ESMA Opinion on RTS specifying requirements for conflicts of interest for crypto-asset service providers under MiCA

24 January 2025 ESMA35-1872330276-2021 Opinion On regulatory technical standards specifying certain requirements in relation to conflicts of interest for crypto-asset service providers under the Markets in Crypto-Assets Regulation (MiCA)

ESMA - 201-203 rue de Bercy - CS 80910 - 75589 Paris Cedex 12 - France - Tel. +33 (0) 1 58 36 43 21 - www.esma.europa.eu 2

3 Table of Contents 1 Executive Summary ......................................................................................................4 2 Legal basis....................................................................................................................5 3 Background...................................................................................................................6 3.1 Personal transactions ............................................................................................6 3.2 Policies and procedures on conflict of interest in the context of remuneration ......8 3.3 Conflicts of interest potentially detrimental to the crypto-asset service provider....9 3.4 Adequate resources...............................................................................................9 3.5 Multifunction Crypto-asset Intermediaries (MCIs)................................................10 4 Annex ..........................................................................................................................11

4 1 Executive Summary Reasons for publication Article 72(5) of the Regulation on markets in crypto-assets (MiCA) 1 requires ESMA to develop draft regulatory technical standards to further specify the requirements for the policies and procedures to identify, prevent, manage and disclose conflicts of interest, as well as the details and methodology for the content of the disclosure by crypto-asset service providers of the general nature and sources of conflicts of interest and the steps taken to mitigate them (the “RTS on CoIs”). On 31 May 2024, ESMA published its final report on the draft RTS on CoIs2 and submitted it to the European Commission (the EC) for adoption3 . On 29 November 2024, ESMA received a letter from the EC4 informing ESMA that it intends to adopt the RTS on CoIs with amendments, which were included in an Annex to the letter. The EC letter referred to the possibility for ESMA to submit a new draft of the RTS on CoIs reflecting the proposed amendments. Pursuant to the ESMA Regulation, within a period of six weeks from the receipt of the letter, ESMA may amend the draft RTS on CoIs and resubmit it to the EC in the form of a formal opinion. In this opinion, ESMA suggests a limited number of changes to the amendments proposed by the EC, as explained further below and set out in the Appendix. ESMA acknowledges that an appropriate balance should be found between, on the one hand, the protection of investors and financial stability related objectives, and on the other hand, promoting safe and sustainable innovation. However, in view of the Commission’s comments, ESMA proposes striking that balance slightly differently from the EC. All modifications suggested by ESMA to the draft RTS on CoIs that is proposed by the EC in its letter5 are described in Section 3 (Background) below and are shown as tracked changes in the amended draft RTS on CoIs included in the Annex. Contents Section 2 describes the legal basis, Section 3 sets out the background, as well as the policy objectives, while the suggested amended draft RTS are included in the Annex. Next Steps In response to the letter received on 29 November 2024, ESMA has adopted this opinion, which is being communicated to the EC, with copies to the European Parliament and the Council. The EC may adopt the RTS with the amendments it considers relevant or reject it. The European Parliament and the Council may object to an RTS adopted by the EC within a period of three months.

