Digital Asset Protection – A first look at client asset rules under MiCA

On 5 October 2022, a draft overall compromise package was agreed on the European Markets in Crypto-Assets Regulation (MiCA). On 9 October 2022, the compromise package passed the European Parliament Committee on Economic and Monetary Affairs (ECON).

After our first look on MiCA in July, it is time to take a closer look at a central part of the MiCA regime and highlight the client asset protection rules proposed under the compromise package.

What does MiCA propose?

MiCA attempts to provide a harmonised framework for the protection of holders of digital assets in scope of the regulation.

Scope of MiCA

MiCA applies to “crypto-assets” which are broadly defined as “digital representation of a value or a right which may be transferred and stored electronically, using distributed ledger technology or similar technology”.  Specific requirements apply to certain crypto-assets that are usually referenced as “stablecoins”:

• electronic money tokens or e-money tokens – defined as “a type of crypto-asset that purports to maintain a stable value by referencing to the value of one official currency”;
• asset-referenced tokens which means “a type of crypto-asset that is not an electronic money taken and that purports to maintain a stable value by referencing to any other value or right or a combination thereof, including one or more official currencies”.

Importantly, MiCA does not apply to NFTs or to crypto assets which are already subject to an existing (client protection) regime. MiCA does not provide for harmonised client asset protection rules for crypto-assets that qualify as:

• financial instruments and structured deposits under MiFID II;
• deposits under the DGSD;
• electronic money under the E-Money Directive (except where electronic money qualifies as electronic money tokens under MiCA);
• securitisation positions under the Securitisation Regulation, and
• certain insurance and pension products as well as social security schemes.

The exclusion of financial instruments under MiFID will, in practice, mainly concern security tokens, i.e., those crypto-assets that share the characteristics of transferrable securities (applying a “substance over form” approach) in that they are transferable, are capable of being traded on the capital market and confer rights that are similar to the rights conferred under a “traditional” security. Since the dividing line can be difficult to establish, MiCA tasks ESMA to issue guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments.

Methods of MiCA

MiCA contains three separate rule sets for the protection of holders of crypto-assets:

• Rules on the safekeeping of clients’ crypto-assets that apply to all crypto-asset service providers (CASPs) that hold crypto-assets belonging to clients or the means of access to such crypto-assets (Article 63),
• Rules on the custody and administration of crypto-assets which apply to CASPs who provide the crypto-asset service of custody and administration on behalf of third parties (Crypto-Custodians) (Article 67),
• Obligations to have a reserve of assets, and on the composition and management of such reserve of assets which apply to issuers of asset-referenced tokens, and
• Obligations to safeguard funds that have been received in exchange for e-money tokens which apply to issuers of e-money tokens.

What are the rules for crypto-asset custodians?

The overarching obligation for all CASPs is to make adequate arrangements to safeguard the ownership rights of clients, especially in the event of the CASP’s insolvency, and to prevent the use of a client’s crypto-assets for their own account.

For Crypto-Custodians, MiCA takes a page from the rulebook of existing client asset rules, particularly those applicable to custodians who hold securities under MiFID II but also makes noteworthy additions.

More specifically, Crypto-Custodians must

• keep a register of positions, opened in the name of each client, corresponding to each client’s rights to the crypto-asset and which records any movements following instructions from their clients;
• segregate holdings of crypto-assets on behalf of their clients from their own holdings and ensure that the means of access to crypto-assets of their clients are clearly identified as such. They shall ensure that, on the DLT, their clients’ crypto-assets are held on separate addresses from those on which their own crypto-assets are held.
• ensure that the crypto-assets held in custody are operationally segregated from the crypto-asset service provider’s estate.

While these requirements outwardly mirror the obligations of custodians who hold securities for clients, it is far from clear whether the requirements for internal and external asset segregation would in each case also achieve the purpose to insulate the crypto-assets from the Crypto-custodian’s estate. Asset segregation aims at preserving a client’s “ownership” in assets, and therefore relies on the recognition of such position in a (dematerialised) “crypto-asset” under the relevant insolvency law. It is also not yet clear yet what Crypto-custodians would need to do to ensure an “operational segregation” of crypto-assets.               

