E-Money Tokens: The Difference Between MiCAR Payments & PSD2 Payments

I have a number of posts in the works on the UK's belated plans for cryptoasset regulation, but this one deals with the European Banking Authority's use of its 'no action' powers to minimise the overlap between the EU's second Payment Services Directive (PSD2) and the Markets in CryptoAssets Regulation (MiCAR), to minimise the burden of dual authorisation for firms. The distinctions summarised below should be applied in the exercise of national EEA payment authorities' supervision and enforcement policies until 2 March 2026, and selective supervision of certain aspects thereafter, while waiting for legislative clarity when PSD2 is replaced in 2-3 years' time. This post summarises the relevant distinctions for information purposes. If you need legal advice, please contact me via Crowley Millar.

EMT-based PSD2 Payments

Specifically, the European Banking Authority (EBA) has opined that the following activities involving e-money tokens (EMTs) should be regarded as 'payment services' under PSD2: 

• the transfer of crypto assets as a payment service, where they entail EMTs and are carried out by the entities on behalf of their clients; 
• the custody and administration of EMTs. 

In addition, a custodial wallet should be regarded as a payment account under the PSD2 where the wallet is held in the name of one or more clients and allows the client(s) to send and receive EMTs to and from third parties.;

This is because Article 48(2) of MiCAR deems EMTs to be electronic money, so they come within the definition of ‘funds’ by virtue of Article 4(25) of PSD2. Article 70(4) of MiCAR then provides that CASPs who provide PSD2 payment services related to their crypto-asset services, may either do it themselves or partner with a PSD2 firm, provided that either is authorised to provide the respective payment services. But exactly which of the 8 payment PSD2 services applies is not quite clear.

Any firm undertaking these activities will need local authorisation under PSD2 from 1 March 2026, but even after that date, local regulators should not prioritise the supervision and enforcement of PSD2 provisions on safeguarding, disclosure of information on charges to consumers, the maximum execution time of payment transactions, unique identifiers (e.g. IBAN), or open banking (account information services and payment initiation services). Only the rules on strong customer authentication (two factor authentication) should apply (to custodial wallets and the initiation of EMT transfers), along with rules on fraud reporting and the cumulative calculation of 'own funds' (working capital) requirements.

EMT-based MiCAR Payments

Meanwhile, the EBA says that ‘exchange of crypto-assets for funds’ and ‘exchange of crypto-assets for other crypto-assets’ as defined in MiCAR should not be deemed PSD2 'payment services' by local authorities, nor where crypto-asset service providers (CASPs) intermediate the purchase of any crypto-assets with EMTs.

The EBA acknowledges that this advice "will result in a large number of EMT transactions not to be subject to the requirements of PSD2", but the aim is to minimise the burden of dual authorisation for CASPs.

This post summarises the relevant distinctions for information purposes. If you need legal advice, please contact me via Crowley Millar.

Reform of UK Consumer Credit Law - Phase 1

Just a short post to confirm that the UK government is consulting on its proposed approach to the long overdue reform of the deeply confusing consumer credit regime. This will be done in several phases. And consultation on the first phase ends on 21 July.

Broadly, as with other areas of financial regulation, the government basically proposes to repeal the Consumer Credit Act 1974 and Regulations, bar a few provisions that I guess it could fold into, say, the Financial Services and Markets Act/Orders and FCA Rules.

Phase 1 will focus on removing 'information requirements' and the draconian sanctions or consequences for mistakes, in favour of FCA disclosure rules and supervision.

Phase 2 will look at supplier/creditor liability and unfairness provisions, the different types of credit/hire agreements and other key definitions. 

While the government is looking for feedback on the approach, frankly, the whole thing is going to be so hideously complex we may as well just get on with it as proposed. At some point, the new regime will have to factor in the multitude of court decisions, interpretation and unofficial guidance that has grown up over the decades: this will need to be captured in the FCA Handbook (a combination of rules and guidance, anyway); and/or the original language transplanted so as not to create fresh grounds for 'clarifying' litigation.

At any rate, it will be fascinating to see whether the outcome is just as complex as before, albeit everything is in the one set of legislation, orders and rules. That's my bet. It surely can't get much worse... can it?