5 2 Legal basis

1. MiCA provides that ESMA shall develop draft RTS to further specify: ● the requirements for the policies and procedures referred to in Article 72(1) of MiCA, taking into account the scale, the nature and the range of crypto-asset services provided; ● the details and methodology for the content of the disclosure referred to in Article 72(2) of MiCA.
2. On 31 May 2024, ESMA published its final report on draft technical standards specifying certain requirements in relation to conflicts of interest for crypto-asset service providers under MiCA and submitted it to the EC for adoption pursuant to Article 10(1) of the ESMA Regulation6 .
3. On 29 November 2024, ESMA received a letter from the EC7 informing ESMA that it intends to adopt the proposed RTS with amendments, which were included in an Annex to the letter, and informed ESMA that, in accordance with the ESMA Regulation, it may submit new draft RTS to the EC reflecting these amendments.
4. Pursuant to Article 10(1) of the ESMA Regulation, within a period of six weeks from the receipt of the EC’s letter, ESMA may amend its draft RTS on the basis of the Commission’s proposed amendments and resubmit them to the EC in the form of a formal opinion.
5. ESMA’s competence to deliver an opinion is based on Article 10(1) of the ESMA Regulation. In accordance with Article 44(1) of the ESMA Regulation the Board of Supervisors has adopted this opinion.
6. This opinion sets out ESMA’s view on how the draft RTS specifying certain requirements in relation to conflicts of interest for crypto-asset service providers under MiCA should be amended in light of the approach set out by the EC in its letter to ESMA.
7. In general terms, ESMA supports the amendments proposed by the EC except for a few areas which are further specified in the following sections. All modifications suggested 1 Regulation (EU) 2023/1114 of the European Parliament and the Council of 31 May 2023 on markets in crypto-assets (OJ L 150, 9.6.2023, p. 40–205). 2 Available here. 3 Pursuant to Article 10(1) of Regulation (EU) No 1095/2010 (the ‘ESMA Regulation’). 4 https://finance.ec.europa.eu/document/download/ff17c445-6a7e-4d48-a9f8-2ae1392429bc_en?filename=241129-letter-esma￾mica-crypto-asset-service-provider_en.pdf 5 https://finance.ec.europa.eu/document/download/ff17c445-6a7e-4d48-a9f8-2ae1392429bc_en?filename=241129-letter-esma￾mica-crypto-asset-service-provider_en.pdf 6 Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC. 7 https://finance.ec.europa.eu/document/download/ff17c445-6a7e-4d48-a9f8-2ae1392429bc_en?filename=241129-letter-esma￾mica-crypto-asset-service-provider_en.pdf

6 by ESMA to the draft RTS on CoIs that is proposed by the EC in its letter8 are therefore described in the following section (Background) and are shown as tracked changes in the amended draft RTS on CoIs included in the Annex. 3 Background 3.1 Personal transactions 8. In relation to the provisions relating to personal transactions, the draft RTS on CoIs suggested by the EC depart from the draft RTS submitted by ESMA in May 2024. 9. Indeed, the EC is of the view that the provisions relating to personal transactions and related recitals in the ESMA draft RTS on CoIs “do not make it clear how these personal transactions and the policies and procedures to be followed by the CASP where such transactions occur, are linked to the specification of policies and procedures applicable to conflicts of interest between the CASPs and persons specified in Article 72(1) of MiCA Regulation and as such, they appear to be outside of the applicable mandate laid down in Article 72(5) MiCA Regulation”. 10. ESMA would like to underline that Article 72 of MiCA requires crypto-asset service providers to identify, prevent, manage and disclose conflicts of interests. Personal transactions are particularly prone to acute conflicts of interest: persons may have access to or knowledge of certain confidential information because of their role or position as employees, members of the management body or because they are shareholders of the crypto-asset service provider. There are clear conflicts of interest where such persons intend to use such information for personal gains. In this respect, the ESMA draft RTS on CoIs was merely highlighting and providing more details on specific situations (personal transactions) that are particularly prone to the occurrence of acute conflicts of interests. 11. To address the EC’s comments, ESMA is thus suggesting to further detail the link between the management of conflicts of interest and personal transactions in an additional recital (Recital 11 of the draft RTS on CoIs in the Annex). Scope of personal transactions 12. To address the comment as described in paragraph 9 above, the EC proposes to adopt an RTS “which cover only personal transactions that are specifically linked to conflicts of interest”. 13. ESMA notes that, to do so, the EC suggests incorporating Article 6 (Scope of personal transactions) of the ESMA RTS on CoIs in Article 2 (Conflicts of interest potentially detrimental to crypto-asset service providers), paragraph 4 of the EC RTS on CoIs. In relation to this change, ESMA notes that the scope of personal transactions suggested 8 https://finance.ec.europa.eu/document/download/ff17c445-6a7e-4d48-a9f8-2ae1392429bc_en?filename=241129-letter-esma￾mica-crypto-asset-service-provider_en.pdf

