ArticlePDF Available

Europe in the digital age: regulating digital finance without suffocating innovation

Authors:

Abstract

The expansion of the cryptocurrency market in the last 10 years has been exponential and a ‘watch and wait strategy’ towards the regulation of crypto-assets is no longer appropriate and justifiable. Opportunely, the European Union (EU) has recognised the need for a digital finance strategy to address regulatory gaps and help relaunch and modernise the European economy in the aftermath of the COVID-19 pandemic. The philosophy behind the EU Digital Finance Strategy, in particular the proposed Regulation on Markets in Crypto-Assets (MiCA) and the proposed Digital Operational Resilience Act (DORA), is innovation-friendly. The EU legislative initiatives seek to unlock the potential of crypto-assets while mitigating the risks to financial stability, market integrity and consumer protection. This will lead to additional and better financial products for consumers, improving financial inclusion and financing of businesses.
1
Europe in the Digital Age: Regulating Digital
Finance Without Suffocating Innovation
Georgios PAVLIDIS1
This is an original manuscript of an article accepted for publication and
published by Taylor & Francis:
How to cite this article: Pavlidis, G. (2021), "Europe in the digital age: regulating
digital finance without suffocating innovation", Law, Innovation and Technology,
Vol. 13 No. 2, pp. 464-477, DOI: 10.1080/17579961.2021.1977222
Summary: The expansion of the cryptocurrency market in the last 10 years has been
exponential and a “watch and wait strategy” towards the regulation of crypto-assets
is no longer appropriate and justifiable. Opportunely, the European Union (EU) has
recognized the need for a digital finance strategy to address regulatory gaps and help
relaunch and modernize the European economy in the aftermath of the COVID-19
pandemic. The philosophy behind the EU Digital Finance Strategy, in particular the
proposed Regulation on Markets in Crypto-Assets (MiCA) and the proposed Digital
Operational Resilience Act (DORA), is innovation-friendly. The EU legislative
initiatives seek to unlock the potential of crypto-assets while mitigating the risks to
financial stability, market integrity and consumer protection. This will lead to
additional and better financial products for consumers, improving financial inclusion
and financing of businesses.
Keywords: European Union; digital finance; digital finance strategy; cryptocurrency;
digital operational resilience
1 Jean Monnet Chair, Associate Professor of International and EU Law, NUP (Cyprus), email: g.pavlidis@nup.ac.cy
2
I. The Digitalization of Finance: Is a “Watch and Wait Strategy”
Justifiable?
Technological developments in the last 10 years, such as blockchain, the Internet of
Things, Artificial Intelligence and cloud computing, have allowed businesses to
develop an expanding range of digital services for consumers and investors
worldwide, blurring the line between the real world and the digital space.2 Digital
financial services, such as digital payments, crypto-assets, digital-only banks and
digital lending platforms, have the potential to reduce the need for physical contact
during transactions, lower transaction costs and improve security, transparency
and financial inclusion.3 Nevertheless, the digitalization of finance may also be
disruptive and lead to the relocation of economic activities, changes in the
employment structure and digital inequalities.4 Comprehensive policies need to be
developed to counterbalance the costs of such disruptions, without suffocating
digital innovation or resisting the transformation of the status quo in financial
markets. The EU has applied itself to striking this balance and developing an
innovation-friendly regulatory environment to keep up with the fast-paced global
transition towards data-driven finance5 and address recurring criticism that it lags
2 M Mărcuț, Crystalizing the EU Digital Policy: An Exploration into the Digital Single Market
(Spinger 2017) 11.
3 C Pazarbasioglu and others, Digital Financial Services (World Bank 2020); JA Ketterer,
Digital Finance New Times, New Challenges, New Opportunities(2017) Inter-American
Development Bank, Discussion Paper No IDB-DP-501, 10.
4 D Nepelski, How to Facilitate Digital Innovation in Europe (2019) 54(1) Intereconomics
47; A Kumaraswamy, R Garud, S Ansari, Perspectives on Disruptive Innovations (2018)
55(7) Journal of Management Studies 1025; C Christensen, M Raynor, R McDonald, What
is Disruptive Innovation (2015) 93(12) Harvard Business Review 44.
5 D Arner and others, The Future of Data-Driven Finance and RegTech: Lessons from EU Big
Bang II’ (2020) 25 Stanford Journal of Law, Business & Finance 245.
3
behind the United States in the area of digital innovation.6 Could the EU regulatory
culture shift from precautionary to proactionary policies7, support innovation and
manage risks in an efficient manner?
Undoubtedly, the development of crypto-assets has been the flagship of
digital finance, though it remains associated with significant risks, including fraud,
market manipulation, investors’ herding behaviour, operational disruptions, money
laundering and other criminal activities.8 These risks and the evolving nature of
crypto-assets render opportune the evolution of the regulatory framework (see
section II). The rapidly expanding market of crypto-assets is internet-based and
characterized by the cross-border nature of related financial and technological
transactions. Developed in 2008 by an individual using the pseudonym Satoshi
Nakamoto,9 the digital currency Bitcoin constitutes the first cryptocurrency and the
first application of the architecture and technology known as blockchain, which
allows the storage and transmission of data in a transparent and secure manner.
