AGEFI Luxembourg - avril 2024

Avril 2024 47 AGEFI Luxembourg Informatique financière ByDr. SebastiaanNiels HOOGHIEMSTRA* O n 29 June 2023, Regulation (EU) 2023/1114 onmarkets in crypto-assets (“MiCAR”) en- tered into force that will apply in full as of 30December 2024 onwards. MiCAR introduces a new licensing re- gime for (non-EU) crypto custodians. This contribution analyzes the impact of theMiCAR licensing regime on (non- EU) crypto custodians, deposi- taries or not, servicing Luxembourg alternative in- vestment funds (“AIFs”). ScopeMiCAR– CryptoCustodians CASPs&OtherEUFinancialInstitutions MiCARapplies toproviders of crypto-assets services in theEU. In this respect, “crypto-asset serv- ice” means “any of the services and activities relat- ing to any crypto-asset”, including “providing custody and administration of crypto-assets on be- half of clients”. Under MiCAR, there are several types of service providers thatmayprovide this crypto-asset service. In the first place, “crypto-asset service providers” (“ CASPs ”) that are legal persons or other undertak- ingswhoseoccupationorbusinessistheprovisionof one or more crypto-asset services to third parties on a professional basis and are allowed to provide crypto-asset services if they are authorized under MiCARby a national competent authority (“ NCA ”) in an EUMember State. Furthermore, a number of incumbentEUfinancialinstitutions,suchasEUcredit institutions and investment firms that are author- ized for the “safekeeping and administration of fi- nancial instruments for the account of clients”under Directive2014/65/EU,asamended(“ MiFIDII ”),with a “top-up” permission for providing “custody and administration of crypto-assets on behalf of clients” (“ EU Financial Institutions ”), may “leverage” their existingEUlicense(s)andcanprovidethementioned service with merely obtaining a “license extension” (i.e., “top-up license”). Anyoftheabove-mentionedEUFinancialInstitutions are not subject to the CASP authorization require- ments.However, similar as forCASPs, still anumber of general conduct of business requirements and re- quirements specific to the provision of “custody and administration of crypto-assets on behalf of clients” wouldneed to be compliedwith. BothCASPsauthorizedunderMiCAR,aswellasany of the EU Financial Institutions that have obtained a “license extension”underMiCAR in anEUMember State may “passport” their crypto-asset services for whichtheyarelicensedintootherEUMemberStates. Inprinciple,third-countryfirms(i.e.firmswithanon- EUregistered/realseat)arenotallowedtoprovideany typeofcrypto-assetservicesintheEUunderMiCAR. However,MiCARhas a“reverse solicitation” regime in place on the basis of which crypto-asset services may be provided in the EU only at the exclusive ini- tiative of a client based in theEU. This, therefore, pre- cludes a third-country firm fromsoliciting EU-based clients or directlyproviding their services in the EU. Crypto-assets MiCAR establishes a harmonized framework for crypto-assets and related activities and services and includesalltypesofcrypto-assetsthatarenotyetcov- eredbyEUfinanciallaw(especiallyMiFIDII).Forex- ample,servicesinrelationtocrypto-assetsthatqualify as financial instruments, as defined under MiFID II, such as units/shares of AIFs, do not fall within the scopeofMiCAR.AIFsandtheiralternative investment fund manager (“ AIFM ”) , thus, do not fall itself within the scope of MiCARiftherelevantAIFisinvestingin crypto-assets within the meaning of MiCAR. Crypto Custodian Any legal persons or other undertakings that provide “custody and administra- tion of crypto-assets on behalf of clients” will, save any MiCAR exemptions, be required to apply for a CASP license under MiCAR. The “cus- tody and administration of crypto-assets on behalf of clients” is under MiCAR being defined as “ the safekeeping or controlling, on behalf of clients, of crypto-as- sets or of the means of access to such crypto-assets, where applicable in the form of private cryptographic keys ”. AcloserlookatthisdefinitionrevealsthattheMiCAR regime not only requires a license as a “crypto custo- dian” for the “safekeeping of private