UK Government Follows Through On BNPL Regulation

The 'new' UK government has followed through with earlier plans to regulate 'Buy Now Pay Later' (BNPL) short term installment credit that had stalled under the previous government. The regulated version will be called 'deferred payment credit' (DPC). The regulations won't bite until mid-2026, but it's good to finally have certainty as to what is regulated (if not the fine detail yet). And merchants, fintech service providers and credit reference agencies can use the 12 month window to figure out ways for consumers to keep track of both their regulated DPC and unregulated BNPL instalment credit. I've already summarised the latest proposals for Keystone here for information purposes, and have added a few thoughts below to consider. If you need advice on the plans, please let me know. 

Given that BNPL agreements directly with a merchant will remain unregulated, there remains an opportunity for third party finance providers (whether FCA-authorised or not) to work with merchants on unregulated BNPL. Structuring the overall offering to remain unregulated will take care, however.

The proliferation of DPC/BNPL arrangements should prove a boon to 'open banking' or 'account information service' providers who can offer consumers visibility of all their obligations, whether directly or via device manufacturers, DPC lenders or even merchants themselves.

There's also a growing credit reference/assessment challenge as more consumers take on more instalment credit, whether regulated or not.

The government is right, in my view, to keep a weather eye on the unregulated BNPL market to see if intervention is required, before acting. Third party lenders who complain about an uneven playing field between should also consider that regulating merchant BNPL could hurt smaller merchants in favour of larger merchants who already possibly have the resources to offer better instalment options, let alone bear the burden of being FCA authorised (not to mention the strain on the FCA itself in taking on every merchant that wishes to offer BNPL/DPC!).

 

FCA Discussion Paper On New Crypto Rules

Hard on the heels of the Treasury's proposed regulatory framework for cryptoasset activities in the UK, the Financial Conduct Authority published its own discussion paper on how it will supervise these activities within that framework. The FCA has requested feedback by 13 June 2025.

The FCA's proposals are far reaching (including extra-territorial) and complex. Some areas are new, while others aspects attempt to include cryptoassets/activity into existing rulebooks. There are also some proposed restrictions on the type of customers that firms can deal with. 

The actual rules and guidance won't be available until mid-2025, when the FCA will publish a Consultation Paper on issuing a qualifying stablecoin, safeguarding qualifying cryptoassets and specified investment cryptoassets, along with the prudential framework (capital requirements) for qualifying stablecoins and safeguarding. There will be a further consultation on the wider 'conduct' standards, such as the Consumer Duty even later in 2025.

I will add my thoughts on the discussion paper below, for information purposes. If you require legal advice on the plans and their impact, please let me know. 

Operating a Qualifying Cryptoasset Trading Platform

This proposed new regulated activity is incredibly broad: 

[the operation of] ‘a system which brings together or facilitates the bringing together of multiple third-party buying and selling interests in qualifying cryptoassets in a way that results in a contract for the exchange of qualifying cryptoassets for any of: (a) money (including electronic money); or (b) other qualifying cryptoassets.

Any entity operating a trading platform for cryptoassets in the UK, or providing services to UK clients, will generally need to be authorised in the UK, except a firm operating an offshore trading platform for cryptoassets that is only serving professional investors in the UK.

One approach to authorisation for offshore firms would be to require both a 'branch' or local establishment for operating the platform and interfacing with overseas customers; and a UK subsidiary for client-facing functions (including for retail customers). Where an offshore firm is also regulated in its home jurisdiction, the FCA might be prepared to leave certain issues (e.g. capital requirements and systems/controls for trading operations) to the home regulator.

When dealing with retail customers, the FCA proposes that CATPs should:

• Disclose and clarify their own and their clients’ respective responsibilities. 
• Ensure that customers comply with the platform rules and relevant regulations (for example, not engaging in market manipulation). 
• Monitor trading activity to identify infringements of rules. 
• Set controls and limits for each type of customer profile. 
• Be able to revoke access or participation rights, or to suspend a customer.

Algorithmic trading and automated trading software: the FCA points out these are "highly prevalent in cryptoasset markets, with popular bot providers reporting up to 1 million users", including retail investors, requiring limited, if any, human intervention. "Trading platforms also provide dedicated access capabilities for algorithmic trading or [high frequency trading] HFT." Whether or not these will need to be authorised or registered somehow, CATPs will have to ensure fair and non-discriminatory access to trading, ensure orderly markets and eliminate or manage/disclose conflicts of interests between providers of algorithmic or automated trading software and the CATP operator.

