MiCA: What a CASP Must Do in the EU (Panel Series 3) - E105 Artwork

The Encrypted Economy

The Encrypted Economy podcast explores the business, laws, regulation, and security relating to our most valuable digital data...whether financial assets, proprietary data or personal information. Join us each week as we delve into what makes up the new encrypted economy as well as the developments that are shaping our economies and world.

All Episodes

The Encrypted Economy

MiCA: What a CASP Must Do in the EU (Panel Series 3) - E105

February 02, 2023 • Eric Hess • Season 1 • Episode 105

On this week’s episode of The Encrypted Economy, we continue our panel series discussing MiCA. We delve into the appeals of MiCA in creating a common framework for the licensing of Crypto Asset Service Providers. Be sure to subscribe to The Encrypted Economy for more insights on the latest regulatory developments in web 3.0.

Topics Covered:
· 3:00 Introduction to CASPs
· 8:40 Licensing Requirements for a Custodian of Digital Assets
· 22:57 Grey Areas in MiCA
· 32:30 Obligations of a CASP
· 40:40 How Does MiCA Address Insolvency?
· 48:20 Walking through the Obligations
· 55:00 Applicable Provisions Regarding Market Abuse Forecasts
· 1:06:10 Liability in the Context of a CASP
· 1:21:00 Compliance Implications for Smaller Firms
· 1:34:00 Discussing FTX

Resource List:
· Alexandru’s LinkedIn
· Jonathan’s LinkedIn
· Marina’s LinkedIn
· Francesco’s LinkedIn
· William’s LinkedIn
· Alireza’s LinkedIn
· MiCA Overview
· MiCA Heralds New Era of Regulatory Scrutiny
· What EU’s MiCA regulation means for crypto-asset service providers
· MiFID
· Reg ATS
· MiCA and FTX

Follow The Encrypted Economy on your favorite platforms!
Twitter
LinkedIn
Instagram
Facebook

Eric: [00:00:00] So today we have the third in our panel series on MICA markets and crypto assets. Today we cover casp or crypto asset service providers. Now, there are many conceptual appeals to MICA for US crypto natives. One is this notion of a common framework for licensing crypto asset services providers. Now in the US these could be classified as money transmitters or of convertible virtual currencies.

Where if you are either receiving or processing CVCs convertible virtual currencies, you need to evaluate licensing requirements across every state where you intend to do business in. It's an expensive and time-consuming endeavor. At the end of it, you have to worry about bit license cause that's the hardest one to get.

In addition, there are a series of open questions, which are not unlike what you would have in Europe as to whether or not you have to [00:01:00] be an alternative trading system, a licensed custodian, a trust, a broker dealer, a futures commission merchant, or a number of other designations. The difference is, of course, is that this sort of gives you clarity that the business that you're operating with isn't going to suddenly be upended by a new interpretation.

There is a recognition that you are, that there is a framework within which to operate in. As a crypto asset services provider, we don't have this in the us we really don't. Even if you go and you get your mtls across multiple jurisdictions, some states are still figuring out what they wanna do on CVCs.

Other states are constantly reevaluating. There's no such thing as a regulation that stays static. But nonetheless, to get a framework that gives you clarity across multiple jurisdictions within the eu, that's something we just don't have.. So joining us today, we have the same or similar panelists as we've had on the first and second [00:02:00] podcast.

Alexandru Stanescu, partner of C S L V legal in Romania. Alireza Siadat, partner of Annerton in Germany. Francesco Patti professor of private law at the University of Bocconi in Italy, Marina Markezic, Co-founder and executive director of the European Crypto Initiative in Belgium, and William O'Rorke, co-founder and partner of O R W L Oats in France.

Got another great one for you today. I hope you enjoy it. We have at least one other following this, where we're gonna cover things like how all this, how MiCA Interplays with all the other regulations in the EU and some of the local components of it. So nonetheless hope you enjoy this episode.

That's another great one.

Welcome to The Encrypted Economy, a podcast exploring the business laws, regulation, security, and technologies relating to digital assets and data.

I am Eric Hess, founder of Hess Legal Counsel [00:03:00] and your host. Join me on this journey exploring the reach of these transformative technologies.

I am so excited to be back for our third panel series on MiCA with our guests. Last time we discussed in the first episode we discussed definitions in the scope of MiCA. In the last episode we talked about specifically issuances much more, and today we're gonna be talking about CASP or crypto asset service providers.

Again, thanks everybody for joining for this third panel session. And I think we'll just start off with Francisco telling us what a CASP is.

Francesco: Yes. Thank you very much Eric. A CASP is a crypto asset service provider. I know that Americans love the vasp, we use casp, but it's almost the same thing.

And it's an important part of mica. A lot of people [00:04:00] think that this will be the most impactful part of mica. It's also set of rules that will harmonize the European. At the level of crypto asset service providers, nowadays, it's not harmonized. In some countries we have very precise rules.

In others, we don't have any rules. And basically, the only similar playing level field that we have are the rules on antimony laundering, which now apply to the crypto asset service providers. But we are going to have these new rules that basically provide different rules with respect to fundamental aspects.

So mainly it's licensing. We've already seen, like the licensing is an important part of mica with respect to the offer of crypto assets, we have licensing for electronic money token asset reference tokens. We have the duty to notify other crypto assets in order to provide crypto asset service provider.[00:05:00]

We will need licensing. The good news is that the licensing will be European licensing. And so the fact of having a license in one country allows in principle the Casp to operate in all the European countries. That's important because nowadays it's not like this. And so, if you are allowed to operate in France, theoretically you cannot offer the crypto asset services to ad German.

And so the, of course the legal landscape is very unclear in this sense. It will be, it'll be an addition. And then there are also like other rules that deal with the crypto asset service providers that are particularly of a big size that have a significant volume, and they're going to undergo rules which are stricter, and they will also be directly controlled by asthma, which is the European authority.

Whereas this licensing at, let's say a [00:06:00] national member, state level, will be provided by the authority of the national state, where the crypto asset is located. And so it means that if it's located in Lithuania, he will apply. With the Lithuanian authority. And then due to the treaties of the European Union, the crypto asset service provider will be able to offer its services to other countries.

This is something which is not new. We have a regulation which is similar to MiFID in the sense. So, the idea that basically there is an harmonized set of rules and that this service provider can operate in every part of Europe. The conditions of, let's say, to operate are.

Similar to MiFID you can always make a distinction not only with MiFID, also with, for instance, rules about credit institutions when it comes to safeguarding of funds or other aspects that are regulated under [00:07:00] MiFID. And so, the person who is, let's say who knows a European regulatory law finds always a correspondence between what we find for crypto service providers and something which already exists.

One important aspect, like before, I would say also to nominate a bit, which are this this services. So because there is a list of services is the fact that. So when we think about s we refer to, of course, to Binance to bit Panda, other big players in the world. But like Mica takes also into consideration the possibility that this services are provided by.

By institutions and entities that already are licensed at a European level. For instance, credit institutions will have the possibility to offer crypto asset services. And I think that this is it's a [00:08:00] very, it's a very important aspect because it means that basically you are allowing with unexpressed regulation, also institutional players to provide services, which nowadays are provided only by, by entities that that are, let's say a bit outside of the institutional financial word. And I talked about credit institutions, but the same holds through also for the, for other types of regulated entities. Also with respect, for instance to investment funds. And so, this will open up also the possibility for, let's call them traditional players, to deal with crypto assets.

Eric: Let's say that you are a custodian for digital assets. You can, and that's all you're doing, would it necessarily draw in other licensing requirements?

Francesco: No, like custodian is one of the items that we have in the mica as a service as [00:09:00] like a crypto asset service provider. And then we can raise, as I've said, a correspondence to something similar that we have at a European level, which we find in MiFID, for example, the custody of financial instruments.

And if you look at the rules, you have basically the same rules. What is interesting is that with MICA, you open up the possibility also for people that are already licensed according to other rules, to provide the same services. And so like when we think about custody, we can think courageous, for example, an ex an American example of custodian.

