ARTICLE
7 October 2024

Ireland As A Location For Crypto Asset Service Providers 2024

Regulation (EU) 2023/1114 on Markets in Crypto-Assets ("MiCA") was published in the Official Journal of the European Union in June 2023. It became applicable to issuers of asset referenced tokens...
Ireland Technology

Regulation (EU) 2023/1114 on Markets in Crypto-Assets ("MiCA") was published in the Official Journal of the European Union in June 2023. It became applicable to issuers of asset referenced tokens and electronic money tokens in June 2024 and will become applicable to providers of crypto asset services on 30 December 2024.

MiCA brings crypto assets under a pan-EU regulatory framework that seeks to ensure increased transparency, investor protection and financial stability. It prescribes uniform requirements for the offering and admitting to trading of crypto-assets and for crypto-asset service providers ("CASPs"). These rules include transparency and disclosure requirements, authorisation and supervision requirements, requirements for the protection of holders of crypto-assets and the clients of CASPs, and measures to prevent market abuse such as insider dealing or market manipulation.

Under MiCA, CASPs will require authorisation from a competent authority before providing crypto asset services in the EU. In Ireland, this will mean that those wishing to provide crypto-asset services will be required to apply to the Central Bank of Ireland (the "CBI") for authorisation as a CASP.

Impact on the Virtual Asset Service Provider ("VASP") Regime

Since 2021, providers of virtual asset services in Ireland are designated persons under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 and are required to register with the CBI for the purposes of the general Anti-Money Laundering and Countering the Financing of Terrorism ("AML/CFT") obligations.

MiCA establishes a more comprehensive financial services regulatory framework than the current VASP regime. Therefore, while there are similarities between virtual asset services and crypto asset services, where an entity is providing crypto asset services from 30 December 2024, they will require authorisation as a CASP.

In terms of transitional arrangements under MiCA, an existing Irish VASP will not have passporting rights to offer its services in other jurisdictions and will not be able to passport its services until it receives authorisation as a CASP. Furthermore, there will not be a simplified authorisation procedure for VASPs seeking to become a CASP.

Scope of MiCA

Crypto-Assets

MiCA applies to crypto-assets which are defined as "a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology"1. MiCA further defines a distributed ledger as "an information repository that keeps records of transactions and that is shared across, and synchronised between, a set of DLT network nodes using a consensus mechanism"2.

MiCA sets out three types of crypto-asset:

  • Electronic money tokens ("EMTs"), which usually link to a single fiat currency (such as the Euro or US Dollar);
  • Asset-referenced tokens ("ARTs"), which are a type of crypto-asset that is not an EMT and that purports to maintain a stable value by referencing another value, including one or more official currencies; and
  • Crypto-assets other than EMTs or ARTs, such as utility tokens. Usually these are used to provide access to goods or services supplied by the issuer of the utility tokens.

EMTs and ARTs are sometimes together known as stablecoins. MiCA sets out specific requirements in respect of EMTs and ARTs, as they may have an impact on financial stability. Further information relating to these different types of crypto-assets can be found in our briefing here.

MiCA does not apply to crypto-assets that "are unique and not fungible with other crypto-assets", i.e. non-fungible tokens ("NFTs") or to crypto-assets that also qualify as one or more of:

  • financial instruments as defined in MiFID II3;
  • deposits, including structured deposits, as defined in the Deposit Guarantee Scheme Directive4;
  • funds, except if they qualify as e-money tokens, as defined in the Payment Services Directive (PSD2)5;
  • securitisation positions;
  • non-life or life insurance products or reinsurance and retrocession contracts; or
  • certain pension products, social security schemes and officially recognised occupational pension schemes.

Crypto-asset services

A crypto-asset service means any one of a list of services and activities relating to crypto-assets6:

  • providing custody and administration of crypto-assets on behalf of clients;
  • operation of a trading platform for crypto-assets;
  • exchange of crypto-assets for funds;
  • exchange of crypto-assets for other crypto-assets;
  • execution of orders for crypto-assets on behalf of clients;
  • placing of crypto-assets;
  • reception and transmission of orders for crypto-assets on behalf of clients;
  • providing advice on crypto-assets;
  • providing portfolio management on crypto-assets;
  • providing transfer services for crypto-assets on behalf of clients.

Why firms choose to be authorised in Ireland

Ireland is well positioned to take advantage of the opportunities in this developing sector.