Market-makers: the FCA is aware of anti-competitive and collusive practices between crypto trading platforms and market makers, artificially inflating trading volumes, giving unfair advantages for affiliated market makers, and market manipulation. Therefore, CATPs may need to identify those operating market making strategies on the trading platform; have appropriate contracts in place; and disclose potential relationships. Contracts would govern the market making scheme and including obligations for market makers posting simultaneous two-way quotes for a specific liquidity pool.

Trading & execution: Crypto trading service providers have different matching and execution protocols. Some exchanges combine discretionary and non-discretionary systems, and some trade in principal capacity on and off platform with their clients in ways that aren't clear who the counterparty is. The FCA will require CATPs to operate on a non-discretionary basis, treating all orders identically, according to a consistent set of rules, rather than using their judgement as to whether, when and how much of any orders to match. Where investors participate directly, CATPs might not be required to "take all sufficient steps to obtain the best possible order execution results for clients" (best execution requirements), so it would be up to investors to consider where best to trade on the basis of prices, fees and costs. Investors using an intermediary may benefit form investor protection rules and the intermediary's obligation to act in the investor’s best interest, including seeking best execution, though commission or other compensation would be charged.

Matched Principal Trading: this is a form of trading where a person acts as a broker or central counterparty between the buyer and seller, making sure that the price and quantity is agreed on both sides before the trade is executed. The broker charges a fee rather than making a turn on the difference/spread between the buy and sell prices. The risks are that the CATP as broker trades against the clients on platform and/or takes on market risk (of counterparty default). which could create resiliency risks; conflicts of interest undermine the fair and non-discretionary operation of markets; and there may be other abusive or anti-competitive practices, such as wash trading and market manipulation. As a result, the FCA is not happy that "Exchanges often execute clients’ transactions back-to-back, by standing between the 2 trading counterparties" and want to explore some alternatives in light of the IOSCO Recommendations: neither the CATP operator nor any of its affiliates should never be allowed to trade in principal capacity on the CATP's own platform; and the CATP should not be allowed to do so even off platform, for trading activity not related to their CATP’s operation.

Issuing: the FCA may require legal or functional separation between the firm operating a CATP and the issuer of the cryptoassets admitted to trading on the CATP. Legal separation in particular could avoid credit and market risks exposures, capital risks, conflicts of interests and anti-competitive practices by the CATP against other issuers.

Market & Counterparty Credit Risks: the FCA wants CATPs to be "risk-neutral trading systems", without counterparty or credit risk to clients or products. CATPs could not act as a clearing house or directly manage or internalise risk exposures between counterparties on their platform; or provide credit lines or make credit arrangements with their clients.

Settlement: is the ‘irrevocable and unconditional transfer of an asset […], or the discharge of an obligation […] in accordance with the terms of the underlying contract’. The challenge with regulating settlement in cryptoasset markets is that CATPs don't control the underlying distributed ledger or 'blockchain' protocols (which the UK does not intend to regulate). CATPs often take on settlement responsibilities internally, creating risks for the CATP or its clients if a counterparty defaults in its own obligations. Generally, the FCA expects CATPs to have "satisfactory arrangements" for securing the timely and effective transfer of control over the cryptoassets traded on their platform, whether internally or by facilitating or arranging this through other service providers (including custodians).

Transparency & Reporting: the FCA has found that "cryptoasset market data is often unreliable and inconsistent", which undermines efficient pricing, creates unlevel playing fields, and creates "incentives in favour of minor, or illiquid, trading desks that do not offer the same level of transparency". In other words, this is how the pro's fleece the retail sheep. Therefore, the FCA wants to rely on CATPs to clean up and publish pre- and post-trade market data (presumably so a cryptoasset market data sector will grow up, just as other markets for financial data have evolved), including order and transaction data (while also retaining client identity information internally for 5 years).