This new custodian could take a European license and operate all over Europe, and that's a great advantage. But for instance, if we have a player that already does custody for financial instruments, it could be possible also to deal with crypto. He needs to inform the authority, but this would be, this will be [00:10:00] grant will, will be granted to him.

Then perhaps he will not do, it'll not do it because of course you need a certain expertise. But it is possible that they're going to offer also services related to crypto. They could team up with already existent crypto asset service provider. I made the example of courage. For instance, an Anchorage could work with traditional banks and provide custody study given that they have a particular expertise for this.

Just to make an example. And so I think you're open up to a wide array of crypto asset services, which will be regulated in a way, which is similar to what we already have at a European level. And as I've said, the services are different now. Yes. I give you the word Ari. Services are different and you apply always for one or more services.

So, it means that depending on which is the casp, it'll choose service or the other, or more than [00:11:00] one. It depends. But basically you are then allowed to provide the service for which you got the license.

Alireza: Yes. I would absolutely agree to what you said. And I just wanted to add a little bit on that because it goes a little bit in the direction what you were just asking, Eric.

So assuming that we have a crypto custody service provider and this crypto custody service provider is providing the custody of the crypto assets or the safekeeping of the private keys, but then it also offers to its clients, let's say staking. So staking is something which you could do. With the crypto custody license already.

And you should look at the crypto custody service provider, what is intended to be provided to the users or to the clients, and then think of the license you may need. And what I think is very interesting is that in the most recent version of car, they added a new casp, which came like in a, I would say in a last [00:12:00] second.

And it's the providing transfer services for crypto assets on behalf of third parties. And this is something where I would just to like, to raise the question, like to understand what you think about it for me, providing transfer for crypto assets on behalf of third parties. It is good that you, when you look inside the mica, if you scroll a little bit down, it also defines what it means.

And so there is a definition for that. And it says that yeah, providing transfer services for crypto assets on behalf of third parties means to transfer on behalf of a natural or legal persons crypto assets from one distributed ledger address or account to another. So, I think it is catching all clause.

Something which you, which they put in because they saw players like, let's say open sea, where you can connect your wallet and you can transfer your NFT to some other wallet. And [00:13:00] I believe that they then, yeah, the ones who put this clause into the mica, they were thinking of covering something like open sea or something like wallet connect where you provide a service or where you can connect your wallet and then transfer your assets to some other wallet.

And many crypto custodians, they do something similar. So I would I would like to understand for my co speakers, what do you think is this? Providing transfer services for crypto assets on behalf of third parties. Is this already covered by crypto custody? So is crypto custody broader or is it something different or is it maybe something totally different, which I didn't understand, but this is a very interesting one.

Francesco: Yeah, I think it's a good point. To add on this, like of course, it's a bit worrying to hear the scope of this service. There is a recital that clarifies that like nodes are not contemplated. So the fact that you are a node and do, and [00:14:00] basically contribute to transactions, this does not make you a crypto asset service provider, which is good news.

Otherwise we can close the blockchains and but you're right. Like it's something which is which is a bit unclear I think, but it's the first time that I think about it, so perhaps it's completely wrong. Also, bridges can, could be like a difficult point here. And yes, custody.

I see it as a more static service in which you basically put your crypto inside. Although I have to say that often they also provide other services. A lot of time they buy on behalf of the client. And so it'll be interesting to see like how many services you need to be requesting in order to be licensed to provide like a service, which seems normal custody because if you provide also exchange, transfer, et cetera, which is kinda of common for players, then I [00:15:00] think that in the end you will pro, you will ask a license for a wide array.

And perhaps what is meant by custody is really like the static custody. Whereas the transfer is something which implies also a dynamic transferring from one address to the, too.

Eric: I guess the question is to what extent, if you are a pure technology provider where you're just providing some component of the transfer, you don't have custody, you're maybe you're providing just a interface, between two parties.

I guess it could capture that. That's a pretty, that would be a pretty broad almost a vendor interpretation.

Francesco: Yes, this is as I've said there, rest is recital, which I invite you to read, which is 63 D according to the version that I have. And it basically excludes some players. But it does not [00:16:00] include the validators notes or minors that may be part of confirming a transaction.

Be even though like they, they offer some kind of crypto asset transfer service, for example, custody and administration of crypto assets. So it tries to make an distinction here, but I think as we said a lot of other times, like there isn't a willingness of pointing to the technology intended as the blockchain nodes, miners, and everyone that contributes to the validation of the transactions.

But I think that, like everyone else could be in danger. And also the examples that were made by Risa could be catched by this.

William: That's true. Just to, maybe to add something about what Francesco just said about especially about the infrastructure, like the layer one, which most of it don't fall [00:17:00] within the scope of the regulation.

I think it's understood to recall that and to keep in mind that, of course this regulation actually targets the intermediate areas between the people like the legal entity or the individuals and a service provider. Of course, when you are providing like only a tech, like if you are only a tech services or if you are, like, for instance, if you are the subcontractors of some of a service that is offering the service at the, to the end user, you don't follow within this cap.

The most easiest example to understand, it's like the custodian, like the crypto, most of the Christ crypto custodian, such as fire blocks, ledger, vault, and I probably forget a ton of them, they are not regulated because they are offering the services. To I don't know, [00:18:00] Binance and so on.

And these services are regulated because they're offering a custodian, a custodianship service to un and me us. And it's very important to keep in mind because in, in the crypto world, sometimes we have a very tech approach to the reg. We try to have a very tech technological approach to the regulation.

And to forget that it's only this interface between the farm, between the market and the crypto, which is regulated and all the infrastructure the tech, the back office is not regulated regulations. Yes.

Marina: I think just to add again I think it's very important when we think about what is infrastructure.

So is infrastructure again only layer one or is it something that is like meta mask can ledger what you just mentioned and I think that. Going back into the definition of what is the crypto as a service provider is going to be vital [00:19:00] for all this in a way projects to look into what they need to be compliant with.

And there are two other things. One is we have a definition of crypto as a service provider, but I think what is also important, and we have seen that this is happening right now, which being implemented in maybe some other regulations, is what's what is the definition of a virtual as a service provider in the FA of recommendations.

So, this is something that regulation regulators are European Union and others are of course observing. And I remember when the members of the Parliament said that for example, the. Transfer funds regulation is one of the most ambitious implementations of the FAR f recommendations in the European N Union.

So that is also something that I think we need to look into. And the second thing is there are new regulations and new directives coming up that might be linked to some of the similar projects that we are now [00:20:00] just discussing. So, we're having this email package, but also the deck directive that is basically defining the way how member states should exchange information regarding taxes.

And in this directive, at least one of the drafts, we see that the crypto as a service providers are defined in a different way from what we see in Mika. So just understanding what Mika does and how it regulates crypto as the service providers will not be enough for all those projects in the future.

They will need to look into specific regulations too.

Alireza: So, I would like to add on that. So, you absolutely right Marina, even then, in an inside a Red, you can see that Mika is referring to FATF and saying that first the yeah, recommendations of FATF and the ongoing recommendations of FATF are very important and even says, when analyzing a business, please always also look at the fat recommendation.

[00:21:00] Therefore, I'm absolutely with you and William, what you just said. Regarding you called it the back office service providers, which are not regulated because the provider services to the casp. We have a similar positioning in Germany. So the German regulator actually provided lots of material on the regulation of crypto asset service providers.

And there's a clear understanding by the German regulator, which I understand is also yeah, something which the Mika and the other member states back is that if you have a someone who's providing. Either technological service or even yeah, hardware, not just software services. They are not covered by MICA as long as they do not have access to the private keys and they do not have access to the key recovery phrases and the key recovery package.

So, you mentioned fire plugs. You're absolutely right with that because fire plugs is having an NPC solution. So it's a sus solution software as a service solution. So anyone who wants to do trading with crypto [00:22:00] is can get this license to use the sus solution of FPLs. And then the one who's using this service of FPLs, this person has access to the crypto access into the private keys in a case of a npc.

The private keys, they're just produced instantly when you do the transfer of the crypto as it therefore there's no possibility of FPL to having access to the private keys. This is one thing, and if you then look on the hardware devices, for example, what Meta Swiss company is doing with hsm , then Modus, which they produced.

