Am I A Crypto-Asset Service Provider And If Yes, How Many?
November 15, 2021 (Updated version of an article previously published in German on kryptorecht.xyz)
Last updated
Was this helpful?
November 15, 2021 (Updated version of an article previously published in German on kryptorecht.xyz)
Last updated
Was this helpful?
Crypto-asset service providers, along with issuers, are the primary subjects of MiCA.
The definitions of relevant crypto-asset services closely resemble those of traditional financial
Crypto-asset service providers require regulatory approval and must be based in the EU. In addition to financial and organizational obligations, they must comply with customer due diligence requirements to combat money laundering.
For certain business activities in the crypto sector, it remains unclear whether they will be considered crypto-asset services under MiCA. This includes activities related to decentralized finance (DeFi) applications, such as:
Managing private keys,
Providing user interfaces,
Providing liquidity,
Collecting fees, or
Performing specific roles or functions in DeFi protocols.
The Financial Action Task Force refers to them as Virtual Asset Service Providers, or VASPs. The EU, in MiCA (Markets in Crypto-assets Regulation), calls them Crypto-Asset Service Providers, or CASPs.
Crypto-asset service providers are a significant focus of both financial market and anti-money laundering crypto regulation in the EU. They are given a separate section () in MiCA. In addition to the licensing requirement, there are numerous organisational, capital, and operational requirements for providing crypto-asset services. The respective national authorities will have the power to:
Prohibit the provision of crypto services if they determine that MiCA has been violated,
Publicly announce that a CASP is not meeting its obligations, and
In urgent cases, order the immediate cessation of activities without prior warning if there is reason to believe that crypto services are being provided without authorisation.
For business activities in the crypto sector, particularly in the context of decentralised finance (DeFi) applications, it will be important in the future to assess whether these activities will fall under the regulated crypto services.
Since compliance with anti-money laundering customer due diligence requirements is difficult, if not impossible, when using DeFi applications, classifying a market participant as a CASP could potentially prohibit commercial interaction with such protocols. This article will discuss possible borderline cases that arise when developing and interacting with DeFi applications and identify the risk areas.
It should be noted that these are largely new legal and interpretative issues. Therefore, the following can only be a preliminary assessment, and we welcome criticism, suggestions, and feedback.
a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59.
Without knowing the definition of crypto-asset services, this part of the definition is not particularly intuitive. However, some important points emerge:
First, crypto-asset service providers can be natural or legal persons. The lack of corporate structures does not protect against regulation, as expected.
Moreover, the provision of crypto services must be commercial in individual cases. This is likely to be the case if the activity is carried out for a fee or, if the charging of fees is not permitted, is otherwise carried out with the intent to make a profit. Occasional favors for close relatives, such as family members, are likely not covered.
Now let's look at the individual regulated activities.
(a) providing custody and administration of crypto-assets on behalf of clients;
(b) operation of a trading platform for crypto-assets;
(c) exchange of crypto-assets for funds;
(d) exchange of crypto-assets for other crypto-assets;
(e) execution of orders for crypto-assets on behalf of clients;
(f) placing of crypto-assets;
(g) reception and transmission of orders for crypto-assets on behalf of clients;
(h) providing advice on crypto-assets;
(i) providing portfolio management on crypto-assets;
(j) providing transfer services for crypto-assets on behalf of clients;
Let's take a closer look at the services individually.
the safekeeping or controlling, on behalf of clients, of crypto-assets or of the means of access to such crypto-assets, where applicable in the form of private cryptographic keys.
In decentralised finance applications that hold, manage, and reuse users' cryptocurrencies through smart contracts, this provision is relevant at least when a person or group of persons has a private key (often called an "admin key") that can control the protocol's users' cryptocurrencies. At first glance, this is not a truly decentralized finance application. However, the possibility of such admin key intervention by the developers of a protocol is often considered necessary and accepted or even desired by users, for example, in the event of a malfunction or a hack or exploit.
