Matthew Elderfield is a former alternate chair of the European Banking Authority
The shape of EU and UK crypto regulation is now clearer than it was before. We have a deal in Europe on the markets in cryptoassets (Mica) regulation, the financial services and markets bill is being read by the UK parliament and new UK Financial Conduct Authority rules are coming for high-risk investments. What does this mean for the scope of regulation, investor protection, supervision and enforcement?
The UK will start by regulating a few specific crypto assets and service providers, while the EU is pretty much going for the whole lot. Mica has a broad definition of a “crypto asset”, but the UK is dipping its toe in the water with a narrower “digital settlement asset”. This essentially covers stablecoins used as a means of payments, but not (for now) crypto assets as investments. This choice seems to be about facilitating innovation — and FCA caution, as explained by its outgoing chair. The EU’s wider investment focus means that issuers of new crypto assets (with important exceptions like purely mined coins) need to publish and be liable for a prospectus-like white paper that sets out their plans.
The differences in regulation extend to service providers. The UK is likely to focus on fewer services, such as exchange and custody. Mica’s more expansive definition covers trading, advice, transmitting orders and more, as well as custody and crypto-to-crypto and crypto-to-fiat exchange.
The UK’s next planned step is to legislate for crypto investment risk warnings. Investors need to have a clear understanding of what protection they are (or are not) getting. UK consumers have learnt the hard way (in the London Capital & Finance minibond scandal) that the scope of regulation can be confusing. The FCA’s new rules now set an admirably blunt and prescriptive risk warning: “This is a high-risk investment and you are unlikely to be protected if something goes wrong”. This will hopefully be quickly extended to crypto investments — and matched by EU regulators.
As crypto assets are not protected by deposit insurance or other compensation schemes, supervisory effectiveness is key. Mica and the UK will impose liability on service providers for custody losses, such as cyber attacks on digital wallets. But policing client asset segregation is hard enough in the non-crypto world. And thinly capitalised service providers might not have deep enough pockets to make good on losses. Supervisors need to be sharp.
The French Autorité des Marchés Financiers raised a few eyebrows recently when it announced it would supervise Binance, the world’s largest crypto exchange, under pre-Mica French law. Binance has been scolded by a number of regulators, including in July when it was fined €3mn by the Dutch, and last summer when the FCA concluded that it “is not capable of being effectively supervised”. The AMF clearly thinks differently.
The FCA’s concern was around Binance’s unwillingness to share information about its complex corporate structure. An opaque structure was at the heart of the BCCI bank scandal in the late 1980s — the post-BCCI directive requires bank structures to be sufficiently transparent so they can be effectively supervised.
The UK sensibly applies this principle in its conditions for supervision. Mica needs detailed rules to require this and the AMF needs to get Binance to revise its corporate structure. National supervisors such as AMF will still oversee service providers under Mica, but the European Securities and Markets Authority will be able to intervene with “significant” providers and the European Banking Authority will have direct supervisory powers for the first time, for stablecoin issuers.
The EBA chair is concerned about his ability to get the right staff, as the authority expands from its rulemaking and stress-testing remit. Rightly so: EBA and Esma beg cash-strapped national authorities and the European Commission for money, and the latter controls their staffing plans. The EBA and Esma need more flexibility to ensure they aren’t outgunned by the crypto firms.
What about enforcement? The US Securities and Exchange Commission has taken decisive action against crypto scams and insider dealing, arguing that many crypto assets are effectively securities subject to existing rules. The FCA came to the same conclusion in 2019 guidance, but enforcement action has not yet followed. Mica will grant fining powers to the EBA and national authorities, but in the mean time, big fines in the EU have been rare.
Consumers will continue to be ripped off until both the UK and EU authorities start to take some enforcement cases under their existing powers — and not just wait for new ones.