7 by the EC remains the same and, consequently, is not suggesting any amendments in this respect. 14. However, ESMA is of the view that personal transactions may be problematic not only because they may be conflicting with the interest of the crypto-asset service provider but also with the interests of one or more clients. For instance, personal transactions involving the misuse or improper disclosure of confidential information may conflict with the interest of clients (if confidential information relating to them is improperly used or disclosed) in addition to their conflict with the interest of the crypto-asset service provider (as this may cause the crypto-asset service provider to be in breach of a legal obligation as a result of improper use or disclosure of information by an employee). For this reason, ESMA suggests keeping the provisions relating to personal transactions as a self￾standing article (Article 6 (Policies and procedures on conflict of interest in the context of personal Transactions) of the draft RTS on CoIs in the Annex). Conflicts of interest policies and procedures relating to personal transactions 15. The EC further suggests incorporating only parts of Article 7 (Personal transactions) of the ESMA draft RTS on CoIs in paragraph 9 of Article 4 (Conflicts of interest policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114) of the EC draft RTS on CoIs. 16. Paragraph 2 of Article 7 of the ESMA draft RTS on CoIs provides that crypto-asset service providers shall make sure that connected persons (as defined in the ESMA draft RTS on CoIs) do not enter into certain personal transactions. Such personal transactions are those that involve the improper use or disclosure of confidential information that a connected person has access to or knowledge of because of its role or position in relation to the crypto-asset service provider. The scope of such (prohibited) personal transactions is defined and limited by paragraphs 1 and 2 of Article 7 of the ESMA draft RTS on CoIs. 17. The EC’s draft RTS on CoIs does not include such a prohibition. Instead, it provides that personal transactions shall be subject to “close scrutiny and monitoring” (Article 2(4) of the EC RTS on CoIs). Article 4(9) of the EC draft RTS on CoIs further establishes an authorisation procedure applicable to personal transactions to ensure that they are entered into on an arm’s length basis, i.e. objectively, in the interest of each party, and should correspond to the conditions that would have applied between independent parties for the same transaction in the absence of a conflict of interest. The EC draft RTS on CoIs thus leaves more discretion to crypto-asset service providers to decide whether and under which conditions a personal transaction may be entered into. 18. While ESMA considers that this amendment by the EC is in general terms appropriate for personal transactions, ESMA is nevertheless of the view that, for the personal transactions mentioned above that would result in infringement of MiCA or other applicable legislation, the conflicts of interest are so acute that crypto-asset service providers should not be given the discretion to decide whether to allow them or not. This is because, by reason of a connected person having access to relevant confidential information, prohibiting such personal transactions would be the only way to manage the conflicts of interest arising as a consequence and thus this would fall into measures taken to manage conflicts of interests. Some of these personal transactions are, in any case, already expressly prohibited by Title IV (Prevention and prohibition of market abuse

8 involving crypto-assets) of MiCA. But others, presenting conflicts of interest as acute as such personal transactions, would not fall into the scope of Title VI of MiCA and should be equally prevented. For instance, it could be the case where the confidential information the connected person has access to or knowledge of would not be inside information (as defined in Article 87 of MiCA). This may be the case, for instance, where such information would not have a significant effect on the price of the relevant crypto￾assets if it were made public. However, the potential use of such confidential information could still represent an acute conflict of interest that can only be managed by preventing related personal transactions. 19. To take into account the EC’s proposals, ESMA suggests keeping the authorisation system proposed by the EC in place, as this clarifies the procedure relating to personal transactions. However, ESMA also recommends amending the draft to i) make clear that certain personal transactions should always be prevented (Article 6, paragraph 2, point (e) of the draft RTS on CoIs in the Annex). 3.2 Policies and procedures on conflict of interest in the context of remuneration 20. The EC further adds that it “proposes additional limited amendments to the draft RTS to make it clear that obligations specified with regards to remuneration policies and procedures relate to the requirements applicable in the context of policies and procedures on conflicts of interest, and do not represent standalone obligations”. 21. ESMA notes that the amendments to Article 5, paragraph 1 make it clearer indeed that the obligations specified in relation to remuneration policies and procedures in the draft RTS on CoIs only apply in the context of policies and procedures on conflicts of interest, in line with the original intention. However, ESMA would recommend reinstating the following wording: “in the short, medium and long term” in paragraph 1. This is because some remuneration practices may be aligned with a client’s short-term interests but not take into account their medium or long-term objectives. 22. ESMA further notes that the EC’s draft RTS on CoIs does not include a definition for “remuneration”. The ESMA draft RTS on CoIs included the following definition in Article 1 (Definitions), point (b): “‘remuneration’ means any form of payment or other financial or non-financial benefits provided directly or indirectly by crypto-asset service providers in the provision of crypto-asset services to clients”. 21. ESMA is concerned that the deletion of such definition could lead to certain crypto-asset service providers taking a restrictive approach to their obligation to identify, prevent, manage and disclose conflicts of interest arising because of remuneration, as a way to circumvent Article 72 of MiCA, for instance by adopting a definition of remuneration that just encompasses remuneration by way of payments. 22. ESMA thus agrees not to include a new definition and suggests to at least provide some guidance as to what should be considered as remuneration for the purposes of this RTS, as a new subparagraph in paragraph 1 of Article 5 (Policies and procedures on conflict of interest in the context of remuneration) in the draft RTS on CoIs in the Annex.