This technology uses cryptographic and algorithmic methods, and it operates
without the centralized storage of information or a central control body; the data is
synchronized and shared by users, each of whom verifies the validity of the string
6 R L’Hoest, The European Dimension of the Digital Economy’ (2001) 36(1) Intereconomics
44.
7 R Brownsword, ‘Legal Regulation of Technology: Supporting Innovation, Managing Risk
and Respecting Values’ in T Pittinsky (ed), Science, Technology, and Society: New
Perspectives and Directions (Cambridge University Press) 109.
8 J Saulnier, I Giustacchini, Digital finance: Emerging risks in crypto-assets Regulatory and
supervisory challenges in the area of financial services, institutions and markets (European
Parliamentary Research Service 2020) 11 ff.
9 Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System (2008)
<https://bitcoin.org/bitcoin.pdf>
4
data in a distributed register (“distributed ledger”).10
A wide range of products has been developed according to this decentralized
IT model,11 including cryptocurrencies used for payment purposes (e.g. Bitcoin,
Ethereum and Litecoin), virtual assets used for investment purposes and virtual
assets that allow access to an application, product or service provided via
blockchain-type infrastructure (e.g. Golem and Filecoin).12 New digital assets and
services, such as blockchain-enabled bonds, blockchain applications for foreign
exchange trading and blockchain applications for payment of dividends, have the
potential to increase transparency efficiency within financial services, as well as
financial inclusion.13 Recognizing this potential and looking beyond Bitcoin and
reckless investor speculation, many segments within the financial sector have
already begun to embrace and explore digital finance solutions.
Depending on the form of crypto-asset, there may be different types of
Virtual Asset Service Providers (VASPs), including providers of financial services
linked to the issue, offer or sale of virtual assets, providers who host cryptocurrency
10 M Crosby and others, Blockchain technology: Beyond Bitcoin’ (2016) 2(2) Applied
Innovation 6.
11 Bank for International Settlements, Cryptocurrencies: Looking Beyond the Hype’ [2018]
BIS Annual Economic Report 91; D Nair, The Bitcoin Innovation, Crypto Currencies and
the Leviathan (2019) 9 Innovation and Development 85; S Dallyn, Cryptocurrencies as
Market Singularities: The Strange Case of Bitcoin(2017) 10 Journal of Cultural Economy
462; L Swartz, What Was Bitcoin, What Will It Be? The Techno-economic Imaginaries of
a New Money Technology (2018) 32 Cultural Studies 623; F Corradi, P Höfner, The
Disenchantment of Bitcoin: Unveiling the Myth of a Digital Currency (2018) 28
International Review of Sociology 193.
12 European Banking Authority, Report with Advice for the European Commission on Crypto-
Assets (EBA January 9, 2019).
13 S Cosares, K Kalish, T Maciura, A Spieler, Blockchain Applications in Finance in H Baker,
E Nikbakht, S Smith (eds), The Emerald Handbook of Blockchain for Business (Emerald
Publishing 2021) 275.
5
portfolios and providers of exchange platforms. In all these cases, cryptocurrencies
are not issued or guaranteed by central banks and public authorities, and they do
not constitute claims on central banks. They should not be confused with legal
tender,14 although the idea has been explored by some central banks, including the
Swedish Central Bank in its E-Krona project,15 the European Central Bank in its
report on a digital Euro16 and, more recently, the Swiss National Bank in its Helvetia
project.17 Although privately issued virtual currencies do not seem to threaten or
challenge the money creation role of central banks, at least for the time being, we
argue that a “watch and wait strategy”18 towards the regulation of crypto-assets is
no longer appropriate and justifiable.
Indeed, the expansion of the cryptocurrency market in the last 10 years has
been exponential, and as of the start of 2021, more than 5,100 crypto-assets are
available to investors around the world. Even though the volume of new initial coin
offerings (ICOs)19 has decreased since 2018, the total current capitalization of these
14 According to the definition used at EU level, the term “virtual currencies” refers to “digital
representation of value that is not issued or guaranteed by a central bank or a public
authority, is not necessarily attached to a legally established currency and does not
possess a legal status of currency or money, but is accepted by natural or legal persons
as a means of exchange and which can be transferred, stored and traded electronically”;
see Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May
2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial
system for the purposes of money laundering or terrorist financing [2018] OJ L 156/43.
15 Sveriges Riksbank, E-krona Project: Report 1 (Sveriges Riksbank 2017)
16 European Central Bank, Report on a Digital Euro (ECB 2020)
17 Swiss National Bank, Bank for International Settlements, Project Helvetia Settling
Tokenised Assets in Central Bank Money (SNB 2020).
18 R Lastra, J Allen, Virtual Currencies in the Eurosystem: Challenges Ahead (European
Parliament Study, July 2018) 6.