Ireland is home to a substantial number of crypto firms, some home-grown and others drawn to Ireland by its active and thriving FinTech Sector.

Aside from Ireland's position as a FinTech hub, there are a number of advantages to operating in Ireland, including:

  • a strong regulatory framework with a credible and experienced regulator, the CBI;
  • the ability to engage with the CBI through its Innovation Hub;
  • a favourable tax regime, due to a combination of a 12.5% standard corporate tax rate and an exceptionally extensive and comprehensive set of double tax agreements; and
  • access to a sophisticated financial services ecosystem with a deep pool of staff, managers, professional advisers and service providers including not only native English speakers but a sizeable international population.

CBI Authorisation Process

At the time of writing, the finalised application documents to apply for authorisation as a CASP in Ireland have yet to be finalised. However, these are due to be published shortly. The CBI has provided information on the process and its expectations of CASPs and is willing to meet with prospective applicants, meaning that work can commence on the authorisation process.

The CASP authorisation process in Ireland consists of two phases: (1) a pre-application engagement phase and (2) the formal application phase. The CBI has opened the pre-application engagement phase and firms are encouraged to reach out to the CBI to begin the authorisation process.

The CBI has stated that in general, based on its experience, the best-prepared firms, willing to engage transparently in the authorisation process, proceed through the process more efficiently.

Pre-Application Engagement Phase

As noted above, the CBI has commenced liaising with firms seeking to be authorised as a CASP in Ireland in an early engagement capacity, both via the CBI Innovation Hub here for non-regulated firms, and via a firm's usual CBI point of contact for firms already regulated by the CBI (for example, the CBI's VASP team).

This stage of the pre-application engagement phase involves an introduction meeting during which the entity will present on their business model and the CBI presents on its authorisation and supervisory expectations.

Following on from this, the CBI will look for a further meeting with the applicant and the submission of a 'Key Facts Document' to support an initial assessment of how the draft application might align with the Bank's authorisation and supervisory expectations.

Formal Application Phase

The second phase of the authorisation process consists of the submission of the full application for CASP authorisation, which will be assessed by the CBI. The CBI may require additional information following receipt of the submission, pursuant to which a final decision will be made by the CBI relating to authorisation. The CBI has indicated that it will begin to take formal applications for CASP authorisation in Q4 2024.

While the application form has not been finalised and published by the CBI, according to Article 62 of MiCA, the application will need to cover the following:

  • the name, including the legal name and any other commercial name used, the legal entity identifier of the applicant, the website operated by that provider, a contact email address, a contact telephone number and its physical address;
  • the legal form of the applicant;
  • the articles of association of the applicant, where applicable;
  • a programme of operations, setting out the types of crypto-asset services that the applicant intends to provide, including where and how those services are to be marketed;
  • proof that the applicant meets the requirements for prudential safeguards set out in Article 67 of MiCA;
  • a description of the applicant's governance arrangements;
  • proof that members of the management body of the applicant are of sufficiently good repute and possess the appropriate knowledge, skills and experience to manage that provider;
  • the identity of any shareholders and members, whether direct or indirect, that have qualifying holdings in the applicant and the amounts of those holdings, as well as proof that those persons are of sufficiently good repute;
  • a description of the applicant's internal control mechanisms, policies and procedures to identify, assess and manage risks, including money laundering and terrorist financing risks, and business continuity plan;
  • the technical documentation of the ICT systems and security arrangements, and a description thereof in non-technical language;
  • a description of the procedure for the segregation of clients' crypto-assets and funds;
  • a description of the applicant's complaints-handling procedures;
  • where the applicant intends to provide custody and administration of crypto-assets on behalf of clients, a description of the custody and administration policy;
  • where the applicant intends to operate a trading platform for crypto-assets, a description of the operating rules of the trading platform and of the procedure and system to detect market abuse;
  • where the applicant intends to exchange crypto-assets for funds or other crypto-assets, a description of the commercial policy, which shall be non-discriminatory, governing the relationship with clients as well as a description of the methodology for determining the price of the crypto-assets that the applicant proposes to exchange for funds or other crypto-assets;
  • where the applicant intends to execute orders for crypto-assets on behalf of clients, a description of the execution policy;
  • where the applicant intends to provide advice on crypto-assets or portfolio management of crypto-assets, proof that the natural persons giving advice on behalf of the applicant or managing portfolios on behalf of the applicant have the necessary knowledge and expertise to fulfil their obligations;
  • where the applicant intends to provide transfer services for crypto-assets on behalf of clients, information on the manner in which such transfer services will be provided; and
  • the type of crypto-asset to which the crypto-asset service relates.