9 3.3 Conflicts of interest potentially detrimental to the crypto-asset service provider 23. ESMA notes that the scope of Article 3 (Conflicts of interest potentially detrimental to the crypto-asset service provider), paragraph 3, point (c) of the ESMA draft RTS on CoIs has been reduced greatly in the EC’s draft RTS on CoIs (now Article 2, paragraph 3, point (c)). Article 3, paragraph 3 lists the situations or relationships that the crypto-asset service provider should take into account, as a minimum, when determining whether a person, body or entity has interests conflicting with its own because that person, body or entity is likely to make a financial gain, or avoid a financial loss, at the expense of the crypto-asset service provider. Among the situations or relationships to be taken into account for this purpose, point (c) of the ESMA draft RTS relates to: “situations or relationships where the connected person: […] (c) has any form of contractual arrangements, such as management contracts, service contracts, delegation or outsourcing contract or intellectual property licenses, with that person, body or entity”. 24. In the EC’s draft RTS on CoIs, the contractual arrangements to be taken into account under point (c) of paragraph 3 in Article 2 are now limited to those “related to the activities regulated under Regulation (EU) 2023/1114”. 25. ESMA is of the view that this limitation risks leaving certain conflicts of interest undetected and unmanaged. Conflicts of interest between connected persons and the crypto-asset service provider may arise due to contractual arrangements existing between a connected person and a person, body or entity with interests conflicting with those of the crypto-asset service provider. Such contractual arrangements may not necessarily relate to activities regulated under MiCA. For instance, a connected person may act as a business introducer for a third-party wanting to enter into a business relationship with the crypto-asset service provider. Such business relationship may not necessarily relate to activities regulated under MiCA (for instance, IT services). ESMA would thus recommend amending Article 2, paragraph 3, point (c) to remove this limitation in the EC’s draft RTS on CoIs, as shown in the Annex. 3.4 Adequate resources 26. To ensure the appropriate implementation, maintenance and review of conflict of interest policies and procedures, it is essential that the crypto-asset service provider dedicates adequate resources. Such resources should include adequate human resources and also, for instance, financial or technological resources. 27. ESMA notes that, in Article 4, paragraph 8, first subparagraph, the EC draft RTS on CoIs limits the requirement for crypto-asset service providers to dedicate adequate resources for the implementation, maintenance and review of the policies and procedures on conflicts of interest to human resources only. 28. In light of the importance of implementing, maintaining and reviewing policies and procedures on conflicts of interests for the purposes of identification, prevention, management and disclosure of conflicts of interests, ESMA considers it appropriate and proportionate that not only human resources are adequate. ESMA recommends

