Regulation (EU) 2023/1114 on markets in crypto-assets ("MiCA Regulation", "the Regulation") provides the legal framework of crypto-assets, as well as the provision of various crypto services within the EU and in Bulgaria (by virtue of the Regulation’s direct effect in EU Member States). The MiCA Regulation is in force as of 29 June 2023, but its application is postponed until 30 December 2024, except for certain provisions which are to apply from 30 June 2024. Each Member State may envisage a transition period for the licensing of crypto-asset service providers (CASPs), which may last until 1 July 2026 or shorter. The availability and duration of a transitional period will depend on whether the Member State already has a regime in place regulating the provision of crypto services, which is stricter than what is prescribed by the Regulation.
The regulatory framework for crypto-asset services will also be complemented by delegated acts of the European Commission aimed at providing for more details in certain aspects. In addition, the European Regulatory Authorities – the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) should adopt a number of regulatory and implementing technical standards and guidelines before the entry into force of the Regulation.
Currently, Bulgaria has not yet introduced measures concerning a possible transition period, but given that the national rules in force are no stricter than those of the Regulation, it can be reasonably assumed that the country will not make use of the transition period or at least not in its maximum allowed duration. In this sense, it is recommendable for providers that offer or intend to offer crypto services on the Bulgarian market to get acquainted with the current requirements of the Bulgarian legislation, as well as with the prescriptions of the MiCA Regulation, and to take steps towards bringing their activities in line with these requirements.
This article aims to highlight some key requirements that we believe apply at the moment and will apply in the future to the activities of CASPs.
I. A brief overview of the currently applicable regime in Bulgaria
At present in Bulgaria, activities with virtual assets and virtual currencies fall directly within the scope of the anti-money laundering legislation. The latest amendments to the Measures Against Money Laundering Act (MAMLA), in force as of 6 October 2023, add new categories of virtual assets service providers for which the law envisages specific obligations. In addition to providers of exchange services between virtual and fiat currencies and custodian wallet providers, who are already obliged under MAMLA, the following persons are brought in-scope:
These new categories of obliged persons should apply in their activities the full range of anti-money laundering measures envisaged by the MAMLA, e.g. carrying out customer due diligence and risk assessments, reporting suspicious transactions and operations to the Bulgarian AML/CFT competent authority, etc. Similar to the previous regime, these new obliged persons will be able to carry out activity only upon registering with a public register at the National Revenue Agency (NRA). In addition, according to the amendments, natural persons – legal representatives, shareholders and beneficial owners of an obliged entity must meet certain conditions in order for the registration to be made.
On the other hand, providers who have already been registered with the NRA under the previous regime should update their registered information and provide the relevant evidence within a certain period. Failure to comply with that obligation will be grounds for deletion of the respective person’s registration.
The amendments to the MAMLA define the term "virtual asset". In particular, this is a digital representation of value that can be transferred or traded digitally, as well as can be used for payment or investment purposes, with the exception of financial instruments issued through decentralised ledger technology. I.e., for persons whose activity involves virtual assets that are financial instruments, the requirements of the MAMLA shall not apply (unless banks or investment firms are concerned, which should apply the MAMLA measures in general) and registration with the NRA is not necessary, insofar as such entities are subject to a special licensing and/or authorisation regime under the Credit Institutions Act, the Markets in Financial Instruments Act or other regulations. This approach is similar to the one adopted by the MiCA Regulation. The obliged persons under the Regulation are also subject to all related EU legislation, including the Prospectus Regulation, the directives providing for transparency obligations, for the prohibition of market abuse, for the settlement finality, the Short Selling Regulation, the Central Securities Depositories Regulation, and the Regulation on a pilot framework for market infrastructures based on decentralised ledger technology (all transposed and applicable in Bulgaria).
II. Key requirements for CASPs under the MiCA Regulation
The MiCA regime applies to all persons that intend to issue/offer crypto-assets or provide crypto-asset services. CASPs must have an address in the EU where they effectively carry out at least part of their crypto-related activities. In addition, CASPs must be licensed under the Regulation or under other EU financial or banking regulations (e.g. authorised credit institutions, investment firms, etc.). Some persons are explicitly excluded from the scope of the Regulation, e.g., those providing crypto services to their parent company or subsidiary.