Cryptoasset Intermediaries

These intermediary functions involve dealing as principal or agent; or arranging such deals in qualifying cryptoassets. Many CATPs undertake these functions as well as being an 'exchange'. Only 28% of users bought crypto through a distinct intermediary, paying higher charges and taking on a long list of risks (that also apply where the CATP is also acting as an intermediary, with additional conflicts of interest and opportunities for abuse). Chapter 3 of the Discussion Paper has more detail on the proposals to address these issues on a 'same risk, same regulatory outcome' basis as in traditional markets: 

• Facilitate UK investors’ access to global crypto markets through authorised entities. 
• Make sure UK markets remain internationally competitive, fair, orderly, transparent and liquid. 
• Fair and transparent conditions for trades executed for, or on behalf of, a client; executed in a way that serves the best interest of clients. 
• Intermediaries ensure that the price a customer pays for a product is transparent and reasonable compared to the overall benefits the customer gets from the product. 
• Firms compete to provide best execution. 
• Consumers protected from unfair or abusive practices. 
• Intermediaries manage conflicts of interest effectively. 
• Support growth of the UK intermediary market with clear and proportionate regulation.

UK Publishes Cryptoasset and Stablecoin Regulations

The UK's proposed cryptoasset/stablecoin regulations are published here, with an accompanying Policy Note here. 

This follows a specific exemption proposed in January for 'staking' cryptoassets from the definition of a 'collective investment scheme.'

I'll be adding notes below for information purposes as I digest. 

If you need legal advice, please let me know.

Comments should be submitted to the Treasury by 23 May. 

Can EU Payment Institutions Really Hold Balances and Operate Prepaid Card Programs?

The European Banking Authority has issued some questionable guidance on how it interprets the definition of 'electronic money' in light of an odd preliminary ruling from the European Court of Justice in ABC Projektai UAB v Lietuvos bankas back in February 2024. I doubt them both and would suggest the ABC case can be restricted to its facts could not be relied upon for the principle that the EBA claims; while the EBA guidance is not binding in any event. But your mileage may differ and I may be wrong - by all means let me know. It's all a bit complex and I've summarised my understanding below for information purposes only. If you're after legal advice, please ping me via Crowley Millar as it's principally an EEA issue. Somehow, I don't see the UK adopting these interpretations... suddenly, a Brexit benefit?

How is E-money Defined in EU law?

The definition of e-money is in the second E-money Directive (EMD2), which is implemented by statute or regulations by each member state (and the UK prior to Brexit) and is intertwined with definitions in the second Payment Services Directive (PSD2) which governs payment services more generally, including those that involve e-money as the form of 'funds':

“electronic money” means electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions as defined in [the second Payment Services Directive (PSD2)], and which is accepted by a natural or legal person other than the electronic money issuer; 

‘payment transaction’ means an act, initiated by the payer or on that payer’s behalf or by the payee, of placing, transferring or withdrawing funds, irrespective of any underlying obligations between the payer and the payee.

'payee' means a natural or legal person who is the intended recipient of funds which have been the subject of a payment transaction"; 

‘payment order’ means an instruction by a payer or payee to its payment service provider requesting the execution of a payment transaction;  

‘acquiring of payment transactions’ means a payment service provided by a payment service provider contracting with a payee to accept and process payment transactions, which results in a transfer of funds to the payee;

In other words, e-money is monetary value issued for the purpose of enabling the e-money holder to pay an intended third party, such as a merchant, as the payee. 

There's some protection for the e-money account holder, in terms of a requirement to immediately redeem any unspent e-money and repay the funds on demand; and safeguard the corresponding amount of cash until the e-money is spent, for example.

Of course, there has to be a mechanism for getting the stored value to the payee. It's possible, in a wallet-to-wallet e-money system that the payee will be another e-money account holder with the same issuer, in which case, the e-money issuer will simply debit the payer's account and credit the payee's account. But that use-case is very difficult to scale (trust me), so e-money issuers also issue debit cards that draw on the e-money balance to enable it to be spent with any merchant who accepts that brand of card (so-called 'prepaid cards'). Most commonly, these cards are issued under membership of the major card schemes. A merchant payee will have contracted with another payment service provider (the 'acquirer', in the case of a card transaction) to do what's necessary at its end to process payment transactions involving the payer's means of payment - the prepaid card that draws on the payer's e-money balance - and transfer the resulting funds to the merchant's own account. 

