Page Contents
Related areas
Key contacts
On 5 July 2024, the European Banking Authority (EBA) published a document setting out its supervisory priorities for issuers of asset-referenced tokens (ARTs) and electronic money tokens (EMTs) that are subject to the regulatory framework for ARTs and EMTs under Titles III and IV of the Regulation on Markets in Crypto-Assets Regulation (MiCAR). Titles III and IV of MiCAR, which have applied since 30 June 2024, contain a wide range of regulatory requirements, including authorisation, conduct and prudential requirements for issuers of ARTs and EMTs.
The EBA identified its supervisory priorities, which are relevant for 2024 and 2025, by leveraging national competent authorities’ expertise and experience and reflecting on the risks stemming from the crypto-assets market. In cooperation with national competent authorities (i.e. EU national regulators), the EBA intends to implement and monitor these priorities using a proportionate and risk-based approach using available supervisory tools. The priorities will be reviewed on an annual basis, taking into account market developments, supervisory experience and regulatory changes.
In this article, we outline the EBA's supervisory priorities and their implications for issuers of ARTs and EMTs in the EU.
EBA's supervisory priorities for 2024/2025
The EBA’s supervisory priories for 2024/2025 address four priority areas:
Internal governance and risk management
The EBA considers a robust and effective internal governance and risk management framework to be key to support issuers of ARTs and EMTs in identifying, assessing, managing and mitigating risks. The EBA also emphasises the importance of having a clear governance framework, especially for global entities with complex structures, together with robust custody policies, procedures and contractual arrangements for ensuring holder protection.
Given the importance of the internal governance and risk management framework, the EBA expects competent authorities to:
Issuers of ARTs and EMTs should, therefore, ensure that they have comprehensive internal governance and risk management frameworks in place, together with senior management that meet suitability requirements. Issuers should also be aware of the potential conflicts of interest that may arise from having links or interactions with crypto-asset service providers and other financial entities, and adopt adequate measures to prevent, mitigate, manage and disclose them. Issuers should also have in place effective complaints-handling procedures for dealing with holders' concerns and grievances in a timely and fair manner. Finally, it is important for issuers to assess the risks of outsourcing or relying on third parties for the custody of their crypto-assets and ensure that they have adequate contractual arrangements and contingency plans in place.
Financial resilience
The EBA notes the importance of the introduction of own funds requirements (for issuers of ARTs and significant EMTs other than credit institutions or where required by the competent authority) and requirements for reserves of assets for ensuring the financial resilience of issuers and addressing liquidity risks.
In this context, the EBA expects competent authorities to:
As a result, issuers of ARTs and EMTs should ensure that they have adequate own funds and reserve of assets to meet their obligations under MiCAR (and other relevant legislation, where applicable) and to withstand adverse market conditions.
Technology risk management
In light of the rapid developments in distributed ledger technology (DLT) and the challenges posed by the technology, the EBA considers it important that associated information, communication and technology (ICT) risks are controlled and do not lead to outcomes to the detriment of holders.
The EBA expects competent authorities to:
Issuers should, therefore, be aware of the risks and challenges that the use of DLTs and smart contracts entail, such as interoperability, scalability, security and privacy, and adopt adequate measures to mitigate them. This includes having a robust and effective ICT risk management framework, including business contingency plans, that comply with all applicable legal requirements and are fit for purpose.
Financial crime risk management
Given the specific features of crypto-assets, which allow crypto-asset transactions to occur across multiple jurisdictions, at a large scale and high speed and, in some cases, with pseudo-anonymity attached, the EBA considers financial crime, including money laundering and terrorist financing (ML/TF) risk and financial sanctions evasion, to be a major concern for crypto markets.
As such, the EBA expects competent authorities to:
Issuers of ARTs and EMTs should ensure that they have adequate and effective financial crime risk management frameworks in place, including for ML/TF and financial sanctions, and that they are able to demonstrate their compliance with applicable requirements in MiCAR, AML/CFT legislation and EU restrictive measures. Issuers should also cooperate with the relevant competent authorities and report any suspicious transactions or activities.
Next steps
The EBA's supervisory priorities for issuers of ARTs and EMTs reflect the EBA's mandate to promote cooperation and coordination among competent authorities and to foster supervisory convergence in the crypto-asset sector. The EBA aims to ensure effective supervision of issuers of ARTs and EMTs under MiCAR and to promote best practices that are being adopted by competent authorities.
Issuers of ARTs and EMTs should make sure that they are familiar with the EBA's supervisory priorities and the implications for their activities and compliance obligations. In light of the challenges and opportunities that the new regulatory framework poses for the crypto-asset sector, issuers should engage with the relevant competent authorities and stakeholders to ensure a smooth transition to the new regime.
For further information in relation to this topic, please contact Patrick Brandt, Partner, Ciara Brady, Senior Associate, Louise Hogan, Senior Associate, Sarah Lee, Senior Knowledge Lawyer or any member of ALG's Financial Regulation Advisory team.
Date published: 1 August 2024