cryptographic keys”, but includes the “safekeeping or controlling”, onbehalfofclients,ofany“meansofaccess”tocrypto- assets. In this respect, it is important to note that self- custody is excluded from the scope of MiCAR. Non-custodial wallets held by hardware or software providersalsodonotfallwithinthescopeofMiCAR. Obligations of “CryptoCustodians” underMiCAR Apart from the generic authorization and operating conditions underMiCAR, there are also a number of obligationsinrespectofspecificcrypto-assetsservices. With respect to the provision of the custody and ad- ministrationofcrypto-assetsonbehalfofclients,Arti- cle 75 MiCAR is requiring, amongst others, that CASPs (or EUFinancial Institutions): - conclude anagreementwith their clients to specify their duties and their responsibilities that shall, amongst others, include, the identity of the parties, the nature of the crypto-asset service provided and a description of that service, the custody policy and the means of communication between the CASP and the client; -shallkeeparegisterofpositions,openedinthename of each client, corresponding to each client’s rights to the crypto-assets; - establish a custody policy with internal rules and procedurestoensurethesafekeepingorthecontrolof such crypto-assets, or the means of access to the crypto-assets; - shall facilitate the exercise of the rights attached to thecrypto-assets.Anyeventlikelytocreateormodify the rights of a client shall immediatelybe recorded in the client’s register of positions; -providetheirclients,atleastonceeverythreemonths andattherequestoftheclientconcerned,withastate- ment of position of the crypto-assets recorded in the name of those clients; - shall ensure that necessary procedures are in place to return crypto-assets held on behalf of their clients, or the means of access, as soon as possible to those clients; and -shallsegregateholdingsofcrypto-assetsonbehalfof their clients fromtheir ownholdings and ensure that the means of access to crypto-assets of their clients is clearly identified as such. They shall ensure that, on the distributed ledger, their clients’ crypto-assets are held separately fromtheir own crypto-assets. If CASPs providing custody and administration of crypto-assets on behalf of clients make use of other CASPs for that service, they shall only make use of CASPs authorized in accordance with Article 59 MiCAR. It is tobe assumed that EUFinancial Institu- tions with a “top-up” license also qualify as such. CASPs providing custody and administration of crypto-assetsonbehalfofclientsshallbeliabletotheir clientsforthelossofanycrypto-assetsorofthemeans of access to the crypto-assets as a result of an incident that is attributable to them. The liability of the CASP shallbecappedatthemarketvalueofthecrypto-asset thatwas lost, at the time the loss occurred. Incidents not attributable to the CASP include any event in respect of which the CASP demonstrates that it occurred independently of the provision of the relevant service, or independently of the opera- tions of theCASP, suchas aprobleminherent in the operation of the distributed ledger that the CASP does not control. TheRelationshipbetweenAIFs/AIFMs, Depositaries&CryptoCustodians WithrespecttotherelationshipbetweenAIFs/AIFMs, depositaries and crypto custodian there are various “AIFMD-compliantset-ups”possiblethatwillbesub- sequentlydiscussed. The Safekeeping of Crypto-assets byDepositaries under the AIFMD Underthefirstset-up,Luxembourgfunddepositaries aremandated to act as a depositary for (crypto-asset) AIFsinvestingdirectlyin“crypto-assets”andoffer,at the same time, themselves the crypto-asset service of “custodyandadministrationof crypto-assets” to that AIF. In such a case, depositaries must have both a li- cense as depositary and a (“top-up”) license as a “crypto custodian” pursuant toMiCAR. Crypto-assetswithin themeaning ofMiCAR qualify as “other assets” in accordance with the safekeeping dutiesofdepositaries.Thisimpliesthatthedepositary function iswith respect to these assets limited to safe- keepingduties regardingownershipverificationand record-keeping in line with the AIFMD, i.e. the de- positary