In other respects, MiCA goes beyond MiFID II and stipulates additional explicit requirements for Crypto-custodians:

• Crypto-custodians must enter into a custody agreement with clients, which must include certain provisions, including a description of the security systems used by the crypto-assets service provider and its custody policy.
• Crypto-custodians must establish a custody policy with internal rules and procedures to ensure the safekeeping or control of crypto-assets, or the means of access to the crypto-assets, such as cryptographic keys – a summary of the custody policy must be made available to clients on their request in an electronic format.
• Crypto-custodians must record “any event likely to create or modify” the client’s rights in the crypto-asset (such as changes to the underlying DLT) in the position register kept by the crypto-custodian immediately. Further, MiCA provides clients with a right against the custodian to any crypto-assets or any rights newly created by such change (unless the custody agreement explicitly provides otherwise). This may cover situations such as the replacement of the collapsed algorithmic stablecoin TerraLuna by the new token Luna 2.0. and the underlying start of a genesis blockchain.
• Crypto-custodians will be liable to their clients for the loss of any crypto-assets or of the means of access to the crypto-assets with a liability cap at the market value of the crypto-asset lost at the time the loss occurred. The liability occurs – irrespective of fault – for any incident that is
• attributable to the provision of the relevant service or the operation of the service provider (with only limited room for a rebuttal by the Crypto-custodian). This strict liability goes even beyond the liability of a depositary for the loss of financial instruments belonging to an alternative investment funds, which appears to be the starting point for the liability rule. It is not clear to which extent a Crypto-custodian may limit or specify this liability under its terms and conditions agreed with the client.  Crypto-custodians are required to obtain insurance against the liability risks to clients.

What are the rules for asset-referenced tokens (“reserve of assets”)?

MiCA also introduces a specific regime with the introduction of the concept of “reserve of assets” that back the value of the asset-referenced tokens applicable to issuers of such tokens.

Issuers of asset-referenced tokens must maintain a reserve of assets – i.e. the “basket of assets securing the claim towards the issuer of an asset-referenced token” – which must be insulated from the issuer’s estate, and from the reserve of assets of other asset-referenced tokens, in the interest of the holders of these tokens. The reserve of assets serves must be composed and maintained in such a way that:

• The risks associated to the assets referenced by the asset-referenced tokens are covered, and
• the liquidity risks associated to the permanent redemption rights of the holders are addressed.

For this purpose, MiCA contains a number of obligations on the composition and management of the reserve of asset by the issuer.

Composition of the reserve of assets

As an overarching obligation, issuers must ensure that the aggregate value of reserve assets, by using market prices (using mark-to-market valuation, whenever possible), shall be at least equal to the aggregate value of the claims on the issuer from holders of asset-referenced tokens in circulation. MiCA contains detailed requirements on the valuation principles that issuers have to apply. Issuers must ensure that the issuance and redemption of asset-referenced tokens is always matched by a corresponding increase or decrease of the reserve of assets.

The composition of the reserve of assets must also be addressed as part of the policy that describes the stabilisation mechanism of the asset-referenced token which requires, among other things, to

• describe the type of assets and the precise allocation of assets that are included in the reserve of assets;
• contain a detailed assessment of the risks, including credit risk, market risk, concentration risk and liquidity risk resulting from the reserve assets;
• describe the procedure by which the issuance and redemption of tokens will result in a corresponding increase and decrease of the reserve of assets.

Issuers may invest part of the reserve of assets into highly liquid financial instruments with minimal market risk, credit risk and concentration risk. EBA, ESMA and the ECB are tasked with developing RTS to specify the financial instruments that are eligible for this purpose. Further, the issuer must hold a certain minimum amount of the reserve of assets as deposits:

• 30% of the amount referenced in each official currency must be held as deposits in credit institutions.
• 60% of the amount referenced in each official currency must be held as deposits in credit institutions for significant asset-referenced tokens.