Many projects publish a roadmap that outlines how this existing admin access will be gradually reduced or decentralised as the project matures. However, even then, it is questionable whether the management of admin keys, for example, through a multi-signature wallet where three out of five key holders must approve an interaction with the admin key, constitutes a group of persons that should be classified as a provider of crypto services. In this case, there is a risk for the admin key managers of such a protocol if they also operate a user interface or otherwise indicate a willingness to act for third parties. Whether separating the management of admin keys and the management of the user interface ultimately excludes this crypto service is not universally applicable.
This provision is also likely to be relevant for wallet software where the source code is not viewable. In these cases, it is not always possible to verify whether the wallet provider has access to the private keys generated by the software or whether these keys are properly generated locally in the software.
the management of one or more multilateral systems, which bring together or facilitate the bringing together of multiple third-party purchasing and selling interests in crypto-assets, in the system and in accordance with its rules, in a way that results in a contract, either by exchanging crypto-assets for funds or by the exchange of crypto-assets for other crypto-assets.
The definition essentially consists of:
Management,
of a trading platform that brings together the interests of a multitude of third parties,
resulting in a contract.
This definition is very similar to the definitions of "trading venues" (regulated market, MTF, OTF) under MiFID II. However, it does not correspond to the definition of a "multilateral system" under MiFID II, as the multilateral system does not require a contract to be concluded.
Another form of DEX is, for example, decentralised order books.
Undoubtedly, all forms of DEX are trading platforms that bring together the interests of a multitude of third parties. That is why these systems were put into operation.
However, a more in-depth legal analysis is needed to determine whether this aggregation of interests always leads to a contract conclusion in the sense of the definition in MiCA. In the case of AMM, this may be less likely due to the lack of clear allocation of liquidity to specific trades than in order book models, where supply and demand are more classically matched. However, this civil law analysis seems pointless and hardly useful, as there is no uniform civil law concept of a contract in the EU. In case of doubt, the concept of contract conclusion will have to be interpreted broadly, at least from a regulatory perspective.
In practice, it will be much more decisive whether a person or group of persons manages the trading platform. Only the manager can be considered the provider of this crypto service. This would require some form of intervention in the process, even if it is only activation and deactivation. This may be lacking if the trading platform system is fully executed through smart contracts whose parameters are immutable and unstoppable. This is conceivable, especially with AMM. In the case of decentralised order books, depending on the design, roles may be possible that come close to a management activity, especially if the order books are partially executed "off-chain" and controlled by a specific person or group of persons.
However, it seems far-fetched to assume that merely providing the system on a smart contract-capable blockchain network constitutes the activity of "managing" a trading platform. This conclusion would only be reached if the term "trading platform" were not understood purely technologically but functionally and also applied to the user interface. A user interface, for example, a web app that enables interaction with a DEX protocol, could then be considered "management" of the trading platform. For example, the manager of the user interface could switch the referenced smart contracts to a new version. However, this broad, functional understanding of the term "trading platform" is contradicted not only by the literal wording but also by the result of this interpretation: it would lead to other roles in the blockchain network ecosystem, such as providers of block explorers and published node interfaces, also being considered operators of a trading platform simply because they enable interaction with the relevant smart contracts.
According to Article 3(1)(19) of MiCA, the "exchange of cryptocurrencies for fiat currencies" means:
the conclusion of purchase or sale contracts concerning crypto-assets with clients for funds by using proprietary capital;
the conclusion of purchase or sale contracts concerning crypto-assets with clients for other crypto-assets by using proprietary capital.
In addition to classic crypto exchanges, this provision also applies to DEX, as discussed above. However, in this case, the focus is not on the operation and management of the trading platform but on the exchange activity itself. It is unclear whether the provision of liquidity on AMM falls under this provision. The provision of liquidity in a trading pair of two different (or more) cryptocurrencies on an AMM could be interpreted as an exchange offer using own capital.
