Skip to main content

The MiCAR and Travel Rule Regulation Flight has now taken off! Will the flight be a turbulent one with a smooth touchdown?

by: Dr. Justine Scerri Herrera

Dr.Justine Scerri Herrera is a Managing Partner at MK Fintech Partners which Maltese entity that forms part of the Top Tier International ‘Michael Kyprianou’ group. Incidentally, MK is top-ranked in The Legal 500 and according to Gold Magazine is the 3rd Largest in size in Cyprus. Globally, the MK group has 10 offices in 12 Jurisdictions! Justine set up a Fintech and Crypto arm in Malta for the MK group in 2018, obtained a Virtual Financial Assets license and doubled revenues in her second year which is when she became partner and shareholder. Her areas of expertise include Fintech, Blockchain, Crypto, and investments sectors. Notably, Justine used to form part of Malta’s Digital Think Thank (Taskforce set up by the Maltese Government) and was recently nominated to be on the VFA Executive Committee which is part of the Malta Chamber of Commerce. Justine is also a true academic at heart and in her spare time often publishes research and speaks at events worldwide. Her favourite quote is ‘knowledge is power’. 


The Beautiful Arrival of EU Cryptocurrencies Regulation

Anyone who is directly or indirectly involved or remotely interested in the world of Cryptocurrencies has heard of the Markets in Crypto Assets Regulation (MICAR) by now. In short, MICAR aims to bring regulatory certainty and harmonisation in Europe by regulating Issuers and Crypto Asset Service Providers (CASPs) who wish to offer their services in Europe. This will result in CASPs and Issuers being able to passport their services across Europe, once authorised or registered in a chosen Member State. Notably, MiCAR is a direct regulation and not a directive. The raison d’etre for this is to leave out any room for potential regulatory arbitrage (although this will happen in other forms as I will briefly touch up on a bit later). 

Overall, MiCAR is a grandiose step forward for Europe, however, I believe that we will witness some turbulence in the next couple of years till the regulation is fully implemented and effective across Europe. Why? 

Firstly, several sections in MiCAR refer to Regulatory Technical Standards (RTSs), most of which should be published within 12-18 months of MiCAR. In fact, we have recently seen the first publications of consultation papers relating to various aspects of these RTSs published by the European Securities and Markets Authority (ESMA). Now let’s talk timeframes! Member states have up to 12 months to implement MiCAR, Stablecoin issuers (EMTs and ARTs) have 12 months to get authorised, and CASPs have 18 months to get authorised. Transposing MiCAR or applying for authorisation in a member state, in parallel to awaiting the final publication of all the RTSs will undoubtedly create some interim confusion across EU regulators and operators. ESMA has recognised the effect of the varying timelines, and to counteract this has come up with several forums and has ongoing consultations with National Competent Authorities (NCAs). Despite this, I foresee that the interim periods for implementation and transition will not be one smooth sailing during these pending uncertainties (mostly stemming from awaiting the publication of the RTSs).

Regulatory Arbitrage? 

Although the light at the end of the tunnel is harmonisation, some member states will implement MiCAR before others, some member states will implement transitional measures that the Regulation allows for, such as ‘grand-fathering’ or ‘simplified authorisation procedure’, and some regulators of certain member states who already had similar legislation to MiCAR in place will have a competitive advantage over other regulators/jurisdictions, who either had no framework in place or just had/have AML registration. Although MiCAR is largely modeled on MIFID (a European Union law that standardizes regulations for investment services across all EU member states), at the end of the day it is still a new piece of legislation which will take some time to understand and implement before taking full effect. 

In terms of those jurisdictions who have a competitive edge over others, in my view Malta and France are proving to be clear market leaders. Both jurisdictions already had clear working legal frameworks in place, which frameworks are very close to MiCAR, and this for quite some time before MiCAR entered into force. Therefore, understandably there will be much more ease and friendliness in those jurisdictions over others. More ease, not only when it comes to transposing/aligning with the Regulation, but also when it comes to timeframes in granting authorisations and registrations. 

Background: Malta had a fully-fledged regulatory framework titled ‘the Virtual Financial Assets (VFA) Framework from November 2018. The framework was largely influenced by MIFID II and is very close to the MiCAR text. In May 2019, France followed suit and regulated Digital Asset Service Providers (‘DASPs’) under a framework that is very similar to Malta, with the difference of creating a ‘voluntary registration regime’ and an ‘obligatory registration regime. Most of the Top players are regulated in either France or Malta. Malta currently regulates,, OKCoin and Stasis. France is also home to several Crypto Giants such as Circle and Binance. 

What is the Global Impact of MiCAR?

As mentioned above, if any operator would like to offer or market their services in Europe, they must get licensed or registered in an EU member state. MiCAR does recognise the concept of ‘Reverse Solicitation’ however this exemption is based on the premise that the product or service is marketed at the client´s own exclusive initiative and can only be applied to the specific crypto-asset service requested. 

