This report seeks to navigate the recent European digital asset consultations and regulations, including the contents of the European Commission’s Digital Finance package published on 24 September 20201. It also examines the position in the United Kingdom and Germany, whilst understanding the complexities behind the innovative product developments in this field.
Regulators have sought to consult and formulate policy in the digital arena, despite fears that increased regulation in this sphere could stifle financial digital innovation and the resultant benefits2. The regulatory intention is to bring control, market stability and investor protection around digital assets (including cryptocurrencies and tokenised assets) and digital data storage.
Regulators’ appetite for cryptoassets varies across Europe, with more supportive regulations in countries such as Estonia, Switzerland, Denmark, Germany and Slovenia3,4. The shift away from cash payments, fuelled by the Covid-19 pandemic, has also accelerated developments in the less volatile stablecoins and Central Bank Digital Currencies (CBDCs)5.
Many regulators also recognise the benefits that Distributed Ledger Technology (DLT) can bring to financial services, beyond the application of cryptocurrencies, and are supportive of its continued development6. Within HSBC, examples are the collaboration with Singapore Exchange (SGX) to use DLT for digital bond issuance, which brings streamlined processes for all participants7, and HSBC’s Digital Vault platform, using blockchain to digitise private placement transaction records8.
Types of Digital Assets
Digital assets are cryptographically secured digital representations of value or contractual rights that may use some type of DLT and can be transferred, stored or traded electronically (based on the UK FCA’s definition9). Digital assets include cryptocurrencies, stablecoins and CBDCs, and also the tokenisation of existing traditional securities and other physical assets. These are discussed further below.
Cryptocurrencies have grown in popularity significantly since the launch of Bitcoin in 2009. They may be referred to by different terminology10, e.g. virtual currency or sometimes using the umbrella term “cryptoassets”. The latter reflects the fact that their purpose extends beyond a means of payment (e.g. a store of value, a network to build applications, or to store digital collectibles in the form of Non-Fungible Tokens (NFTs)). Cryptoassets may be used to make payments, but as the Bank of England notes, “Cryptoassets are generally held as investments by people who expect their value to rise” 11. Cryptocurrencies are digital currencies which use cryptography to secure transactions, usually recorded on blockchain technology. Over recent years, alternatives to Bitcoin, “altcoins”, have appeared in their thousands with the most popular by market capitalisation including Ethereum, Binance Coin, Cardano and Ripple.
Investor protection is a key regulatory concern surrounding cryptocurrencies, where volatility and risk are high, with (especially young) investors drawn to the perception of large potential gains12. Cryptoasset ownership and speculation rather than payments have received significant regulatory attention, and it will be interesting to see how priorities develop. The susceptibility of particularly the lower capitalisation altcoins to market manipulation from “pump-and-dump” schemes and potentially insider trading has also been raised13.
More recently, press attention has focused on the environmental impact of mining for cryptocurrencies such as Bitcoin. ‘Proof-of-work’, one of the techniques for the blockchain ledger updates, is energy intensive, and there is apparent incompatibility of this with the Environmental, Social and Governance (ESG) agenda, depending on the source of energy used14. Currently around 75 per cent of cryptocurrency miners use electricity from renewable energy sources (most commonly hydroelectric) and this equates to around 40 per cent of the total energy used in proof-of-work15. ESG objectives would expect these statistics to improve through an increased shift to renewables. There may also be a preference for using cryptocurrencies with the environmentally sustainable ‘proof-of-stake’ consensus mechanism, as used with Cardano, which Ethereum is also transitioning towards.
Stablecoins are a subset of cryptocurrencies. They are a type of token backed by a variety of methods (e.g. with fiat currencies such as USD or GBP, a basket of cryptoassets or asset backed), coupled with a robust legal framework, in order to reduce the asset’s volatility and offer stability. The method of stabilisation will influence how the stablecoins are categorised (e.g. as a collective investment scheme unit, a debt security, e-money or other) and whether they fall within the regulatory perimeter16. There is still the risk of financial loss, however, to a holder in the case of, e.g. failure of the backer, the underpinning asset, or the legal structure. This has led to many regulators considering bringing stablecoins into the regulatory sphere; for example the UK government is currently considering creating “stable tokens” as a separate category of regulated tokens17.
