Final Report on technical standards specifying certain requirements in relation to conflicts of interest for crypto-asset service providers under MiCA

31 May 2024 ESMA18-72330276-1634 Final Report Draft technical Standards specifying certain requirements in relation to conflicts of interest for crypto-asset service providers under the Markets in Crypto Assets Regulation (MiCA)

ESMA - 201-203 rue de Bercy - CS 80910 - 75589 Paris Cedex 12 - France - Tel. +33 (0) 1 58 36 43 21 - www.esma.europa.eu 2

3

1. Executive Summary ........................................................................................................ 4
2. Identification, prevention, management and disclosure of conflicts of interest by crypto￾asset service providers ....................................................................................................... 5 2.1 Background .......................................................................................................... 5 2.2 Feedback statement ............................................................................................. 6
3. Annexes ....................................................................................................................... 11 Annex I – Cost-benefit analysis ..................................................................................... 11 Annex II – Advice of the Securities and Markets Stakeholder Group ............................. 17 Annex III – Draft RTS pursuant to Article 72(5) of MiCA ................................................ 27

4

1. Executive Summary Reasons for publication The Regulation on markets in crypto-assets (MiCA) 1 requires ESMA to submit draft regulatory technical standards (RTS) and implementing technical standards (ITS) on a variety of topics. On 12 July 2023, ESMA published a Consultation Paper to seek stakeholders’ views on ESMA’s proposals for 5 RTSs and 2 ITSs. The consultation period closed on 20 September
2. ESMA received 36 responses, 10 of which were confidential. The answers received are available on ESMA’s website2 unless respondents requested otherwise. ESMA sought the advice of the ESMA Securities and Markets Stakeholder Group’s (SMSG) established under Regulation (EU) No 1095/2010. Contents This final report sets out the feedback statements relating to the draft technical standards related to the requirements on the policies and procedures of crypto-asset service providers for the management of conflicts of interest, which were included in the aforementioned ESMA public consultation. Annex I contains the costs/benefit analysis undertaken in relation to the draft technical standards. Annex II contains the advice of the SMSG and Annex III the draft technical standards Next Steps The draft technical standards are submitted to the European Commission for adoption. In accordance with Articles 10 and 15 of Regulation (EU) 1095/2010, the European Commission shall decide whether to adopt the technical standards within 3 months. 1 Regulation (EU) 2023/1114 of the European Parliament and the Council of 31 May 2023 on markets in crypto-assets (OJ L 150, 9.6.2023, p. 40–205). 2 See: https://www.esma.europa.eu/press-news/consultations/consultation-technical-standards-specifying-certain-requirements￾mica-1st#responses

5 2. Identification, prevention, management and disclosure of conflicts of interest by crypto-asset service providers 2.1 Background Article 72 (5) of MiCA: ESMA, in close cooperation with EBA, shall develop draft regulatory technical standards to further specify: (a) the requirements for the policies and procedures referred to in paragraph 1, taking into account the scale, the nature and the range of crypto-asset services provided; (b) the details and methodology for the content of the disclosure referred to in paragraph 2. ESMA shall submit the draft regulatory technical standards referred to in the first subparagraph to the Commission by 30 June 2024.

1. Article 72 of MiCA provides for the requirement for crypto-asset service providers to: a. implement and maintain effective policies and procedures to identify, prevent, manage and disclose conflicts of interests; and b. on a prominent place on their website, disclose to their clients and prospective clients the general nature and sources of conflicts of interest and the steps taken to mitigate them.
2. Article 72(1) also details the types of conflicts that should be covered by such policies and procedures and disclosed. The conflicts of interest referred to in Article 72 are those between: a. crypto-asset service providers and: (i) their shareholders or members; (ii) any person directly or indirectly linked to the crypto-asset service providers or their shareholders or members by control; (iii) members of their management body; (iv) their employees; or (v) their clients; or

6 b. two or more clients whose mutual interests also conflict. 3. Article 72 also provides that such policies and procedures should be implemented and maintained in accordance with the proportionality principle by taking into account the scale, the nature and range of crypto-asset services provided. 4. Regarding disclosures of the conflicts of interest required by Article 72(1), paragraphs 2 and 3 provide more details as to the requirements that crypto-asset service providers shall meet in this respect: a. the disclosures shall be made in an electronic format, on a prominent place on the website of the crypto-asset service provider, b. the disclosures shall cover the general nature and sources of conflicts of interest referred to in paragraph 1, as well as the steps taken to mitigate them; c. the disclosures shall include sufficient detail, taking into account the nature of each client, in order to enable each client to take an informed decision about the crypto￾asset service in the context of which the conflicts of interest arise. 5. In addition to Article 72, Article 79 (Placing of crypto-assets) of MiCA also provides, in its paragraph 2, that crypto-asset service providers’ rules on conflicts of interest referred to in Article 72(1) shall have specific and adequate procedures in place to identify, prevent, manage and disclose any conflicts of interest arising from the following situations: a. crypto-asset service providers place the crypto-assets with their own clients; b. the proposed price for placing of crypto-assets has been overestimated or underestimated; c. incentives, including non-monetary incentives, paid or granted by the offeror to crypto-asset service providers. 2.2 Feedback statement 6. Few respondents were of the view that the crypto-asset markets present heightened risks of conflicts of interests compared to traditional financial markets. To the contrary, some respondents were of the view that there was no reason to apply stricter requirements compared to those applicable to traditional financial markets. One respondent provided a detailed comparison of the draft RTS versus the requirements on conflicts of interests under the MiFID II framework. 7. ESMA would like to clarify that, although the conflicts of interest regime under MiCA bears similarities with the MiFID II conflicts of interests regime, the two also differ on

7 some points (for instance, MiFID II does not cover internal conflicts of interests which are covered in Article 3 of the draft RTS and stem from Level 1) and therefore a copy and paste approach was not adopted. Instead, ESMA relied on the MiFID II regime, where appropriate, but also brought some changes to take into account supervisory experience of NCAs. 8. In addition, ESMA would like to highlight that the proportionality principle is already embedded in Article 72(1) of MiCA. However, ESMA amended the draft RTS so as to make clear that the principle included in the Level 1 text should be taken into account when establishing the conflicts of interest policies and procedures. Lastly, one respondent argued that provisions relating to i) remuneration policies and practices of the CASP and ii) personal transactions in the draft RTS are out of scope of MiCA. ESMA would like to clarify that Article 72 of MiCA requires crypto-asset service providers to identify, prevent, manage and disclose conflicts of interests, all conflicts of interests, including those that may arise in relation to a CASP’s remuneration policies and practices and the personal transactions of staff. In this respect, the draft RTS is merely highlighting and providing more details on two specific situations which are particularly prone to the occurrence of conflicts of interests for CASPs but is not adding to the level 1 text. Q6: Do you think that other types of specific circumstances, relationships or affiliations should be covered by Articles 1 and 2 of the draft RTS on the identification, prevention, management and disclosure of conflicts of interest by crypto-asset service providers? 9. A large majority of respondents were of the view that no addition should be made to the circumstances, relationships or affiliations that should be covered by Articles 1 and 2 of the draft RTS. 10. One respondent however suggested the addition of a number of circumstances that may also give rise to conflicts of interest, for instance, CASP providing vertically integrated crypto-asset services and DLT-related activities. However, as the examples shared would already likely fall into the types of circumstances, relationships or affiliations listed in Articles 1 and 2, ESMA did not amend the relevant articles. 11. Another respondent was of the view that another area of potential conflicts of interests is where CASPs collaborate with public officials, employees of competent authorities acting as consultants or advisers for the CASP. Whilst ESMA understand that there may be risks of corruption, we see such situations as presenting risks and detriments more for the authority for whom the public officials work but not so much for CASPs. As a result, we did not include such suggestion in Articles 2 and 3 of the draft RTS. 12. Further, one respondent was of the view that Articles 2 and 3 should also cover issuers of crypto-assets. ESMA would like to clarify that the management of conflicts of interests by issuers of asset-referenced tokens is covered by Article 32 of MiCA and that the European Banking Authority was given a mandate under Article 32(5) to draft regulatory

