Alert
April 18, 2024

Acquiring or Investing in EU Crypto-Asset Businesses: Further Clarity on MiCA

In our previous alert “Acquiring or Investing in EU Crypto-Asset Businesses: MiCA’s Impact,” we discussed the impact of the European Union (EU) Markets in Crypto-Assets Regulation (MiCA) on the acquisition or investment in EU crypto-asset service providers (CASPs), such as crypto exchanges and wallet providers, and the issuers of asset referenced tokens (ARTs), such as stablecoins.

The European Securities and Markets Authority (ESMA), which is working with the European Banking Authority (EBA) toward MiCA’s implementation, recently published its first set of final regulatory technical standards (RTS) under MiCA. These standards cover various obligations for CASPs, those applying to become CASPs, and those looking to acquire or invest in CASPs (ESMA Information Requirements).

As we note below, the ESMA Information Requirements provide clarity not just about the process but on what, in substance, acquirers of or investors in CASPs will need to consider.

MiCA: Where Are We So Far?

MiCA was published in the Official Journal of the European Union on 9 June 2023. MiCA’s provisions governing ARTs will apply from 30 June 2024, and its provisions governing other crypto assets will apply from 30 December 2024.

As noted in a previous alert, “Crypto Regulation in Europe: ESMA Statement Clarifies Process for the Transition to MiCA,” MiCA contains transitional provisions that apply to CASPs registered under current individual EU member state regimes.

As noted above, the ESMA and EBA consultation and publication of RTS and guidelines under MiCA are key components in completing MiCA’s legislative picture. We commented on a recent ESMA consultation on guidelines in our alert “Marketing Crypto Assets to EU Investors Under MICA: ESMA’s First Take on Reverse Solicitation.”

At the same time that ESMA published the final RTS containing the ESMA Information Requirements, it launched its third RTS consultation dealing with the obligations on CASPs in areas such as the detection and prevention of market abuse, investor protection, and operational resilience.

When ESMA consulted on the Information Requirements (July 2023), the EBA consulted on similar requirements for the acquisition of qualifying holdings in ARTs, as we noted in our previous alert “Acquiring or Investing in EU Crypto-Asset Businesses: MiCA’s Impact” (EBA Information Requirements). The EBA has yet to publish final RTS, but our working assumption is that the EBA Information Requirements will be nearly identical to the ESMA Information Requirements.

The Approval Requirements: A Reminder

MiCA requires any natural or legal person who intends to acquire or increase shares or voting power in an ART or CASP above a relevant threshold to notify the EU member state national competent authority (NCA) of that ART or CASP in writing and provide specific information to enable the relevant NCA to assess the proposed acquisition or increase of an existing qualifying holding.

The relevant thresholds are 10%, 20%, 30%, or 50% for a holding in an ART and 20%, 30%, or 50% for a holding in a CASP. In both cases, an NCA will have 60 working days to make the assessment and approve or object to the acquisition or increased holding. MiCA gives an NCA rights to “stop the clock” with the effect being that the maximum period for the assessment will be 94 working days from the date the NCA is notified.

MiCA further establishes the criteria against which the NCA should evaluate the suitability of the proposed acquirer. These include:

  • The reputation of the proposed acquirer
  • The reputation and experience of any person who will direct the business of the ART or CASP as a result of the intended acquisition
  • The financial soundness of the proposed acquirer
  • The continued compliance of the target ART or CASP with MiCA after the acquisition
  • Reasonable grounds to suspect money laundering or terrorist financing in connection with the proposed acquisition or whether it could increase those risks

The Final RTS Information Requirements: Highlights

The Final RTS includes a comprehensive set of information requirements for notifications about acquisitions of qualifying holdings in CASPs. These include:

  • Information about the proposed acquirer (Controller), including the members of its management body, the indirect shareholders, and the ultimate beneficial owner, and information about the members of the management body of the target CASP (Directors) whom the Controller intends to appoint; this information should be the same as that which the CASP would have had to provide for the Directors when the CASP became authorised
  • For Controllers that are legal persons, information about (a) the ultimate beneficial owners and persons who effectively direct the business and have directed it over the past 10 years, and (b) any undertaking under the Controller’s control, and any shareholder with a qualifying holding in the Controller
  • Where a Controller uses a trust structure, information on the trustees, settlor, and beneficial owners
  • For acquisitions by an investment fund, information about the individuals in charge of making the investment decisions for the funds
  • For acquisitions by a sovereign wealth fund, information about the persons holding high-level positions in the ministry, government department, or other public body in charge of making investment decisions for the fund
  • For acquisitions by a natural person, information about that person and about any undertaking formally directed or controlled by that person over the past 10 years
  • Details of criminal convictions, pending criminal proceedings, civil or administrative cases, and similar information deemed relevant for assessing a Controller’s reputation
  • Information about any assessment of the Controller(s) performed by another competent authority or other authority, and, if so, the outcome of that assessment
  • Financial information of the Controller, including information about its current business
  • Where the Controller is established in a non-EU country or is part of a group whose direct or ultimate parent undertaking is established in a non-EU country, additional information about any obstacles to the effective supervision of the target CASP and the Controller’s reputation in that non-EU country
  • Information about the impact of the proposed acquisition on the consolidated supervision of the target CASP and of the group it would belong to after the acquisition
  • Information about the Controller’s intention, including details of any action undertaken by the Controller in concert with other parties for the purposes of the proposed acquisition, the price of the proposed acquisition and a copy of the contract of acquisition
  • Information on the financing of the acquisition, including means and sources of financing and the origin and legitimacy of the source of all financing to determine whether there is a risk of money laundering or terrorist financing
  • Where the Controller intends to acquire holdings of between 20% and 50%, or less than 20% but having significant influence over the CASP, information on the Controller’s strategy with respect to the target CASP and information on the nature of the significant influence, as applicable
  • Where there is a proposed change in control, “as a general rule” a full business plan in order to assess the financial soundness of the proposed acquirer

Similar but Not Identical to Existing Regimes: ‘Acting in Concert,’ ‘Significant Influence,’ and Other Concepts

As we noted in our previous alert, those familiar with the provisions on the acquisition of a qualifying holding in an investment firm under the Markets in Financial Instruments Directive and similar provisions for EU banks, insurers, and mutual fund managers (Existing Directives) will see similarities with the MiCA regime and with rules governing the acquisition of UK crypto businesses noted in “Buying a UK Crypto Business: The New Regulatory Hurdles.”

Like the Existing Directives, the text of MiCA applies the provisions for acquisitions of qualifying holdings to persons “acting in concert” who have taken “a decision to acquire, directly or indirectly,” a qualifying holding in a CASP or ART. As noted above, the Information Requirements also impose requirements on those who will exert “significant influence” over a CASP. The EBA, ESMA, and the European Insurance and Occupational Pensions Authority (together, the ESAs) published their joint guidelines for NCAs making determinations under the Existing Directives. There is currently no draft guidance on the application of the same concepts under MiCA, but it seems likely that the ESAs will extend the joint guidelines to cover MiCA. (In the UK, the updates “CP25/23 – Supervisory statement – Prudential assessment of acquisitions and increases in control” to the joint guidelines that applied following Brexit proposed by the Financial Conduct Authority and Prudential Regulation Authority include crypto-asset businesses.)

MiCA and M&A due diligence

As we noted in our previous alert “Acquiring or Investing in EU Crypto-Asset Businesses: MiCA’s Impact,” member state laws implementing the Fifth EU Anti-Money Laundering Directive (AMLD5) provisions on crypto firms will continue to be relevant when buying a CASP because the AMLD5 imposes regulatory obligations on a CASP. These include obligations connected with standard and enhanced customer due diligence and reliance on recordkeeping, which an acquirer will need to include as part of its regulatory due diligence in addition to related items under the general law, such as provisions governing anti-bribery. No such requirements currently apply to ARTs under any EU law.

MiCA, however, extends the type of CASP subject to regulatory obligations. It also imposes additional obligations, such as a general obligation to act honestly, fairly, and professionally and to act in the best interests of clients. It also includes ongoing disclosure requirements, stringent prudential requirements, and various organisational and governance requirements.

There are also requirements around outsourcing of operational functions. In addition to these general obligations, there are specific obligations depending on a CASP’s specific business; e.g., for crypto custodians. For further discussion, see our alert “Doing Crypto Business in Europe: MiCAR, the EU’s New Uniform Crypto Code – Part 2.” A key here is that the types of operational due diligence on items such as network infrastructure and security, which any prudent acquirer or investor should undertake, will be given a regulatory imperative.

ARTs will also have conduct and organisational requirements, including those governing the custody of reference assets, as noted in our alert “Doing Crypto Business in Europe: MiCAR, the EU’s New Uniform Crypto Code – Part 2.”

These additional regulatory obligations will necessarily increase the regulatory obligations and corresponding risk under EU law for CASPs and ARTs. From this, it will follow that acquirers of and investors in EU CASPs and ARTs will be required to undertake more thorough due diligence than is currently the case.

To discuss the contents of this alert, please contact the authors or your usual Goodwin contact.

 

This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee a similar outcome.