They, you have also, again, to look at are these modus, is hardware modus lying with the bank and with the service provider? Is it like on-premises? And do they have the key recovery information? And if this is true, then the one who are providing the services, it could be also cloud service, like with IBM and Azure and so on.

They're all non-regulated. They're all non-caps. And the others who use the services there would be the casp.

Eric: We talked a little bit about the carve out. Do you think there's other [00:23:00] gray areas in terms of the definition?

Alireza: Yeah, so I didn't want to start this discussion because I thought that it's going to be a big discussion in our in our talk today.

Decentralized finance. So, this is a big carve out. It's a major carve out. And this is something I think, which very interesting to the entire market because I think Defi is growing and I think we all agree that defi is out of the picture and maybe MICA two. So Mica 2.0 is going to cover defi and, but this is very interesting to look at what MICA is right now saying about defi, when is defi not covered and when maybe defi products are covered, because this is also written inside the mica.

And the wording says, if you have a legal person or a person, which where Mika would apply to, then Mika applies. But if we do not have a legal person, and this is the problem, actually what we have of the definition of defi, when is defi really decentralized fully, and when is not decentralized, it's one thing.

[00:24:00] And then, but what also Mika says, if you have a token, for instance, so you have a defi network and there's a token which is issued and some cask wants to trade with a defi token, then the Defi product is regulated if the cast inside a European economic area, Is letting this yeah, defi token being traded or providing services for such defi token.

Then again, it's covered. But I would also like to hear from my co speakers what you think about how we should understand defi. So when is a decentralized network or maybe a decentralized autonomous organization, decentralized in a regulatory sense by maybe looking at the voting rights and shareholder rights or shareholder positions.

We have this control definition and definition of a mandatory holding and stuff like that. So, what do you think? So

Francesco: that's of course a super important question and of I was super worried about this problem when there was the [00:25:00] definition of Tao in the mic at the 10. They have excluded. Now we have two elements that to me are important.

First of all, there is fully decentralized, which it's very difficult to. As we know we have also to bear in mind that like Mya does not cover like all the activities that are made by the customers on its own initiative. And so, like I can feel that Defi presents itself in a way which is not an invitation to.

So this is, I think if DFA will maintain an approach which is very cautious, like not using the languages of the European nations, which actually it's not done by a lot of them. I think like this could be avoided altogether because DFA projects do not have a permanent establishment in the European Union normally.

And I think that there is a kind of indication of how you could [00:26:00] avoid all the application of these rules for defi. But of course, like the problem of fully decentralization remains. Let's imagine that we talk about a project that is European in nature, a defi project, and we have some in France especially I would say like, how does this project deals.

And I think that there, we have to look at the recital fully decentralized. I would say it means that first of all, you don't need an entity which pays dividends. This would be tremendous, I would say. And then the voting rights have to be quite distributed In what sense is different to, to say for instance, we have a good article of mark Boron who is a known crypto lawyer in the US who theorized a bit like what does it mean to have a sufficient decentralization?

And like there isn't a direct [00:27:00] response on the, on this issue. But the important thing is that you don't you need not to have an essential entity that controls, like he puts this number, which is 10 different points of decision making, spread a bit all over the world. And plus you, you have to add on this also the, but of course, it's something which must be seen. What I get from this indication is just that, that basically you are saying that there is something which falls outside of the scope of application no matter what. And it's the true Dao. But I would carefully say that it's better not to offer this defi project through the front ends to European customers.

Like having always, a very careful approach not using Italian French [00:28:00] or Spanish, which could be one of the signals that you're offering in this countries. And yes, I would, if you apply this approach, I would say that it's difficult that they're going to enforce MiCA against this this players as it happened in the United States on the basis of the rules that we have.

Eric: Yeah, I mean there's an ongoing debate in terms of front ends. I think there's a recognition that a lot of the backend processing for defi you're just simply not gonna capture by any regulation, us included. And so then, you start to get into these difficult questions is who's regulated?

Because how many pieces of the puzzle are spread out amongst different players? And then who has responsibility? The s e c in a Reg ats last year when they were talking about a revision, again, this sort of is a US CASP type questions. They raised this notion that you could have multiple operators that could collectively form an [00:29:00] exchange and each operator would be regulated.

So, each piece of the puzzle would be subject to regulation, which was snuck in a footnote. And a lot of people really reacted strongly against, because then you get into our developers responsible. So it's, the decentralizations question because to the extent you regulate it. , you can easily just break apart the different components further or further disintermediate like front ends.

You could have it pulled off of a GitHub or some other where you're plugging in yourself. Where there's also orbit, which is an ecosystem where, nobody you can't really identify any particular centralized actor in any way, shape, or form. It's a little bit like whack-a-mole once you start getting into these questions.

And I think again, I think both in the US and in the European Union, I think I, I believe I see like a reluctance to go too, to be too aggressive in addressing this, because, number one, the size of the space [00:30:00] and number two just the challenges that it, it raises.

Marina: I think what's interesting here as you mentioned is that.

What is, there is no legal entity, for example. We have seen, I think in Europe, we don't have any specific definition that I have seen of what is decentralization or spec sufficiently decentralized except from what was mentioned already in Mika. But we can see, for example, what happened in the Netherlands when it comes to tornado cash.

So in this cases it's not directly linked to Mika, but at the same time it's helping us understand how the prosecutor. Sees the role of a person that can be a contributor, that can be a developer, but could also have in a way, managerial effort into what was happening at the specific time.

And I think that in a way, at least in, in that case, there was a connection [00:31:00] to their interest of this specific contributor to the higher price of the token versus how they were offering or how they were developing this this specific product. And I think what's also interesting what happened this year, we had quite a lot of events happening in the US with the

And I think that was one of the most important, at least to date feedback from the US on how they understand DAOs and decentralization. And in that part, even any type of Voting or any type of activity from one person would mean that they are in a way involved in this entity that can be a DAO or that can be an incorporated partnership.

And I think that could be really devastating to the ecosystem, if that would be true also in in Europe. And [00:32:00] in this case just at this moment, the law commission in the UK is also asking the industry, the community to get some feedback on understanding better DAOs, what DAOs are, and if there would need to be something like new law on DAOs.

And we see all over also the us new states looking into having new laws for DAOs. So I think that in a way that's not just financial regulation is also looking into how do we regulate, how do we define legal entities?

Eric: We'll pursue, I think, defi a little bit more on our next episode, but maybe we could start to move toward the.

the obligations of the casp.

Francesco: Yes. Okay. We can, there are a lot. So please help me, I will begin a bit and then we can discuss about the issues like first of all, you have to be located in the eu, which is held as important. We have this element also in other [00:33:00] cases there is the willingness of having heart bases in the EU in order to exercise some oversight and control over an entity which is existing.

And it's not possible to apply from I don't know, Asia and get the license and then operate without having an establishment in the European Union. So, this is the first requirement which is important. And on this, like you, you need to basically ask for an authorization. And also here we have a very long list of information that you have to give to the authority.

And the authority will control on the, not only like on the type of activity that you want to provide, but also on the substantive capacity of performing this kind of service in a way which is, of course, safe for the users. And apart now from the [00:34:00] single requirements also related to the capital that you have to have or other aspects.

I think that another important element is the fact that there will be also like a control over the people that decides that are within the governance of the cusp, which is also something that, that we have in the financial, in financial. But basically there is also a scrutiny about the real capacity from a professional point of view of running this type of dangerous business.

And so the first step is basically this very long list of indications that need to be provided to the authority. Then the authority has 40 days to respond and to say whether it fits with the conditions set by the regulation. And here I asked to myself, because I see that nowadays for the countries that have already implemented this kind of rules, it takes a lot of time.

Whereas here, my [00:35:00] feeling is that they want basically to implement a system which must be faster for the, in order to get a response in a way, which is very faster. Once you get the authorization, you can start operating. And then basically you have rules concerning the control of the cusp which is provided the fir in the first place by the authority of the counter in which the CUSP operates.

But then there is also like a European level in which as mine, ABA will also intervene and rules concerning this this supervision. And yes. Now I think we can also enter a bit more into detail with the rules perhaps commenting on something. But that's basically the skeleton of the rules.