8 technical standards in this respect. Please refer to the EBA’s Consultation paper on draft RTS on requirements for policies and procedures on conflicts of interest for issuers of ARTs under MiCA3. MiCA does not cover the management of conflicts of interests by issuers of other types of crypto-assets. 13. Another respondent advocated for vertically integrated CASPs, on the basis that vertical integration is also common in the traditional financial markets where they are nonetheless permitted to operate, subject to appropriate safeguards, for reasons of efficiency and benefit to the client. ESMA would like to clarify that the draft RTS does not per se prohibit vertical integration. However, multi-service CASPs are subject to the same requirements as any other CASPs regarding conflicts of interests: to identify, prevent, manage and disclose their conflicts of interests. Therefore, CASPs (like traditional financial firms such as investment firms) may be vertically integrated and offer a variety of crypto-asset services and other activities. However, where such combination gives rise to conflicts of interests, such conflicts must be duly identified, prevented, managed and disclosed. The draft RTS was further amended in this respect to clarify such requirement. 14. Lastly, few respondents were concerned that the list of circumstances, relationships or affiliations covered by Articles 2 and 3 of the draft RTS were too high level and imprecise or that they were covering also situations where there would be no conflicts of interests. One called for the draft RTS to include concrete scenarios. ESMA would like to clarify that the draft RTS is not meant to provide an exhaustive or detailed list of circumstances, relationships or affiliations that could give rise to conflicts of interests. A case-by-case analysis should be carried out by each CASP individually, and updated regularly, as the situation of the CASP may change over time. The draft RTS merely suggests the circumstances, relationships and affiliations that are the most likely to give rise to conflicts of interests. In addition, not all situations covered by Articles 2 and 3 will give rise to a conflict of interests. 15. For instance, Article 2(a) refers to situations where the CASP or any connected person “is likely to make a financial gain, avoid a financial loss, or receive another kind of benefit, at the expense of the client”. This obviously should not cover situations where the client is simply paying for a service which the CASP executes. In this case, the CASP may make a financial gain but it is not “at the expense of the client” since the client was provided with the requested service. However, it could cover situations where the CASP provides a service to the client and is getting paid by the client for the provision of such service but also receives a commission from a third party to execute the service in a certain way, which may not be in the best interest of the client. The term “at the expense 3 Available here.

9 of the client” does not necessarily mean that the client suffered a financial loss, it may be characterised by a different kind of detriment. Q7: Do you think that other types of specific prevention or mitigation measures should be highlighted in the minimum requirements of Article 3 of the draft RTS on the identification, prevention, management and disclosure of conflicts of interest by crypto-asset service providers? 16. Most respondents were of the view that no further prevention or mitigation measures should be highlighted in the minimum requirements of Article 4 of the draft RTS. 17. Some respondents however commented on other topics. 18. One respondent raised that requiring a separate function to manage conflicts of interests was disproportionate and not present in other financial regulations. ESMA would like to clarify that this is not a requirement under Article 4 of the draft RTS. CASPs shall dedicate adequate resources to the implementation, maintaining and review of the conflicts of interests policies and procedures. Depending on, among other criteria, the size and range of services of the CASP, such resources may not be solely dedicated to the management of conflicts of interests. However, such resources should be adequate for the proper management of conflicts of interests. 19. One respondent was also concerned that the obligation for a CASP to publish its conflicts of interest disclosures in the languages used by the CASP to market its services or communicate with clients in the relevant Member State was excessive. Given that such disclosures are directly meant at investors so that they can assess whether a CASP is properly identifying, preventing or managing conflicts of interests, ESMA is of the view that CASPs targeting clients in certain languages should also be expected to provide the conflicts of interest disclosures to such clients in the same languages. Indeed, if CASPs develop language arrangements to market their services in different languages so as to attract a broader range of clients, ESMA is of the view that it is fair that such CASPs be also able to ensure that all such clients benefit from the same level of investor protection provided under MiCA. ESMA therefore did not amend Article 4(8) of the draft RTS. 20. Few respondents raised concerns that the disclosures to be made in accordance with Article 72(2) of MiCA could represent a risk for the CASP as they could contain confidential information or reveal too much as to the CASP’s organisation or structure, which could be exploited for illegal purposes or by the competition. One respondent added that the draft RTS should specify that the security aspect be added to the list of criteria to be considered as part of the proportionality assessment. ESMA would like to point out that the disclosure requirements stem from the Level 1 text. Whilst Article 72(1) of MiCA indeed provides that proportionality should be considered by CASPs for their conflicts of interest policies and procedures, only the following criteria should be taken

10 into account: the scale, the nature and the range of crypto-asset services provided. There is thus no exemption permissible to the disclosure obligation in Article 72(2) of MiCA. 21. In order to provide for convergence of the requirements, the draft RTS was also amended to align further with the EBA draft RTS on the requirements for policies and procedures on conflicts of interest for issuers of asset-referenced tokens. For instance, Article 4(8) of the draft RTS now specifies that, as part of the resources dedicated to the management of conflicts of interests, CASPs should appoint one person that is responsible for the identification, prevention, management and disclosures of conflicts of interest in accordance with MiCA. Article 4(7) was also amended so as to further align with the EBA draft RTS and clarify that, for acute conflicts of interest where policies and procedures as well as systems and controls are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of clients or the crypto-asset service provider will be prevented, CASPs would have to take additional specific measures to prevent or manage the relevant conflicts of interest. Such measures may, for instance, include the segregation of conflicting crypto-asset services or other activities in separate legal entities with independent management. 22. Some differences between the EBA and ESMA draft RTS nevertheless exist, which are justified by the different activities of issuers of asset-referenced tokens and CASPs and some minor differences in the legal text applicable to each type of entity.

11 3. Annexes Annex I – Cost-benefit analysis Impact of the draft RTS under Article 72(5) of MiCA

1. As per Article 10(1) of Regulation (EU) No 1095/2010, any draft regulatory technical standards and implementing technical standards developed by ESMA shall be accompanied by an analysis of ‘the potential related costs and benefits’ of the technical standards.
2. MiCA sets out a new legal framework applicable to crypto-asset service providers and requiring such entities to implement and maintain effective policies and procedures to identify, prevent and manage conflicts of interests as well as to disclose to their clients and prospective clients the general nature and sources of conflicts of interest and the steps taken to mitigate them.
3. The next paragraphs present the cost-benefit analysis of the main policy options included in this final report on the requirements for the policies and procedures for the management of conflicts of interest of CASPs under Article 72 of MiCA. Problem identification
4. MiCA sets out a new legal framework for CASPs. This includes the obligation of CASPs to implement and maintain policies and procedures to identify, prevent, manage and disclose conflicts of interest between themselves and a range of stakeholders (shareholders or members, including, those with qualifying holdings, members of management body, employees, clients).
5. A broad range of situations, relationships and affiliations may create conflicts of interest. Such situations may influence or affect, or may be perceived to influence or affect, CASPs’ ability or the ability of any person connected to the CASP such as its employees, members of the management body, shareholders to take impartial and objective decisions. In turn this may damage the best interests of the CASP and / or the interests of its clients.
6. In addition, various crypto-asset entities combine multiple functions. For example, a CASP could be vertically integrated and provide many different crypto-asset services usually carried out by different entities in the traditional financial markets for the equivalent services or, in addition to providing crypto-asset services, they could also be authorised as issuers of asset-referenced tokens and electronic money tokens, which increases interconnectedness and the risk of contagion with crypto-asset markets. Policy objectives

12 7. The aim of these RTS is to specify the requirements for CASPs in identifying and most importantly addressing the existing or potential conflicts of interest. 8. The RTS were mostly inspired from the MiFID II framework on conflicts of interest, due to the similarities of business models of CASPS with investment firms (for most crypto￾asset services) as well as from the existing CRD framework on conflicts of interest. To ensure a consistent framework, the RTS also drew on the relevant general principles included in the EBA Guidelines on internal governance under the IFD4. Furthermore, the RTS have taken inspiration from the RTS specifying conflicts of interest requirements for crowdfunding service providers. 9. To foster convergence of requirements between CASPs and issuers of asset-referenced tokens, considering, in particular, that some CASPs may also be issuers of asset￾referenced tokens, the draft provides to the extent possible consistency with the EBA draft technical standards under Article 32(5) of MiCA. 10. Finally, the RTS have taken inspiration from the IOSCO Principles and Standards as well as the FSB work5 to economically equivalent crypto-assets and activities to address the sizeable and proximate market integrity and investor protection risks in the sector, covering conflicts of interest (among others). Baseline scenario 11. The baseline scenario is the situation where CASPs have to comply with their obligations under Article 72 of MiCA, without any further specification. However, Article 72(5) of MiCA gives ESMA a mandate (as specified above), thereby indicating that further details where desirable to ensure that the objectives of Article 72 of MiCA were attained. 12. Indeed, in a market at still an early stage of development, such as the crypto-asset service market, it is necessary to ensure a certain level of detail with regards to the requirements for the policies and procedures and disclosures of conflicts of interest, as some CASPs may not be familiar with the level of diligence expected from a regulated entity when identifying, preventing, managing and disclosing conflicts of interest. 13. This baseline scenario would lead to divergent approaches. This in turn would lead to competent authorities having data that is not comparable and for the clients of CASPs to have very dispersed, unorganised information in the disclosures. Moreover, such a divergence in approaches may lead to unreliable identification of conflicts of interest which will create level playing field issues This would also lead ultimately to a weaker 4 Available here. 5 High-level Recommendations for the Regulation, Supervision and Oversight of Global Stablecoin Arrangements And 'High-level Recommendations for the Regulation, Supervision and Oversight of Crypto-Asset Activities and Markets'