19 In the context of an ICO, a business issues digital tokens to raise funds from investors. The
issuer publishes a ‘white paper’ with information on the project and the use of funds and
promotes the issuance on the web and social media. Digital tokens are issued in exchange
6
assets has recently exploded to over US$2 trillion.20 The market remains dominated
by Bitcoin, with a total capitalization of over US$1 trillion or approximately 53 per
cent of the cryptocurrency market (April 2021), although there are legitimate
concerns that the crypto-bubble” could burst soon.21 Other blockchain platforms
are also emerging, spreading and promising high returns; however, most such start-
ups trade below their issue price one year after launch, while one in three projects
lose their value.22 Collective euphoria and mimicry often create speculative bubbles,
and when these bubbles cease to grow, they may be followed by a brutal collapse in
prices, which is not uncommon in the crypto-assets market.23 The growth of crypto
markets, if it continues at the current pace, may become a new source of risk to
consumers and financial stability in general.24 Despite these risks, digital innovation
has the potential to revolutionize finance and help consumers and businesses,
especially during the recent COVID-19 crisis.25 Through carefully crafted regulation,
for fiat currencies, but they can also be exchanged for other cryptocurrencies, especially
the most widely traded.
20 On the capitalization of the market see: https://coinmarketcap.com; see also, European
Parliament, Crypto Assets: Key Developments, Regulatory Concerns and Responses (Study
requested by the ECON committee, EP 648 779, April 2020).
21 I Moosa, The Bitcoin: A Sparkling Bubble or Price Discovery?’ (2020) 47 Journal of
Industrial and Business Economics 93; A Adriano, A Short History of Crypto Euphoria
(2018) 55(2) IMF Finance & Development Journal 20; see also P La Monica, Bitcoin rally
may be the mother of all bubbles’ CNN Business (8 January 2021).
22 EY, Initial Coin Offerings (ICOs) The Class of 2017 - One Year Later (EY Study 2018).
23 K Grobys, N Sapkota, Predicting Cryptocurrency Defaults (2020) 52(46) Applied
Economics 5060.
24 D Zetschke, R Buckley, D Arner, L Föhr, ‘The ICO Gold Rush: It’s a Scam, It’s a Bubble, It’s
a Super Challenge for Regulators’ (2018) European Banking Institute Working Paper, No
18; I Chiu, ‘A New Era in FinTech Payment Innovations? A Perspective from the
Institutions and Regulation of Payment Systems (2017) 9(2) Law, Innovation and
Technology 190.
25 Institute of International Finance / Deloitte, Realizing the Digital Promise: Part 1 (2020)
IIF / Deloitte Study, 4.
7
national regulators and the EU need to strike a balance between the promotion of
digital financial innovation and the mitigation of risks.
II. Expanding Markets and Expanding Risks: The EU at a Crossroads
The European economy has embraced digital financial innovation. Numerous large
and small FinTech firms, including FinTech start-ups, develop and offer innovative
products and services in Europe. Nevertheless, in areas such as mobile money
penetration and FinTech lending, the EU lags alarmingly behind other regions of the
world, especially North America.26 FinTech activities in Europe are not widespread,
compared to other jurisdictions and regions, partially because of the “already high
levels of financial development” in the EU.27 It is a positive development that the EU
seems to be catching up to global frontrunners in some FinTech segments, but
significant problems persist, such as cross-country heterogeneity and
fragmentation. As a result, digital payment schemes may expand in individual EU
member states, but there are only a few cross-border instruments, despite the fact
that EU regulation and European Central Bank (ECB) initiatives could enable them.
In this context, the EU must address the growth of FinTech and the creation
of a new market for digital financial services that differs from traditional financial
services. Regulators at national and EU levels must deal with new actors, products,
services, operating models and, ultimately, types of risk.28 Financial institutions in
the EU increasingly explore the applications of digitalization, developing them in-
26 C Baba and others, Fintech in Europe: Promises and Threats (2020) IMF Working Paper,
No 241.
27 Ibid. 4.
28 S Staschen, P Meagher, Basic Regulatory Enablers for Digital Financial Services (World
Bank, Consultative Group to Assist the Poor, CGAP Focus Note, no. 109, 2018) 33.
8
house or by the acquisition of FinTech companies. For their part, FinTech companies
in the EU have diversified into financial services and may apply for banking and
payment institution licenses as they expand29. In this new environment, new digital
financial products have emerged and demand a policy response from the EU and the
ECB. One of several examples is the case of stablecoins, which many businesses
already back through their large pre-existing customer base. There is an increased
likelihood of them becoming widespread in the EU, but it remains unclear whether
these digital assets would fit within existing regulatory frameworks.30
Opportunely, the EU has recognized the need for a digital finance strategy to
address regulatory gaps and help relaunch and modernize the European economy
in the aftermath of the COVID-19 pandemic by facilitating digital innovation and
extending its benefits to consumers and businesses across Europe. The EU needs to
mitigate the risks associated with digital finance, such as fraud, market
manipulation, money laundering, hacks, cyberattacks and other disruptive events,
and address efficiency problems in the cryptocurrency market.31 Sound regulation
of the risks is needed, taking into account the rules and values of the EU and the need
29 On the risks of this process see: H Nabilou, ‘The Dark Side of Licensing Cryptocurrency
Exchanges as Payment Institutions’ (2020) 14(1) Law and Financial Markets Review 39.