CBI Expectations7

The CBI has indicated that its MiCA "risk appetite" will be applied on a firm-by-firm basis, operating a high authorisation threshold guided by 4 key principles:

  • Utility and Customer Base: The CBI is highly sceptical of CASP business models where unbacked crypto-assets are heavily marketed, offered, and distributed to retail investors for speculative purposes.
  • Firm Failure: MiCA introduces some guardrails for consumers and investors but does not eliminate the possibility of firm failure. The CBI has acknowledged that a zero-failure risk appetite is not feasible.
  • Transparency: Applicants must be fully transparent about all MiCA activities they intend to undertake, both initially and in the medium to long term.
  • No Predetermined Authorisation Assessments: Firms currently providing crypto services in Ireland must clearly demonstrate to the CBI that they meet all new MiCA requirements.

The CBI has outlined 4 engagement principles which it expects that firms will adhere to during the application process:

  • Transparency: Firms must act in a fully transparent and open manner with respect to their MiCA global and EU strategy, both from day one and in so far as is possible in the medium to long-term.
  • Supervisability: If the CBI identifies obstacles to a firm operating in an independent and autonomous manner which would inhibit supervisability, it will not be authorised.
  • Preparedness: Firms must be resourced to engage with the CBI in a robust and timely manner on all aspects of an application throughout the authorisation process.
  • Consumer Focus: Securing customer interests, in particular in retail facing business models, needs to be at the centre of a firm's application.

The CBI has also outlined 9 high level expectations of firms seeking authorisation:

  • Governance and Accountability: Applicants must demonstrate substance and autonomy in Ireland, led by a local crypto-competent executive and board with a strong grasp of the local regulatory environment. Applicants must maintain robust local governance and risk management arrangements.
  • Conflicts of Interest: Applicants must ensure no risks are posed to customer interests through conflicts of interest and implement a robust system to identify and remedy conflicts promptly.
  • Protection of Client Assets: The local applicant firm must have full control of all client assets with robust segregation, reconciliation, and prompt access to reserves to meet redemption demands.
  • Ownership: Applicants must provide a full, transparent view of direct and indirect shareholders and any party that can influence the firm.
  • Business Model and Financial Resilience: Applicants must maintain a board-approved business strategy demonstrating the viability and sustainability of the business model, reflecting vulnerabilities from the product offering.
  • AML/CTF: Applicants must demonstrate strong risk management practices and internal controls to comply with Irish legislation.
  • Operational Resilience: Applicants must ensure continuity and regularity in service performance.
  • Crisis Management: Applicants must maintain detailed plans for an orderly wind-down of activities and timely redemption of customer funds without causing undue economic harm.
  • Conduct and Transparency: Applicants must demonstrate how customer interests are secured and how the suitability of their product offering is proactively assessed according to customers' risk tolerance.

Authorisation Timeline

Article 63 of MiCA sets out the following timeline in relation to CASP authorisation applications, which the CBI must adhere to as part of the formal application phase:

Steps to be taken by CBI

Timeline

Acknowledge receipt of application in writing

Promptly and in any event within five working days of receipt of an application

Assess whether the application is complete by checking that the required information has been submitted

Within 25 working days of receipt of an application. Where the application is not complete, the CBI shall set a deadline by which the applicant is to provide any missing information

Notify the applicant once an application is complete

Promptly

Assess whether the applicant complies with the requirements and adopt a fully reasoned decision granting or refusing an authorisation as a CASP

Within 40 working days from the date of receipt of a complete application*

Notify the applicant of the CBI's decision after deciding to grant or refuse authorisation

Within five working days of the date of the decision

* The CBI may, during the assessment period and no later than on the 20th working day of that period, request any further information that is necessary to complete the assessment.

Footnotes

1 Article 3(5) of MiCA

2 Article 3(2) of MiCA

3 Directive 2014/65/EU

4 Directive 2014/49/EU

5 Directive (EU) 2015/2366

6 Article 3(16) of MiCA

7 https://www.centralbank.ie/docs/default-source/regulation/micar/micar-authorisation-and-supervisory-expectations.pdf?sfvrsn=4e24611a_

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Technology Law and Digital Law

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More