13 identification, prevention and management of conflicts of interest and would not meet the objectives of MiCA explained above, including the protection of investors. 14. With the entry into force of MiCA, CASPs must comply with Article 72 of MiCA. The legal requirements provided by Article 72 thus form the baseline scenario of the IA, i.e. the impact caused by MiCA is not assessed within this IA, which focuses only on areas where further specifications have been provided in the draft RTS. Options considered and preferred option Policy issue 1: CASPs procedures for handling complaints 15. The first element of the legal mandate for the RTS under Article 72 of MiCA requires ESMA to specify the policies and procedures for the identification, prevention, management and disclosure of conflicts of interest by CASPs. In this context, ESMA considered three policy options: ● Option 1a. Provide for a general obligation for CASPs to draft conflicts of interest policies and procedures, without further specification as to their content; ● Option 1b. Provide details as to the content of such policies and procedures as well as the minimum types of circumstances that should be taken into consideration by CASPs when drafting them. 16. Option 1a was regarded as not properly fulfilling the mandate as it would only replicate level 1 requirements (while the mandate requires ESMA to “further specify the requirements for the policies and procedures referred to in paragraph 1”. It would also not ensure an appropriate level of harmonisation across the EU nor ensure that CASPs have sufficiently detailed policies and procedures. 17. Option 1b would ensure a minimum level of harmonisation by ensuring that CASPs’ conflicts of interest policies and procedures are sufficiently detailed and relatively comparable in the EU and that they deal with certain topics deemed as essential for the identification, prevention, management and disclosure of conflicts of interest. Option 1b is however sufficiently high level to allow CASPs to adapt their procedures to the scale, nature and range of crypto-asset services provided as well as their organisation, etc. 18. Therefore, Option 1b has been chosen as the preferred option. Policy issue 2: Language requirements 19. Article 72 of MiCA provides for CASPs to disclose to their clients and prospective clients the general nature and sources of conflicts of interest and the steps taken to mitigate them so that clients and prospective clients can take an informed decision about the crypto-asset service in the context of which the conflicts of interest arise. In this context, ESMA considered two policy options:

14 ● Option 2a. Remain silent on the language requirements; ● Option 2b. Provide for some minimum language requirements that CASPs have to comply with to ensure that clients are duly informed (i.e. in a language that they understand) about conflicts of interest. 20. As crypto-asset services are, for the vast majority, provided online and as MiCA puts no barriers to the provision of cross-border services across the Union, it is very easy for crypto-asset service providers to reach clients across the EU. Therefore, CASPs may be established and operate from any EU jurisdictions but may easily reach consumers everywhere in the Union. 21. Under Option 2a, CASPs would have no obligation to make the disclosures under Article 72 available in any specific language. This may lead to a CASP established, for instance, in France or in Lithuania, to only publish such information in French or in Lithuanian, respectively, even though such CASP may have clients in Spain, Germany, The Netherlands, etc. The disclosures provided under Article 72 may thus become ineffective, if information is provided in a language not understood by the client. Article 72 may also not reach its goal if CASPs put language barriers to clients understanding conflicts of interest. 22. To ensure that the information obligations under Article 72 reach their objective (i.e. effectively inform clients about conflicts of interest), Option 2b compels CASPs to disclose their conflicts of interest in a number of languages which correspond to those used by the CASP to market its services or communicate with clients. Where CASPs target clients and then communicate with them for the provision of their services in certain languages, it is fair that clients are informed of the relevant conflicts of interest in a language that they can understand. 23. Whilst such requirements may appear as burdensome, ESMA is of the view that artificial intelligence and automated translation tools may help greatly reduce the costs associated. In view also of the objectives and issues at stake, ESMA deems such requirements as proportional. 24. Therefore, Option 2b has been chosen as the preferred option. Policy issue 3: Resources dedicated to complaints-handling 25. To ensure the prompt, fair and consistent handling of complaints, the draft RTS provides that CASPs shall dedicate adequate resources to the management of complaints. ESMA considered the following two policy options in this respect: ● Option 3a. Remain silent on the topic.

15 ● Option 3b. Require that adequate resources be dedicated to the management of conflicts of interest. ● Option 3c. Require adequate resources allocated to a separate conflicts of interest management function. 26. ESMA believes that Option 3a was running the risk that, without any clear requirement in this respect, CASP may not dedicate sufficient and appropriate resources to the management of conflicts of interests, thereby undermining the objective of Article 72 of MiCA. 27. To allow CASPs to adjust their internal organisation in light of the proportionality principle, ESMA chose not to require a separate conflicts of interest management function in all cases (option 3c). It is thus for each CASP to decide, based on the range of crypto-asset services provided and the scale of their activities, whether a separate conflicts of interest management function is necessary. 28. However, CASPs shall always ensure that the (human, financial and technical) resources dedicated to the management of conflicts of interest are adequate so that they can meet their obligations under Article 72. Cost-benefit analysis 29. When comparing with the baseline scenario (where the issuer will need to identify, prevent, manage, and disclose conflicts of interest without specifications on policies and procedures and without a clear methodology or guidance on the information to be disclosed), the RTS are expected to bring benefits by providing a more comprehensive framework for the identification, prevention and management of conflicts of interest, ensuring that all main elements are covered, and strengthening the governance related to the conflicts of interest. In addition, the RTS will allow achieving a higher level of harmonisation of methodology, comparability of data, and better data quality. This in turn will lead to improved investor protection, as investors will be better informed, with data that is of good quality and comparable across CASPs. It will also contribute to more effective supervision and monitoring of CASPs, in line with the MiCA requirements. Consequently, these RTS contribute to ensuring the safety and soundness of the European financial system. 30. The RTS are expected to lead to moderate costs to CASPs in relation to the application of the methodology for disclosures. The costs related to the adoption of policies and procedures are expected to be small, as they would need to be developed in any case in accordance with MiCA requirements. Overall, the costs are expected to be moderate, given that the costs of the RTS are only incremental to the costs for implementing the

16 existing requirements set out in MiCA. The costs also appear to be moderate as the principle of proportionality apply. Table: Costs and benefits of the draft RTS on the requirements for the policies and procedures for the identification, prevention, management and disclosures of conflicts of interest by CASPs Stakeholder groups affected Costs Benefits CASPs Initial one-off costs related to the development of conflicts of interest policies and procedures, the disclosures to clients and prospective clients in the required languages and the setting up of adequate resources to manage conflicts of interest. Ongoing costs of ensuring compliance with the various requirements related to the identification, prevention, management and disclosure of conflicts of interest, as well as the periodic review of the conflicts of interest policies and procedures by CASPs Stronger framework and more robust governance for the identification, prevention, management, and disclosure of conflicts of interest. Harmonized and comprehensive approach to identification, prevention, management and disclosure of conflicts of interest Investor protection and trust in CASPs and the financial system Less reputational risk. Competent authorities Ongoing cost of supervision of the management of conflicts of interest by CASPs. Safer crypto-asset market. Facilitation of supervision of the application of the RTS Clients of CASPs None Easy access to the relevant disclosures and the possibility to get such disclosures in a language that is understandable.

17 Annex II – Advice of the Securities and Markets Stakeholder Group Advice to ESMA SMSG advice to ESMA on its Consultation Paper on Technical Standards specifying certain requirements of the Markets in Crypto Assets Regulation (MiCA) 1 Executive Summary The rise of crypto assets in the last few years – through ‘boom and bust’ cycles that are common in unregulated settings – highlights the potential of an innovation that may transform the financial system but also poses investor protection issues. The SMSG believes that regulation in this area should balance the need for investor protection with the need to create an environment that does not stifle innovation. The SMSG also considers that entities active in the crypto space should be subject to the same regulation and oversight as intermediaries providing economically equivalent financial services. This is the case not only for reasons related to level playing field but indeed to insure financial stability and investor protection. In the long run, a sound regulatory framework coupled with a rigorous oversight would promote trust in the user base and ultimately the growth of the crypto ecosystem. The ‘two-track approach’ (i.e., notification requirements for regulated financial entities largely following the authorisation requirements for other entities, without mirroring them fully) is understandable and appropriate. The SMSG welcomes the alleviated notification regime granted to the most highly regulated players, based on the assumption that such entities are considered generally suitable to provide crypto-assets services. The Advice provides some suggestions on specific aspects. For example, as crypto assets are not covered by Investors Compensation Schemes (ICSs), the SMSG suggests enriching the information package submitted to NCAs to explain the measures that will be put in place to make retail clients aware of the different levels of asset protection. ESMA has identified various undesirable developments in the crypto ecosystem, some of which have led to the collapse of crypto-asset service providers, drawing lessons from these events. ESMA takes these undesirable developments into account in the definition of the information to be submitted with the application. The SMSG welcomes this approach, which seems necessary in the interest of effective investor protection.