In this case, it would be crucial to determine whether a "conclusion of contracts" in the sense of the regulation occurs. The provision of liquidity is carried out by transferring the cryptocurrencies to the smart contract of the DEX. In return, the user receives other cryptocurrencies that represent the user's share of the total liquidity of the trading pair in the smart contract (LP tokens).
Instead, it is likely that the user, when transferring the liquidity to the smart contract, only intends to generate and receive the LP token to use it further or redeem it at a later time. To do so, the user factually relinquishes control over the cryptocurrencies of the trading pair without contracting with a contractual partner. However, since the concept of a contract is not harmonized and, as mentioned earlier, a broad, regulatory concept of a contract may need to be applied, there is at least uncertainty for liquidity providers in this regard.
In practice, the status as a provider of crypto services will likely not apply if the activity is not commercial. However, this can be difficult to assess in individual cases. It is also unclear how the criterion "using own capital" interacts with the criterion "for third parties." There is room for the argument that liquidity providers are only covered by this crypto service if they provide liquidity as market makers on behalf of a third party, for example, to stabilize prices, and not when they do so out of self-interest.
means the conclusion of agreements, on behalf of clients, to purchase or sell one or more crypto-assets or the subscription on behalf of clients for one or more crypto-assets, and includes the conclusion of contracts to sell crypto-assets at the moment of their offer to the public or admission to trading.
This involves intermediaries who coordinate the execution and representation in a trading transaction with relevant factors such as price, costs, speed, probability of execution and settlement, scope, and type of order execution, or who receive specific instructions from their customers in this regard. A decentralised finance application that reflects this process (outside of the scenarios already discussed above under item 2 under the term "trading platform") is not currently apparent.
the marketing, on behalf of or for the account of the offeror or a party related to the offeror, of crypto-assets to purchasers;
This activity covers marketing activities that are not carried out by the issuer itself. The term "marketing" is not further defined.
According to Article 3(1)(16) of MiCA, the "receipt and transmission of orders for cryptocurrencies for third parties" means:
the reception from a person of an order to purchase or sell one or more crypto-assets or to subscribe for one or more crypto-assets and the transmission of that order to a third party for execution.
This provision covers the transmission of customer orders for execution, for example, via a trading platform for cryptocurrencies or to another provider of crypto-asset services. It covers the mere transmission activity. A decentralised finance application that reflects this process (outside of the scenarios already discussed above under item 2 under the term "trading platform") is not currently apparent.
According to Article 3(1)(17) of MiCA, "advice on cryptocurrencies" means:
offering, giving or agreeing to give personalised recommendations to a client, either at the client’s request or on the initiative of the crypto-asset service provider providing the advice, in respect of one or more transactions relating to crypto-assets, or the use of crypto-asset services;
Similar to traditional investment advice, the provision of recommendations regarding the purchase or sale of one or more cryptocurrencies or the use of crypto services is also regulated. Due to the requirements "personalised" the mere presentation of a user interface for interaction with decentralised finance applications is generally not covered by this provision.
It remains to be seen whether and how the existing definitions in MiCA will change. After MiCA comes into force, it will also become clear whether the EU Commission will use its authority to issue delegated acts to further develop the definitions. The Commission will be able to determine technical aspects of the definitions and ensure that these definitions are adapted to market developments and technological advancements.
Additionally, under the , CASPs will be included among the entities subject to anti-money laundering obligations.
According to (15) of MiCA, a "provider of crypto services" is:
Additionally, the services must constitute a professional or commercial activity of the person. There do not appear to be significant differences between the terms "occupation" and "business." The decisive factor is likely to be the intent to make a profit. In the absence of other sources, the BaFin's interpretation of the term "commercial" in the context of financial services under the German Banking Act (KWG) could initially be used as a benchmark. According to this interpretation, a business is operated on a commercial basis if it is intended to be operated for a certain duration and is pursued with the intent to make a profit (see Section 1.1 ). Interestingly, the definition of CASP in MiCA lacks a catch-all provision that applies not only when a commercially organised business operation actually exists but also when the business operations are of such a scale that a commercial organisation is objectively required. Therefore, only the actual effort expended seems to be relevant to the professional or commercial nature of the service under MiCA.