30 D Bullmann, J Klemm, A Pinna, In Search for Stability in Crypto-Assets: Are Stablecoins
the Solution? (2019) European Central Bank Occasional Paper Series, No 230; F Panetta,
Member of the Executive Board of the ECB, 'The Two Sides of the (Stable)coin’ (Speech
at Il Salone dei Pagamenti, 4 November 2020)
<https://www.ecb.europa.eu/press/key/date/2020/html/ecb.sp201104~7908460f0d
.en.html>
31 D Vidal-Tomas, A Ibanez, J Farinos, Weak Efficiency of the Cryptocurrency Market: A
Market Portfolio Approach’ (2019) 26 Applied Economics Letters 1627; B Rice, B
Williams, Cryptoassets Consumer Research Points to Ignorance and Risky Behaviour
(2019) 20(3) Journal of Investment Compliance 23.
9
to keep Europe competitive in the area of digitalization, compared to the United
States, China and other major global players.
III. The EU Approach to Regulating Crypto-Assets
The EU Digital Finance Strategy, deployed in 2020, aims to strike this balance by
developing, inter alia, a new regulatory framework on crypto-assets and digital
operational resilience.32 Since the EU developed its regulatory framework for
financial services long before the emergence of crypto-assets and distributed ledger
technology (DLT), it is necessary to determine whether existing rules apply to the
digital finance sub-sector and the crypto-markets ecosystem.33 Digital financial
products may fall within the scope of this framework, in particular the Markets in
Financial Instruments Directive II (MiFID II)34 and the rules on securities markets,
but this may not always be the case. It is the responsibility of national competent
authorities (NCAs) in member states to classify crypto-assets as financial
instruments, which also determines whether MiFID II and other EU financial rules
(Transparency Directive, Prospectus Directive, Market Abuse Directive, Short
Selling Regulation, etc.) apply to the issuer and to providers of financial services.
32 European Commission, Communication to the European Parliament, the Council, the
European Economic and Social Committee and the Committee of the Regions on a Digital
Finance Strategy for the EU, COM (2020) 591 final.
33 I Sheridan, MiFID II in the context of Financial Technology and Regulatory Technology
(2017) 12(4) Capital Markets Law Journal 417.
34 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on
markets in financial instruments and amending Directive 2002/92/EC and Directive
2011/61/EU, OJ L 173/346, 12.6.2014, as amended; Regulation (EU) No 600/2014 of
the European Parliament and of the Council of 15 May 2014 on markets in financial
instruments and amending Regulation (EU) No 648/2012 [2014] OJ L 173/84; N
Vandezande, ‘Regulating Initial Coin Offerings and DAO Tokens under the EU’s Financial
Instruments Framework’ (2020) 14(1) Law and Financial Markets Review 33.
10
Nevertheless, the views of NCAs in member states may diverge, which is a source of
legal uncertainty.35
A distinction must be drawn in this context. Some digital financial products
perform the same function and pose the same risks as financial instruments, in
particular when they are not backed by currencies or real-world assets, as in the
case of Bitcoin. Treating such crypto-assets as financial instruments and regulating
them is logical and necessary, and EU financial rules should apply. As other crypto-
assets, such as utility tokens or payment tokens, have been developed for different
purposes and do not pose the same risks, the scope of regulation in their case should
be limited and proportionate to the risks, rather than assimilating them into
financial instruments. Without this, too much regulation could hamper innovation.
Under the Commission’s proposal, a new comprehensive framework will
regulate markets in crypto-assets, previously left largely unchecked. The proposed
Regulation on Markets in Crypto-Assets (MiCA)36 aims to protect consumers and
ensure the integrity of these markets. The scope of the Regulation is broad and
covers issuers of crypto-assets and other service providers in crypto-markets,
including trading platforms, crypto-asset exchanges and custodian wallet providers.
Some of these entities were already subject to anti-money laundering (AML) rules,37
35 In a 2018 survey, conducted by the European Securities and Markets Authority (ESMA),
the majority (but not the totality) of national competent authorities indicated that some
types of crypto-assets, in particular crypto-assets with attached profit rights, can qualify
as transferable securities; European Securities and Markets Authority, Initial Coin
Offerings and Crypto-Assets (ESMA Advice, 9 January 2019) 5.
36 Proposal for a Regulation of the European Parliament and of the Council on Markets in
Crypto-assets, and amending Directive (EU) 2019/1937, COM (2020) 593 final.
37 G Pavlidis, International Regulation of Virtual Assets under FATF’s New Standards
(2020) 21(1) Journal of Investment Compliance 1.
11
and some, such as wallet providers, were already required to hold financial licences
as electronic money providers. An advantage of the MiCA proposal is that it allows
credit institutions, investment firms and other financial institutions to carry out
activities in crypto-markets if they are authorised to provide services under MiFID
II.
