MiCA Regulation: 2024 Updates to Strengthen Crypto-Asset Market Supervision

The Markets in Crypto-Assets Regulation (MiCA), formally known as Regulation (EU) 2023/1114, is a groundbreaking regulatory framework designed to bring coherence and uniformity to the crypto-asset markets across the European Union. Enacted on 31 May 2023, the MiCA Regulation introduces a comprehensive set of rules to regulate the issuance, operations, and oversight of crypto-assets. It ensures that all EU member states adopt consistent practices in supervising crypto-asset service providers (CASPs), issuers, and other market participants. The regulation addresses critical challenges posed by the borderless nature of crypto-assets, aiming to protect investors, enhance market integrity, and foster innovation in the financial sector.

As part of the MiCA Regulation’s implementation, the European Commission published Implementing Regulations on 24 September 2024. These regulations establish Implementing Technical Standards (ITS), which provide detailed guidelines for national competent authorities (NCAs), the European Banking Authority (EBA), and the European Securities and Markets Authority (ESMA). The ITS ensure seamless cooperation and efficient information exchange among regulators, crucial for the effective enforcement of the MiCA Regulation across the EU’s crypto-asset markets.

Source

[1]

Crypto-assets

A comprehensive framework for crypto-assets and related services to ensure that the Union financial services are fit for the digital age.

Finance

[2]

Markets in Crypto-assets Regulation

Find links to implementing and delegated acts for Regulation 2023/1114/EU on markets in crypto-assets (MiCa).

Finance

MiCA Regulation: Cooperation and Exchange of Information

One of the core objectives of the MiCA Regulation is to strengthen cooperation between NCAs and EU-level supervisory bodies like ESMA and EBA. Due to the global and decentralized nature of crypto-assets, cross-border regulatory cooperation is critical for maintaining effective oversight. The MiCA Regulation acknowledges this complexity and mandates that NCAs work closely with ESMA and EBA to ensure compliance with its provisions across member states.

Article 96 of the MiCA Regulation requires NCAs to share all necessary information with ESMA and EBA to facilitate supervisory activities, investigations, and inspections. This cooperation helps detect and prevent issues such as market manipulation, fraud, and other violations of the MiCA Regulation. The Implementing Regulation (EU) 2024, introduced on 24 September 2024, outlines the specific forms, templates, and procedures that must be used to facilitate these exchanges. These standardized processes ensure that regulatory actions are transparent, consistent, and efficient, making the enforcement of the MiCA Regulation more effective across the entire EU.

Key Technical Provisions in MiCA’s Implementing Regulation

The 2024 Implementing Regulation defines several critical procedures that regulators must follow to implement the MiCA Regulation effectively. These technical standards ensure that all information exchanges between NCAs are handled transparently, securely, and in compliance with data protection laws, particularly the General Data Protection Regulation (GDPR).

1. Form for Request for Cooperation or Exchange of Information

The Form for Request for Cooperation or Exchange of Information, detailed in Annex I, is the primary tool for requesting information or initiating action related to supervisory activities, investigations, or inspections. This form plays a vital role in:

• Supervisory activities: NCAs may request specific data on crypto-asset transactions, business operations of CASPs, or other relevant information for ongoing oversight.
• Investigations: In cases of suspected violations of the MiCA Regulation, such as market manipulation or fraudulent activities, NCAs can initiate formal investigations by requesting detailed records and documentation from other authorities or CASPs.
• On-site inspections: To verify compliance with MiCA’s strict requirements, NCAs may request permission to conduct on-site inspections, particularly in cases where cross-border operations are involved.

The form requires key details such as the reference number, date, and the specific reasons for the request, ensuring that each interaction is thoroughly documented. In urgent situations, oral requests are allowed, though they must be followed by written documentation to ensure adherence to MiCA’s regulatory standards.

2. Urgency and Justification of Requests

Recognizing the fast-paced and volatile nature of crypto-asset markets, the MiCA Regulation allows NCAs to submit urgent requests when immediate action is necessary to prevent market instability or significant financial risks. Article 96(2) allows requests to be marked as urgent, particularly in cases of market manipulation, fraud, or other activities that could disrupt the financial system.