Whether or not MiCAR will set global standards will boil down to the practical implementation of the regulation. The proof is in the pudding and the journey begins now. If the regulation proves to be a workable practical piece of legislation, other jurisdictions and regulators alike may follow suit. If not, other countries will choose a different route. For this reason, it is advisable for all stakeholders with a keen interest to see the regulation succeed, to participate in the different consultation papers on Regulatory Technical Standards being rolled out in the next 12-18 months by EU authorities such as ESMA and the EBA (European Banking Authority). This is the industry’s chance to provide their valuable contribution and aid in actively shaping the future regulation of cryptocurrencies.

Although MiCAR is a great first step forward for regulation, I do believe that there is room for improvement, and this is where other jurisdictions could step in and flourish. For example, when it comes to stablecoin issuers, MiCAR sets criteria for deeming a stablecoin to be ‘significant’. Once a token is deemed significant, the authorities will impose stricter unfriendly requirements on capital, reserve of assets, supervision and more. Furthermore, authorities could force stablecoin issuers to conduct an ‘orderly winding down’ plan if they deem that they pose a threat to ‘financial stability’. (i.e if they pose a threat to the monopoly of money). 

When is a stablecoin deemed significant? If the total market cap exceeds 1 billion or if the number and value of transactions exceeds 500 transactions per day or 100 million per day respectively. To give you some context, in the last 24 hours (24.08.23), Tether USDt (which under MiCAR would classify as an EMT) had a trading volume of 11 Billion and has a Market Cap of 82 Billion. 

Many have criticized the EU for this move, because stablecoins are intended to be global in nature and use so limiting the size of their issuance is counterproductive. This could impact the global use of a stablecoin issued from Europe. Consequently, this may result in smart structuring. For example, a stablecoin issuer could launch from Europe under MiCAR to cater for EU citizens and then launch another stablecoin which can be truly global from another jurisdiction such as Switzerland or Singapore or now the UK (which incidentally are all international financial hubs) if they have friendlier stablecoin regulation.

The Travel Rule!

Along with adopting MiCAR, the EU also adopted the Travel Rule Regulation. Essentially, the travel rule requires CASPS to collect and verify certain information about the sender and beneficiary of the transfers of crypto-assets they carry out. This rule brings ‘self-hosted wallets in scope’ and means that if a self-hosted wallet owner sends or receives more than EUR 1000 to or from their own wallet using a regulated CASP, the CASP will need to collect proof that the customer controls the self-hosted wallet. 

Although DeFi is ‘excluded’ from MiCAR (for now), as a byproduct of the Travel Rule Regulation, if self-hosted wallets want to interact with CASPs they will need to make some modifications. This could be done by for example integrating a KYC player through an API or through embedded concepts such as ‘Address Ownership Proof Protocol (AOPP). However, this is easier said than done! What do I mean? Case in point: When Trezor tried implementing the AOPP, they received major backlash from the community over certain valid privacy concerns. Privacy concerns arise from potential hacks or data breaches which could result in exposing a user’s entire financial history as opposed to just specific transaction data. This due to the nature of the Blockchain. Consequently, following this uproar from the Community, Trezor removed the AOPP feature [ ].

It will be interesting to see:

(1) what innovative solutions will be created that will address both the new regulation as well as privacy concerns [ such as the solution by Trisa:

(2) which self-hosted wallets will implement such solutions in spite of any backlash received from users [ I do not know of any major cold wallet providers who have implemented such solutions so please tell me if you know any

(3) if in the meantime we will see a divide between pure DeFi and regulated CASPs due to certain DeFi players and users not wanting to comply [I believe this divide will last until the Travel Rule for virtual assets comes into effect on December 30, 2024. After this date wallet providers will not be able to interact with the main regulated CASPs anymore. Consequently, from a user perspective, as a norm, living in pure DeFi with few reliable cash out options will prove to become too difficult and impractical]. A cultural shift (at least for users and operators in EU, UK, and Switzerland) is inevitable for CASPs to be able to interact with DeFi, however cultural shifts take time. 

In Conclusion

Regulation in Europe has indeed arrived with a bang! However, the effect of the new regulation is still to be felt and this not without some good old turbulence as explained above. Turbulence mainly stemming from awaiting regulatory clarity from authorities (RTSs) and various Member States who still need to push the gas on MiCAR transposition and implementation! Operators and Issuers can undoubtedly ease their regulatory journey with some proper education, acting fast within the stipulated transitionary periods and most importantly by choosing the right jurisdiction to operate and hub from. In the meantime, buckle up your seatbelts and enjoy the ride. Even though the landing may not be a soft one it will be a successful one and that’s what counts!

All opinions expressed by the writers are solely their current opinions and do not reflect the views of, TET Events.