Under the new rules, all types of crypto-asset service providers will need to
obtain authorization from a competent authority at the level of the member state
and, more importantly, maintain a physical presence in the territory of the EU. This
addresses the long-standing problem of entities cutting across territorial borders,
offering financial instruments in the virtual realm and challenging “regulatory
frameworks based on territorial jurisdiction”.38 Nevertheless, decentralised
systems and trustless environments, such as decentralized blockchain, lack
centralized ownership of data, control and decision-making from a single entity and,
as a result, it is often difficult, if not impossible, to pinpoint the constituent actor (i.e.
the single entity that will act as crypto-asset service provider and apply for
authorization). The logic of decentralized systems may not be compatible with an
obligation to incorporate a single legal entity as a crypto-asset service provider (e.g.,
the developer) and to register it with the EU Member State in which it is
headquartered. Non-European service providers that seek to market to EU clients
will also need to become legal entities resident in the EU and obtain authorization.
This exposes the market to a risk of offshoring, as the most innovative start-ups
might exclude EU customers and avoid the jurisdiction of EU Member States
38 R Lastra, J Allen, Virtual Currencies in the Eurosystem: Challenges Ahead (European
Parliament Study 2018) 8.
12
altogether. The experience with New York’s BitLicense Law can be a lesson for
trying to make crypto-assets local, because few other US States copied this
regulatory framework, and virtual currency businesses started moving out of the
Big Apple, blocking customers with IP addresses in New York39.
With this in mind, MiCA will likely have an adverse impact on decentralized
finance (DeFi), a small sub-industry that includes decentralised exchanges (DEXes)
like Uniswap. Users of DEXes trade digital assets using smart contracts, with no
central administrator or mechanisms of regulatory compliance. For this reason, and
because of the high price volatility and many instances of market manipulation and
investor fraud in this market segment, regulators have eyed DeFi with suspicion. At
the EU level, the requirement for legal presence in the territory of the EU under
MiCA will predictably hinder DeFi applications seeking out EU customers. MiCA’s
centralised model for placing liability with a single crypto-asset service provider
seems incompatible with the modus operandi of DeFi applications, which will
therefore need to adapt to the new regulatory model or resort to offshoring.40
39 J Southurst, ‘Industry Reactions to New York’s BitLicense Proposal’ (Coindesk,
18.05.2015 ); New York State Department of Financial Services, ‘NYDFS Releases
Proposed BitLicense Regulatory Framework for Virtual Currency Firms’ (NYDFS Press
release, 17.07.2014).
40 With regard to enforcement actions, neither the model of direct liability nor the model of
secondary liability (liability of validators, liquidity providers and end-users) ensures the
shutdown of the DeFi protocol. Indeed, once a smart contract-based protocol is
deployed, it is difficult to remove or shut down the smart contracts due to the tamper-
resistant nature of a blockchain […] users can still interact with the software, even if
developers [or other end-users] are held liable; A Wright, G DeWaal, The Growth and
Regulatory Challenges of Decentralized Finance (Commodity Futures Trading
Commission 2020).
13
Therefore, the concerns of the DeFi community that MiCA will increase uncertainty
for them are legitimate.41
In addition to the registration requirement, MiCA imposes capital
requirements,42 enhanced governance standards including probity standards for
members of issuers’ management bodies – mandatory procedures for handling
complaints and the obligation to segregate clients’ assets from a service provider’s
assets. Finally, the Regulation introduces strict IT requirements to address security
risks, such as hacks and digital heists, which are not a rare occurrence in crypto-
markets.43
Another key objective of the EU was to prevent potential market abuses,
insider dealings and market manipulation, such as pump-and-dump schemes in
crypto-markets.44 To this end, MiCA imposes obligations on crypto-asset service
providers, including the obligation to set up sound and adequate systems and
procedures for internal control and risk assessment. To ensure transparency and
investor protection, the issuers of crypto-assets are prohibited from misleading
market communication and will be required to publish a white paper with all
relevant information on the issuer, the project, the use of funds and the investors’
41 International Association for Trusted Blockchain Applications, Blockchain Ecosystem’s
Response to MiCA Regulation Proposal: Survey & Stakeholders’ Engagement Sessions
(INATBA 2021).
42 Basel Committee on Banking Supervision, Designing a prudential treatment for crypto-
assets (2019) Basel Committee Consultative Paper, 11 ff.
43 Self Key, A Comprehensive List of Cryptocurrency Exchange Hacks’ (Self Key 13.02.2020),
<https://selfkey.org/list-of-cryptocurrency-exchange-hacks/>
44 See for example, M La Morgia and others, Pump and Dumps in the Bitcoin Era: Real Time
Detection of Cryptocurrency Market Manipulations (2020 IEEE 29th International
Conference on Computer Communications and Networks)
<https://arxiv.org/abs/2005.06610>
14
rights, obligations and risks. These safeguards will, ultimately, facilitate the
mobilization of more private funds in the digital finance ecosystem and support
early-stage digital innovation by start-ups and small firms, which tend to have
difficulty accessing venture capital.45
The EU correctly opts for the creation of special rules that will apply to
stablecoins, such as Facebook’s project Diem (ex-Libra),46 to be used for payments
by retaining “a stable value relative to a specified asset, or a pool or basket of
assets”.47 A special regime is necessary, as these assets pose more serious regulatory
and oversight challenges, and they will soon be competing with bank payments,
credit cards and electronic wallets as means of payment in e-commerce.48 The
proposed Regulation opportunely introduces enhanced requirements for the more
systemic and significant stablecoins. In this context, the MiCA proposal distinguishes
between “significant e-money tokens” and “significant asset-referenced tokens”.