has to verify that the relevant crypto-assets effectively belong to theAIF itself or to theAIFMact- ingonbehalfoftheAIF.Also,theAIFMD“guarantor liability regime” does not apply with respect to the safekeeping of those assets. It has, however, tobenoted that, amongst others, the MiCAR safekeeping, delegation and liability rules may be considered as a “ lex specialis ”with respect to the safekeeping of “crypto-assets”within themean- ing of MiCAR by depositaries under the AIFMD. These rulesmaybe considered tohave a “gapfilling role” and radiate (or even derogate, to a certain ex- tent) the AIFMD rules applicable to depositaries. Currently, the relationshipbetween thedutiesunder theAIFMDandMiCARapplicable to thedepositary are not yet entirely clear. The Safekeeping of Crypto-assets by a “Crypto-Custodian” as a delegate of theDepositary Under the second set-up, Luxembourg fund deposi- tariesmaybeappointedtoactasadepositaryforAIFs investing directly in “crypto-assets”, but the actual “safekeeping”ofcrypto-assetswouldbedelegatedto a“crypto-custodian”licensedunderMiCAR.Thede- positary delegation regime under the AIFMD in re- spect to “other assets” would be applicable in the relationshipbetween thedepositaryand the “crypto- custodian”.As “crypto-assets” are “other assets”, the normal safekeeping, delegation and liability require- ments under theAIFMDwould be applicable to the depositary, whereas the respective MiCAR rules wouldonlyapplytothe“crypto-custodian”,asadel- egate, itself (and not to the depositary). “Crypto-as- sets”withinthemeaningofMiCARarenotpartofthe “custody holding chain”. Hence, it is possible for an AIF(M) to appoint a “crypto-custodian” under MiCAR independently from the depositary ap- pointed under theAIFMD that may or may not be a delegatewithin themeaningof theAIFMDof thede- positary. Therefore, in practice, the second set-up is unlikely to be chosen. TheSafekeepingofCrypto-assetsbythe“CryptoCustodian” If the depositary does not itself offer the crypto-asset service of “custody and administration of crypto-as- setsonbehalfofclients”,anAIForitsAIFMmay,asa third possible set-up, in parallel to a depositary, also directly appoint aMiCAR-licensed crypto custodian onbehalf of theAIF. However, if anAIF or theAIFM onitsbehalfdirectlyappointsaCASPforthe“custody of crypto-assets”, theyare requirednotify thedeposi- tary so that the depositary is able to perform its safe- keeping functionwith respect to “other assets.” In sucha case, the contractual relationship, if not cho- senforatri-partiteagreement,runsviatheAIFand/or AIFMandthe“cryptocustodian”.Thedepositary re- mains, however, responsible for the safekeeping of “other assets” and, consequently, the AIFMD re- mains liable to theAIF, or the investors of theAIF, if the loss is the result of the depositary’s negligent or intentional failure to properly fulfil its obligations under theAIFMD, including its record-keeping du- ties with respect to this type of assets. However,dependingonthecontractualrelationship, the crypto custodian will be directly liable for any loss of (access to) crypto assets vis-à-vis the AIF or the AIFM that directly appointed the crypto custo- dianas “client” that result froman incident that is at- tributable to them. “Incidents” under MiCAR not attributable to the “crypto custodian” include any event in respect of which the “crypto custodian” demonstrates that it occurred independently of the provision of the relevant service, or independently of the operations of the “crypto custodian”, such as aprobleminherentintheoperationofthedistributed ledger that the “crypto custodian” does not control. The liability of the “crypto custodian” is capped at themarket value of the crypto-asset that was lost, at the time the loss occurred. Outlook: what is the expected impact ofMiCARonCryptoCustodians in the LuxembourgAIF domain? The introduction of MiCAR changes the role of “crypto custodians” and the depositary. Under the current Luxembourg “VASP regime”, depositaries that directly safekeep “virtual assets” are required to have a registration as a virtual asset service provider (“VASP”) pursuant to the Law of 