I mean, it wouldn't be great, would it, if the protection of immediate redemption of unspent value could be lost because the value is technically available via a card and doesn't pop out as the actual original e-money at the other end... (in fact, that 'e-money' status that is lost immediately within the issuer's own systems as the first step in the payment flow) so, as the FCA explained in its guidance under UK E-money Regulations implementing EMD2 pre-Brexit:

The fact that the device on which monetary value is stored is made available, for example, on a plastic card that also functions as a debit or credit card or is a mobile phone does not stop that monetary value from being electronic money. [FCA perimeter guidance ("PERG") 3A.3, Q11]

The real significance of requiring that e-money must be 'accepted by persons other than the issuer' is to avoid regulating 'basic gift cards', for example, which are issued and redeemed by a merchant to enable its customers to purchase only the goods or services that it offers. The FCA also explains this by saying that: 

"...these basic gift cards do not initiate payment orders; payment for the goods or services is made by the customer to the retailer of the goods in advance, when the card is purchased from the retailer." [PERG 15.5 Q40]

The stored value in some electronic travellers cheques is also not considered e-money (PERG 3A.3, Q13).

And there's an express exemption from the definition of e-money and payment services for payment instruments that are only accepted within 'limited networks' of third party payees, which we don't need to cover here.

The ABC case

ABC was a payment institution authorised in Lithuania. As a payment institution, ABC was not authorised to issue e-money, but it could provide the following payment services: execute payment transactions, including: transfers of funds on a payment account with the user’s payment service provider or with another payment service provider; direct debits, including one-off direct debits, and payment transactions through a payment card or a similar device; and/or credit transfers, including standing orders. It could also offer money remittance. 

Under (Lithuania's implementation of) PSD2, any funds that ABC received from customers had to be the subject of a specific payment order, which had to be executed within specific time limits; and those funds could not be held longer than necessary to process the transaction. Under guidance of the Lithuanian regulator (approved by the European Commission), this meant that the funds held in ABC’s payment accounts without a payment order would be regarded as 'deposits', 'other repayable funds' or 'electronic money'. If it wished to issue e-money, ABC would have needed to be authorised as an e-money institution, necessitating higher initial and ongoing capital requirements based on the amount of e-money issued and outstanding. If it wished to accept deposits, ABC would have needed to be authorised as a credit institution with much higher capital requirements still.  

As it turned out, ABC had been allowing customers to deposit funds without a payment order and to hold balances in its payment accounts for long periods, so the Lithuanian regulator revoked ABC's authorisation as a payment institution, for going beyond the scope of that authorisation by issuing e-money.

The question for the ECJ was whether ABC's activities actually amounted to issuing e-money, which the ECJ said it did not, based on findings that:

• 'direct debits', for example, contemplate a payment institution receiving funds "in advance" of receiving a payment order (missing the obvious point that the direct debit instruction involves a (future dated) payment order under Article 78). 

• the rules on safeguarding funds held beyond a business day suggest that PSD2 contemplated there being no corresponding payment order in place (whereas the need for safeguarding arises because PSD2 contemplates both future dated payment orders and longer time limits for processing some payment transactions, as well as the fact that some may fail, as well as to preserve funds in the event of issuer insolvency or malfeasance).

• for funds received by the institution to constitute e-money (my emphasis): 

"47. the issuance of electronic money [must be] distinct from the mere entry in a payment account in that, inter alia, before being used for the purposes of such a payment, such money must be electronically ‘stored’, which implies that it has been issued beforehand, that is to say, converted into a monetary asset separate from the funds received, and that its use as a means of payment is accepted by a natural or legal person other than the electronic money issuer..." 

"48. ...in order for an activity to come under the issuance of ‘electronic money’, within the meaning of Article 2(2) of that directive, it is at the very least necessary that there be a contractual agreement between the user and the electronic money issuer under which those parties expressly agree that that issuer will issue a separate monetary asset up to the monetary value of the funds paid by the user. However, transferring and holding funds on a payment account without immediately mandating payment transactions up to the value of those funds does not mean that the user of the payment service has given his, her or its express or tacit consent to the issuance of electronic money." 

"49. It is not apparent from the documents before the Court that ABC Projektai converted some of the funds which it received into electronically, including magnetically, stored money which could be used by a network of customers who would accept it voluntarily. On the contrary, all the indications are that the funds in question were deposited in payment accounts and could be used solely to execute payment orders from the users concerned."

