France’s supreme financial supervisory authority has adopted the custody of digital assets by law. With its new crypto regulation, France creates a legal framework for Digital Asset Service Providers (DASP) and Initial Coin Offerings (ICOs) and strengthens the powers of the AMF as the regulatory authority for the crypto industry. The law contains both optional and compulsory licenses. And it also defines the types of funds that can invest in cryptographic assets.
An order of December 5, 2019, published in the Official Journal of December 18, 2019, approves amendments to the General Regulation of the Autorité des marchés financiers (AMF), adding a Title II to Book VII concerning providers of services on digital assets.
The amendment provides many details on service providers for digital assets, eagerly awaited by professionals in the sector. Among them: right to the account, conditions of canvassing, definitions of the different services on digital assets, registration or approval.
This decree completes the legal framework for the issuance of tokens and service providers on digital assets. (Set out in Articles 85 to 87 of Law No 2019-486 of 22 May 2019 (OJ May 23rd); known as the Loi PACTE.)
The French Parliament adopted the final text of the law on the Action Plan for Corporate Growth and Transformation (PACTE) on April 11 in its last reading. The law was launched on October 23, 2017 and presented to the Council of Ministers on June 18, 2018 after consultation with 38 trade unions and professional associations. It contains “70 articles along with regulatory and non-regulatory mechanisms, and tax measures that will be incorporated into the 2019 Finance bill”, according to the AMF in detail.
Crypto Regulation in France: The Loi PACTE
- provides the option for DASP to be licensed and placed under the supervision of the AMF.
These include crypto custodial services, brokers and traders offering “the purchase or sale of digital assets in exchange for legal tender or other digital assets”; as well as crypto exchange operators. In addition, it also includes crypto services such as remittance, asset management, advisory, and underwriting. While obtaining a license is optional, the AMF elaborated: “Whether or not they choose to obtain the optional license, service providers who wish to provide digital asset custody services to third parties or to purchase/sell digital assets in exchange for legal tender are subject to mandatory registration with the AMF.”
- allows ICO issuers to apply to the AMF for approval if they meet certain requirements.
For example, the issuer must provide sufficient information about the token, the project, and the company. In addition, a system to monitor and secure the assets collected during the sale and the AML and CFT measures must be in place. “Until now, fundraising through the issuance of tokens not classified as financial instruments was not subject to any specific rules,” the AMF clarified. “Raising funds without AMF accreditation will remain legal in France. However, issuers who have not received AMF approval will not be able to attract the general public … The AMF will publish the list of ICOs that have received its authorization.”
- specifies two types of funds that are permitted to invest in digital assets.
Firstly, “professional specialized investment funds provided that they comply with the liquidity and valuation rules applicable to them”. Secondly, “professional private equity investment funds subject to a limit of 20% of their assets”. Neither is subject to authorization by the AMF; however, reporting to the supervisory authority within one month of their establishment is mandatory.
With its new crypto regulation, France strengthens the regulatory powers of the AMF. This includes the monitoring of licensed ICOs and the monitoring of licensed crypto service providers. The AMF may also publish a blacklist of non-compliant providers and block access to fraudulent crypto websites. The regulator stressed that it has the power to penalize all companies for non-compliance:
“ICOs that do not have approval and unlicensed service providers will be prohibited from solicitation, patronage and sponsorship activities. Advertising will remain authorized.”
Digital Asset Service Provider (DASP)
According to the AMF website, an actor may be considered a Digital Aset Service Provider if it provides at least one of the following services for digital assets:
Services on behalf of third parties, which includes
- custody of digital assets (detaining and managing cryptographic keys on behalf of a client),
- the service of buying or selling digital assets for legal tender,
- the service of trading digital assets for other digital assets,
- the management of digital asset portfolios,
- advice to investors in digital assets, among others.
Registration is mandatory in the case of two activities. If the firm provides services of digital asset custody and, or buys or sells digital assets for legal tender in France. Upon registration, the AMF checks that the firm complies with anti-money laundering and anti-terrorists regulations. The new legislation affects crypto-custodians and exchanges, which exchange fiat money for cryptocurrencies and vice versa.
For the DASPs already in existence before December 18, the AMF gave them 12 months to register. Afterward, they need to cease activities if they haven’t received the green light.
To complete the application process, the AMF requires, among other documents, a two-year business plan, a list of digital assets that the firm will license, and the geographical location the firm will operate.
The authorized DASP must either have professional indemnity insurance or a minimum amount of reserve funds. Also, it must dispose of at least one effective senior manager, sturdy IT systems, claims handling procedure, and an internal control system.
In its guidelines, the AMF explicitly refers to the security risks associated with the custody of digital assets. The AMF, therefore, calls on companies to provide the regulatory authority with a detailed cyber-security program that mitigates the risks and complies with general European data protection regulations. Companies are thus responsible for the cybersecurity of their services and must regularly review their measures and security systems.
Would you like to learn more about the current developments in European crypto regulation?
Read on here: Crypto Custodians grapple with Germany’s New Rules