REGULATORY RADAR MICA USER GUIDE
MiCA – key tasks and deadlines
registered as a Prestataires d’audit de la sécurité des systèmes d’information (PASSI). Standards are based on the Digital Operational Resilience Act (DORA), which came into effect this year and set standards of digital systems and security for all financial institutions. Capital reserves for issuers A base capital requirement of €350,000 applies to all issuers of Asset Referenced Tokens (ART). Issuers must also hold capital equivalent to 2% of the average value of their reserve assets. Reserve assets must be kept separate from the issuer's other funds. The state of these reserves must be reported regularly to relevant authorities. CASPs that do not issue ARTs are also subject to capital adequacy requirements. These requirements will vary based on the specific services offered and the risk profile of the CASP. The competent authorities in each EU member state will determine the appropriate level of capital required, ensuring it is adequate to cover potential operational and financial risks. This may include requirements for initial capital, ongoing capital maintenance, and liquidity buffers. The exact capital requirements for non-issuing CASPs are not fixed but rather vary based on a variable amount determined by local regulators, who
MiCA – key tasks and deadlines The depth and scale of MiCA are daunting for many crypto businesses. Compliance will require investment in time and resources, as deadlines vary between European jurisdictions, and there is a whole new vocabulary to learn. BCB’s compliance and legal team have recently completed our own MiCA application and continue to hold regular discussions with clients about what MICA will mean for them. While the new regulatory regime cannot be captured in a single page, there are six key steps that firms will need to address to meet the challenges and opportunities that MiCA presents. Strengthen IT security & operational resilience This includes all RegTech, trading solutions and a monitoring framework. Monitoring is particularly important for trading teams, which will not be used to having such a framework. Requirements vary, but price monitoring is a key requirement to ensure investor protection, which is the top priority for regulators. a. Develop a cybersecurity framework to protect customer assets and private keys. b. Implement incident reporting mechanisms to regulators for security breaches. c. Establish business continuity and disaster recovery plans to prevent service disruptions. d. Ensure compliance with DORA (Digital Operational Resilience Act) , which applies to financial entities in the EU. Anti-money laundering Essential AML standards do not change. The key difference is the Travel Rule, which requires the sharing of client information for transactions over a certain level. Every originator and beneficiary for every transaction have to be identified each time, through a secure system that harmonises the information. Clients in such transactions
will be required to provide ID including pictures or video.
e. Implement a robust AML/CFT policy that meets AMLD6 and FATF requirements. f. Deploy a risk-based approach (RBA) for client onboarding and ongoing transaction monitoring. g. Integrate Travel Rule compliance
into transaction processing (mandatory for all CASPs).
h. Appoint a Money Laundering Reporting Officer (MLRO) and ensure they have relevant experience. Cybersecurity audit Firms will need a lot more certification and, specifically, an audit by an approved third-party provider. In France, for example, these must be carried out by a provider that is
consider the individual CASP's activities and associated risks.
Secure your governance, internal controls & capital requirements Named individuals must be assigned certain roles and responsibilities at any offer or firm, covering a range of key responsibilities including IT, communications security and cryptographic keys. These roles and responsibilities must be identified in every EU and European Economic rea jurisdiction where the firm has an entity. Group-wide governance will not be sufficient to meet these requirements.
A base capital requirement of €350,000 applies to all issuers of Asset Referenced Tokens (ART). Issuers must also hold capital equivalent to 2% of the average value of their reserve assets.
32
Made with FlippingBook - professional solution for displaying marketing and sales documents online