Central Bank Digital Currencies (CBDCs)
There has been a growing interest in CBDCs, alongside the reduced usage of cash during the pandemic, and many governments are exploring their potential. This process is in part a means of governments and central banks being able to offer an alternative to the more volatile cryptocurrencies. A stablecoin’s danger of financial loss due to the backer’s failure should be negligible for a CBDC, where the backer is the central bank. CBDCs can also allow these institutions to take advantage of the efficiencies and programmability of advancing digital technologies. In addition, they can enable governments to protect the ability to control their economies through monetary policy. This could be at risk if fiat were to be partly abandoned in favour of decentralised, location agnostic cryptocurrencies such as Bitcoin18. It is worth noting also that whereas cryptoassets are very much used as precisely that, i.e. assets, CBDCs function much more as a means of payment. Moreover, regulators are unlikely to be too concerned about investor protection for CBDCs, eponymously backed as they are by the central bank.
China is close to launching its digital yuan, having progressed it since 2014, with a number of trials completed. Front-runners in Europe include Ukraine with the “E-hryvnia” and Sweden with the “e-krona”19. Over 60 central banks globally are reported to be exploring CBDCs20, although the majority of them are in the early research stages. For example, the Bank of England is currently considering whether to implement a UK CBDC21. CBDCs can take a number of different forms and central banks will need to consider factors such as whether to utilise blockchain, retail vs wholesale, the degree of anonymity and whether they should be interest bearing.
Tokenisation of Traditional Assets using Distributed Ledger Technology (DLT)
DLT decentralises the control of record updates and data validation via a secure (usually via cryptography) and synchronised distribution of ledgers. It can be used to tokenise existing financial or tangible assets. This can bring benefits for asset trading and transfer, for example tangible assets such as property can be broken down into shares of ownership represented by a token. Financial assets such as bonds can also be broken down beyond the standard lot size, via tokenisation. This increases the affordability of investments and may improve the accessibility of financial markets globally22, potentially enhancing the liquidity and tradability of assets.
In the EU, tokenised traditional securities qualifying as financial instruments remain captured by the Markets in Financial Instruments Directive (MiFID II), and are therefore out of scope of the proposed Markets in Crypto-assets (MiCA) regulation. The UK stance is that tokenisation of an asset should not change its regulatory status, as the risk characteristics and legal title should remain unaffected. Regulatory changes around the use of tokenised traditional assets should be largely limited to the systems and controls required for their use23.
European Commission – Digital Finance Package
The European Commission’s Digital Finance Package of 24 September 2020 (see above) includes, amongst other items, proposed legislation on cryptoassets (Markets in Crypto-assets (MiCA))24 and a draft framework for digital operational resilience (Digital Operational Resilience for the financial sector (DORA))25. It also contains a proposed pilot regime on distributed ledger technology (DLT) market infrastructures26. The purpose of the package is to foster innovation and competition in digital finance whilst ensuring risk mitigation.
MiCA will bring the issuance and trading of cryptoassets, including utility tokens, payment tokens, stablecoins and e-money tokens, into an EU-wide harmonised regulatory sphere (including non-EU firms servicing EU clients). This excludes CBDCs and tokens which fall under the definition of financial instruments under MiFID II (e.g. tokens representing traditional securities).
MiCA is in essence designed to plug the gap where currently many cryptoassets fall outside the protections of EU financial services regulation. It proportionally adapts and combines a range of existing EU regulations to allow for innovation and technological advances. It also requires authorised providers of cryptoasset services to adhere to a list of requirements. These relate to conduct of business, prudential requirements, safeguarding cryptoassets, complaints handling, conflicts of interest management and outsourcing.
Captured cryptoasset services include custody and administration, trading platform operation, exchange of cryptoassets, cryptoasset order reception, transmission and execution, and cryptoasset advice. Implications for custody and administration providers includes the liability to clients up to the market value of the cryptoasset for loss resulting from “malfunction or hacks”.
