E-Money Tokens: The Difference Between MiCAR Payments & PSD2 Payments

I have a number of posts in the works on the UK's belated plans for cryptoasset regulation, but this one deals with the European Banking Authority's use of its 'no action' powers to minimise the overlap between the EU's second Payment Services Directive (PSD2) and the Markets in CryptoAssets Regulation (MiCAR), to minimise the burden of dual authorisation for firms. The distinctions summarised below should be applied in the exercise of national EEA payment authorities' supervision and enforcement policies until 2 March 2026, and selective supervision of certain aspects thereafter, while waiting for legislative clarity when PSD2 is replaced in 2-3 years' time. This post summarises the relevant distinctions for information purposes. If you need legal advice, please contact me via Crowley Millar.

EMT-based PSD2 Payments

Specifically, the European Banking Authority (EBA) has opined that the following activities involving e-money tokens (EMTs) should be regarded as 'payment services' under PSD2: 

• the transfer of crypto assets as a payment service, where they entail EMTs and are carried out by the entities on behalf of their clients; 
• the custody and administration of EMTs. 

In addition, a custodial wallet should be regarded as a payment account under the PSD2 where the wallet is held in the name of one or more clients and allows the client(s) to send and receive EMTs to and from third parties.

This is because Article 48(2) of MiCAR deems EMTs to be electronic money, so they come within the definition of ‘funds’ by virtue of Article 4(25) of PSD2. Article 70(4) of MiCAR then provides that CASPs who provide PSD2 payment services related to their crypto-asset services, may either do it themselves or partner with a PSD2 firm, provided that either is authorised to provide the respective payment services. But exactly which of the 8 payment PSD2 services applies is not quite clear.

Any firm undertaking these activities will need local authorisation under PSD2 from 1 March 2026, but even after that date, local regulators should not prioritise the supervision and enforcement of PSD2 provisions on safeguarding, disclosure of information on charges to consumers, the maximum execution time of payment transactions, unique identifiers (e.g. IBAN), or open banking (account information services and payment initiation services). Only the rules on strong customer authentication (two factor authentication) should apply (to custodial wallets and the initiation of EMT transfers), along with rules on fraud reporting and the cumulative calculation of 'own funds' (working capital) requirements.

EMT-based MiCAR Payments

Meanwhile, the EBA says that ‘exchange of crypto-assets for funds’ and ‘exchange of crypto-assets for other crypto-assets’ as defined in MiCAR should not be deemed PSD2 'payment services' by local authorities, nor where crypto-asset service providers (CASPs) intermediate the purchase of any crypto-assets with EMTs.

The EBA acknowledges that this advice "will result in a large number of EMT transactions not to be subject to the requirements of PSD2", but the aim is to minimise the burden of dual authorisation for CASPs.

This post summarises the relevant distinctions for information purposes. If you need legal advice, please contact me via Crowley Millar.

Latest on EU Crypto Regulation

As I recently posted in more detail on Ogier Leman's 'Insights' page, the Council of the EU has published a further draft of the proposed Regulation on markets in cryptoassets (MiCA). It seems likely that MiCA will be published officially in 2023, with a wide range of transitional arrangements and dependencies on regulatory technical standards being developed by various EU regulatory agencies. Being a regulation, it will apply without needing to be implemented at national level. MiCA's impact will be significant, given the 'libertarian' origins of distributed ledger technology and cryptocurrencies and the goals of many purists, but likely welcomed by those seeking to harness the benefits of the technology to replace legacy systems. 

If you have queries about the regulatory implications of cryptoassets or related activities, please let me know.

UK FCA Guidance on Regulation of CryptoAssets

The regulation of 'cryptoassets' including cryptocurrencies is under permanent review, with the UK's Financial Conduct Authority perhaps the latest financial regulator to finalise its guidance. Despite the often-repeated statement that financial regulation is 'technology-neutral', the decentralised nature of cryptographic or 'distributed ledger technology' (DLT) is awkward because there is no central issuer, operator or service provider to which regulatory responsibility and accountability can be attached. Add to that the flexibility of DLT and the wide range of use-cases, and you have the recipe for widespread regulatory confusion.

The guidance itself is set out in Appendix 1 to the FCA's paper (pp 29-54), including useful case studies and examples, but I've only discussed the different types of cryptoasset below - including a new category added by the FCA.

The FCA's guidance in this context is also separate from:

• anti-money laundering: the fifth money laundering directive (5MLD) will be gold-plated implemented in the UK by January 2020, which will impose anti-money laundering requirements on certain cryptoasset firms, amongst other types of businesses.
• the use of Distributed ledger technology (DLT) for regulated activities such as custody, and settlement.