The difference is that the first category references a single currency, while the
second references multiple currencies, commodities, other crypto-assets or a
combination of such assets. Additional disclosure requirements for issuers of
45 D Nepelski, G Piroli, G De Prato, European start-up hotspots: An analysis based on VC-
backed companies(2016) EU Joint Research Centre, JRC Scientific and Policy Reports,
EUR 28021; P Gompers, J Lerner, The Venture Capital Revolution’ (2001) 15(2) Journal
of Economic Perspectives 145.
46 O Read, S Schäfer, ‘Libra Project: Regulators Act on Global Stablecoins’ (2020) 55(6)
Intereconomics 392; see also D Zetzsche, R Buckley, D Arner, Regulating Libra: The
Transformative Potential of Facebook’s Cryptocurrency and Possible Regulatory
Responses (2019) University of Hong Kong Faculty of Law Research Paper No 42.
47 D Arner, R Auer, J Frost, Stablecoins: Risks, Potential and Regulation (2020) Bank for
International Settlements, BIS Working Papers, No 905.
48 Financial Stability Board, Addressing the regulatory, supervisory and oversight challenges
raised by “global stablecoin” arrangements (FSB 2020).
15
stablecoins include disclosures on potential claims and conflict of interests and,
more importantly, disclosure of the stabilisation mechanism.49
In this context, the EU action is aligned with the international approach, as
determined by the G750 and the Financial Stability Board.51 In addition to this, the
new European framework grants holders of stablecoins some minimum rights, such
as a claim against the issuer. For example, in the case of e-money tokens, the
proposed Regulation adds up to the safeguards of the Electronic Money Directive,52
which translates into a one-to-one redemption right for the tokens. In the case of
asset-referenced tokens, the issuer needs to put liquidity arrangements in place
with the service providers trading these tokens, as well as arrangements to pay out
proceeds to the holders in case it stops its operations. Clearly, a major advantage of
the new system will be the “EU passport”, since authorization of a crypto-asset
service provider in one member state allows it to operate across the European
Single Market.
The landscape is clearer as far as mitigating the risks of money laundering is
concerned. Since the entry into force of the Fifth Anti-Money Laundering Directive
(AMLD 5)53 in January 2020, VASPs need to register as “obliged entities” in
49 Article 32 par. 4 of the MiCA proposal introduces detailed transparency requirements for
the composition and management of the reference assets (list of such assets, value,
allocation in the reserve, assessment of the risks, etc.).
50 G7 Working Group on Stablecoins, Investigating the Impact of Global Stablecoins (G7
2019).
51 Financial Stability Board, op. cit.
52 Directive 2009/110/EC of the European Parliament and of the Council of 16 September
2009 on the taking up, pursuit and prudential supervision of the business of electronic
money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing
Directive 2000/46/EC [2009] OJ L 267/7.
53 Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018
amending Directive (EU) 2015/849 on the prevention of the use of the financial system
16
accordance with the standards developed by the Financial Action Task Force.54 This
development has already pushed some players to relocate to jurisdictions with less
strict regulation.55 The EU Digital Finance Strategy goes beyond AMLD 5, as it covers
more service providers and imposes additional requirements beyond the scope of
AML/CFT. Nevertheless, this is a work in progress, and the EU is already working on
enhancements to AML requirements, with plans to overhaul the AML framework in
2021.
To ensure the compliance of issuers and service providers with MiCA
requirements, NCAs need to be designated and exercise supervision, while the
European Banking Authority (EBA) will supervise market participants in the case of
significant asset-referenced tokens. We argue that addressing supervisory
fragmentation should be a priority in cross-border cases. Involving the EBA is
necessary because some instruments are likelier to pose greater risks that extend to
several member states. In the case of cross-border activities, which are likely to
occur regularly, member states are required to designate a single point of contact.
Dual supervision by NCAs and the EBA is also provided in the case of significant e-
money tokens for additional requirements. This model of supervision gives an EU-
level supervisor joint responsibility for enforcement over certain types of activities.
for the purposes of money laundering or terrorist financing, and amending Directives
2009/138/EC and 2013/36/EU [2018] OJ L 156/43; G Pavlidis, ‘Asset Recovery in the
European Union: Implementing a “No Safe Haven” Strategy for Illicit Proceeds’ (2021)
Journal of Money Laundering Control, Vol. ahead-of-print
<https://doi.org/10.1108/JMLC-11-2020-0131>
54 Pavlidis (n 36).
55 F Teichmann, M-C Falker, Cryptocurrencies and Financial Crime: Solutions from
Liechtenstein’ (2020) Journal of Money Laundering Control, Vol. ahead-of-print No.
ahead-of-print.