In other words, the court held that: 

• (in paragraph 47) as a matter of legal interpretation, the use of the stored value had to be accepted as a means of payment by third parties (consistent with the FCA's view, for example) [- not that the 'actual stored value had to end up with the payee']; 

• in this case, there was no explicit agreement with users that ABC was issuing stored value on the basis that it could be used to pay third parties (in paragraph 48) - [whereas the fact that the value in the payment account could be used for payment transactions means it could and would indeed be accepted by third parties];  

• (in paragraph 49) in this case, there was no evidence that any particular 'network' of third parties had accepted that they could be paid using the 'stored money' in ABC's payment accounts. The funds could simply be used to 'execute payment orders' (i.e. to request the execution of a payment transaction, according to the definition) - [again, missing the point that this implicitly means that third parties were indeed accepting this];

• By receiving and holding funds that were not the subject of a payment order but could simply be used for payment transactions at a later date, ABC was not issuing e-money, but merely providing a payment service under PSD2. Therefore, it did not need authorisation as an e-money institution under EMD2. 

In other words, I interpret the court as dealing with the interpretation of the final part of the e-money definition in paragraph 47; and referring to the lack of evidence in paragraphs 48 and 49. I do not read paragraph 49 to colour or restate what was already plainly stated in paragraph 47.

However, from an evidentiary (and logical) standpoint, the court simply ignored the notion there would eventually be an intended recipient of the funds (payee) who must thereby have accepted the means of payment afforded to the payer by ABC.

Mind blown!

Fortunately, it should be possible to restrict any application of the ABC case to its fairly narrow facts.

EBA Guidance on the definition of e-money in the context of prepaid cards

While the ABC case was ongoing, there was also a pending request to the EBA for regulatory guidance from a bank (credit institution) that was planning to issue e-money that customers could spend on prepaid debit cards issued under the major card scheme rules. The EBA accepted that the presentation of such a card as a means of payment at a merchant checkout triggers a series of payment transactions, including the debit of the customer/payer's account associated with the card, and a series of debt-creditor obligations that are net-settled from the payer's card issuer/account service provider, to the card scheme, to the card acquirer and ultimately to the merchant payee. 

In other words, in the case of the major card transactions there is never a direct payment of funds from the cardholder's payment account to the merchant's payment account (often referred to as 'account-to-account' or 'A2A' payments). 

The bank claimed that it's application to become an e-money institution [let's put aside why it applied] had been wrongly rejected because the local regulator interpreted the wording at the end of the definition of e-money “accepted by a natural or legal person other than the electronic money issuer” as requiring that a party other than the issuer must accept the electronic money as a means of payment by becoming a holder of the actual electronic money (meaning that the payee must also have an agreement directly with the same e-money issuer to accept that e-money as payment). 

"The local regulator thus takes the view that there is no issuance of electronic money in a situation where no third party (payee) becomes the holder of the issued e-money (other than the EMI’s customer holding the e-money)." 

In answering this question, the ECB cited the strange decision in ABC v Lietuvos as the basis for agreeing with the local regulator, meaning that prepaid card programs do not involve the issuance of e-money!

In light of the reasoning of the Court, the last condition of the definition of electronic money (acceptance by a natural or legal person other than the electronic money issuer) should be understood as entailing the transferability and voluntary acceptance of electronic money as a separate monetary asset, and not simply as the reception by the payee of funds resulting from redeemed e-money. The submitter states that the payees (merchants in this case) are paid in scriptural money. Therefore, in accordance with the Court’s ruling in case C 661/22 and the reasoning outlined above, there is no acceptance of electronic money by a party other than the issuer in the case in question. 

This paragraph of the EBA guidance of course, misconstrues what the ECJ said in paragraph 47 of the ABC case, which was only that the stored value (in this case, any balance on the prepaid card) must have been "issued beforehand, that is to say, converted into a monetary asset separate from the funds received, and that its use as a means of payment is accepted by a natural or legal person other than the electronic money issuer...". In other words, applied to this case, the court would only have meant that the use of the value on the prepaid card must be accepted as a means of payment, not that the e-money itself must be accepted (consistent with FCA guidance cited above). 