The guidance may also change pretty quickly because:

• the FCA itself will consult on banning the sale of derivatives linked to certain types of unregulated cryptoassets to retail clients; and
• the UK Treasury will consults on whether (further) regulation of (unregulated) cryptoassets is required; and
• other countries may regulate in a way that it makes sense for the UK to match.

What Are Cryptoassets?

Like the regulatory authorities in most developed markets, the FCA initially embraced the idea that cryptoassets can be defined in terms of three types of cryptographically-generated 'tokens': exchange tokens, utility tokens and security tokens. 

But the FCA has now added a fourth category of "e-money tokens" (those which meet the definition of "electronic money" discussed below). The intention is to leave exchange tokens and utility tokens outside the regulatory perimeter as "unregulated tokens"; and to differentiate the use of tokens as e-money from security tokens (which carry rights and obligations that are essentially the same as specified investments covered by existing securities regulation).

"Stablecoins" don't constitute a separate category because while they're all structured in a way that seeks to limit changes in their perceived value, those structures vary a lot. Some could meet the definition of e-money (e.g. equating in value to a fiat currency and meeting the other requirements), or a security ('backed' by other securities), while others would not.

So, basically, the FCA considers that only e-money tokens and securities tokens will be regulated.  But note that firms which are already regulated by the FCA may have regulatory obligations relating to their unregulated activities where they are carried out by the regulated firm in connection with, or held out as being for the purposes of, a regulated activity. In such cases, the FCA's 11 Principles for Business (PRIN) and individual conduct rules under the Senior Managers and Certification Regime (SMCR) will still apply. The FCA also works with other agencies to indirectly mitigate harm from other types of unlawful activity involving cryptoassets.

It's also possible that tokens could shift categories over time, or meet the definitions of two or more types. The FCA says that: 

"...the regulatory treatment depends on the token’s intrinsic structure, the rights attached to the tokens and how they are used in practice. If the token at a point in time reaches the definition of an e-money token or a security token, then it will fall under regulation. We have provided additional case studies on the fluidity of tokens within the Guidance."

Exchange Tokens

These are cryptoassets that are decentralised and primarily used as a means of exchange (e.g. ‘cryptocurrencies’, ‘crypto-coins’ or ‘payment tokens’) that are typically designed to provide limited or no rights for the holder, and there is usually no (single) issuer to enforce rights or make claims against.

The FCA does not want to regulate exchange tokens themselves (without a change in the law), but may already regulate the participants at either end of the exchange, for instance, where the cryptoasset is used by regulated payment service providers to more efficiently facilitate the processing of payment transactions in 'fiat' currency. 

Anti-money laundering regulation may also apply (particularly from 10 January 2020), but the FCA sees this as a separate to its financial regulatory perimeter (even though it is also a supervisory authority for AML regulation).

Utility Tokens

These are cryptoassets that provide users with access to a current or prospective product or service and often grant rights similar to pre-payment vouchers. Again, these are unregulated where they just provide this type of utility.

Security Tokens

These are cryptoassets with essentially the same rights as regulated investment instruments (securities) such as shares, debentures or units in a collective investment scheme; and the FCA says it will regulate these the same way they regulate their traditional cousins.

Of course, the security tokens are often distributed by means of 'initial coin offerings' and/or 'airdrops' that cross multiple jurisdictions, each of which may treat/regulate them differently. The problem with consistent international regulation is that (certainly outside the 31 countries in the European Economic Area) there are differences in the classification and regulatory treatment of securities that will also affect crypto-securities with the same characteristics. The FCA points to bilateral harmonising efforts and multilateral discussions through the Global Financial Innovation Network (GFIN), the International Organization of Securities Commissions (IOSCO), the European Commission (EC) and the European Supervisory Authorities (ESA) - and one could add central bank co-ordination on the impact of cryptoassets on fiat currencies and currency regulation via the Bank of International Settlements.

E-money Tokens

These are tokens that meet the definition of "electronic money" in the Electronic Money Regulations 2011 (derived from the second EU E-money Directive):

electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions [as defined in PSD2], and which is accepted by a natural or legal person other than the electronic money issuer;

There are also certain specific exclusions, which include instruments used within 'limited networks'  but that's worth a whole series of posts in itself.

Whether this meets the concern of the Financial Markets Law Committee that there's a gap in AML regulation for virtual currencies that share the characteristics of money remains to be seen.