17
The effectiveness of the regulatory framework depends on the coordinated
approach of EU members to prevent “regulatory shopping”.
IV. Ensuring that the System Won’t Fall to Pieces: An EU Regime for
Distributed Ledger Technology Market Infrastructures
Central securities depositories, central counterparty clearing houses and custodian
banks have expressed concerns that blockchain could disintermediate their roles,
although some of them already test blockchain solutions to stay ahead of the game.56
All financial services sectors are expected to gradually embrace digitalization, and,
as new digital financial instruments are developed, a new framework will be
required for market infrastructures for the trading and settlement of transactions
in such assets. As a first step to addressing this need, the EU plans to create a new
pilot regime that allows for derogations from existing rules on trading and the
settlement of transactions in financial instruments in crypto-asset form.57 The pilot
regime will allow regulators and businesses to gain experience by testing blockchain
solutions in market infrastructures and adapting them before scaling them up. The
new rules, included in one single legislative act, will apply to DLT securities
settlement systems and other market participants, such as multilateral trading
facilities and central securities depositories, that have already obtained
authorization and wish to extend their operation to DLT market infrastructures.
56 SWIFT, The impact of DLT on financial market infrastructures (2016) MI Forum
Magazine, November 2016.
57 Proposal for a Regulation of the European Parliament and of the Council on a pilot regime
for market infrastructures based on distributed ledger technology, COM (2020) 594
final.
18
Another key issue that the EU has had to address is digital operational
resilience. The recent proposal for a Digital Operational Resilience Act (DORA)58
aims to consolidate Information and Communications Technology (ICT) risk
requirements and introduce a common set of standards for the entire financial
sector. Financial firms hold huge volumes of personal and financial data, and they
are dependent on ICT for protection against cyberattacks and other disruptions.59
To prevent such events and the ensuing financial and reputational damage, market
participants must be equipped with well-developed and up-to-date ICT capabilities.
National financial supervisors in member states, as well as the European
Supervisory Authorities, have underlined the importance of such digital operational
resilience,60 defined as the ability of a firm to ensure “either directly or indirectly,
through the use of services of ICT third-party providers, the full range of ICT-related
capabilities needed to address the security of the network and information systems
[…] which support the continued provision of financial services and their quality”
(Article 3 DORA).
In this context, the EU must address the differentiation of rules between
financial services sectors, which remains an important issue in managing ICT risks.
Rules on operational resilience have been developed in the context of separate EU
58 Proposal for a Regulation of the European Parliament and of the Council on digital
operational resilience for the financial sector and amending Regulations (EC) No
1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014, COM (2020)
595 final.
59 A Nish, S Naumaan, The Cyber Threat Landscape: Confronting Challenges to the Financial
System (2019) Carnegie Endowment for International Peace, Cyber Policy Initiative
Working Paper No 3, 9.
60 See e.g. European Banking Authority, Guidelines on ICT and security risk management
(EBA/GL/2019/04 of 28 November 2019).
19
legislative initiatives over the past decade, but they partly address ICT risks and not
as a key issue. In addition to this sectoral approach, national regulations may
address specific aspects of digital operational resilience, but differences and
inconsistencies emerge.61 Ultimately, the fragmented legislative landscape on ICT
risks jeopardizes cross-border financial operations, which are habitual in the digital
ecosystem, while legal uncertainty increases the financial and administrative
burdens for compliance across multiple jurisdictions.
DORA sets the conditions for entities to be authorized to operate a DLT
market infrastructure. As not all entities are exposed to the same ICT risks, which
depend on business size and function, a one-size-fits-all approach would be
counterproductive.62 Requirements will have to be applied in a proportionate
manner, taking into account the specific risks. Under DORA, financial entities need
to identify ICT risk on a continuous basis and minimize it by maintaining resilient
ICT systems, setting up prevention measures, operational continuity policies and
recovery plans and periodically testing operational resilience. If financial firms
depend on third-party service providers for their ICT services, they are required to
monitor ICT third-party risk. Critical ICT third-party service providers are subject
to a harmonized oversight framework at the EU level, in which the European
Supervisory Authorities operate as lead overseers and national supervisors ensure
enforcement.
61 Deloitte, Cyber Risk and Regulation in Europe (EMEA Center for Regulatory Strategy 2018)
4.
62 ESMA (n 34) 4.
20
Streamlining the process of reporting ICT incidents is another major
improvement of the new framework. Financial firms will be required to report
anomalous activities and ICT-related incidents to NCAs, which will provide feedback
and guidance and share cyber threat warnings and intelligence with other
institutions or authorities under the Directive on security of network and
information systems (NIS Directive).63 This will give national authorities and the
European Supervisory Authorities a better overview of the frequency and impact of
major cyber threats and ICT-related disruptions that could propagate throughout
the financial sector and threaten the EU Single Market. Clearly, convergence in
incident reporting would be beneficial,64 while an EU hub for such reporting would
further streamline the process. The European Supervisory Authorities, the ECB and
the European Union Agency for Cybersecurity (ENISA) are currently working
towards this idea and will report on the feasibility of such an EU-wide mechanism.