It's not so new and it brings basically to have some people that take the responsibility and that have a recognizable position [00:36:00] within the European.

Alireza: So, I would add on that. So once you have the license, it's not over. You have to make sure that everything you did to receive the license, which, for example, the fit and proper tests of the directors of the company and so on, this has to stay also ongoing looking forward for the business so you not just really wants to get the license.

Ongoing business has also always to make sure that everything. You did to get the license has to be the same. And then when we look at the obligations, which the crypto asset service providers have, we differentiate between the obligations which are there for all the crypto asset service providers.

So the general obligations which are in chapter two and Article 59 following. And then we have specific obligations for specific crypto asset service providers, such as for the crypto custodians. So I'm just gonna pick on some of them and I think we're gonna talk later about some specific ones. So the general [00:37:00] ones, for example, they are the obligations to add, act, honestly, fairly and professionally in the best interest of clients and information to clients and so on.

There are some further general require requirements such as Prudential requirements. There are requirements to inform the supervisor authority. There are specific requirements to when you went down your company and stuff like that. But then when it comes to the specific requirements, I'm just picking on the crypto custody service provider.

It is very interesting to see that the crypto custody service provider has some certain applications where we see that this is very important when we look at the most recent incidents with the crypto exchanges and cryptocurrency service providers, such as the obligation to re fence the assets of the CASP from the assets of the client.

So, re fencing the assets to make sure that in case of insolvency the assets of the after [00:38:00] casp yeah, reinvent from the assets of the users and the assets of the users are not going into the insolvency. Yeah, to the insolvency proceeding. And they're covered, they're protected from that.

And this is something what I would say is very interesting to see, and this also we already have in the general applications where it says the general applications of safekeeping of crypto assets and of funds of the users. And I believe this is a very strong list of obligations which the cast are going to have.

Eric: Does that ring fencing apply to a bankruptcy or insolvency analysis? Would it be governing?

Francesco: Yes. This should be the case because it tries to avoid the commingling of the assets, which we saw, I saw. So dangerous in in these cases. And yes, I also agree that this is a very important point.

And yes, of course, if you read to act honestly, fairly at something, which is which is quite [00:39:00] generic, but of course the idea is that the first interest should be for the clients. This is this is something which is which is absolutely true. Then there are requirements related to the minimum capital, which is not enormous in my opinion.

It's like 125, I think in general and 154 trading platform. Not enormous, but we have to be aware that nowadays we have a lot of companies in the eu, which basically every time have a minimum capital required by the law, which can be, for instance, in Italy it's 10 K, and so you don't have solid companies that operate service, which is very dangerous.

But I also wanted to add, because custody is of course important, there is. Also here, like the indications are quite generic as to the, of course, type of technology. But there is the indication that also the IT services and technologies that are adopted by the casp should be of first level. [00:40:00] And within this first communication that is provided to the authorities, there must be also the indication of how they basically organize their activity from a technological point of view.

And so also this will play a role, although I think that there will be best practices for the person that asked for the authorization, but there's also the willingness of entering a bit, not only on the organization with respect to the personal part, but also like in looking how they organize their activity from a technological point of view, which is, I think, challenging because The technologies are quite new, and if we imagine that a lot of also traditional players can access the market, I think that there, there will be more scrutiny than now.

And more transparency.

Eric: I'm gonna actually just circle back to insolvency. If keys are on an exchange, you may see it in your account, but if you're dealing with a centralized [00:41:00] exchange, they may keep their, the assets on another exchange, because that's the way it's typically.

So if that ultimate exchange goes under, it can impact your ownership despite the fact that you see it in your account. , it isn't really segregated and there's certain things you can do technically. For example, you could you could ensure that those assets actually have to move through like a fire blocks implementation or to a third party custodian.

And that custodial relationship or that fire blocks relationship where you are a sign that you being the user, the client is a is a signatory to releasing those keys. That would be one way of segregating it, but other. They would tend to be there could be an accounting mechanism where they're, where you're treating those keys as running to the particular user, but the segregation isn't really happening.

They could be held on an omnibus basis. They could be held at the exchange. This is largely record [00:42:00] keeping, but it doesn't necessarily in the context of a bankruptcy. There are omnibus assets where if I'm a customer and you're a customer, then we share, we may have claims on the estate, but we may not necessarily get it.

It also further complicates it in the US with state law because certain states recognize property differently. Just curious how you think MiCA would or wouldn't address those types of questions.

Alireza: So maybe just start into my co speakers. They just add on that. The MiCA is, I think very thought through because the obligation of segregation is not just.

Applying when you set up the wallets the mic says specifically, you have to make sure that the segregation goes through the entire operations of the custodian, which means that if you take the example of Coinbase, we all know the Coinbase did a filing last year with the s e c, where it turned out that there is a trading [00:43:00] wallet where the assets of Coinbase and the assets of the users are getting mixed up when they're doing some trading.

This is meant by you have to do the segregation through the operations. It means Not just when you put up the wallet and they put their assets, they're also, when you do trading, never mix up the assets of your users with the assets of the crypto exchange. And to my understanding, at least in, in in the European economic area, this is important when it comes to the insolvency estate.

So, if the exchange is becoming insolvent, only, the estate is covered where the where it's clear that it belongs to the exchange, but where you have really a segregation where you say, this all belongs to the users. Any insolvency administrator would not touch that assets because there is a right of segregation by the users.

And so it is not covered by the state. And I believe that the MiCA is very thought through. [00:44:00] MiCA could have also done something different. They could have just copied the investment services directive because under the investment services directive you as a custodian, you are only either allowed.

Do custody or trading, you're not allowed to do both. So you would need to have two entities if you want to provide trading and custody. This we all have in Germany right now when it comes to crypto trading. So you always need to have two entities, one entity, which is taking care of the crypto assets in sense of custody, and the other entity is allowed to provide trading services.

But MiCA did not go this way. I don't know why but this allows you theoretically to be custodian and provide trading, but then you have to make sure that from an operational perspective, that your segregation to the

Eric: end. Great. Alexandra yeah, just

Alexandru: a point here in a way is compliment Alireza [00:45:00] from a common law perspective and to, to bring to your attention that.

There is a very good decision, even if is not from the US but from Australia. But basically, it, it goes into the theory of holding in trust. It comes from the, it stems from the hack ofia, one of which was hacked in 2016 or 17. And afterwards, of course we've seen other hacks and, other states are being billed in the bankruptcies and the judge makes a very good distinction of what is held in trust and what is held in this state of the crypto exchange with some, interesting variations across the UK, Australia, and even the us.

For our listeners I really found that a very [00:46:00] good decision from the Australian

Francesco: judge. Yeah. I also want to add something on this because as Eric has said like in the end it's a like, private low question. What do we have? Is it a property or who is the owner? What custody mean?

On this, we have also like this new uni draw principles, assets that perhaps are not like super comprehensive, but they define a bit what is meant by custody, actual control. And so it's interesting because it's like they provide definitions which should work for common law and civil law legal systems.

My feeling is that also here, like the entire system which deal with crypto assets and casp is going in the direction that the ownership is on the user and not on the crypto exchange. I say this also from the perspective of taxation nowadays and like [00:47:00] holding crypto assets for.

As an owner for an exchange could also be like dangerous for taxation repercussions that may arise. For instance, in Italy we have now new rules on taxation and basically they take also into consideration the example the case in which the crypto asset service provider holds on behalf of the client.

And if you look at this rule, they make clear that basically the ownership is not on the exchange, but that they deal just with the custody. Then of course, like one has also to look into the provisions of the general trans and conditions. My feeling is that also normally they go in the direction of.

Of custody, but it's not always the case. So I don't remember exactly, but it was, there was a study made on the provisions of the American US [00:48:00] exchanges. And there was a big inconsistency with respect to how they defined the relationship between the clients and the exchange as such.

My feeling is that at the European, in the European Union, you're very careful to distinguish between the spheres of ownership and you make clear that the relationship is just custody on behalf, which is so our personal relationship between the CASP and the

Eric: user. So there's a number of obligations that we can address.