Significant asset-referenced tokens are a subset of asset-referenced tokens which are classified as significant by EBA based on a number of criteria, including the number of the holders of the tokens, the value of the tokens issued, the number and value of transactions on those asset-referenced tokens, the significance of the activities of the issuer of the asset-referenced tokens on an international scale, the interconnectedness with the financial system, the fact that the same legal person or undertaking issues at least one additional token and provides at least one crypto-asset service and/or whether the issuer is a provider of core platform services under the Digital Markets Act.

Management of the reserve of assets

The reserve assets are subject to a comprehensive custody regime.

Issuers are required to entrust reserve assets to credit institutions, crypto-asset service providers or investment firms (together: Custodians) no later than 5 working days after the issuance of the token.

Issuer must generally maintain, operate and manage separately a segregated pool of reserves of assets for each category of asset-referenced token. Conversely, different issuers of asset-referenced tokens who offer the same asset-referenced tokens to the public shall operate and maintain only one reserve of assets for that category of asset-referenced tokens.

The specific requirements depend on the type of reserve asset, in particular:

• Credit institutions shall hold in custody funds in a segregated cash account opened in the credit institutions’ books in the name of the issuers of the asset-referenced tokens.
• for financial instruments that can be held in custody, credit institutions or investment
• firms shall hold in custody all financial instruments that can be registered in a segregated securities account opened in the credit institutions’ or investments firms’ books in the name of the issuers of the asset-referenced tokens;
• crypto-asset service providers shall hold the crypto-assets included in the reserve assets or the means of access to such crypto-assets, where applicable, in the form of private cryptographic key, in a register of positions in the name of the issuers of the asset-referenced tokens.

Similar to the safekeeping obligations under MiFID II, issuers are required to exercise all due skill, care and diligence in the selection, appointment and review of Custodians. Further, the custodian must in any case be a person different from the issuer, meaning that, for example, credit institutions are not entitled to hold the reserve of assets for asset-referenced token that they issue.

Further, issuers must ensure that:

• reserve assets are not encumbered nor pledged to Custodians,
• they have prompt access to the reserve assets to meet any redemption requests from the holders of asset-referenced tokens, and
• concentration in the custodians of reserve assets and the reserve assets itself are avoided.

The Custodians are subject to a strict liability regime. In case of a loss of a reserve asset, the Custodian shall return to the issuer of the asset-referenced tokens a financial instrument or a crypto-asset of an identical type or the corresponding, unless it can prove that the loss has arisen as a result of an external event beyond its reasonable control.

What are the rules for e-money tokens?

MiCA makes e-money tokens subject to the safeguarding requirements under the E-Money Directive but limits the eligible safeguarding methods. Under MiCA, funds received by issuers of e-money tokens in exchange of e-money tokens shall be

• invested in secure, low-risk assets denominated in the same currency as the one referenced by the e-money token that qualify as highly liquid financial instruments with minimal market
• risk, credit risk and concentration risk, and
• deposited in a separate account in a credit institution

At least 30% of the funds received shall always be deposited in a separate account in a credit institution.

In case of significant e-money tokens, the client asset framework for “reserve of assets” set out above applies instead of the safeguarding requirements under the E-Money Directive. Significant e-money tokens are a subset of e-money tokens which are classified as significant by EBA based on the same criteria that apply to determine significant asset-referenced tokens. Please refer to the requirements for significant asset-referenced tokens set out above.

When will MiCA apply?

Following the approval by ECON this week, MiCA now awaits formal approval by vote in the full European Parliament. MiCA will then have to be translated into all EU member states’ languages and published in the Official Journal of the EU and will enter into force on the twentieth day following its publication in the Official Journal.

MiCA will generally apply from 18 months after it has entered into force. However, the framework for asset-referenced tokens and electronic money tokens will apply 12 months after MiCA has entered into force. The new rules will, therefore, likely not apply before 2024.