18 The SMSG believes that the online marketing activity performed by so-called ‘Finfluencers’ deserves to be considered as it is a prominent aspect of the distribution of crypto assets and may lead to potential cases of false advertisements and price manipulation. The SMSG welcomes the clarification from ESMA that conflicts of interests should either be prevented or managed, and the disclosure requirements are not an alternative to the prevention or management of conflicts of interests. The SMSG also believes that conflicts of interests should preferably be prevented, and managed only if prevention is not possible. This Advice also provides the views of the Group on some general aspects related to the regulation of crypto-assets, based on the understanding that MiCA is designed as a building￾block of a wider regulatory effort, which includes initiatives such as the Digital Operational Resilience Act (DORA), the DLT Pilot Regime and the Transfer of Funds Regulation (TFR). As crypto markets are intrinsically global in nature, the SMSG highlights the need to have a cross-border coordinated approach to foster investor protection and minimize regulatory arbitrage. Cryptos amplify the need to clarify what conduct qualifies for solicitation or reverse solicitation due to the existence of multiple crypto-specific channels to approach clients like blogs and message boards. MiCA Regulation is an entity-based set of rules. However, financial services may also be provided through Decentralized Finance (DeFi) settings. The SMSG understands that MiCA requires an assessment of the development of DeFi in markets in crypto-assets and of the necessity and feasibility of regulating DeFi by 30 December 2024. The SMSG highlights the need to start immediately monitoring the developments in the DeFi area and offering clarifications as to whether the MiCA Regulation applies to specific operations performed in a DeFi setting. While MiCA Regulation provides fundamental safeguards, the SMSG also believes that investors should be in a position not to overrate the protection provided by MiCA. The SMSG considers that it would be useful to monitor the use that crypto-asset service providers make of the MiCA authorisation in their communication. 2. Background

1. On 20 July 2023, ESMA released the first MiCA consultation package as part of a series of three packages that will be published sequentially. This first consultation package covers the following aspects: i. the notification by certain financial entities of their intention to provide crypto￾asset services; ii. the authorisation of crypto-asset service providers (CASPs);

19 iii. complaints handling by CASPs; iv. the identification, prevention, management and disclosure of conflicts of interests by CASPs; v. the proposed acquisition of a qualifying holding in a CASP. 2. Additionally, in the last part of the paper – as this is the first public consultation following the publication of the final text of MiCA – ESMA asks for insights on key general aspects concerning entities that plan to offer services in EU jurisdiction(s) falling under the scope of MiCA. While the SMSG is not able to provide inputs in this respect, the Group still tries to contribute to the consultation process with some elements related to the regulation of crypto-assets. 3. The rise of crypto assets in the last few years – through ‘boom and bust’ cycles that are common in unregulated settings – highlights the potential of an innovation that may transform the financial system but also poses investor protection issues. The SMSG believes that regulation in this area should balance the need for investor protection with the need to create an environment that does not stifle innovation. 4. The SMSG also believes that entities active in the crypto space should be subject to the same regulation and oversight as intermediaries providing economically equivalent financial services. This is the case not only for reasons related to level playing field but indeed to insure financial stability and investor protection. In the long run, a sound regulatory framework coupled with a rigorous oversight would promote trust in the user base and ultimately the growth of the crypto ecosystem. 5. The SMSG understands that other topics – like market abuse or the qualification of crypto-assets as financial instruments – will be dealt with in the next consultation packages. Consequently, this Advice will not discuss such topics. 6. The rest of the Advice is organised as follows. Section 3 provides comments on aspects included in the draft RTS and ITS, listed in § 1, and Section 4 discusses other aspects that – although not included in the consultation paper – are relevant for the regulation of crypto-asset markets. 3 Comments on aspects included in the drafts RTS and ITS 7. As a general and preliminary remark, the SMSG notes that the Level 1 text and the related delegations provide a detailed framework, leaving limited room for changes.

20 3.1. Provision of crypto-asset services by certain financial entities: A notification procedure 8. MiCA provides that entities that already have a license to provide financial services and that already went through the authorisation process with the NCA of their home Member State (such as investment firms, credit institutions, etc.), do not need to go through the entire authorisation process again. Such entities are required to notify their relevant NCA that they intend to provide crypto-asset services, including the specific information relevant to the provision of such services. 9. The SMSG welcomes the alleviated notification regime granted to the most highly regulated players, based on the assumption that such entities are considered generally suitable to provide crypto-assets services. 10. In addition, the ‘two-track approach’ (i.e., notification requirements for regulated financial entities largely following the authorisation requirements for other entities, without mirroring them fully) is understandable and appropriate. For instance, if relevant information was already available to the NCA and the provision of crypto-asset services did not require any changes in the organisational structure, this information would not have to be submitted again. Tangible relief for notifying future CASPs could result, for example, from the fact that, unlike in the authorisation procedure, evidence of a sufficiently good reputation and appropriate knowledge, skills and experience of the business managers do not have to be provided again. Furthermore, it does not seem strictly necessary to impose the preparation of a detailed business plan for the following 3 years (Art. 1 of the draft RTS on the notification by certain financial entities) as well as extensive presentations on the IT concept and IT security (Art. 4 of the draft RTS on the notification by certain financial entities) on regulated companies that want to provide only, e.g., the services of investment advice, investment brokerage or portfolio management. 11. The likely development over time of new types of crypto-assets which were not yet known at the time of notification raises a point. Article 7 of the draft RTS on the notification by certain financial entities (Section 9.2.1) provides that the notifying entity should specify, among other things, which types of crypto-assets will not be admitted to trading on its platform and the reasons for this. It would be helpful to provide details regarding the procedure of potential future update and the meaning associated to the wording “types of crypto-assets” (e.g., whether it is sufficient to refer to the three types of crypto-assets defined by Article 3 of MiCA, ‘asset-referenced tokens’ vs. ‘e-money tokens’ vs. ‘utility token’). 12. In the context of the description of the trading system and market abuse surveillance (Art. 7 of the draft RTS on the notification by certain financial entities, Section 9.2.1), it should be described whether the final settlement of transactions is initiated on the Distributed Ledger Technology (DLT) or outside the DLT. Additionally, a notifying entity

21 intending to operate a trading platform for crypto-assets shall provide to the NCA the definition of the moment at which settlement is final (Article 7, § 1 (k) (vi)). In this respect, standardization or self-regulation may prevail. In the first option, the Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality is already in force for the traditional securities settlement systems, and would serve well the purpose of standardization. However, by nature, it does not deal yet with crypto￾assets and their settlement. The second option may be preferred for the sake of the frequently postulated openness to technology. The SMSG acknowledges this option and welcomes the possibility of adopting the preferred solution at the choice of the provider. 13. MiCA states that crypto assets are not covered by Investors Compensation Schemes (ICSs) under Directive 97/9/EC6. This provision creates a situation in which regulated entities like banks and investment firms will be providing the same service (i.e., custody or portfolio management) to the same retail clients and, however, only part of the relevant assets will be covered by an ICS in case of insolvency7 of the institution while some other assets will not. This set up implies a change from the perspective of retail investors: an entity that was previously thought to be covered by an ICS will no longer be a covered entity for the full scope of the investments, as it will be a covered entity for some investments and not for others. 14. Against this background, the SMSG considers that possible investors disappointments and reputational issues may arise, leading to serious concerns on investors awareness and investors protection. The Group suggests to include – in the information package that a bank or an investment firm has to send to the NCA before providing services on crypto assets – an explanation of the measures that will be put in place in order (1) to make retail clients aware of the different levels of asset protection and (2) to let them know at all times what investments are protected by an ICS and what are not. 3.2. Provision of crypto-asset services by other entities: An authorisation regime 15. ESMA has identified various undesirable developments in the crypto ecosystem, some of which have led to the collapse of CASPs, drawing lessons from these events. Specifically, ESMA criticised (i.) the lack of basic information on the corporate structure of the service provider and its financial resources, (ii.) the lack of transparency regarding the characteristics and scope of entities associated with the service provider, and (iii.) the offering of various services related to crypto-assets that were not subject to (sufficient) regulation and supervision. 6 Articles 6, 19, 51 and 81 of MiCA. 7 The term insolvency is used to express that the conditions required to compensate the investors are met in accordance with article 2.2. of Directive 97/9.