I'd like to walk through these obligations so we can

William: take them one by one if you want. Yes. Let's do it. , you already have introduced like I at a high level, like most of them, but I think first it's important to understand that there is like, Regarding the obligation to get the license.

I understand that there is three category of obligation. We have talked about the equity requirement or the insurance [00:49:00] of the asset, which is either one on another this obligation, like of course m to protect the asset of the client. And we recently have, unfortunately, see some very critical example of this asset protection.

You have another kind of obligation which focus more on the cyber security which have to be understand in line with Dora regulation. So the idea, if we want to keep it simple, Is that we, for the Mica asks the CASP to be in position to ensure that the IT system are safe.

So, you have to be audited regularly. You have to organize some pa pain testing. Like white hacking offshore system. You have [00:50:00] to anticipate like a failure of offshore system. So maybe we'll talk more deeply about it later. But the idea is to reach a level of cybersecurity which is the same as the other financial interment areas.

And which will be if as a, if there are works well, it'll be a quite high level of cyber security. And the last group of obligation are more traditional. It's about, of course, the fetal proper of the significant executive and the significant shareholder, but also a lot of obligation about how you are conducting you.

Following of course, what we asked to, like all the other financials you have to present conflict of interest. You have to ensure the best execution policy of the order of your client. You have to provide like a fair transparent commercial documentation to your client. You have to offer your [00:51:00] client a where to complain and deal with this complaint in a properly and professional manner.

There is probably more obligation, I forget, but I rely on my call speaker to conclude and of course this is what you need to do to get the license. But after, as its other way as it already has been said by micro speaker you have to keep this level of compliance.

And we all know that the level of compliance will gradually rise as any other as any other license everywhere in the world. Like the level like slowly rise year after years. And lastly, you will be supervised by your local regulators. So if you are, if you're in Germany, it'll be the b If you are in Belgium, it'll be the Belgium regulator.

And this regulator will have much more [00:52:00] power to supervise you. Cause it's one of the limit of the current system when you have registration, is that there is no such a thing that the regulator can ask you to information a ask you to provide. And the regulatory is sometimes a little bit like harmless in front of like non, very professional behavior but still not illicit behavior.

Yeah, it was very broad presentation, but I let Alireza continue.

Alireza: Oh, thank you William. I just wanted to add some things it's very complex to get a license. We see it already when you apply for a banking license of an investment film license. So, the MICA license is not different from that.

And one part which many people don't know or don't see is that no matter if you apply for own license or if you try to acquire, so to try to buy a license entity, the shareholder control procedure is something which is very difficult. So the shareholder [00:53:00] control procedure means that the authority will check who are the shareholders of what the, becoming shareholders, who are the shareholders behind the company, which applies for the license.

So, the authority wants to understand. Who are the, those who have the mandatory shares And mandatory shares means anyone who has more than 10% shares voting rights are or capital shares. Actually in Mika's, 20% per for banking and for other institutes is 10. So, let's say 20%.

And so the regulator wants to make sure that this persons, they are the shareholders or the main, the major shareholders, they are fit and proper themselves, which means. The shelter should not have done any criminal activities, especially when it comes to anti-money laundering, and also anything which is in relation to insolvency.

And this is also the reason why companies such as BitMax did not succeed to buy related bank in Germany because they intended to [00:54:00] do some crypto business in Germany and they intended to buy a fully licensed bank, and they could not do so because the some of the, yeah, main founders of BitMEX as we know they had some proceedings going on against them.

In the US. And what the regulator wants to understand, where is the money coming from, which is invested into the business. So, if the money is coming from somewhere where you do not have some clear paperwork, so you cannot demonstrate you have some tax income or some tax yeah. Confirmation for that money, then you cannot use it to invest it in a company to open up a crypto company in Europe.

And this is also something which is very important and this is also the reason why you cannot just come and say, yeah I'm a very successful crypto player, not regulated. So, I have sufficient funds. I'm just going and buying some regulated institute and this is not going to work in the future. And this is, I think, very important to.

Eric: Excellent. And [00:55:00] also a amidst all those obligations would be market abuse. So, what are the requirements? What are the applicable provisions regarding market abuse forecasts and how does it differ from Mar maybe you could contrast the two. If you look

Alexandru: comparatively at the market abuse regulation and the MICA abuse regulation protections the type of prohibitions are pretty much similar from the get go.

On the face of that, it's also worth mentioning that Mar as a regulation was basically created for consumer protection and prohibition of inside their dealing. And disclosure of information for transfer securities. So, the MA is very much linked to method [00:56:00] two in Europe. And what's security?

So, from this perspective we don't see a directly, a conflict of the two unless we get to a point where a crypto asset will also be a security. And again, it'll be a sort of a discussion on what's the supervening regulation being applicable. This is from a theoretical point of view, but then if you look at the prohibited activities, they are very much, similar.

So it'll depend a lot on the specifics of the case when, let's say Mica will be, covering some aspects which are not covering into covered by the market abuse regulation. And, just to [00:57:00] we can get afterwards more into the MICA specific prohibitions, but, just this is, would be the overall framework in which to consider the MAR and the mica.

William: I think just to add something about what and just said this is maybe one of the most important part of Mica in my opinion, because it is something to telling you like this market abuse regulation on the crypto asset market. And it's something that I think the crypto asset market unfortunately needs this regulation quite a lot because we have c We have seen a lot of proof of evidence that there is like work trading, insider dealing, even some people on Twitter are very proud to do inside insider, in insider dealing, insider trading in the market [00:58:00] in the crypto asset market.

And it's something that personally I'm very almost excited to see how the regulator will adapt what exists for years now on the securities on the securities and on the financial instrument market to the crypto asset area. I believe that they will start as usual, they will start very like slowly and with maybe the most basic obligation.

But it's something that will, I believe, like really change the face of the crypto asset of the crypto asset market in the next I don't know, five to 10 years. And allow true democratization because you can regulate every, everyone around the table with the casp with the cast license for instance.

If these people, they are not controlled on the behavior they are in the market, you will never ha [00:59:00] you will never truly have a fair and transparent market. And it is what exactly like market help user is about. So yeah, just my two, my 2 cents .

Eric: And I'd imagine that maybe that's an area which generates a lot of rulemaking at the local authority level, but Ali Reza,

yes.

Alireza: This is also something we touched on the last recording. So when you look at the white paper and you look at an ico, what we nowadays see is that you. ICOs. And then you have this pump and dump activity. So you have a coin who is basically worthless, but then a group of people around the issuer, they just start pumping that coin and pumping the price.

And then you have groups like telegram channels where people just right there. Yeah. The next big thing. So invest in this coin. And in the end of the day, it's a circle of people [01:00:00] around the issuer who just try to pump the coin and then to get out. Yeah. And something like this will be not allowed in the future.

And this will be f this will be, yeah. This will be prevented by also the insider trading prohibition rules and other rules which are going to come. And I think you have to read the white paper together with the m a r and the, so the market abuse regulation inside the mica and the insider trading prohibition together.

Because then you understand that this is basically giving. Lots of protection for the consumer and for the one who's going to buy a token which is coming from an ico, from a token generating event. And therefore, I think that this market abuse and also the insider trading regulation coming with MICA is very important to the market and it's going to cover something which is so far something very dangerous for those who want to invest in crypto and have no knowledge.

Alexandru: [01:01:00] Fully agree on Ali Reza and point and just to give an also a bit of flavor together with Ali Reza and some of our colleagues from the Think Block Tank, which again, it's an organization of European lawyers. Back in 2019, we had this debate and we even issued a working paper on token regulations in Europe, and we covered the market abuse regulation.

And based on the debate, even if you have a sort of a, so unless it's a fraud, so like a sort of a rat pool all these activities of pump and dump were not regulated across Europe in order for the market abuse regulation to catch them. So, they were outside the school. Whatever would've been in normal terms in a normal trading environment, insider dealing or [01:02:00] market manipulation for the crypto.