The draft requirements are under consideration by the European Parliament and the Economic and Monetary Affairs (ECON) committee27. The roll out timetable is still to be confirmed, but MiCA could potentially become applicable in quarter 2 of 202328.
The proposed DORA regulation brings harmonised risk management and heightened resilience to digital developments across the EU, in relation to firms’ ‘Information and Communication Technologies’ (ICT). The key measures include ICT risk management requirements (including mapping, prevention and resolution), and ICT-related incident classification and reporting. Also required is digital operational resilience testing with an annual testing programme, and triennially an advanced threat-led penetration test. ICT third-party risk management and information sharing arrangements are also included in the proposals.
Several of the requirements will require further clarification and potential revision during the consultation period. The alignment with the numerous existing requirements such as the Network & Information Systems (NIS) Directive29 and the European Banking Authority’s (EBA) Outsourcing Guidelines30 will need to be considered. The degree of prescriptiveness in the draft regulation and the amount of focus on testing has also been raised. Further comments centre around the ability to use non-EU Critical Third-Party Providers (CTPPs) and the ability to apply DORA to global firms. On the same theme as EU’s DORA, it is important to note the guidelines on outsourcing to cloud service providers, published on 10 May 2021 by the European Securities and Markets Authority (ESMA)31.
Post-Brexit, the UK is not directly in scope for the MiCA or DORA regulations. The UK has been developing its own stance and is exploring digital advances through reviews and consultations, with a dedicated task force created in 201832. In terms of cryptocurrencies, both the Bank of England and the Financial Conduct Authority (FCA) have issued a number of warnings and guidance around their use and volatility. The FCA, for example, has prohibited the sale of investment products (e.g. derivatives and exchange traded notes) referencing unregulated cryptoassets to retail clients33.
The HM Treasury closed a consultation period in March 2021 on the UK regulatory approach to cryptoassets and particularly to stablecoins34. Their intention is to introduce principle-led legislation for the financial regulators to implement through rules or codes of practice. This would bring stablecoins into the regulatory sphere. Exchange tokens (i.e. other cryptocurrencies) would remain unregulated, apart from in regard to promotions control and regulation of exchanges following Anti-Money Laundering requirements.
The UK supervisory authorities have also concurrently issued policy statements on operational resilience in March 202135, which come into force in March 2022. These focus on managing risk from important business services. Whilst not solely focusing on digital and ICT risk, the framework does have similarities to DORA in relation to governance, and to risk management, testing and resilience.
In 2020, Germany established a specific regulatory regime for cryptoassets with the “Act on the Implementation of the Amendment Directive to the Fourth EU Money Laundering Directive”36. This introduced cryptoassets as a new category within the definition of financial instruments, bringing them into the regulatory scope. It also instigated a licensing requirement for cryptoasset custody services (including custody, administration and safeguarding). From 1 August 2021, cryptocurrency will also be a permitted asset class (up to 20 per cent of the portfolio) of the regulated institutional Spezialfonds. This amendment is included as part of the Fund Jurisdiction Act (“Fondsstandortgesetz”, FSG)37.
On 10 June 2021, the Electronic Securities Act (“elektronisches Wertpapiergesetz”, eWpG) came into effect 38. Under this regulation, issuers have the right to choose whether they wish to issue securities by certificate or electronically. Blockchain or other technical systems can now be used to issue and process securities. The regulation is initially limited to bearer bonds, with the opportunity for further securities to be included at a later date.
The European regulatory landscape is developing in response to the fast evolving technologies and digital asset products. Countries and supranationals are also seeking to keep financial markets competitive and foster innovation, whilst protecting investors and markets. This is a complex space for regulation with the vast array of cryptoassets offering challenges for categorisation and uniformity of rules. In addition, the technology is advancing at a speed that makes it hard for regulation to keep apace. This will be an interesting area to watch closely as regulation and supervision unfold in Europe, and indeed around the world.