2. What assets are in-scope?
MiCA classifies crypto-assets into three categories:
i. Electronic money tokens aim to maintain stable value by referencing the value of an official currency. According to the Regulation, these assets qualify as electronic money. As a result, the existing EU legal framework for traditional e-money (the E-money Directive, implemented in Bulgaria in the Payment Services and Payment Systems Act) also applies to e-money tokens.
ii. Asset-referenced tokens, on the other hand, are not e-money tokens. These are crypto-assets that seek to maintain a stable value by referencing another value or right, or a combination thereof, including one or more official currencies. This includes the so-called "stable crypto-assets".
iii. Crypto-assets other than asset-referenced tokens and e-money tokens are all other crypto-assets that are not explicitly excluded from the scope of the Regulation. Most major currencies would fall into this category. This also includes the so-called. "utility tokens", i.e. intended solely to give access to a good or service provided by the issuer of such tokens.
Several explicitly listed types of crypto-assets remain outside the scope of the MiCA Regulation. For example:
The determination of the type of crypto-asset concerned, as well as whether it falls within the scope of the Regulation, is the responsibility of the issuer of that asset and is subject to approval by the relevant competent supervisory authority. According to Recital 11 of the Regulation, when evaluating and classifying crypto-assets, competent authorities should adopt the approach of ‘content over form’, whereby the classification is determined by the characteristics of the crypto-asset in question rather than what is indicated by the issuer.
3. What are the key requirements for business conduct of CASPs?
Each CASP must obtain a license to carry out its activities issued by the relevant national competent authority in an EU Member State 1 . The main requirements for authorisation are listed in the Regulation and details will be included in the relevant regulatory technical standards developed by ESMA. In addition to specific own funds requirements depending on the type of services provided, the applicant must demonstrate that it meets certain management standards. For example, the members of the management body must be of good repute and possess sufficient knowledge, skills and experience to perform their duties. In addition, the applicant must develop and adopt certain internal policies, processes and procedures to ensure reliability and continuity in the provision of the respective crypto services. Each CASP must adequately manage potential cases of conflict of interest, ensure the security of its clients' funds and assets, apply a procedure for accepting and handling customer complaints, etc.
Additional requirements apply to specific types of crypto services. E.g., for provision of custody and administration of crypto-assets, the provider must adopt a custody policy that meets the requirements set out in the Regulation.
The license obtained in a Member State will be valid across the EU (the so-called European passport). Any provider authorised in a Member State may provide its services within the EU, either directly or through a branch, subject to a simplified notification procedure.
The Regulation also provides for some exemptions to the requirement to obtain a license for provision of crypto services. For example, entities that are already licensed in accordance with the applicable EU banking and financial legislation may benefit from such exemption. These entities can provide specific crypto services without obtaining a MiCA license. For example:
Those entities must notify the relevant competent authority before starting their activity related to the specific crypto services. Within the notification procedure, the entity concerned shall provide the competent authority with the information explicitly referred to in the Regulation, but only to the extent that it has not already been provided in the framework of a previous licensing procedure.
In addition, the Regulation introduces obligations and conditions for carrying out the activity of CASPs. Some of them are applicable to all types of crypto services, and others – only to specific types of services. Among the generally applicable are:
III. Other applicable regulatory requirements
In addition to MiCA, various Bulgarian and EU laws and regulations remain relevant including the rules on e-commerce, consumer and data protection, e- signatures and contracts which must be considered and observed.
---------------------------------------------------------
1 Although Bulgaria has not yet officially designated the national competent authority for the MiCA Regulation application, it can reasonably be assumed that the role will be assigned to the Bulgarian National Bank or the Financial Supervision Commission.
2 For example, the service "exchange of crypto-assets for funds or against other crypto-assets" is equivalent to the investment service "dealing on own account in financial instruments".
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited („DTTL“), its global network of member firms or their related entities (collectively, the “Deloitte organization”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.
No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication. DTTL and each of its member firms, and their related entities, are legally separate and independent entities.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (DTTL), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
Adelina Mitkova | Attorney-at-Law, Senior Managing Associate
Nadya Elchinova | Attorney-at-Law, Senior Associate