22 16. ESMA takes these undesirable developments into account in the definition of the information to be submitted with the application. The SMSG welcomes this approach, which seems necessary in the interest of effective investor protection. This applies in particular to the measures for the segregation of clients´ crypto-assets and funds (§ 39). For example, the lack of such measures was a major cause of the collapse of FTX, a case in which investors suffered considerable losses. Against this background, it looks reasonable that the information provided by a legal entity or other enterprise that intends to provide crypto-asset services in the future (Art. 62 MiCA) in order to apply for permission to the competent NCA should be more comprehensive than for a notification, as the NCA has to gather appropriate information. 17. The SMSG believes that the online marketing activity performed by so-called ‘Finfluencers’ deserves to be considered as it is a prominent aspect of the distribution of crypto assets. Regulation and enforcement of rules and liabilities are required to protect investors and markets from false advertisements and price manipulation. Social media platforms should have an incentive to moderate the activity of Finfluencers, as they may cause damages to investors through incorrect assertations of facts. In the past, prominent figures have apparently used their fame to raise the prices of some crypto assets and then sell them, resembling classical “pump and dump” schemes which are illegal. It is important to ensure that these rules apply to crypto markets as well. On a general basis, the advices that are provided by Finfluencers should be regulated as the advices provided by financial advisors and monitored to control the spread of sharp practices in the dissemination of promotional information about crypto assets. 3.3. Complaints handling by crypto-asset service providers 18. The SMSG understands that the approach adopted by ESMA is different from the one adopted by the EBA for its mandate under Article 31(5) of MiCA, regarding complaints￾handling procedures for issuers. 19. The SMSG notes that it would be desirable that the rules on complaint management are uniform within a regulatory framework such as MiCA, as it can be assumed that some companies act both as issuers and as CASPs. Therefore, further harmonisation and standardisation of the rules on complaint management should be undertaken. 3.4. Conflicts of interests 20. Article 72 of MiCA provides that crypto-asset service provider “shall implement and maintain effective policies and procedures […] to identify, prevent, manage and disclose” conflicts of interest. 21. The consultation paper clarifies that conflicts of interests should either be prevented or managed and the disclosure requirements of Article 72(1), as further detailed in

23 paragraph 2 of Article 72, are not an alternative to the prevention or management of conflicts of interests. The SMSG welcomes this clarification from ESMA. Additionally, the SMSG believes that conflicts of interests should preferably be prevented, and managed only if prevention is not possible. 22. The SMSG welcomes that ESMA has closely followed the Delegated Regulation on MiFiD II on conflicts of interests. Other regulatory frameworks would have indeed resulted with overburdening the financial institutions that are already regulated under MiFID. 4. Other aspects 23. The SMSG understands that MiCA is designed as a building-block of a wider regulatory effort, which includes initiatives such as the Digital Operational Resilience Act (DORA), the DLT Pilot Regime and the Transfer of Funds Regulation (TFR). The SMSG is aware of the possibility that some of the points that are raised in this opinion might imply changes at Level 1 or require the involvement of other ESAs or be covered in other parts of the EU’s overarching initiative to regulate digital assets. Still, it is deemed as potentially useful to share the SMSG view on these points. 4.1. Non-EU entities and cross-border crypto-asset services 24. Crypto markets are intrinsically global in nature. Investors located in the EU might have access to crypto-assets regulated in different jurisdictions. Several exchanges are located in other jurisdictions. To protect EU investors, the challenge is to bring crypto services into the scope of EU regulation when EU citizens are involved. The SMSG highlights the need to have a cross-border coordinated approach to foster investor protection and minimize regulatory arbitrage. 25. MiCA waives the requirement for authorisation where an EU client initiates at its own exclusive initiative the provision of crypto-asset services (‘reverse solicitation’, Article 61.1). Paragraph 2 of Article 61 clarifies that the client’s own initiative does not entitle a thirdcountry firm to ‘market’ new types of crypto-assets or crypto-assets services to that client. However, there is legal uncertainty as to the boundaries of reverse solicitation and there is a risk of solicitation cloaked as reverse solicitation. 26. Although the discussion on the boundaries of reverse solicitation is not unique to the crypto ecosystem, the SMSG highlights that cryptos amplify the need to clarify what conduct qualifies for solicitation or reverse solicitation due to the existence of multiple cryptospecific channels to approach clients like blogs, message boards, newsletters, referral programmes and partnership programmes.

24 4.2. Decentralized finance 27. MiCA Regulation is an entity-based set of rules (e.g., the CASP authorisation process or the CASP conflicts of interests). However, financial services may also be provided through decentralized applications running on permissionless networks like Ethereum with minimal or no intermediaries’ involvement. This setting is usually referred to as Decentralized Finance (DeFi)8. 28. The SMSG understands that, based on Article 142 of MiCA Regulation, by 30 December 2024 and after consulting EBA and ESMA, the Commission shall present a report to the European Parliament and the Council on the latest developments with respect to cryptoassets, including an assessment of the development of DeFi in markets in crypto￾assets and of the necessity and feasibility of regulating DeFi9. 29. Given the dynamic nature of these technologies and the semantic difficulties associated with the interpretation of the related concepts, the SMSG highlights the need to start immediately monitoring the developments in the DeFi area and offering clarifications as to whether the MiCA Regulation applies to specific operations performed in a DeFi setting. Recital 22 of MiCA states that partially decentralized services are in scope of MiCA, whereas fully decentralized services in crypto-assets are not in MiCA scope10. However, ascertain whether a service is provided in a partially decentralised manner or in a fully decentralised manner is not straightforward 11 . Additionally, the risk of malpractices is present with decentralisation as well. For example, when decentralized applications act as market makers (i.e., Automated Market-Makers, AMMs) the underlying code should be made available to regulators for possible scrutiny in order to prevent market abuse. 8 Decentralized applications (or “protocols”) are set of smart contracts which do not need to be operated by a clearly identifiable corporate entity. Developers may create and distribute governance tokens, which confer rights – e.g. related to the governance of the protocol – to their owners, to be exercised within novel forms of organization such as Decentralized Autonomous Organizations (DAOs). Decentralized finance emerges when the protocols provide users with financial services on a decentralized network. 9 MiCA requires that the report is also expected to contain an assessment of the necessity (and feasibility) of regulating lending and borrowing of crypto-assets, an assessment of the treatment of e-money tokens, where not addressed in the review of the Payment Services Directive (PSD2), an assessment of the development of markets in non-fungible crypto-assets (e.g., NonFungible Tokens, NFTs) and of the appropriate regulatory treatment of such crypto-assets. 10 ‘This Regulation should apply to natural and legal persons and certain other undertakings and to the crypto-asset services and activities performed, provided or controlled, directly or indirectly, by them, including when part of such activities or services is performed in a decentralised manner. Where crypto-asset services are provided in a fully decentralised manner without any intermediary, they should not fall within the scope of this Regulation.’ 11 Even where crypto platforms pose as DeFi stricto sensu, it is far from certain whether they are, in fact, fully decentralized in MiCA’s sense. Some type of legal entity is often related to fully decentralized platforms. See Zetzsche/Buckley/Arner/van Ek, Remaining regulatory challenges in digital finance and crypto-assets after MiCA, publication for the Committee on Economic and Monetary Affairs (ECON), Policy Department for Economic, Scientific and Quality of Life Policies, European Parliament, Luxembourg, May 2023. This document is available on the internet at: http://www.europarl.europa.eu/supporting-analyses.

25 4.3. Risk of misunderstanding MiCA scope and implications 30. MiCA Regulation provides operational, organisational and prudential requirements at Union level applicable to crypto-asset service providers to address potential risks that the provision of crypto-asset services poses to investor protection. 31. While MiCA Regulation provides fundamental safeguards, the SMSG also believes that investors should be in a position not to overrate the protection provided by MiCA. The no-endorsement statement12 on the first page of the crypto-asset white paper is fully consistent with this approach. 32. Along the same lines, the SMSG believes that it would be useful to monitor the use that CASPs make of the MiCA authorisation in their communication. A potential risk is in the misuse of the authorisation received by NCAs to convey the idea that the crypto-assets are less risky thanks to this authorisation. 4.4. Market stability and prudential requirements of CASPs 33. MiCA provides prudential and conduct requirements for CASPs, including back–up systems and risk controls. The SMSG notes that such requirements address the resilience of CASPs while a different – although interconnected – dimension of market stability refers to excessive volatility. This second dimension also deserves attention, for investor protection purposes and market abuse prevention, as issuers may limit the supply, pushing upwards the market price for the crypto asset. This practice - which essentially leads to ‘positioning’ the market price at an artificial level - is similar to a market corner or squeeze. 34. With respect to prudential requirements, the SMSG understands that the introduction of a prudential regime for CASPs is intended to ensure consumer protection (Recital 80). To create a level playing field between CASPs and regulated financial entities, prudential requirements should be subject to a test of functional equivalence, namely they should be similar to those of regulated institutions undertaking same functions. 35. According to Article 67 of MiCA, CASP shall have prudential safeguards equal to an amount of at least the higher of the following two items: an amount of permanent minimum capital requirements – that ranges from EUR 50,000 to EUR 150,000 depending on the type of the crypto-asset services provided – and 25% of the fixed overheads13. 12 ‘This crypto-asset white paper has not been approved by any competent authority in any Member State of the European Union. The issuer of the crypto-asset is solely responsible for the content of this crypto-asset white paper’ (Articles 6(39 and 51(3)). 13 The prudential safeguards may be complied with own funds of the CASP or an insurance policy.

