International, the world's fifth largest accounting firm, which will be responsible for auditing the company's reserve guarantee and certification reports, and plans to change the frequency of audit reports from quarterly to monthly.

Under the framework of MiCA, stablecoin issuance will become more compliant and transparent. Stablecoin issuers such as Tether need to accelerate their compliance process to adapt to the new regulatory environment and remain competitive in the EU market.

Impact 7: MiCA’s impact on DeFiMiCA applies to businesses – both natural and legal persons and “certain other businesses”. “Other businesses” may include entities that are not legally established, but the EU has clarified that decentralized DAOs and protocols are not newly targeted. Paragraph 22 of MiCA clarifies that “crypto-asset services should not be within the scope of this Regulation if they are provided in a fully decentralized manner without any intermediaries.” This core statement is supported by multiple public statements from key officials of the European Commission and Parliament.

However, the devil is in the details. The bill states that MiCA may apply even if some activities or services are performed in a decentralized manner. This means that if there are some parts or links in a DeFi project that are not fully decentralized, it may still need to comply with the relevant provisions of MiCA.

What level of decentralization (technical, governance, legal, etc.) is required to be out of scope? It is a subjective judgment call that is not ambiguous. I expect some enforcement and litigation cases to revolve around this issue. The EU is generally reluctant to enforce its laws in other countries, but it will be particularly concerned if some DeFi projects are nominally decentralized but actually centralized and provide services in Europe or to EU users.

DeFi projects have two options if they want to be excluded from the scope:

• Prove full decentralization (high threshold)

• Block EU users

However, the EU deserves praise for excluding truly decentralized DeFi projects when formulating regulations for traditional financial companies. It would be good news if some of the content of MiCA can become a global standard.

Impact 8:Challenges and uncertainties

However, the actual success of MiCA is highly dependent on the implementation standards and enforcement practices developed by EU regulators in the next 12-18 months. Some provisions may impose burdens on industry participants, and their full impact will only be apparent after the technical implementation standards provide practical operational guidance.

Impact 9:High Compliance Costs and Hindered Innovation

As with Hong Kong’s recent situation, compliance costs were too high and companies fled, and Mica’s compliance costs will similarly cause stablecoin issuers to bypass the EU, and the disclosure requirements and responsibilities faced by exchanges will be too onerous to provide benefits to consumers, making their products uncompetitive compared to offshore competitors. EU consumers will either be cut off from innovation or continue to use (and be exposed to) the largest offshore liquidity and utility pools. In addition, regulators may believe that most NFT and DeFi projects are actually within the scope of MiCA and need to comply - a door that the current MiCA preamble remains open to interpretation. This will inevitably lead to the migration of teams and resources out of the EU.

Ninth, can the Mica Act become a global standard?

MiCA is expected to become the GDPR of the cryptocurrency field, a widely adopted regulatory standard around the world, but this is not a foregone conclusion.

It is undeniable that MiCA will have a significant impact on the crypto-asset frameworks of other jurisdictions, especially those with less experience in financial regulation and supervision. Many concepts in the recent Financial Stability Board (FSB) recommendations for crypto service providers and the “Global Stablecoin Arrangement” have been inspired by MiCA.

The EU market is the world’s largest internal market, with 450 million relatively affluent consumers. With its market size, MiCA will prompt many companies around the world to adopt MiCA’s operating standards, and may even adapt them internationally to maintain consistency in global operations and products. The global impact of EU regulatory standards has been observed in multiple industries, from chemicals to agriculture to technology, a phenomenon that Columbia Law School professor Anu Bradford has dubbed the “Brussels effect.”

“As the United States struggles to provide regulatory clarity for the domestic crypto industry, a global regulatory framework like MiCA could fill that gap,” warned Caroline Pham, current U.S. Commodity Futures Trading Commission (CFTC) Commissioner.

As the U.S. crypto-asset regulatory vacuum continues, the global influence of the MiCA standards is expected to grow.

Ultimately, however, it is the actual success of MiCA that is key, and much of the practical implementation work still lies ahead. If MiCA proves to be viable for industry, consumers, and regulators alike, it will have global implications. Otherwise, many jurisdictions may choose a completely different policy path. Only time and the markets will tell.

After the complete collapse of FTX, even the most staunch crypto maximalists have had to concede that some form of sensible regulation is needed to move the space forward and prevent the worst of the fraud.