It was still the wild west. So, from this perspective, Mika with, even if it's not the most innovative, let's say text in the mica, it does provide and covers this this gap, which was previously part of the crypto market, to be

William: honest. Yeah. And maybe, yeah absolutely in line with you, but it's it would be much more productive than only to the consumer because, It remind me something, what happened to what, what happened?

Two years ago I was assisting a client in a case where there was an insurance that, that, that was that was about a reimburse a huge amount of damage happening in, in in ether actually. So in crypto asset and on the middle of the negotiation. So we have [01:03:00] asked a lot of expertise like on the technical side, but also on the economical side for you.

You I think you probably understand the context, and as the middle of the negotiation, we realize that we don't we didn't find it was very complicated to find a trustful source of information about the. Like the price of the you rely on what? On Conco, on con market cap, but con market cap, it's an average of pricing from some sues exchange.

I don't know, for instance con conveys or Kraken or even Binance even if I'm not 100% sure about Binance. And you have also the price officer as this time come from a lot of offshore exchange. And you are absolutely not sure if there is not a lot of fake volume and was trading and so on.

So even to have this mere information about the price officer, like in [01:04:00] 2019, it was approximately impossible to have to have some. And when we were talking about of course about a hundred of thousands of Euro of difference between the different source of pricing, but creating a new negotiation within the negotiation.

And it was for me, the first time I realized that it's not possible in a market, but it's not I don't know. It's complicated in the market when you are, you don't have a this market abuse practice preventing because you, you are not sure about the, even the price of an asset. So it's a huge factor of trust for everybody around the table.

Consumer, of course, regulations, but also like market player or even if you are, I don't know, a lawyer during a negotiation with an insurance. ,

Alexandru: If I may recall on this one what William was mentioning I got this situation as well, even for contracts in a, establishing a sort of a bench international or European [01:05:00] benchmark for the price of a specific crypto asset.

And what we tried to do in Romania, we've seen that there were some public information that the Romanian authority seized assets from illegal activity and they were doing an auction on some bitcoins. So what we tried to, and they were like providing a sort of a price, and the idea was like, based on what are you establishing the price.

So for that, so in order for us in Romania to consider, their methodology as the, the best legal approach, but unfortunately I did not get a former reply. And then in some cases, we basically advise clients let's just look at crypto regulated exchanges within the European Union, wherever they have a license.

And we'll do a sort of a weighted average between the prices based on a couple of exchanges. That was it. But it was, nothing [01:06:00] legal, but mostly, a practical point. But this is indeed, it's important for what's to be considered market manipulation because you need, some benchmarks and standards.

Eric: maybe another topic to, to touch on, and again, we can put this in a different order, but liability I, we had talked about this on the last podcast about an issuer liability, right? The obligation. But in the context of a casp, what is the CASP potential liability

William: under MiCA, if I understand where your question, Eric, it's about what is the liability of a casp if something went wrong for one reason or another?

Eric: Cybersecurity cyber-attacks, thefts, malfunctions,

William: Whatever the threats come from inside or outside. Yeah. But basically you have you have, as, of course, as any other regulated [01:07:00] financial intermediaries, you will have like three level of liabilities two levels that are common to any, anyone.

It is civil liabilities and the criminal liabilities. . So civil liabilities, it's if you are creating a damage you need to answer about your bad behavior or your wrongful or your misconduct it's common actually. Criminal liability. You will, you are off course personally as a, as an exec, but also as a company, you can be subject to criminality charge, which is interesting for CASP is you have the normal criminal employment, but you have also this new criminal employment who come from the market type user practice prevention, for instance, market manipulation inside the trading and so on.

So it is a new level, a new category of white crypto, white collar [01:08:00] cream activities. And you have the last stage, but which is the most important for regarding ate will be the administrative liability. So it'll be the liability between you and your regulators. So the regulators will supervise you and will ask you information and we'll will ask you to basically comply with all of the obligation of MiCA, for instance, regarding your communication regarding if you change your shareholders, if you are not segregating the phone of the asset of your client, and so on.

And this is the most the most direct the fastest way and the cheapest way, if I may say, because it's fight free. I actually, nobody has to pay a lawyer for it to make sure that the cash will follow the rule. And of course, the regulators, he have the ability. You have a huge range of sanction.

But the three mains [01:09:00] one, it's, it can do name and shame actually. So it can say that you are not following the rule. It can. Creating a sanction, even a very small one but make this sanction public. It can, of course pros fine, which can be relatively expensive.

It can be a million of dollar or dozen of millions of dollar hour if you are a very big actor. For instance, regarding the market share of finance, which is registered in I don't know, like three or four country when Binance will be regulated under Amika the regulator of Binance will have will have the ability given the site of Binance to pronounce a huge administrative fine if of course can be held valuable for something.

It's very similar to what happened with Google and Facebook, for instance, on those GDPR. And of course the last shot, it's [01:10:00] the regulator can basically exclude you from the market. If they are, if they withdraw you your license. It's not happen very often, but when it happen, it's like the red button or the atomic bomb, I don't know.

And so this is regarding the casp and of course the regulators has also a lot of power about the people who are not licensed. But we are, we fall within the scope of jurisdiction. So of course we are talking about all the foreign actors, all the offshore players that would like to target the European market after their own twin two application of mega.

Marina: Just to add a very interesting liability, I will be very short. It's about in case an exchange, for example, we discussed this in previous episodes, but in case an exchange would like to list on self-initiative a specific crypto asset, they would write [01:11:00] the white paper in disregard.

And also for that white paper and the information there they will be liable except from some kind of information is also sent to them by the offer. So that's just an, a very interesting example.

Alexandru: on the, there's a huge variety of risks. William tried to create a framework for assessing this.

What I'll be just to add on cybersecurity. At the European level, we have the n directive, which treats cybersecurity from the perspective of essential services within an economy. One of the essential services is apart from water transportation, public transportation is also financial services, depending on whether crypto at some point will be categorized as, financial services specific [01:12:00] obligations on cybersecurity and, contingencies and preparing a sort of contingency plan and all sorts of other obligations stemming from the cybersecurity rules in Europe will be applicable.

A second area, which is which will be covered highly, probably, it's not in a, but we need to take into account. Data breaches, personal data, information breaches that again, will be a very important risk to be covered. And then on the on the specific market abuse and insider during prohibitions, what I like to add is the fact that.

MK for Cubs, cuz provides a sort of obligation. So, whatever, it's an obligation, if you don't comply [01:13:00] with it you'll have not only administrative fines, but also private enforcement come stemming from those. For example, you'll be obliged to disclose inside that information to the public with a couple of exceptions.

One of those is if the delay of disclosure will not mislead the public. But then again, it's very much left in the, in a gray area unless we will have some asthma interpretative rules on, on this point. Another point of prohibition, and I think here is it's an interesting situation, is the fact that You don't have an, you have a sort of AFL two a flag approach.

So, prohibition of market manipulation. There are a couple of market practices which are strictly prohibited, and those are a [01:14:00] red flags. But then also Mya comes with and I think it's in Article 80 the second p the second the second paragraph. It's a sort of an orange flag where they, those might be prohibited depending on some spec facts, specific circumstances.

And then also in those orange flag situations, you might have all sorts of potential liability risks because they are not 100% prohibited. They are, in the middle. Thank you. That would be on my side.

Eric: So I want to kind of circle on the cybersecurity aspect for a bit and maybe take a step back on possibly one of the bigger burdens under MiCA.

Let me frame the question a little differently. When you look at the [01:15:00] obligations of Cass under MiCA, where do you think the biggest lift lies for the CAS providers? Would it be the cybersecurity controls? Would it be the market manipulation controls that you'd have to be in place?

Alireza: So, I would go in the same direction as you just started.

Alexandro. It really depends whom you ask. If you ask some company, which is coming from the crypto from the crypto industry and is very active in crypto and really understands cybersecurity, IT security, and is really mastering every level two applications and so on. I think for such a company complying with the IT security obligations, it is not a big deal.

And if they're really understand how to do it, but it may be difficult for them to comply with financial regulation because they never did something in the financial in. And therefore they will have problems to comply with financial regulation and also to maybe find the right staff and the right personnel for doing the job because they're coming from the crypto [01:16:00] environment.

