The Central Bank of Ireland has provided a welcome update on its approach to the implementation of the Markets in Crypto Assets Regulation (MiCAR), including its expectations for authorisation and supervision of crypto asset service providers (CASPs). Our Financial Regulation team outlines key insights for firms aiming to seek CASP authorisation and highlight important challenges they may face.
The Central Bank of Ireland (CBI) has provided further insight into its intended approach to the implementation of the Markets in Crypto Assets Regulation (MiCAR). In this article, we consider the key factors for firms intending to apply to the CBI for authorisation to provide crypto asset services in Ireland and the EU.
Overview
The main objective of MiCAR is to create a harmonised EU regulatory regime for crypto assets, that both promotes innovation and prioritises consumer protection. MiCAR will impose significant consumer protection measures on crypto asset service providers (CASPs), as well as obligations regarding areas including governance, minimum capital, transparency, and market abuse.
CASPs must be authorised by the CBI to operate within the EU as and from 30 December 2024. The CBI has been preparing for this and has established a cross-sectoral team to integrate MiCAR into its supervisory and authorisation processes.
Potential CASP applicants should note that the CBI’s approach to regulation is underpinned by a strong consumer protection rationale. As such, the CBI will have high expectations regarding the ability of firms to manage consumer risk relating to its crypto products and services.
The CBI’s general engagement principles and authorisation expectations
The CBI has outlined its main authorisation and supervisory expectations for CASPs as:
- Transparency: firms must be fully transparent and open with respect to their MiCAR global and EU strategy
- Supervisability: the CBI will not authorise a firm where it forms the view that the firm is not operating in an independent and autonomous manner
- Preparedness: firms must be adequately resourced to engage with the CBI in a robust and timely manner throughout the authorisation process, and
- Consumer focus: securing the interests of customers must be the focus of a firm’s application, particularly for retail facing firms
The CBI has stated that it is “highly sceptical” of CASP business models which involve the marketing, offering or distribution of unbacked crypto assets to retail investors.
CASP authorisation process
The CBI has encouraged firms who intend to apply for CASP authorisation to engage with the CBI as early as possible, either via their existing supervisor, for firms with an existing regulatory relationship with the CBI, or via the CBI’s Innovation Hub.
The CBI will then hold an introductory meeting with the firm, to outline its expectations and to allow the firm an opportunity to present an outline of its business model. A presentation on the firm’s proposal should be submitted to the CBI at least five working days in advance of this meeting. The CBI will provide details to firms on the expected content of this presentation.
Following the introductory meeting, the CBI will arrange a more formal pre-application meeting with the firm, in advance of which the firm must submit a “Key Facts Document” (KFD) setting out an overview of the firm’s proposed business plan and details of its shareholders. The CBI will publish a standard KFD template and guidance for firms in due course. At the pre-application meeting, the firm will be questioned by the CBI on its KFD and can ask questions of the CBI regarding the application process. The CBI will communicate to the firm any issues it has identified that need to be addressed before the application can proceed to the application phase.
Following this, the firm will be invited to submit a CASP authorisation application form. The CBI will have 25 working days to assess the completeness of the application and may request additional information within a timeframe set by the CBI if it deems the application incomplete. The CBI may refuse to review applications which remain incomplete after the expiry of the timeframe given to applicants to submit outstanding items.
When the CBI deems the application complete, it will begin the 40 working-day assessment of the application. The CBI may request additional information from the applicant, resulting in one suspension of the assessment period of no more than 20 working days.
Firms should be aware that they will have to devote significant time and resources to preparing and completing the application. The CBI will scrutinise the following aspects of a firm’s application:
- Local governance and risk management arrangements, including the firm’s substance and autonomy in Ireland. The CBI will expect the senior management to be crypto-competent with a good understanding of the regulatory environment in which the firm will operate.
- The firm’s system to identify and remedy conflicts of interest and prevent risks to customers arising due to such conflicts.
- The protection of client assets. The firm must have full control over client crypto-assets and funds, including the proper segregation and reconciliation of same.
- The ownership and operating structure of the firm, including the identity of direct and indirect shareholders as well as any party who can exercise influence over the firm.
- The firm’s business strategy, which must demonstrate the viability and resilience of the business model and reflect any vulnerabilities stemming from the product offering.
- The risk management practices and internal controls in place to ensure compliance with Irish anti-money laundering and counter terrorist financing legislation.
- The firm’s plan to support the operational resilience of the firm.
- The firm’s plan to support an orderly wind-down of its activities and the timely return of customer crypto-assets and funds.
- How the firm will secure the interests of customers and how the firm will assess the risk associated with its product offering.
When the CBI’s assessment of the application is complete, it will communicate the outcome of the assessment to the applicant within 5 working days of its decision.
The CBI has indicated that the length of a CASP application will depend on the nature, scale and complexity of the firm and the extent of preparedness of the applicant. It also stated that it is important for applicants to distinguish between the ‘pre-application’/initial engagement stage and the formal application stage.
The CBI is now advising all applicant VASPs to pursue a CASP application, on the basis that a VASP application takes at least 10 months. Any VASP not registered and operating as a VASP by 30 December 2024 cannot avail of the transitional arrangements under MiCAR. It also stated that any VASP not intending to apply for a CASP authorisation should establish clear wind-down plans and make arrangements to cease providing services by the end of the transitional period provided under MiCAR.
Consumer protection in the context of MiCAR
As mentioned, the CBI is mandated to ensure that the best interests of customers are protected through effective regulation. The CBI’s Consumer Protection Code (CPC) is binding on regulated entities operating in the State, although its mandate regarding virtual asset service providers (VASPs) does not extend to consumer protection.
The CBI is currently conducting a comprehensive review of the CPC which is focused on securing consumers’ interests. The CPC will be replaced by CBI Regulations which will be published in early 2025. A 12-month implementation period is proposed from the date of publication.
Firms intending to apply for authorisation as a CASP should be aware that the scope of the CPC is likely to be expanded to apply to CASPs. The CBI is currently considering how the CPC will interact with MiCAR and whether any gaps will exist in terms of consumer protection and how those gaps may be addressed through the CPC.
Conclusion
The CBI will publish its CASP application form in due course. Firms intending to apply should start preparing as soon as possible to ensure that they have all of the relevant information, policies and processes in place to ensure that they will be ready to submit their applications, having regard to the EBA and ESMA level 2 and 3 texts providing greater granularity on MiCAR requirements for CASPs.
Our Financial Regulation team has extensive experience advising crypto operators and is assisting firms who are interested in applying for authorisation under MiCAR. Please reach out to a member of our team should you require advice and support in this area.
The content of this article is provided for information purposes only and does not constitute legal or other advice.