26 36. While the SMSG understands that prudential safeguards have been set by the Level 1 text and prudential regulation is not explicitly in ESMA remit, the SMSG notes that prudential requirements – which may have an impact on market stability – do not appear to be fully related to the potential riskiness of CASPs as they do not take into account, e.g., the value of the assets in custody or the value of the crypto-assets placed or traded14. 14 Annex IV of MiCA provides minimum capital requirements for CASPs offering, among others, execution of orders on behalf of clients, providing custody and administration of crypto-assets on behalf of clients, exchange of crypto-assets for fund, operation of a trading platform for crypto-assets. The exchange of crypto assets for funds, as defined by Article 3.1.(19), is a market making activity where the CASP buys and sells contracts concerning crypto-assets with clients for funds by using proprietary capital.

27 Annex III – Draft RTS pursuant to Article 72(5) of MiCA COMMISSION DELEGATED REGULATION (EU) …/… of XXX supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the requirements for policies and procedures on conflicts of interest for crypto￾asset service providers as well as the details and methodology for the content of disclosures of conflicts of interest (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2012 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/19371 , and in particular Article 72(5), third subparagraph, thereof, Whereas: (1) Where implementing and maintaining the policies and procedures required pursuant to Article 72 of Regulation (EU) 2023/1114, crypto-asset service providers should take into account the principle of proportionality with a view to ensuring that the policies and procedures are sufficient to achieve the objectives of that Article and take into account the scale, nature and range of crypto-asset services provided, as well as, where relevant, circumstances related to the fact that the crypto-asset service provider belongs to a group. (2) A broad range of situations, relationships and affiliations may create conflicts of interest. When designing conflicts of interest policies and procedures, crypto-asset service providers should consider all situations which may influence or affect, or which may 1 OJ L 150, 09.06.2023, p. 40.

28 appear to influence or affect, the crypto-asset service provider’s ability or that of any person connected to the crypto-asset service provider to exercise their duties or responsibilities objectively and independently. In order to do so, crypto-asset service providers should have a transparent organisational and managerial structure, which is consistent with their overall strategy and risk profile, and which is well understood by their management body, affiliated entities, national competent authorities, as well as clients. (3) Ensuring the sound governance and management of crypto-asset service providers is fundamental for their functioning and to ensure trust in this segment of the financial markets. For this reason, the conflicts of interest policies and procedures should specifically cover those conflicts that may impede the ability of members of the management body to take objective and impartial decisions that aim to be in the best interests of the crypto-asset service provider and their clients. (4) The potential and actual conflicts of interest to be taken into consideration by crypto-asset service providers pursuant to Article 72(1) of Regulation (EU) 2023/1114 should be those affecting, or potentially affecting, the interests of clients as well as those affecting or potentially affecting the performance and situation of the crypto-asset service provider as such and thus, indirectly, also affect the interests of clients. (5) In order to ensure that conflicts of interest policies and procedures meet their objective, crypto-asset service providers should not rely on disclosure requirements to clients set out in Article 72(2) of Regulation (EU) 2023/1114 as a way to manage conflicts of interest. Instead, they should ensure the identification, prevention and management of conflicts of interest. (6) As such, the steps that crypto-asset service providers are to take in accordance with Article 72(1) of Regulation (EU) 2023/1114 should ensure with reasonable confidence that risks of damage to clients’ interests or those of the crypto-asset service provider will be prevented and, where this is not possible, appropriately mitigated. Certain conflicts of interest may, however, be particularly acute and cannot be appropriately prevented or managed through effective policies and procedures or internal systems and controls or prohibitions within the same legal entity. This may be the case, for instance, for conflicts of interest resulting from different crypto-asset services or other activities being provided or conducted by the crypto-asset service provider or within the same group. In such cases, measures going beyond the implementation of effective policies and procedures, systems and controls or prohibitions might have to be taken so as to ensure that risks of damage to clients’ or the crypto-asset provider’s interests will be prevented or appropriately mitigated. Such measures may, for instance, include the segregation of conflicting crypto￾asset services or other activities in separate legal entities with independent management. (7) The remuneration of staff involved in the provision of crypto-asset services to clients can give rise to conflicts of interest and is a crucial investor protection issue. It is thus essential that crypto-asset service providers ensure that their remuneration policies and practices for all persons who could have an impact on the service provided or corporate behaviour

29 of the crypto-asset service provider do not create conflicts between the interests of clients and those of the crypto-asset service provider or connected persons or impair the ability of connected persons to carry out their duties and responsibilities in an independent and objective manner. (8) In order to ensure the efficient and consistent application of the conflicts of interest requirements in the area of remuneration, a broad definition of remuneration should be adopted. It should include all forms of payment or financial or non-financial benefits provided directly or indirectly by crypto-asset service providers to persons with an impact, directly or indirectly, on crypto-asset services provided by the crypto-asset service providers or on its corporate behaviour. (9) For the purpose of ensuring at all times the appropriate implementation, maintenance and review of conflicts of interest policies and procedures, such policies should require crypto-asset service providers to ensure that there are adequate resources available that are responsible for the management of conflicts of interest and independent from the business they control. Such dedicated resources should also have the necessary skills, knowledge and expertise. For the same reason, the person responsible for the management of conflicts of interest should be able to access and report directly to the relevant internal reporting channel in its management function and, where applicable, in its supervisory function, where necessary. (10) To ensure that clients can take an informed decision about services presenting actual conflict of interests, crypto-asset service providers should keep up-to-date the information disclosed in accordance with Article 72(2) of Regulation (EU) 2023/1114, about the general nature and sources of conflicts of interest as well as the steps taken to mitigate them. Such disclosure should be appropriate to the nature of the clients to whom or which it is addressed, in particular taking into account their level of knowledge and experience. The disclosures should also include a description of the measures taken to manage or prevent each identified conflict of interest. (11) In order to make clear to clients in what capacity or capacities the crypto-asset service provider is acting, especially as crypto-asset service providers may often be operating in a vertically integrated manner or in close cooperation with affiliated entities or entities of the same group, the disclosures referred to in Article 72(2) of Regulation (EU) 2023/1114 should include a sufficiently detailed, specific and clear description of the situations which give or may give rise to conflicts of interest, including the role and capacity in which the crypto-asset service provider is acting. This is particularly relevant in situations where, for instance, the crypto-asset service provider is presenting itself as an exchange but actually engages in or combines multiple functions or activities such as operating a trading platform in crypto-assets, market-making, offering margin trading, facilitating custody, settlement, lending, borrowing and proprietary trading. (12) In order to ensure appropriate investor protection, prospective clients and clients should have access to the disclosures referred to in Article 72(2) of regulation (EU) 2023/1114 in a language with which they are familiar. Therefore, crypto-asset service providers

30 should make available such disclosures in all languages used by crypto-asset service provider to market their services or communicate with clients in the relevant Member State. (13) Data protection laws, in particular Regulation (EU) 2016/679 and, where relevant, Directive 2002/58/EC, are applicable to the processing of personal data by crypto-asset service providers, including the information collected through their conflicts of interest policies and procedures. (14) The conflicts of interest policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114 and further specified in these regulatory technical standards provide for the communication of personal data when necessary and proportionate to ensure the adequate identification, prevention, management and disclosure of conflicts of interest potentially detrimental to the clients crypto-asset service providers or to the crypto-asset service providers, taking into account the risks to the fundamental rights to privacy and to the protection of personal data of the connected persons. (15) This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority (‘ESMA’), in close cooperation with the European Banking Authority. (16) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council2 , HAS ADOPTED THIS REGULATION: Article 1 Definitions

1. For the purposes of this Regulation, the following definitions apply: (a) ‘connected person’ means any of the persons referred to in Article 72(1), point (a), (i) to (iv) of Regulation (EU) 2023/1114. 2 Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

31 (b) ‘remuneration’ means any form of payment or other financial or non-financial benefits provided directly or indirectly by crypto-asset service providers in the provision of crypto-asset services to clients; (c) ‘group’ means a group as defined in Article 2(11) of Directive 2013/34/EU3 . Article 2 Conflicts of interest potentially detrimental to clients

1. For the purposes of identifying the types of conflicts of interest that arise in the course of providing crypto-asset services and whose existence may damage the interests of one or more clients, crypto-asset service providers shall take into account, at least, whether the crypto-asset service provider or any connected person, is in any of the following situations: (a) it is likely to make a financial gain, avoid a financial loss, or receive another kind of benefit, at the expense of the client; (b) it has an interest in the outcome of a crypto-asset service provided to the client or of a transaction carried out on behalf of the client, which is distinct from the client’s interest in that outcome; (c) it has a financial or other incentive to favour the interest of one or more clients over the interests of another client; (d) it carries out the same business as the client; (e) it receives or will receive from a person other than the client an inducement in relation to a service provided to the client, in the form of monetary or non-monetary benefits or services. Article 3 Conflicts of interest potentially detrimental to the crypto-asset service provider
2. For the purposes of identifying the circumstances which could create conflicts of interest related to the performance of a connected person’s duties and responsibilities, crypto-asset service providers shall take into account, at least, situations or relationships where a connected person: 3 Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182 29.6.2013, p. 19).