And the same or the opposite, applies to, if you look at the bank, if you look at the traditional financial services play, who now starts to do crypto, if you would go to a bank and tell a bank look here the Mika allows you to do any kind of crypto custody or crypto services because you're allowed to do so without any further license.

I can bet with you that 99% of the traditional banks would say, I will not touch crypto because I don't have enough clue on how to do crypto custody, it security safekeeping of private case. I don't have a clue what MPC is and what fire plugs and so on means, and therefore I cannot take care of that.

And this is, I think the biggest issue for the traditional players. To get comfortable with the crypto activities and everything related to it security. And they will also have difficulties to find the right people for the right job because if you can imagine or face like an older [01:17:00] gentleman from Deutsche Bank or from Commerce Bank, which is above 70 years and now has to run a bank dealing with security, talking, trading, and fire blocks and Argo trade and whatever they will of course not understand how to do it.

But the managing director of such a bank is ultimately re responsible and liable for the activity of the institute. Therefore, this is very difficult for a traditional institute to suddenly run crypto. ,

William: go ahead. Of course. I agree with Za. I will start to stop. Seth, I agree with you because it's very repetitive.

We are so polite and nice in, in this podcast. Yeah I think it, it's exactly depend of who you are. There is, I see maybe situation. You are a very you are a big actor. With, well-funded, with already like a compliance services and a small team of legal people inside. [01:18:00]

I think the most difficult part of Miha will not be technical or legal. It'll be like a, the cultural shift that it'll, that will, that it'll be required by the crypto. Proposing a sail wallet or a yield project or defi project without asking anything to your inhouse lawyer and without being under the scope of a regulator will be the good all time.

It'll be terminate you will become a very regulated FinTech and eat. I think the most the most the hardest part will be the cultural shift. If you are a new actor we want to work with a traditional finance and you are like, I dunno, you come from the traditional finance it it's absolutely good news because it's just like we, we just creating something with look like very much to what happened in the traditional finance.

And if you want to work with the traditional finance, make obligation [01:19:00] is just the minimum requirement actually for them to, to have to have the same level of compliance. . And lastly, if you are a small startup, of course it'll be costly and it'll require not only time and cost and money, which is something that a lot of startup don't have very much, especially right now.

But it'll only imply you to be able to have the human resources and the intellectual resources to deal with this kind of process and to deal with the regulators. And unfortunately, some of the current market player right now are under on radar are very small and quite like we would like to do things very quick and dirty.

But the new area that will be opened by Mika will be like not very favorable for them. So yeah, this is.

Marina: I think what we also need to look into as you and already [01:20:00] mentioned, is the small startups or the small entities that might not be able to finance the whole operation. And on the other side, looking into the investors, they will need to start looking into, okay, I need to invest more for this startup because they wouldn't need to comply with all those rules and they will need to do it on the long term.

And I think that at the same time, it might be a little bit harder for those small entities to basically enter the market again, to be a big player versus the maybe established banks or established companies already that have this capacity. And will have as we all know, all this regulation will have a major shift in the whole ecosystem.

And maybe not only when we discuss with Mika, but again, in, in Europe. I think the transfer funds regulation, a m L, those will be very important in the

Eric: future too. So on that point, I wanna return back to the 18 month [01:21:00] period post, I guess the implementation date. And again, just assuming that you already have a framework in place for Capps as of the implementation date in 2024, then there is an 18 month period to affect compliance.

You can jump in if I'm misstating it. Cause if you're like a startup where you're trying to ease into the regulation, it's actually a fairly good time to because you're able to start, and while everything's being figured out you have this transitional period. What's intriguing is once you pass this transitional period and you get, as William would put it, that, that layering of complexity.

But what are the implications when past that 18 month period for a startup that is looking to enter into the space, but really the I guess niche training wheels, is it like you better have, like in the us like you better be completely [01:22:00] ready when you're licensed, or is there a small firm compliance guide?

So in, in the US for example, like a smaller broker dealer, the s e c, when they release certain rules, they will have this they will do small firm requirements. So it gives small firms guidelines for how they comply. So they're not looking at the large firms and trying to comply with those requirements.

So in that way the FINRA actually they, it actually facilitates small firm compliance because they're not looking at the enormity of the broker dealer space. But is there, and I know it's early stage and some of this is still formative, but what do you think the implications are for these smaller firms after the 18 month period when they've, they no longer have the training wheels, William.

William: Two things. First of all Mika, I think the level of expectations the regulator will take will have, will not have the same [01:23:00] expectation from a small firm, like from instance a small startup that it could have with a big crypto exchange or traditional electors.

But still the most of the requirements are the same. So it, it'll not I know that there will some like specific provision for like systemic actors or the very big one, but I mean between I don't know, five people, team and 500 people team the requirement, like most of the obligation will be absolutely the same.

And of course, the regulator, and we already saw that. Because when we are talking about the registration right now, which is in place in most of the European country, most of the regulators, they. They not ask exactly the same to a small team than to a large one. But I let of course my micro speaker at the, at things on this part.

And the second things, what about the calendar of MIC is the timeline of mica. [01:24:00] Of course, there is a huge almost a clock race right now for some people to ask to be registered. If you can, for instance, if you are a foreign player in London or in the us, if you know that in two or three years you will be in Europe, ask yourself if you don't need, if it's not clever to ask very quickly registration, to, to benefit to get the benefit of this 36 barrier to get the maker license.

Because if you wake up in one year, it'll be probably too late in, in several, at least EU country, including France. And you will be like from the beginning in the track to get the mic license, which can be a huge step. Part of

Alexandru: my commentary is relates to the fact that you are very much, in the heart of process and from the way I see from a policy perspective it's also clear that we know that this regulation is coming.[01:25:00]

We received a couple of years to prepare, and it's also true that exchanges, if we take exchanges and custodians, of course there's a lot of innovation to be brought as the crypto and the blockchain space evolves. But our crypto change is the most innovative startups out there. I think they have a couple of.

In order for them to, to put things into place. From a policy perspective, what would be the benefit of protecting small exchanges in comparison with larger exchanges, which are super regulated, very well let's say coordinated from it cybersecurity perspective. That's a sort of a policy question.

If I look on central eastern European markets, we always had a sort of very small exchanges, across Romania, a couple of them, and then you [01:26:00] have the, the regional players and then the global players. So, this is not a market which really invents itself as we speak. It's a market, at least on the crypto exchanges that existed for some time now.

maybe with defi is going to be another story because defi is, it's continuously boiling and we don't have rules. What I would expect is that we will not have, like in the US lighter or milder regulations or conditions for small entities, but probably we will continue with the sort of a sandbox approach in, in, in local juries, in in national state members depending on the level of innovation that these projects will bring.

The UK were among the first, but then more or less every you member state has a sort of a FinTech sandbox [01:27:00] where, you could be, let's say you'll be tolerated in relation to some of the. Requirements of Mika. I, and I suspect that this will come in all sorts of new areas such as defi and other areas which are not purely 100% covered by Mika.

Marina: And just one comment on the applicability. So the date when the MICA will be applicable, we probably heard, and the listeners probably heard that there's, has been a delay in the process, but from the day when Mica will be publicly published in the official journal in the European Union will have 18 months as you mentioned, but also 12 months period for just title three and four, which is basically the staple coin part.[01:28:00]

Eric: So, one of the areas I was going to pursue next was running through how Mika could have prevented F T X and w we'll get into just even just the simple responses, cuz there's many levels of that. But before I do, I wanna make sure that if there's like an area that you feel that we should be covering as it relates to Cass please, we should cover that first.

Just, I, I don't want to miss something very substantial and not have covered it through my questioning, so please feel free to raise points now before we do the FTX run through, so to speak.

William: May, may, maybe just one remark and we [01:29:00] already talk about it during the previous visit, but anyway, is that outside of and at a higher level. That's just the obligation because the casp regime by itself, it's something very interesting. We have said a lot about it, but it's still something expected. And most of the obligation and what we what Mika ask and require from the CASP is very similar to what you have to the financial manager is.

