On February 28, 2023, the French legislator voted on the new enhanced DASP registration regime.
Enhanced DASP registration will be effective on July 1, 2023, and will only affect new players. From this date, requesting a mere registration will no longer be possible, and applicants will have to comply with the latest regulatory requirements. Let’s remember that DASP registration allows the offering of financial services on digital assets: custody, crypto-to-fiat, or operating an exchange.
Here are the details of this new regime.
Why enhance the DASP registration ?
Following the crash of Terra (LUNA), Celsius’ bankruptcy and the FTX scandal, the DASP registration enhancement constitutes, first and foremost, a political response to end the “Crypto Far West”.
In addition, a growing number of French people own crypto-assets (in February 2022, 8% had invested, and 30% want to invest).
Consequently, considerable regulatory attention has been given to the registration regime, which seems less suited to the reality of the crypto industry.
What does this new procedure involve?
🕰️A transitional regime in the MiCAR timeline
First, the enhanced DASP registration only concerns applicants who apply from July 1, 2023. Already registered DASPs are not affected by this regulatory evolution.
This new regime undoubtedly constitutes an acceleration of the European regulation Market in Crypto-Assets (MiCAR) timeline, which should, 18 months after its adoption, enter into force at the end of 2024 :
- unregistered players have 18 months after MICAR entered into force to comply.
- registered players – including under the new regime of enhanced registration – will have an additional 18 months from the end of the entry into force period, i.e. 36 months to comply.
Thus, this new enhanced registration procedure comes between the simple DASP registration regime’s end and MiCAR authorisation’s start. The optional DASP approval remains available to industry players until MiCAR entry into force.
🚦What are the new requirements for enhanced DASP registration?
As a reminder, the mere registration regime required the DASPs to comply with obligations to combat money laundering and the financing of terrorism (AML/CFT) and fit and proper assessments – i.e. the good reputation and competence of the company’s managers and shareholders.
From July 1st, 2023, new applications must meet additional requirements inspired by the DASP optional approval and the MiCAR authorisation.
|Legal requirement||In practice|
|Have a conflict of interests management system||Depending on the activity, implement a conflict of interest policy, i.e., identifying and preventing situations likely to give rise to a conflict of interest detrimental to clients’ interests.|
|Implement a policy for handling customers complaints||Inform customers about the complaints handling process and the options available & maintain a complaints register.|
This policy may be in line with the GDPR User Rights Policy.
|Communicate in a clear, accurate and non-misleading way, and warn customers about the risks associated with crypto-assets|
|Refrain from using their clients’ assets without their prior consent|
|Publish a pricing policy||The DASP must inform customers about all the service’s fees or costs (e.g., account inactivity fees).|
|If applicable, implement a custody policy, segregate customer crypto-assets from those held by the provider on its own accont and allow the quick return of funds to customers (upon request).||For custody and portfolio management services only.|
|Implement an internal control policy||Implement internal control measures and procedures to ensure compliance with legal and regulatory obligations. The dedicated staff (internal or freelance) should have the necessary qualifications.|
|Insure a resilient and secure IT system||Physical and IT security devices reduce the risk of attack and ensure effective risk management. The service provider employs sufficient IT and human resources to ensure the security of its IT system.|
The AMF may align with the requirements of the DASP approval (ANSSI cybersecurity Visa).
While some of these obligations are relatively easy to reach, others may have an higher operational cost, such as:
- The implementation of an internal control mechanism involving permanent control carried out by dedicated staff;
- The new IT requirements induce significant and imperative investments for applicant DASPs.
What are the consequences for the crypto industry?
- First of all, the enhanced registration is the first step towards the new standard: the MiCAR authorisation.
- Depending on the nature and the roadmap of the project, and given its transitional nature, applying directly for DASP approval could allow a quicker transition to MiCAR authorisation.
Article written with Germain Chaux, trainee solicitor.