32 (a) has an economic interest in a person, body or entity with interests conflicting with those of the crypto-asset service provider; (b) has or has had within at least the last 3 years a personal relationship with a person, body or entity with interests conflicting with those of the crypto-asset service provider; (c) has or has had within at least the last 3 years a professional relationship with a person, body or entity with interests conflicting with those of the crypto-asset service provider; (d) has or has had during at least the last 3 years a political relationship with a person, body or entity with interests conflicting with those of the crypto-asset service provider; (e) carries out conflicting tasks or activities, is entrusted with conflicting responsibilities or is hierarchically supervised by a person in charge of conflicting functions or tasks. 2. For the purposes of identifying the persons, bodies or entities with conflicting interests to theirs, the policies and procedures should require crypto-asset service providers to take into account, at least, whether that person, body or entity is in any of the following situations: (a) it is likely to make a financial gain, or avoid a financial loss, at the expense of the crypto￾asset service provider; (b) it has an interest in the outcome of a crypto-asset service provided or an activity carried out or decision taken by the crypto-asset service provider, which is distinct from the crypto-asset service provider’s interest in that outcome; (c) it carries out the same business as the crypto-asset service provider or is a client, consultant, adviser, delegatee, outsourcee, service provider or other supplier (including subcontractors) of the crypto-asset service provider and it can be reasonably deemed from objective circumstances that there may be a conflict of interests with the crypto-asset service provider. 3. For the purposes of paragraph 1, point (a), the policies and procedures should require crypto￾asset service providers to take into account at least the following situations or relationships where the connected person: (a) holds shares, tokens (including governance tokens), other ownership rights or membership in that person, body or entity; (b) holds debt instruments of or has other debt arrangements with that person, body or entity; (c) has any form of contractual arrangements, such as management contracts, service contracts, delegation or outsourcing contract or intellectual property licenses, with that person, body or entity.

33 Article 4 Conflicts of interest policies and procedures

1. The policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114 shall be set out in writing and take into account the scale, nature and range of crypto-asset services and other activities provided or carried out by the crypto-asset service provider and the group to which it belongs. The crypto-asset service provider’s management body shall be responsible for the definition, adoption, implementation and for monitoring compliance with such policies and procedures as well as for periodically assessing and reviewing their effectiveness and addressing any deficiencies in that respect. Crypto-asset service providers shall establish effective internal channels to inform employees and members of the management body of such rules and provide appropriate updated training.
2. Where the crypto-asset service provider is a member of a group, the policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114 shall also take into account any circumstances which may give rise to a conflict of interest due to the structure and business activities of other entities within the group. In particular, where a crypto-asset service provider provides, either on its own or together with other entities of its group, multiple crypto-asset services and related activities, the policies, procedures and measures referred to in paragraph 3, point (b) shall prevent any abuse resulting from concentrated control, management of related￾party transactions, including those involving affiliated companies, and transparency of related￾party transactions.
3. The conflicts of interest policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114 shall include the following content: (a) in relation to any crypto-asset service or activity provided , or carried out, by or on behalf of the crypto-asset service provider or a consultant, adviser, delegate or outsourcee, a description of the circumstances which may give rise to a conflict of interest in accordance with Articles 2 or 3; (b) the policies and procedures to be followed and measures to be adopted in order to identify, prevent, manage and disclose such conflicts; (c) a clear reference to the organisational and managerial structure of the crypto-asset service provider.
4. The policies and procedures, as well as measures, referred to in paragraph 3, point (b), shall be designed to ensure that connected persons engaged in different business activities that may give rise to a potential or actual conflict of interest as referred to in paragraph 3, point (a), carry out these activities at a level of objectivity and independence appropriate to the scale, nature and range of crypto-asset services provided by the crypto-asset service provider and of the group to which it belongs, whilst also taking into consideration the risk of damage to the interests of one or more clients or the interests of the crypto-asset service provider.

34 5. The policies and procedures referred to in paragraph 3, point (b), in conjunction with Article 2, shall include at least the following arrangements: (a) to report and communicate promptly to the appropriate internal reporting channel any matter that may result, or has resulted, in a conflict of interest; (b) to prevent and control the exchange of information between connected persons engaged in activities involving a risk of a conflict of interest where the exchange of that information may harm the interests of one or more clients; (c) for the separate supervision of connected persons whose principal functions involve carrying out activities on behalf of, or providing services to, clients whose interests may conflict with each other or with those of the crypto-asset service provider; (d) for the removal of any direct link between the remuneration provided to the crypto-asset service provider’s employees, delegatees, outsourcees, subcontractors or members of the management body principally engaged in one activity and the remuneration of, or revenues generated by, different employees, delegatees, outsourcees, subcontractors or members of the management body of the crypto-asset service provider principally engaged in another activity, where a conflict of interest may arise in relation to those activities; (e) to prevent any person from exercising inappropriate influence over the way in which a connected person carries out crypto-asset services; (f) to prevent or control the simultaneous or sequential involvement of a connected person in separate crypto-asset services or activities where such involvement may impair the proper management of conflicts of interest. 6. The policies and procedures referred to in paragraph 3, point (b), in conjunction with Article 3, shall include at least the following arrangements: (a) to report and communicate promptly to the appropriate reporting channel any matter that may result, or has resulted, in a conflict of interest; (b) to ensure that conflicting activities or transactions are entrusted to different persons; (c) to prevent connected persons who are also active outside the crypto-asset service provider from having inappropriate influence within the crypto-asset service provider in relation to those other outside activities; (d) to provide sufficient guidance on the identification and management of conflicts of interest that may impede the ability of members of the management body to take objective and impartial decisions that aim to fulfil the best interest of the crypto-asset service provider; (e) to establish the responsibility of the members of the management body to inform other members of and abstain from voting on any matter where a member has or may have a conflict of interest or where the member’s objectivity or ability to properly fulfil his or her duties to the crypto-asset service provider may be otherwise compromised; (f) to prevent members of the management body from holding directorships in competing crypto-asset service providers outside of the same group;

35 (g) to prevent and control the exchange of information between connected persons engaged in activities involving a risk of a conflict of interest where the exchange of that information may affect the performance of such connected person’s duties and responsibilities to the crypto-asset service provider. 7. The policies and procedures referred to in paragraph 3, point (b), shall ensure with reasonable confidence that risks of damage to clients’ or the crypto-asset provider’s interests will be prevented or appropriately mitigated. Where policies and procedures as well as internal systems and controls are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of clients or the crypto-asset service provider will be prevented or appropriately mitigated, other additional specific measures shall be decided on and put in place to prevent or manage the relevant conflicts of interest, which could not have been managed appropriately within the adopted policies and procedures either within the same legal entity or at the level of the group. Where this has been the case, the issuer shall also update the policies and procedures accordingly. 8. The conflicts of interest policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114 shall include arrangements ensuring that adequate and independent resources are dedicated by the crypto-asset service provider to their implementation, maintenance and review. This shall include the appointment of one person that is responsible for the identification, prevention, management and disclosure of conflicts of interest in accordance with Regulation (EU) 2023/1114 and this Regulation. Such person shall have the necessary authority to discharge their responsibilities appropriately and independently and to report to the management body directly. Such person may be entrusted with other roles or functions by the crypto-asset service provider, provided that it is appropriate given the scale, nature and range of crypto-asset services and other activities provided or carried out by the crypto-asset service provider. Such other roles or functions shall also not compromise the independence and objectivity of such person. Such policies and procedures shall also define the skills, knowledge and expertise necessary for staff in charge of the responsibilities described in subparagraph 1 and shall provide for such staff to have access to all relevant information for the discharge of their responsibilities. For the purposes of the responsibilities allocated to the management body of the crypto-asset service provider referred to in paragraph 1, the conflicts of interest policies and procedures shall define the content of the report that the staff in charge of the policies and procedures’ implementation, maintenance and review shall submit to the management body on an annual basis and, where material deficiencies are identified, on an ad hoc basis. Such report shall include, at least: (a) a detailed description of the situations referred to in point (a) of paragraph 2 of Article 8; (b) the measures taken to prevent and mitigate conflicts of interest arising or which may arise from the situations referred to in point (a) of paragraph 2 of Article 8;