12 No- vember 2004 (the “Luxembourg AML/CFT law”). With the introduction of MiCAR, this regime will lapse and such providers must apply for a license pursuant toMiCAR for the crypto-asset service the “custody andadministrationof crypto-assets onbe- half of clients”. MiCAR’s licensing requirements and (general) rules of conduct for this crypto service are very similar to those ofMiFID II. MiCAR therefore provides a “top- up”option for depositaries that are credit institutions or investment firms toobtaina license for this crypto- asset service subject to some additional specific re- quirements pursuant to MiCAR. However, these requirements go significantly beyond the current re- quirements under the LuxembourgVASP regime. As “crypto-assets” qualify as “other assets” within the meaning of the AIFMD, neither the duties nor the applicable liability regime for depositaries will change, as a result of the introduction of MiCAR. However,thenewrulesintermsofsafekeeping,del- egation and liability introduced byMiCARdo have an impact on the relationshipbetweenAIFs,AIFMs, the depositary under theAIFMD and crypto custo- diansunderMiCAR.Howthese (partlyduplicative) sets of legislation will interplay is not yet entirely clear and clarifications of NCAs in this respect will need to be awaited. (*) Dr. Sebastiaan Hooghiemstra is a senior associate in the invest- ment management practice of Loyens & Loeff Luxembourg and Senior Fellow/Guest Lecturer of the International Center for Financial Law& GovernanceattheErasmusUniversityRotterdam. The Impact of MiCAR on Crypto Custodians servicing LuxAIFs A ccenture annonce l’acquisition d’ArηsGroup, un fournisseur de ser- vices technologiques spécialisé dans l’accompagnement de la transformationdu secteur public enEurope. Cette acquisition permettra d'améliorer l'offre de services pu- blics d'Accenture, en s'appuyant sur un large éventail de solutions innovantes pour aider les clients à tirer parti d'un continuumcom- plet d'expertise technologique et à accélérer leur transformationnumérique. BaséeauLuxembourg,ArηsGroupestuneentreprise indépendante fondée en 2003. Elle représente au- jourd’huil’undesplusgrandsprestatairesdeservices indépendantssurlemarchéeuropéendusecteurpu- blic. Avec une équipe de plus de 2.330 personnes ré- parties principalement au Luxembourg, en Belgique et en Grèce, Arηs Group est spécialisé dans le travail avec l’Union européenne, y compris la Commission européenne, ses différentes institutions et les organi- sationseuropéennesdesÉtatsmembres.ArηsGroup apporteuneexpertisedanslagestiondeprojetsinfor- matiquescomplexesdanslesecteurpublic,ycompris l’intégration de systèmes, l’informatique et l’analyse ainsi que la mise en œuvre de solutions et la gestion de programmes. Il aide ses clients par la conception de systèmes numériques et informatiques en appor- tantuneexpertisedansdiversdomainesallantdudé- veloppementdelogiciels,delasciencedesdonnéeset de la gestion de la sécurité à l’apprentissage automa- tique, au cloud et audéveloppementmobile. Jean-Marc Ollagnier, directeur général d’Accenture en Europe, le Moyen-Orient et l’Afrique, a déclaré : «Nous nous engageons à fournir à nos clients de la fonctionpublique lespersonnes, les conseils, les sys- tèmes et lesprocessus appropriéspour les aider à ré- pondre aux besoins changeants de leurs électeurs. L'acquisitiondugroupeArηsnous aideraàaccroître nos capacités grâce à unemain-d'œuvre hautement qualifiée, unhistoriquedeprestationde servicespu- blicsréussietdescertificationstechniquesappréciées qui peuvent être rapidement mobilisées pour servir nos clients en Europe. Arηs Group possède une vaste expérience dans la conduite de projets de modernisation pour les insti- tutionseuropéennes.Parexemple,denombreusesor- ganisations de services publics font appel à Arηs Grouppour ses experts en sécurité transfrontalière et endéfis liés auxdonnées. «L’arrivée d’Arηs Group renforcera notre capacité à fournirdesservicesdetransformationdesservicespu- blics à travers l’Europe»adéclaréOlivierGirard, pré- sident d’Accenture France&Benelux. Les détails financiers ne sont pas divulgués. Accenture acquiert Arηs Group