Furthermore, a person is only considered a provider of crypto services if they provide these services to third parties. Initially, it makes sense to look at the BaFin's interpretation of the similar term "for others" in the context of crypto custody under the KWG. In its guidance on crypto custody, BaFin states that a third party is any person or group of persons other than the company itself (see Section 2 ). To the extent that this interpretation can be applied, which is currently assumed, open representation (e.g., in contract negotiations), provision by the owner in relation to their own company or by dependent employees, or provision by other partners in the context of a genuine partnership, is not covered by the definition.
According to of MiCA, the following services and activities related to cryptocurrencies are defined as "crypto services":
The similarity to financial services is evident in that, according to of MiCA, crypto-asset services provided by investment firms under MiFID II are largely exempt from the application of MiCA and are instead subject to the corresponding investment services in Annex I of MiFID II.
According to of MiCA, "custody and administration of cryptocurrencies for third parties" means:
Initially, the definition of the terms "administration and custody" as "safekeeping or control" does not seem particularly helpful. However, this definition becomes useful through the reference to cryptographic keys, although it is not very technology-neutral. In practice, this provision is likely to fully correspond to the concept of crypto custody under the KWG, to which the BaFin has published a detailed . Differences in the regulatory concept may arise only from the different definitions of cryptocurrencies in MiCA and the KWG. The definition of cryptocurrencies is significantly broader in the current draft of MiCA than in the KWG. However, this point will not be discussed further here.
According to of MiCA, the "operation of a trading platform for cryptocurrencies" means:
In the context of decentralised finance applications, there are various forms of "decentralised exchanges" (DEX) that may be associated with this crypto service, in addition to traditional crypto exchanges. "Automated market makers" (AMM) are a subcategory of DEX where users (liquidity providers) can provide cryptocurrencies to liquidity pools. The liquidity pools are managed by smart contracts, and any user can exchange cryptocurrencies against these liquidity pools. The prices are automatically generated by the protocol. There is no order book in this basic configuration. For a more in-depth understanding of how AMM works, see this .
This activity involves the handling of funds and thus mainly applies to classic crypto exchanges. The exchange e-money tokens is also covered by this provision, as they are defined as e-money () which in turn is covered by the definition of 'funds' in MiCA. However, for the sake of simplicity, the relevance for decentralised finance applications is furthered discussed in the next section under crypto-to-crypto exchange.
According to of MiCA, the "exchange of crypto-assets for other crypto-assets" means:
Even under German civil law, it is generally conceivable (see, for example, the discussions on anonymous contract conclusions in Möslein/Kaulartz/Rennig, ) that the user makes a binding declaration of intent when transferring the cryptocurrencies to the liquidity pool of the AMM, which covers all future interactions of third parties with the smart contract and the cryptocurrencies contained therein, leading to a contract conclusion in each case. However, it is not immediately apparent that the user makes a binding declaration of intent that encompasses all future interactions of third parties with the smart contract and the cryptocurrencies contained therein, leading to a contract conclusion in each case. It would also be cumbersome to clarify with which LP the respective interested party concludes the contract. In this case, malicious interactions that exploit errors in the code would also be contractually covered. A corresponding interpretation of this transfer of cryptocurrencies to the liquidity pool as a tacit declaration of intent that applies only to certain, foreseeable, and "fair" interactions of third parties with the liquidity in the smart contracts also does not seem practical.
According to of MiCA, the "execution of orders for cryptocurrencies for third parties" means:
According to of MiCA, the "placing of cryptocurrencies" means:
Against this background, it is particularly important to follow the statements and recommendations of the . It is expected that the Commission's decisions will generally follow the FATF's approach. This means that the question of whether an activity falls under the regulated crypto services will largely depend on the (conscious or unconscious) lack of decentralization of the relevant infrastructure (see, for example, paragraph 66 ).