V. The Way Forward
Unlocking the potential of digital innovation will lead to additional and better
financial products for consumers, improving financial inclusion and financing of
businesses. It will also support the implementation and digital aspect of the EU’s
63 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016
concerning measures for a high common level of security of network and information
systems across the Union [2016] OJ L 194/1; see also Council Directive 2008/114/EC of
8 December 2008 on the identification and designation of European critical
infrastructures and the assessment of the need to improve their protection [2008] OJ L
345/75.
64 Centre for European Policy Studies and European Credit Research Institute Task Force,
Cybersecurity in Finance Getting the policy mix right (CEPS-ECRI Task Force 2018) 10
ff.
21
ambitious Green Deal65 and the Capital Markets Union (CMU), since “the strategies
on the CMU, sustainable finance, digital finance and SMEs are all mutually
reinforcing”.66
The philosophy behind the EU Digital Finance Strategy is innovation-friendly,
although MiCA in particular may have an adverse effect on certain small segments
of the crypto-ecosystem, such as DeFi. MiCA promises to increase enforceability and
legitimacy while mitigating the risks to financial stability, market integrity and
consumer protection by pinpointing constituent actors of crypto-assets and
establishing a point of reference in the EU. In this context, MiCA, DORA and other EU
initiatives should consider the principle of same activity, same risk, same rules,
same supervision to ensure a level playing field between market participants.67 In
addition, the EU must ensure that follow-up regulations, guidelines and
standardization processes include SMEs and start-ups, which deliver many
innovative digital products and services to the market but may lack the necessary
technological and financial resources, expertise and absorptive capacity in the face
of evolving regulations.68
The final question is whether EU norm-building processes can keep pace
with technological and market developments, given that the development of policies
65 European Commission, The European Green Deal COM (2019) 640 final.
66 European Commission, ‘A Capital Markets Union for people and businesses-new action
plan’, COM (2020) 590 final, section I.2.
67 European Central Bank, ESCB/European banking supervision response to the European
Commission’s public consultation on a new digital finance strategy for Europe/FinTech
action plan (ECB 2020) 10; see also A Enria, Chair of the Supervisory Board of the ECB,
A Binary Future? How Digitalisation Might Change Banking (Speech at De
Nederlandsche Bank, Amsterdam, 11 March 2019).
68 Nepelski (n 3) 51; H de Vries and others, SME Access to European Standardization
(Rotterdam School of Management, Erasmus University 2009).
22
and legislation at the EU level typically follows multi-year gestation cycles.69 To
mention one example, seven years have elapsed from the initial design of the EU
Payment Services Directive 2 until its entry into force.70 While the EU Digital Finance
Strategy may currently be an advanced and comprehensive framework, compared
to domestic approaches already in place in some EU member states and third
countries, it has to be viewed as a challenging work in progress. From the moment
the proposed instruments of the EU Digital Finance Strategy are adopted, a new race
against the clock will begin. The EU must be ready to adapt this framework to future
developments and risks in the digital finance ecosystem, updating it constantly to
prevent it from becoming obsolete.
69 IIF / Deloitte (n 24) 4.
70 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November
2015 on payment services in the internal market, amending Directives 2002/65/EC,
2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing
Directive 2007/64/EC [2015] OJ L 337/35.
Conference Paper
Full-text available
his contribution aims to discuss recent regulatory initiatives concerning crypto-assets and to analyse the development on the market of crypto assets with reac- tions made by regulators. During the Covid-19 pandemic the financial markets, espe- cially crypto assets experienced unprecedented volatility. The economic uncertainty and dynamic rise of crypto assets together with retail investors’ higher attention forced reg- ulators to react. Based on the latest market development the contribution shall discuss key elements of the proposal for a regulation on market in crypto assets. After descriptive analysis of the legislative proposals, the weaknesses should be analyses aiming to identify key problematic issues and potential consequences of the proposal. The critical discus- sion should justify the need for regulations to draw attention to aspects that shall be re- vised during the legislative process. Special attention is paid to the regulation in the EU and implications for the Czech Republic.
Proposal for a Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector and amending
Proposal for a Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014, COM (2020) 595 final.
The Cyber Threat Landscape: Confronting Challenges to the Financial System' (2019) Carnegie Endowment for International Peace
  • A Nish
  • Naumaan
A Nish, S Naumaan, 'The Cyber Threat Landscape: Confronting Challenges to the Financial System' (2019) Carnegie Endowment for International Peace, Cyber Policy Initiative Working Paper No 3, 9.
3) 51; H de Vries and others
  • Nepelski
Nepelski (n 3) 51; H de Vries and others, SME Access to European Standardization (Rotterdam School of Management, Erasmus University 2009).
/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives
  • Directive
Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC [2015] OJ L 337/35.