36 (c) the deficiencies identified in the crypto-asset service provider’s conflicts of interest policies, procedures and arrangements (including the remuneration policies, procedures and arrangements) and the measures taken to remedy them. Article 5 Remuneration procedures, policies and arrangements

1. Crypto-asset service providers shall define and implement remuneration procedures, policies and arrangements taking into account the interests of all their clients, in the short, medium or long term, as well as the scale, the nature and range of crypto-asset services provided. Remuneration procedures, policies and arrangements shall be designed so as not to create a conflict of interest or incentive that may lead the persons to whom they apply to favour their own interests or the crypto-asset service provider's interests to the potential detriment of any client or that may lead the persons to whom they apply to favour their own interests to the detriment of the crypto-asset service provider.
2. Crypto-asset service providers shall ensure that their remuneration procedures, policies and arrangements apply to: (a) their employees as well as any other natural person whose services are placed at the disposal and under the control of the crypto-asset service provider and who is involved in the provision by the crypto-asset service provider of crypto-asset services; (b) members of their management body; and (c) any natural person directly involved in the provision of services to the crypto-asset service provider under an outsourcing arrangement for the purpose of the provision by the crypto-asset service provider of crypto-asset services. The application of the crypto-asset service provider’s remuneration procedures, policies and arrangements to the persons listed in (a) to (c) above is subject to such persons having an impact, directly or indirectly, on crypto-asset services provided by the crypto-asset service providers or on its corporate behaviour, regardless of the type of clients, and to the extent that the remuneration of such persons and similar incentives may create a conflict of interest that encourages them to act against the interests of any of the crypto-asset service provider's clients or to favour their own interests to the detriment of the crypto-asset service provider.
3. Remuneration and similar incentives shall not be solely or predominantly based on quantitative commercial criteria, and shall take into account appropriate qualitative criteria reflecting compliance with the applicable regulations, the fair treatment of clients and the quality of services provided to clients. A balance between fixed and variable components of remuneration shall be maintained at all times, so that the remuneration structure does not favour the interests of the crypto-asseet service providers or its connected persons against the interests of any client.

37 Article 6 Scope of personal transactions

1. A personal transaction shall be a transaction in a crypto-asset or resulting in a position in or exposure to a crypto-asset effected by or on behalf of a connected person, where at least one of the following criteria are met: (a) the connected person is acting outside the scope of the activities he carries out in his professional capacity; (b) the transaction is carried out for the account of any of the following persons: (i) the connected person; (ii) any person with whom a connected person has a family relationship, or close links; (iii) a person in respect of whom the connected person has a direct or indirect material interest in the outcome of the transaction, other than obtaining a fee or commission for the execution of the transaction.
2. For the purposes of paragraph 1, point (b)(ii), “person with whom a connected person has a family relationship” shall mean any of the following: (a) the spouse of the connected person or any partner of that person considered by national law as equivalent to a spouse; (b) a dependent child or stepchild of the connected person; (c) any other relative of the connected person who has shared the same household as that person for at least one year on the date of the personal transaction concerned or the previous 5 years. Article 7 Personal transactions
3. Crypto-asset service providers shall establish, implement and maintain adequate policies, procedures and arrangements aimed at preventing the activities set out in paragraphs 2, 3 and 4 in the case of any connected person who is involved in activities that may give rise to a conflict of interest, or who has access to inside information within the meaning of Article 87 of Regulation (EU) 2023/1114, or to other confidential information relating to clients or transactions with or for clients by virtue of an activity carried out by him on behalf of the crypto￾asset service provider.

38 2. Crypto-asset service providers shall have in place arrangements aiming at ensuring that connected persons do not enter into a personal transaction which meets any of the following criteria: (a) that person is prohibited from entering into it under Title VI of Regulation (EU) 2023/1114; (b) it involves the misuse or improper disclosure of that confidential information; (c) it conflicts or is likely to conflict with an obligation of the crypto-asset service provider under Regulation (EU) 2023/1114. 3.The arrangements referred to in paragraph 2 shall be designed to ensure that: (a) each connected person is aware of the restrictions on personal transactions, and of the measures established by the crypto-assets service provider in connection with personal transactions; (b) the crypto-assets service provider is informed promptly of any personal transaction entered into by a connected person, either by notification of that transaction or by other procedures enabling the crypto-assets service provider to identify such transactions; (c) a record is kept of the personal transaction notified to the crypto-assets service provider or identified by it, including any authorisation or prohibition in connection with such a transaction. 4. In the case of outsourcing arrangements, the crypto-assets service provider shall ensure that the entity to which the activity is outsourced maintains a record of personal transactions entered into by any connected person and provides that information to the crypto-assets service provider promptly on request. Article 8 Disclosures of the general nature and source of conflicts of interest and the steps taken to mitigate them

1. Crypto-asset service providers shall keep the information referred to in Article 72(2) of Regulation (EU) 2023/1114 updated at all times.
2. The disclosure made in accordance with Article 72(2) of Regulation (EU) 2023/1114 shall contain a sufficiently detailed, specific and clear description of: (a) the crypto-asset services, activities or circumstances giving rise, or which may give rise, to conflicts of interest of the kind referred to in Article 2(1) and Article 3(1), including the role and capacity in which the crypto-asset service provider is acting when providing the crypto￾asset service to the client; (b) the nature of the conflicts of interest identified; (c) the associated risks identified in relation to the conflicts of interest referred to in (a) above;

39 (d) the steps and measures taken to prevent or mitigate the identified conflicts of interest. 3. The disclosures referred to in paragraph 2 shall not be considered as a way to manage conflicts of interest. They shall be available to clients at all times and on any devices. Where the crypto-asset service provider makes it available on the relevant device, the crypto-asset service provider should also provide a link to the disclosures on its website. 4. For the purposes of the disclosure referred to in paragraph 2, crypto-asset service providers shall keep up-to-date records of all situations giving rise to actual and potential conflicts of interest, including the relevant crypto-asset services or activities, and of the measures taken to prevent or manage such conflicts in the relevant situations. 5. The disclosures referred to in paragraph 2 shall be made available in all languages used by the crypto-asset service provider to market their services or communicate with clients in the relevant Member State. Article 9 Additional requirements in relation to placing

1. For the purposes of identifying the types of conflict of interest that arise where the crypto￾asset service provider provides placing services, crypto-asset service providers shall take into account, without prejudice to points (a) to (c) of Article 79(2) of Regulation (EU) 2023/1114, at least, the following situations: (a) the crypto-asset service provider is also offering pricing services in relation to the offer of crypto-assets; (b) the crypto-asset service provider is also providing execution of orders for crypto-assets on behalf of clients and research services; (c) the crypto-asset service provider is placing crypto-assets of which itself or an entity from its group is the issuer.
2. Crypto-asset service providers shall establish, implement and maintain internal arrangements to ensure at least all of the following: (a) that the pricing of the offer does not promote the interests of other clients of the crypto-asset service provider or the crypto-asset service provider’s own interests, in a way that may conflict with the issuer client's interests; (b) that the pricing of the offer does not promote the interests of the issuer client’s, the crypto￾asset service provider’s own interests or the interests of a connected person, in a way that may conflict with other clients’ interests; (c) the prevention of a situation where persons responsible for providing services to the crypto￾asset service provider's investment clients, or deciding which products should be included in

40 the list of products offered or recommended by the crypto-asset service provider, are directly involved in decisions about pricing to the issuer client; (d) the removal of any direct or indirect link between the results of any placing activity and the remuneration of persons engaged in another crypto-asset service or other activity of the crypto￾asset service provider; (e) the prevention of any kind of recommendations, either upon client’s request or at the initiative of the crypto-assets service provider either directly or indirectly, from being inappropriately influenced by any existing or future relationships; (f) the prevention of a situation where persons responsible for providing services to the crypto￾asset service provider's investment clients are directly involved in decisions about recommendations to the issuer client on allocation; (g) the prevention of the exercise of staking rights without prior consent of the investment client. 3. Crypto-asset service providers shall have in place a centralised process to identify all their placing operations, including the date on which the crypto-asset service provider was informed of potential placing operations. Article 10 Entry into force and application This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, For the Commission The President

[For the Commission On behalf of the President

[Position]