How the New MiCA Regulation Affects Crypto Exchanges

9 min read

MiCA, otherwise known as The Markets in Crypto-Assets Act, represents a long-awaited landmark for the European Union that now places it at the forefront of global cryptocurrency regulatory frameworks.

Following a successful vote on April 20, 2023, by the European Parliament in which 517 to 38 voted in favor of the Act, it was fully ratified by the Economic and Financial Affairs Council of the EU the following month on May 16, 2023. MiCA is expected to come into full force by the end of 2024. This makes Europe the first major jurisdiction to introduce a comprehensive framework for the regulation of crypto assets.

The new regulation aims to enhance transparency, ensure financial stability, bolster consumer protections, and foster innovation. But how did we get here? And what will this new MiCA regulation mean for businesses operating in the crypto asset space?

How we got here?

Though comparatively new, crypto has rapidly evolved since the publication of the bitcoin whitepaper in 2008. Initially, regulators adopted a wait-and-see approach, allowing the first iterations of the burgeoning crypto market to unfold relatively free of regulatory control.   

It wasn’t until crypto’s first public bull market in 2016-2017 that regulators renewed their interest in crypto. This interest coincided with the market cap of the space surging from around $6.5 billion at the start of 2016, to almost $800 billion by that particular bull market’s peak in January of 2018. Crypto had entered the mainstream and there was no putting the genie back in the bottle, it had to be contended with as an asset class in its own right.  

At the time, Ethereum had emerged as a major player, its initial “killer app” being the ability to crowdfund in a decentralized manner by minting new crypto tokens that could be sold in initial coin offerings (ICOs). However, this and many other decentralized use cases were still very new and not well understood.

Meanwhile, crypto functioned primarily as digital cash, and regulators approached the space as such, their first efforts at regulating the new asset class centered around the points of sale at which crypto could be purchased and exchanged, as well as the wallet providers.   

During crypto’s second major round of public interest in 2020-2022, the market had evolved significantly along two opposing lines. While crypto assets had become significantly easier to access in a centralized manner (e.g., onramps and custody solutions for financial institutions), much innovation had also taken place in the decentralized sphere. 2020 would come to be known as “DeFi Summer,” as a myriad of projects emerged to offer access to Ethereum’s (and its imitators’) second “killer app:” decentralized finance.  

DeFi refers to a number of decentralized services including exchange, lending/borrowing, the minting of synthetic assets, and yield farming that can all be performed permissionlessly in a decentralized manner. These innovations brought yield to crypto users, allowing token holders to earn an (often highly generous) interest rate for providing liquidity to decentralized exchanges, or lending their assets to over-collateralised borrowers.

These were effectively the first crypto money markets, allowing any holder to participate in the very plumbing of a new financial system in a way that only large institutions are permitted in the world of legacy finance. 

Meanwhile, on the regulatory front, regulators were expanding their understanding of which parts of the crypto ecosystem could be effectively regulated. From just focusing on the points of sale and wallet providers, they began to highlight that crypto is not always held in a decentralized manner as originally recommended by its first evangelists. Rather, a host of centralized intermediaries had sprung up to make access to this complex asset class simpler, easier, and safer for non-technical participants.

This network of crypto service providers could effectively be targeted to provide more adequate controls over the space, guidelines for crypto businesses, and assurances for consumers.  

Enter MiCA 

MiCA has been described as a sort of GDPR for crypto, a single regulatory framework that can apply across the board to all crypto businesses operating within the European Union. This allows for regulatory clarity within the EU, which has been lacking in other jurisdictions such as the United States.  

MiCA regulation replaces all existing national regulations within the EU, providing much clearer guidelines for crypto-asset service providers. It aims to provide a greater degree of certainty for crypto market participants operating within the EU and is expected to attract crypto firms currently operating in jurisdictions with less regulatory clarity than the European Union.  

Its purpose is to enhance KYC/AML in crypto, as well as regulate the creation and use of stablecoins and other synthetic assets designed to mimic the performance of fiat currencies such as the US dollar and the euro, or other real-world assets like gold.   

The focus of regulators has expanded to include much stricter anti-money-laundering controls that include the regulation of all transactions performed using crypto by centralized entities, including transactions made by the owner in their name and transactions made on the owner’s behalf by others.

Essentially, EU regulators have moved to view all centralized crypto services as analogous to financial service and payment service providers. 

What does it regulate?

The new framework includes all crypto assets that fall into three main categories. Asset-referenced tokens that are backed by real-world currencies or commodities, E-money tokens backed by individual fiat currencies, and a broad class of other tokens such as loyalty points and those offering some kind of utility to users on a given platform. 

The new regulation does not include crypto assets deemed as securities, which are currently regulated under the existing MiFID II framework, or NFTs, which MiCA doesn’t currently regulate if they are indeed unique and non-fungible with any other crypto assets.

This last exclusion, however, is a grey area owing to the large variety of NFT use cases and will have to be reviewed on a case-by-case basis. This is because NFTs whose function mimics that of utility tokens or other financial instruments will indeed fall under the purview of MiCA regulation. 

Whom it regulates?

The new MiCA framework creates a new class of crypto entities called CASPs (crypto asset service providers). Any business operating within the EU that deals in the above crypto assets in any form will require a MiCA license. The new framework breaks these crypto service providers down in the following way, with any and all of the below requiring a MICA license:  

  • The operation of a trading platform for crypto assets 
  • The exchange of crypto assets for funds  
  • The exchange of crypto assets for other crypto assets  
  • The custody and administration of crypto-assets on behalf of third parties 
  • The execution of orders for crypto assets on behalf of third parties  
  • The placement and other marketing of crypto assets  
  • The reception and transmission of orders for crypto assets on behalf of third parties 
  • The provision of advice on crypto assets 

The above classifications effectively apply to crypto businesses offering custodial wallets, crypto trading platforms, crypto exchange services, crypto-asset advice/portfolio management services, and crypto marketing. 

What else do I need to know?

This new class of Crypto-Asset Service Providers will have to undergo a comprehensive application and review process and will have more reporting and disclosure obligations to comply with once approved. These obligations are similar to those that apply to existing financial services firms operating within the EU.  

They include the existence of an EU-based office and at least one director who is an EU resident, compliance with AML and data security laws, strict rules governing marketing materials, controls against market abuse and the implementation of dispute procedures, as well as transparency regarding pricing, fees, and commissions.  

While stringent in its requirements and obligations, MiCA regulation will allow CASPs to pass their services to all EU member states, making it easy to conduct business across the European Union with just one approval procedure.  

For issuers of tokens, a whitepaper must be published and submitted to the relevant authorities and any tokens to be issued must be done so by a legal entity within the EU. This effectively excludes most ICOs (initial coin offerings), TGEs (token generation events), and IEO/IDOs (Initial exchange/dex offerings), which throws the legality of much of the existing DeFi infrastructure into question. 

Due to the fact that centralized firms are by far the easiest to regulate, it pursues a strategy of forcing key parts of the crypto ecosystem to have a centralized point within the EU’s jurisdiction that can be regulated.

Finally, and perhaps most draconian from the perspective of DeFi users, algorithmic stablecoins are to be completely banned under the current MiCA regulation. Additionally, asset/fiat-backed stablecoins must henceforth be backed 1:1 by a liquid reserve of the asset in question.