Regulation (EU) 2023/1114 of 31 May 2023, known as the MiCA Regulation, which establishes the legal framework for crypto-asset services (previously referred to under French law as digital assets – “actifs numériques”), will come into effect on December 30, 2024.
In anticipation of the implementation of this more stringent regime, compared to the national regime implemented with the innovative law no. 2019-486 of 22 May 2019, known as the “loi PACTE”, applicants aiming to obtain the new status of Crypto-Asset Service Providers (“CASP”) can, since 1 July 2024, submit their licensing requests with the Autorité des Marchés Financiers (“AMF”). While an instruction phase can begin immediately, the AMF will only grant the new license as from 30 December 2024.
The new CASP regulatory status will be mandatory for all entities wishing to provide at least one of the ten crypto-asset services outlined by the MiCA Regulation within the European Union (“EU”):
- providing custody and administration of crypto-assets on behalf of clients,
- operation of a trading platform for crypto-assets
- exchange of crypto-assets for funds,
- exchange of crypto-assets for other crypto-assets,
- execution of orders for crypto-assets on behalf of clients,
- placing of crypto-assets,
- reception and transmission of orders for crypto-assets on behalf of clients,
- providing advice on crypto-assets,
- providing portfolio management on crypto-assets,
- providing transfer services for crypto-assets on behalf of clients.
The French regime for Digital Asset Service Providers (DASP): anticipating a transition period
To adequately prepare for the new requirements stemming from the MiCA Regulation, DASPs (holding either a “simple” or “reinforced” registration, or an “optional” license) and entities providing services not subject to registration or licensing (e.g., financial investment advisors (“CIF”) providing advice on crypto-assets) will benefit from a transitional period until 30 June 2026 to continue their activities. However, during this period, they must prepare to obtain a CASP license to continue their operations after 30 June 2026. This exemption therefore allows them to continue their activities exclusively in France, but not to benefit from the new European passport arising from the MiCA Regulation to operate elsewhere within the single market. Moreover, despite this transitional period, a DASP already registered or licensed and wishing to extend its services must seek a new CASP license from the AMF.
Consequently, from 30 December 2024, the new CASP status will replace all existing national regimes of the EU Member States, including the French DASP regime which will disappear entirely by 30 June 2026 (for existing DASPs, this regime will entirely disappear after the transitional period).
What are the regulator’s main focus areas in granting a “classic” CASP license?
To provide at least one of the ten aforementioned crypto-asset services, CASPs must be licensed by a competent authority (in France, the AMF) and comply with professional obligations stemming not only from the MiCA Regulation but also from other European legislations, such as the 5th Anti-Money Laundering Directive (“AMLD”) on the eponymous framework (Directive (EU) 2015/849 of May 20, 2015, as amended by Regulation (EU) 2023/1113, known as the TFR) or Regulation (EU) 2022/2254 of December 14, 2022, commonly known as the DORA Regulation, concerning digital operational resilience.
Common professional obligations will apply to all CASPs, while others will be specific to each crypto-asset service provided by the CASP. The AMF reminds that the requirements for obtaining a CASP license are higher than those linked to the “reinforced” DASP status.
In the context of the CASP licensing process, the AMF will, in practice, particularly focus on the compliance with rules and/or the robustness of frameworks concerning:
- AML/CFT: For instance, the CASP’s AML/CFT setup must consider the “principes d’application sectoriels” (Sectoral Application Principles – “SAP”) of the Autorité de Contrôle Prudentiel et de Résolution (ACPR) regarding AML/CFT and asset freezing.
- digital operational resilience: for example, the CASP must establish a business continuity policy that includes, among other things, Information and Communication Technology (“ICT”) response and recovery plans compliant with the DORA Regulation.
- preventing and managing conflicts of interest: for instance, the CASP must establish and maintain effective policies and procedures for preventing and managing conflicts of interest and disclose the nature and sources of conflicts of interest on its website.
- outsourcing: for example, the CASP must establish an outsourcing policy and ensure that third-parties involved in the outsourcing process comply with EU data protection standards.
- complaint handling: for instance, the CASP must establish and maintain effective and transparent procedures for promptly, fairly, and consistently handling customer complaints.
- fund custody and client asset segregation: the CASP must, for instance, take adequate measures to protect the rights of its clients, especially in the event of its insolvency.
- prudential safeguards: for example, the CASP must implement safeguards meeting either a minimum capital requirement or a threshold for fixed overheads.
- governance and operational processes, integrity, and managers’ competence: For instance, the CASP must establish its effective management’s headquarters within the EU and have at least one director residing within the EU.
- acting honestly, fairly, and professionally in the best interest of its clients: For example, the CASP must establish and publish a policy on pricing, costs, and fees on its website for its clients.
- providing fair, clear, and non-misleading information: For instance, the CASP must ensure that its communications do not mislead clients or prospects—including by negligence —regarding the benefits of a crypto-asset.
- publishing the environmental impact of products: For example, the CASP must disclose information on its website about the significant adverse climate impacts of the crypto-asset issuance mechanism.
Points of attention
According to the AMF, the CASP licensing process requires applicants not only to rigorously prepare to elevate their organization and business model to the standards required by the MiCA Regulation, but also to demonstrate strong commitment and responsiveness after submitting the license application, to address the AMF’s (or ACPR’s) questions during the application instruction process.
The AMF emphasizes that applicants’ internal procedures should not only summarize the textual requirements but describe precisely and operationally how they are applied in practice.
What are the main steps in the CASP licensing procedure?
The CASP licensing procedure before the AMF includes four steps:
- Step 1: the applicant submits a licensing application request to the AMF.
- Step 2: the AMF acknowledges receipt of the request within 5 working days as of its submission.
- Step 3: the AMF begins reviewing the application, by assessing the request’s completeness and, if necessary, requests additional information/documents within 25 working days as of its submission.
- Step 4: if the dossier is considered complete by the AMF, the latter continues its review (additional information/documents may still be requested at this stage) and decides whether or not to grant the CASP license, within 40 working days as of the submission.
What is the “notification” procedure for financial institutions and the “simplified procedure” for DASPs?
The “notification procedure” is available for regulated financial entities (as mentioned in Article 60 of the MiCA Regulation, such as credit institutions or management companies) that wish to provide certain specific crypto-asset services related to equivalent specific services. For example, for a credit institution, the service of custody and administration of crypto-assets for clients is considered equivalent to that of providing, maintaining, or managing securities accounts.
This procedure consists in submitting a notification request to the AMF or the ACPR (depending on the applicant’s regulatory status) at least 40 days before providing the relevant crypto-asset service. The competent authority must notify the applicant of the completion of their notification within 20 business days.
The “simplified procedure” is an accelerated process open to licensed DASPs or DASPs with a reinforced registration. This procedure allows applicants to reuse some previously submitted (and significantly unchanged) elements to the AMF during the initial registration/licensing processes (these elements will undergo limited review from the regulator). Therefore, the AMF will not duplicate due diligences that were already performed.
Given the new opportunities it presents, the new CASP status stemming from the MiCA Regulation offers interesting development prospects for professionals who aim to provide crypto-asset services. The possibility to submit a license application to the AMF immediately represents a significant advantage for the best-structured entities, such as those already registered or licensed DASPs, allowing them to rapidly position themselves in a newly harmonized European market. Other interested parties have a few months, until 30 December 2024, to level up.