10 removing such limitation so that staff responsible for the implementation, maintenance and review of the policies and procedures on conflicts of interest may benefit from appropriate resources and tools (not just human resources, that still would need to be adequate and independent) to allow them to carry out their role effectively. 3.5 Multifunction Crypto-asset Intermediaries (MCIs)9 29. To address the heightened risk of conflicts of interest posed by MCIs, the ESMA draft RTS on CoIs included the requirement for crypto-asset service providers to take additional specific measures where policies and procedures as well as internal systems and controls are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of clients or the crypto-asset service provider will be prevented or appropriately mitigated. Such additional specific measures were meant to prevent or manage the relevant conflicts of interest, which could not have been managed appropriately within the adopted policies and procedures either within the same legal entity or at the level of the group. Such measures may, for instance, include the segregation of conflicting crypto-asset services or other activities in separate legal entities with independent management. 30. This requirement, that was included in Article 4, paragraph 7 of the ESMA draft RTS on CoIs, was meant to prevent conflicts of interest potentially being left undetected and unmanaged because conflicts of interest policies and procedures may not always be sufficient to address the risks the combination of certain crypto-related activities may cause. The proposed requirement was also in line with international standards such as Recommendation 9 of the Financial Stability Board’s Final report of 17 July 2023 on High-level Recommendations for the Regulation, Supervision and Oversight of Crypto￾Asset Activities and Markets10 and Recommendation 2 of the IOSCO11 Final Report of 16 November 2023 with Policy Recommendations for Crypto and Digital Asset (CDA) Markets12 . 31. ESMA recommends reinstating this requirement in Article 4, by adding a new subparagraph to paragraph 1, as shown in the draft RTS on CoIS in the Annex. In addition, ESMA further recommends adding a corresponding recital. 9 MCIs are defined by the Financial Stability Board as “individual firms, or groups of affiliated firms – such as FTX (prior to its failure) – that combine a broad range of crypto-asset services, products, and functions typically centred around the operation of a trading platform” (here) 10 Available here. In particular, Recommendation 9 of the FSB includes the following: “Authorities should consider whether and, if so, how combinations of multiple functions can be appropriately regulated within a single entity or group of affiliated entities. To the extent that such combinations are a result of non-compliance with existing regulations or will generate acute conflicts of interest which, as determined by authorities, cannot be effectively managed, authorities should apply robust measures as appropriate and in line with jurisdictional legal frameworks, including legal disaggregation and separation of certain functions. Authorities should consider relevant sectoral standards developed by SSBs when they require segregation of functions.” 11 The International Organization of Securities Commissions. 12 Available here. In particular, Recommendation 2 of the IOSCO report includes the following: “A regulator should consider whether certain conflicts are sufficiently acute that they cannot be effectively mitigated, including through effective systems and controls, disclosure, or prohibited actions, and may require more robust measures such as legal segregation of functions and activities, as well as separate registration and regulation of certain activities and functions to address this Recommendation.”

11 4 Annex Draft regulatory technical standard proposed by ESMA (tracked-changes are the proposed changes by ESMA to the EC’s draft RTS on CoIs) EUROPEAN COMMISSION Brussels, XXX … XXX draft COMMISSION DELEGATED REGULATION (EU) …/... of XXX supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the requirements for policies and procedures on conflicts of interest for crypto-asset service providers and the details and methodology for the content of disclosures on conflicts of interest (Text with EEA relevance)

