Douwe Lycklama
Douwe Lycklama | INNOPAY
Douwe Lycklama
Jason Ekberg
Jason Ekberg
Oliver Wyman

How to prepare for the new MiCAR crypto rules

June 2024 marks a watershed change in crypto regulation, with the Markets in Crypto-Assets Regulation (MiCAR) going into effect across the European Union (EU). MiCAR is the first framework of its kind to regulate crypto assets, related activities, and services.

MiCAR aims to establish more certainty within the often-volatile crypto market across Europe by balancing the promotion of innovation and technology with the need for consumer protection and financial stability. At the same time, the regulation helps harness risk with its comprehensive framework ensuring customer protection and fostering market integrity. By introducing stringent requirements for issuers and service providers, MiCAR mitigates risks related to fraud, market manipulation and financial stability. Its implementation will likely influence not only the European market but also global practices, given that the EU tends to lead and offer inspiration for other jurisdictions globally. We saw similar first-mover trends with internet privacy laws (specifically, the General Data Protection Regulation, or GDPR) and digital cellular networks (like the Global System for Mobile Communications, or GSM).

The adoption of an industry-wide regulation like MiCAR shows that crypto assets are increasingly onpar with other financial products, services, and infrastructures and thus require the same level of regulation.

This article outlines how organizations can effectively respond to MiCAR. It supplements a newly released MiCAR assessment tool that offers an initial overview of MiCAR’s scope and potential impact on businesses, helping them prepare for compliance and understand the ongoing regulatory discussions.

How organisations should respond to MiCAR

Organizations should take prompt action to respond to MiCAR given the substantial regulatory compliance obligation, the need to resolve uncertainties in MiCAR, and the stringent implementation timelines.

MiCAR introduces a significant compliance obligation

Although MiCAR is a step in the right direction to increase trust in crypto assets and services and reduce risk in the system by introducing a strong regulatory framework, it also presents a compliance obligation for organizations covered by the regulation. Although organizations that hold credit institution or e-money licenses will have few additional requirements, organizations that do not hold such licenses but wish to offer digital assets will have to acquire one. This will likely require an operating model overhaul. Additionally, stablecoin issuers that are classified as “significant” under MiCAR face stringent capital requirements and additional supervision by the European Banking Authority.

MiCAR comes at a time when organizations must navigate an increasingly complex regulatory landscape. This includes additional mandates related to the MiCAR regulations, such as the Digital Operational Resilience Act (DORA) and the revised Transfer of Funds Regulation, which escalate the compliance obligation even further.

Four objectives of MiCAR and its implication for businesses

The following section offers a brief outline of the most important regulatory considerations for businesses, related to each of the four objectives of MiCAR.

Legal certainty

A robust legal framework that clearly states how crypto assets are dealt with in legislation and regulations. This should be accompanied by enhanced supervision, including an authorization and/or licensing process. Furthermore, compliance obligations necessitate substantial documentation, operational controls, and reporting to maintain the said authorization or license.

Innovation and fair competition

A regulatory framework that includes a fair trade-off between technological development and consumer protection. For businesses, this means clear and transparent rules which are the same for each institution independent of size, as well as the introduction of EU regulatory sandboxes available to MiCAR-impacted organizations.

Consumer and investor protection and market integrity

A regulation that clearly focuses on protecting consumer interests and market integrity, necessitating the development of transparency favouring measures such as whitepaper publication, informing about risk, or handling complaints processes. By enhancing transparency and accountability, systemic risks and investor confidence are promoted in the rapidly evolving crypto market.

Financial stability

A strong regulatory base to ensure financial markets remain stable within the EU. This will require strengthening of market abuse rules, AML, and counterterrorism financing measures, as well as implementation of capital requirements for both Crypto-Asset Service Providers (CASPs) and stablecoin issuers.

Uncertainties remain about the specifics of MiCAR 

Ample uncertainties remain with regard to the scope and terminology of MiCAR, making compliance a more challenging task to achieve. These include:

Reverse solicitation

There is currently no certainty with regard to the impact on non-EU parties providing services in the EU. The European Securities and Markets Authority (ESMA) does have some guidance on this issue, but more questions remain.

Relation to other regulations

More clarity is required for situations in which MiCAR impacts organizations providing services that might also fall under other regulations, like the Payment Services Directive (PSD2).

Fully decentralised

There is no definition of “fully decentralised” within MiCAR, and therefore uncertainty about the scope of the existing regulatory exemption for “crypto-asset services offered in a fully decentralised manner.”

Non-fungible tokens (NFTS)

There is an NFT exemption within MiCAR, but the scope of that exemption is not clear. This issue has also been raised by the European Banking Institute.

For market players, these uncertainties introduce ambiguity around whether the requirements of MiCAR apply at all or whether businesses will meet the necessary requirements. The European Banking Institute notes that these four uncertainties are only the most obvious, with many more complex cases likely to arise in practice.

Some of these uncertainties will further be resolved with input from market players and efforts of central bodies like ESMA. Future iterations of MiCAR are also expected, which will likely help to clarify issues further.

Timelines of MiCAR are rapidly approaching for EU and foreign organisations

MiCAR has short compliance timelines, further increasing urgency. In addition, national transitional periods are short, with a possibility of granting up to 18 months for existing CASPs (known as a “grandfathering period”). These periods differ across EU countries, although many countries have not yet announced their grandfathering timelines or even put application or authorisation processes into place.

These short regulatory timelines are bumping up against the fast-growing pace of the digital asset ecosystem. For example, non-EU organisations are gradually looking to offer services in the EU as crypto becomes more intertwined with traditional finance. Major cryptocurrency exchanges and digital crypto service providers that serve EU residents will need to ensure their services are fully compliant with MiCAR. Well-established payment institutions that are showing increasing activity in the EU crypto space will have to meet MiCAR standards. Similarly, fintech startups involved in stablecoin issuance will have to navigate these new rules to maintain and expand their European market presence.

The race against time to comply with MiCAR underscores the urgency for well-established firms as well as recent market entrants to reassess their operational strategies, thereby safeguarding their access to one of the world’s largest single-market economies. Examples are US-based firms undertaking acquisitions to launch projects in the EU or engage in partnerships with EU organizations to execute specific services.

Collaboration will be essential for effective regulation

In line with this urgency, the fast pace of innovation, and the first-mover characteristic of the regulation, MiCAR implementation is expected to require extensive collaboration and communication between market actors and regulators. This is also due to the crypto market remaining a “lesser familiar territory” to many European regulators. To date, the AFM in the Netherlands is one of the few organizations with a comprehensive application process in place, offering additional support with a “pre-scan” possibility.

Regulators like the Dutch National Bank and the German BaFin have already signalled their willingness to collaborate with the industry to make MiCAR practical and effective for everyone. On the other side, crypto companies have increasingly voiced the need for clear regulations and rules and might use this opportunity to optimize the regulatory framework they operate in.

As MiCAR takes effect, businesses must proactively adapt to the changing regulatory landscape to ensure compliance and seize opportunities in the evolving crypto market. A deep understanding of MiCAR’s impact on their business is needed to make informed decisions and navigate the regulatory requirements effectively.

Additional contributors: Jelmer Koster. Martine Nau. Leo Sizaret.

This article was originally published on the Oliver Wyman website.

Does MiCAR apply to your business?

For a comprehensive view of the regulation’s structure and content, and to understand if MiCAR might apply to your business, consider taking our MiCAR Quick-Scan.

Go to the MiCAR Quick-Scan
Let's get in touch

Ready to do business with the experts at INNOPAY?