That paragraph of the EBA guidance also ignores the fact that the merchant who accepts a card payment is the 'payee' because that merchant is the "intended recipient of funds which have been the subject of [the multiple] payment transaction[s]" triggered by the presentation of the card, as contemplated by recital 68 of PSD2:

The use of a card or card-based payment instrument for making a payment often triggers the generation of a message confirming availability of funds and two resulting payment transactions. The first transaction takes place between the [payer's card] issuer and the merchant’s [payee's] account servicing payment service provider [to pay for the goods/services], while the second, usually a direct debit, takes place between the payer’s account servicing payment service provider and the issuer [to pay the payer/cardholder's bill, though they may be the same account for a debit card]. Both transactions should be treated in the same way as any other equivalent transactions. 

The next paragraph of the EBA guidance then continues as if the payee is somehow required to have a customer agreement with the e-money issuer, when that would only be the case where the payee already held such an account and the transaction occurred within the e-money issuer's system (as a wallet-to-wallet or account-to-account payment): 

Furthermore, with regard to the question of whether the payees must be in a contractual agreement with the electronic money issuer, recital 18 of the EMD2 lays out redeemability as an intrinsic feature of electronic money, by stating that “electronic money needs to be redeemable to preserve the confidence of the electronic money holder”. In that respect, Article 11(3) of the EMD2 establishes that the conditions of redemption should be stated in the contract between the electronic money issuer and the electronic money holder. Article 11(7) further establishes that “redemption rights of a person, other than a consumer, who accepts electronic money shall be subject to the contractual agreement between the electronic money issuer and that person”. Consequently, the acceptance of electronic money whereby the person who accepts electronic money becomes a holder of electronic money, should therefore be understood to require a contractual arrangement with the electronic money issuer. 

The [prepaid card] scenario described in the question therefore fails to meet all of the criteria of the definition of electronic money.

Again, mind blown!

Fortunately, this is only guidance...

UK Green Light to Crypto-Staking For Consumers?

The UK government appears to give a green light to the practice of 'staking', but this should be approached with extreme caution. The law change only means that staking as defined in the exemption from the extensive definition of a "collective investment scheme" (CIS) in the Financial Services & Markets Act 2000 (FSMA). Staking in this context is intended to refer to the concept in 'proof of stake' blockchains (e.g. Ethereum). This is not a feature of 'proof of work' blockchains (e.g. the bitcoin blockchain) and the exemption does not cover 'staking' (effectively lending) of bitcoin or other assets. The exemption is a helpful clarification and removes the serious overhead associated with setting up and running an investment fund for the activities that are within the scope of the exemption. But an apparently minor change in the facts (e.g. affecting the qualification of the underlying cryptoasset) could still result in the staking activity falling outside the definition in the CIS exemption, meaning the staking activity could still qualify as a CIS. In addition, other financial regulation could still be implicated in the way that staking is done under the CIS exemption (e.g. e-money or payment services regulation, even for a qualifying cryptoasset), and the government clearly intends that the financial promotions rules aimed at 'qualifying cryptoassets' will still apply to marketing. Below is a summary for information purposes only. If you need legal advice, please get in touch.

What regulation has been changed to allow staking?

The CIS exemption is deceptively short:

22.—(1) Arrangements for qualifying cryptoasset staking do not amount to a collective investment scheme. 

(2) In this paragraph— 

“blockchain validation” means the validation of transactions on— 

(a) a blockchain [not defined]; or 

(b) a network that uses distributed ledger technology [not defined] or other similar technology; 

“qualifying cryptoasset” has the meaning given [in the Financial Promotions Order (FPO) - see the end of this post] 

“qualifying cryptoasset staking” means the use of a qualifying cryptoasset in blockchain validation.”

As the short Explanatory Note that accompanies the relevant regulation explains:

Staking is a consensus mechanism used by “proof of stake” blockchains. Blockchains are distributed ledgers on which various computers performing the function of “validator nodes” collaboratively enter and validate transactions to achieve consensus on the network’s state.

The longer Explanatory Memorandum adds further detail (at paragraph 5, but particularly 5.3), which will be critical to interpreting the scope of the CIS exemption and the extent to which it operates as a green light.