So everybody has understood that basically we are far, we are the Europe is extending the level of compliance from the financial from the traditional financial sectors to the crypto asset to the European crypto asset industry at least. It's an extension like from the bottom to the top.

You have more level and more layer of compliance. Like it's quite comprehensive compare, but you have also more and more service. We are including within the functional scope of Mica. [01:30:00] For instance, advice on investment, on, on crypto set will be regulated as a, the financial instrument advisory is regulated right now.

And what is very interesting, I think expect, especially right now when we are seeing a lot of collapse from certain acts and a lot of repetition in, in, I think in most of the European country we see like broker or we see like service providers that are evenly impacted by the collapse of Germany.

Block fire ethics and so on is that Mika will probably be the beginning of the compliant like a kind of systemic regulation. Because in a very connected system like the financial system is very connected. We, we saw that in, in, in 2008. And the crypto asset industry, even if it's 1000 times smaller, is still very easily connected.

If you want to have trust, you need to have [01:31:00] trust on your controversy, but you also need to have trust in the controversy of your and the, of your, and only a very comprehensive and complete and comp regulation allow to, to reach this level of trust within all the market. And I'm not saying that Miya, it's a miracle and will and will solve every issue and every problem in the crypto asset in industry in the next five years.

But I think it's the beginning and it's the beginning at least, of this new chapter of the crypto asset history. We are quietly leaving the, I don't know, the teenage of the crypto asset industry. And we are like riding to something new. I hope it'll be great.

And I know that they will be winner, they will be loser. But at least we found I think it's a condition for democratization and like to reach this [01:32:00] new level of trust in the industry. Sorry for this. I'm talking like a prophet or, but no it's excellent.

Marina: I think that's very important.

And we see this, we saw in the past, especially you in Germany and France, what effect the regulation that you put in place had. On this specific market. There were some that were as mentioned, small companies and small exchanges. They were just shutting down. But there were new startups raising money just because the investors were confident that something could be built from the regulation that we have seen.

And I just wanted to mention the reverse solicitation question. I know we touched upon this in the previous episode, but in in in the process of negotiation of Mika, there was some discussion if reverse solicitation who should be prohibited under Mika. And then the decision as we know was [01:33:00] that it's not prohibited under MiFID.

Will not prohibit it under Mika either. But I think that might be very interesting for the crypto service providers that are not operating in Europe. And that might influence their decision when and how to ask for a license in Europe in the future.

Alireza: Yes, definitely, I'm with you.

Marina, we should pay attention to the reversal situation because the MICA is going only to be applicable to the entire European economic area, but we have still so many players from the US who are not covered by the Mika and who will not be covered by the Mika, but who would still continue providing their services based on the reversal, the citation.

And with this set I would like to bridge it to the question what you brought up Eric, to ftx, because we, three things we need to be very clear about ftx, [01:34:00] what people take or get wrong. Ftx is not just FTX Bahamas. FTX is very complex, and FTX had many entities within any European economic area, which were regulated.

So, there was the FTX Cypress entity, which had a method license, and which was already under the method regime, which we understand when we remember back to the beginning of our talks, the MI regime is very similar to the MI regime. And to my understanding what we have, what is a bigger issue than a lack of regulation because the, there was no lack on regulation with the Ethics Cypress entity.

The bigger thing we have, the bigger issue is that we have a lack of a globally harmonized regulation. So I think that Mika and MiFID is very good, but it doesn't give you anything if you have entities outside of the European economic era, which are going to provide the services. To the people within the European economic area, even though if it's based on reverse [01:35:00] solicitation, which means that the citizen within European economic area is freely by its own will, asking for that service.

And then something like with ethics happens. But coming back to your question I just wanted to put some two or three points which are very, I think, important inside the Mika text, which show I think very directly like thinking of ftx not being just the MiFID Institute, but being really like a CASP under Mika.

I believe then in that case, Mika would've helped to. Stop what happened with ethics there. I only gonna mention three articles, which are very important. Article 59, which we already read once, is the obligation to act honestly, fairly and professionally in the best interest of clients and information to clients.

So if you would've had this regulation applying to ethics, I think lots of things which went wrong, wouldn't have went wrong. This is the first thing, which is [01:36:00] very easy to understand. The second thing, which is very important it applies to anyone, not just to custodians, also to exchanges. It's the, it's obligation under article 63, I think I'm just scrolling down.

So, Article 60 63 is the safekeeping of clients crypto assets and funds, which reads crypto asset service provider shall. That hold crypto assets belonging to clients or the means of access to such crypto assets shall make adequate arrangements to safeguard the ownership right of clients, especially in the event of crypto asset service providers insolvency and to prevent the use of client's crypto assets for the own account.

And we have the same in article of 63, which is applying not just to crypto assets, but to fiat monies which says the same. So these three clauses, which I just mentioned, if we imagine if you would've [01:37:00] had this one in place and given that F DX would fully comply with this rules, I honestly believe that we would not have had this dilemma like what we have now.

But again, what I was said in the beginning we shouldn't focus too much on Mika. We should focus on. globally harmonized rules for crypto asset service providers. And I think this is the bigger picture and the bigger goal, which I hope is going to be happening hopefully in 2023 this year. And this is what the global environment on crypto.

Eric: needs, right?

Within any jurisdiction, you can have that framework. But to the extent that there is a, I guess a parent entity or a larger enterprise that's offshore in a less regulated jurisdiction than it's hard to, it's hard to see how. How that's protected against not just, and it's not just a MiCA question to your point.

It's really, it's miffed it's, [01:38:00] s e c right. Rules and regulations. Broker dealer, cftc, all these rules, govern the US but they don't necessarily extend to the parent. Yeah.

Alexandru: But unfortunately with the FTX situation, it seems that the Japanese who really had their own set of rules and a way of segregating their know and the sort of limiting the influence of the mother company, even if, we are in a global trade where, you know, where you can establish really companies, they are the best protected in this specification.

Because Japan had for that, specific financial activities, rules that allowed them to create a separation between the entities. So Japanese customers were, at the end of the day, the ones who, did not have the issues that general creditors were ethics, [01:39:00] us and ethics international have nowadays.

And, but, on the ethics, we are discussing a lot about regulations, but I would also, quote from the new c o who's taking care of the company after the, after with the whole deal. And he was saying that it was a sort of a blatant failure of all possible internal controls.

So, it is not really crypto related. This could have come with any company which does not care about conflict of interest governance within an organized entity such as an incorporated company. Be it in the US or in Europe. Those, though there were a [01:40:00] lot of, failures.

There was not check and balance across the organization. And this doesn't, honestly reflect on the ethics infrastructure or their security cybersecurity plans and other, operational points. It's, it was a matter of governance. And governance relates to systems and people.

William: The most interesting thing is that today in a, one of the victims of ftx which is a Gemini if I understand well, I've published the list of the 30 or of the 50 biggest creditors of Geminis, of the 30 biggest counterparties that I've lost ma with Gemini. And most of this counterparty was.

Itself services will provide services to any user. And this is something Mika will probably [01:41:00] also prevent or at least stress a lot. It'll oblige. This is little, I say little compared to Gemini effects little broker in France, in Belgium, in Germany, to have the own due deal on the big offshore controversy.

And it'll raise globally the level of regulation and the level of control within the, between the market players. And this is something I, this is something very interesting with f ethics. It's, we see that f ethics was not regulated. It was in the dam. So of course, it was not very well regulated, but the program is like nobody care.

At this time, everybody was working with F takes without asking anything. It was. Like a simple commercial relationship. And this is something that is not possible when we are dealing with a fund of clients, of consumer.

Marina: I think what will also happen is in a way the enforcement will have a better regulation in a [01:42:00] way to go and to look into, and we do expect the national competent authorities to have more knowledge on these cases and also more manpower that will look specifically into crypto.

Now that the whole process with FDX is in way started, we know that there were feedbacks in terms of, oh the transactions that happened on. They're so easy to track and we know exactly what happened if it was on chain. We have all this information there, and if we know how to read it and how to use it, it'll be even easier for us to determine what really happened.

And I think that this is also something that we need to promote and we need to have more people in different organizations that are actually doing enforcement [01:43:00] to those events.