In such cases, NCAs can submit an urgent oral request, followed by written documentation to ensure compliance with regulatory procedures. For example, if an NCA detects abnormal trading behavior in a particular crypto-asset, which could indicate price manipulation, it can quickly request data from relevant authorities and coordinate timely enforcement actions across multiple jurisdictions.

3. Personal Data Protection and GDPR Compliance

The protection of personal data is a critical component of the MiCA Regulation. Article 101 of MiCA ensures that all personal data exchanged between NCAs is processed in compliance with the GDPR, safeguarding individuals’ privacy rights. When submitting a request for cooperation, the requesting authority must provide the legal basis for processing personal data and ensure that all data is handled securely and for its intended purpose only.

The receiving authority must process the data in accordance with the GDPR and maintain confidentiality. Personal data must not be disclosed or used for purposes beyond the scope of the original request unless explicit consent is obtained from the submitting authority. This ensures that all regulatory actions adhere to EU data protection laws while enforcing the provisions of the MiCA Regulation.

Markets in Crypto-Assets Regulation (MiCA): Procedures for Supervisory Activities and Investigations

The MiCA Regulation entrusts NCAs with significant responsibilities to ensure that CASPs comply with its regulatory framework. To support this, the 2024 Implementing Regulation provides standardized procedures for requesting information and launching investigations. These procedures are designed to ensure that regulatory actions are consistent, transparent, and legally compliant across all EU member states.

When conducting supervisory activities, NCAs use standardized forms to gather detailed information on:

• Crypto-asset transaction records, including product identifiers, transaction dates, and the identities of parties involved.
• Business operations of entities within the crypto-asset ecosystem, ensuring that their activities comply with MiCA’s rules.

If there is suspicion of regulatory breaches, such as insider trading or money laundering, NCAs can submit requests for specific data related to a particular transaction or individual. These requests are particularly important for addressing cross-border operations of CASPs, ensuring that NCAs in different jurisdictions can cooperate effectively in enforcing the MiCA Regulation.

MiCA: Opening Investigations and Conducting On-Site Inspections

The MiCA Regulation empowers NCAs to open joint investigations or conduct on-site inspections of CASPs, particularly in cases where these service providers operate across multiple EU jurisdictions. This is especially important in cases involving large-scale initial coin offerings (ICOs) or the provision of services across borders. Annex I of the Implementing Regulation provides standardized forms for initiating investigations, ensuring a uniform approach to regulatory enforcement across the EU.

When initiating an investigation, the request must detail the legal basis for the investigation and the expected benefits. On-site inspections allow NCAs to verify compliance with MiCA’s rules at the CASP’s premises, providing a vital tool for identifying regulatory breaches and ensuring that crypto-asset service providers adhere to MiCA’s regulatory framework.

Standardized Forms for Cooperation and Information Exchange

To streamline cooperation and ensure that requests are handled efficiently, the Implementing Regulation introduces standardized forms. These include:

• Acknowledgement of Receipt: Provided in Annex II, this form is used by the receiving authority to confirm that a request for cooperation has been received and is being processed.
• Reply to Request: Detailed in Annex III, this form allows the receiving authority to respond to a request, providing the requested information or explaining how it will be fulfilled.

These forms help ensure that communication between NCAs is structured, transparent, and timely, ensuring that requests for cooperation are handled efficiently across the EU.

Unsolicited Provision of Information and Proactive Cooperation

The MiCA Regulation also allows for the unsolicited provision of information under Article 7. This provision encourages proactive cooperation between NCAs, enabling them to share information that may be useful for regulatory purposes, even in the absence of a formal request.

For example, if an NCA identifies suspicious activity within its jurisdiction, such as unauthorized trading or possible market abuse, it can notify other NCAs, allowing them to take pre-emptive action. This type of information exchange fosters a collaborative approach to regulating the crypto-asset market and helps prevent systemic risks before they escalate.

Confidentiality and Permissible Uses of Information

The MiCA Regulation emphasizes the confidentiality of information shared between authorities. Under Article 10, any information exchanged must remain confidential unless the submitting authority provides explicit consent for disclosure. This provision ensures that sensitive market and personal data are protected, maintaining the integrity of the regulatory process.

Additionally, the information received through a request can only be used for the purpose stated in the original request. If an authority wishes to use the data for a different purpose, it must first obtain permission from the submitting authority. This ensures that all information is handled in compliance with MiCA’s requirements and EU data protection laws.