5.2 Staking is a consensus mechanism used by ‘proof of stake’ blockchains. It is an alternative to cryptoasset ‘mining’, which is the consensus mechanism used in a ‘proof of work’ blockchain. Blockchains are distributed ledgers on which various computers performing the function of ‘validator nodes’ collaboratively enter and validate transactions to achieve consensus on the network’s state. On proof of stake blockchains, participants earn the right to operate a validator node by staking a given amount of their cryptoassets (locking them down on a smart contract or via an alternative software solution). As an incentive to operate the node well, participants that are staking their cryptoassets receive rewards from the blockchain in the form of newly minted cryptoassets or a portion of transaction fees on the blockchain. This prospect of a financial return is a common focus of marketing around staking services. Participants who act in bad faith, for example by trying to add falsified transactions, risk losing the tokens they have staked. 

5.3 On certain blockchains, stakers are required to stake a set number of their cryptoassets to earn the right to operate a validator node, and this minimum amount can be prohibitively high for individuals. Some firms have therefore offered a service whereby customers’ cryptoassets are ‘pooled’ to meet the minimum staking requirements. The firm will then undertake the staking on behalf of its customers, frequently delegating the actual operation of the validator node to a specialist third party. If the firm then receives additional cryptoassets it will transfer a portion of the reward to its customers.

If you need legal advice on the topic, please get in touch.

26F.— Qualifying cryptoasset 

(1) Subject to sub-paragraph (3), a "qualifying cryptoasset" is any cryptoasset which is— 

(a) fungible; and 

(b) transferable.

(2) For the purposes of sub-paragraph (1)(b), the circumstances in which a cryptoasset is to be treated as "transferable" include where— 

(a) it confers transferable rights; or 

(b) a communication made in relation to the cryptoasset describes it as being transferable or conferring transferable rights. 

(3) A cryptoasset does not fall within sub-paragraph (1) if it is— 

(a) a controlled investment falling within any of paragraphs 12 to 26E or, so far as relevant to any such investment, paragraph 27;  

(b) electronic money;  

(c) fiat currency;  

(d) digitally issued fiat currency; or  

(e) a cryptoasset that— 

(i) cannot be transferred or sold in exchange for money or other cryptoassets, except by way of redemption with the issuer; and  

(ii) can only be used in a limited way and meets one of the following conditions— 

(aa) it allows the holder to acquire goods or services only from the issuer; 

(ab) it is issued by a professional issuer and allows the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the issuer; or  

(ac) it may be used only to acquire a very limited range of goods or services.  

(4) In this paragraph— 

"cryptoasset" means any cryptographically secured digital representation of value or contractual rights that—  

(a) can be transferred, stored or traded electronically, and  

(b) uses technology supporting the recording or storage of data (which may include distributed ledger technology);  

"digitally issued fiat currency" means fiat currency issued in digital form; 

"electronic money" has the meaning given by regulation 2(1) (interpretation) of the Electronic Money Regulations 2011.

When Is It Legitimate to Process Personal Data To Develop AI Models And What Happens If It Was Not?

EU data protection regulators have announced their final Opinion on some key issues related to the processing of personal data in AI models. Below is a summary for information purposes only. If you need legal advice, please get in touch.

When is an AI model considered as anonymous?

This can only be decided case-by-case, and there's a non-prescriptive, non-exhaustive list of methods to demonstrate anonymity. In broad terms:

For a model to be anonymous, it should be very unlikely (1) to directly or indirectly identify individuals whose data was used to create the model, and (2) to extract such personal data from the model through queries. 

When/how is 'legitimate interest' an appropriate legal basis for processing personal data to create, update, develop or deploy an AI model? 

Considerations here include a 'three-step test' that assesses:

1. Pursuit of a legitimate interest by the controller or by a third party; 
2. The necessity of the processing to pursue the legitimate interest; 
3. Balance.

In short, the regulator will consider whether the controller's interest is lawful, clear and precisely articulated, real and present; the processing is shown to be strictly necessary; and is balanced in terms of respecting the individual's rights.

What are the consequences for an AI model developed by unlawful processing of personal data? 

Like the FTC in the US (which has ordered some infringing models to be destroyed), an AI model that has been developed with unlawfully processed personal data could also be considered to be unlawfully deployed (unless perhaps the model is anonymised) and regulators have wide investigative and assessment powers, and can take appropriate, necessary and proportionate action depending on the facts of the case.

This post is a summary for information purposes only. If you need legal advice, please get in touch.