12 EXPLANATORY MEMORANDUM

1. CONTEXT OF THE DELEGATED ACT Regulation (EU) 2023/1114 of 31 May 2023 on markets in crypto-assets and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (MiCA) was published in the Official Journal of the European Union on 9 June 2023 and entered into force on 29 June 2023. MiCA starts applying on 30 June 2024 as regards Titles III and IV on issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs) respectively, and is fully applicable as of 30 December 2024. MiCA regulates issuers of crypto-assets that are not already covered by other financial services acts as well as providers of services in relation to such crypto-assets (crypto-asset service providers). Its objective is to promote safe and sustainable innovation while addressing the risks to consumers, market integrity, financial stability as well as the risks to monetary policy transmission and monetary sovereignty arising from this new class of assets. Article 72 of MiCA provides for the requirements for crypto-asset service providers to implement and maintain effective policies and procedures to identify, prevent, manage and disclose conflicts of interests, as well as to make public those conflicts and the steps taken to mitigate them. More particularly, Article 72(1) of MiCA details the types of conflicts that should be covered by such policies and procedures. Pursuant to Article 72(5) of MiCA, the European Securities and Markets Authority (ESMA) has been mandated, in close cooperation with the European Banking Authority (EBA), to develop draft regulatory technical standards to further specify the requirements for conflicts of interest policies and procedures and the details and methodology for disclosing those conflicts and steps taken to mitigate them. Article 72(5) of MiCA empowers the Commission to supplement the Regulation by adopting the regulatory technical standards in accordance with Articles 10 to 14 of Regulation (EU) No 1095/2010. This delegated act is to be adopted in accordance with Article 72(5) of MiCA and Article 290 of the Treaty on the Functioning of the European Union.
2. CONSULTATIONS PRIOR TO THE ADOPTION OF THE ACT ESMA prepared the draft regulatory technical standards and conducted an open public consultation between 12 July 2023 and 20 September 2023. In total, for all the technical standards consulted in that consultation package – comprising 7 technical standards, ESMA received 36 responses. The responses are available on ESMA’s website.

13 Few respondents were of the view that the crypto-asset markets present heightened risks of conflicts of interests compared to traditional financial markets. To the contrary, some respondents were of the view that there was no reason to apply stricter requirements compared to those applicable to traditional financial markets. One respondent provided a detailed comparison of the draft regulatory technical standards with similar technical standards adopted under Directive 2014/65/EU of the European Parliament and of the Council of 15 May 201413 (MiFiD II). With regard to the specific circumstances, relationships or affiliations that should be covered by the conflicts of interest rules, a large majority of respondents were of the view that no additions should be made to those set out in the draft technical standards. Regarding the types of specific prevention or mitigation measures specified in the draft technical standards, most respondents were of the view that no further prevention or mitigation measures were needed beyond those already present. Few respondents raised concerns that the disclosures to be made in accordance with Article 72(2) of MiCA could represent a risk for crypto asset service providers as they could contain confidential information or reveal too much about the provider’s organisation or structure, which could be exploited for illegal purposes or by the competition. In addition to the public consultation, ESMA asked for the advice of the Securities and Markets Stakeholder Group (SMSG). The SMSG welcomed that ESMA has closely followed the similar technical standards adopted under MiFiD II. The SMSG also supported the clarification in the draft regulatory technical standards that conflicts of interests should either be prevented or managed and that the disclosure of conflicts of interests is not an alternative to the prevention or management of conflicts of interests. Additionally, the SMSG noted that conflicts of interests should preferably be prevented, and managed only if prevention is not possible. In light of the public consultation carried out by ESMA as well as the advice from the SMSG, the Commission proposes to adopt these regulatory technical standards pursuant to Article 72(5) of MiCA. 3. LEGAL ELEMENTS OF THE DELEGATED ACT Article 1 provides for the definitions. Article 2 specifies the types of conflicts of interest potentially detrimental to clients. 13 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU, OJ L 173, 12.6.2014, p. 349–496

14 Article 3 sets out the circumstances that could create conflicts of interest potentially detrimental to the crypto-asset service provider, which are related to the performance of duties and responsibilities of persons connected to it. Article 4 specifies the conflicts of interest policies and procedures to be maintained by crypto￾asset service providers. Article 5 provides for remuneration procedures, policies and arrangements that crypto-asset service providers are required to maintain to prevent conflicts of interest. Article 6 provides the policies and procedures on conflicts of interest in the context of personal transactions to be maintained by crypto-asset service providers. Article 7 lays down the requirements applicable to disclosures of conflicts of interest by crypto￾asset service providers. Article 78 provides for additional requirements related to identifying and addressing the types of conflicts of interest that arise where the crypto-asset service provider provides placing services. Article 89 lays down the date of entry into force of the delegated act.

15 COMMISSION DELEGATED REGULATION (EU) …/... of XXX supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the requirements for policies and procedures on conflicts of interest for crypto-asset service providers and the details and methodology for the content of disclosures on conflicts of interest (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2012 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/193714, and in particular Article 72(5), third subparagraph, thereof, Whereas: (1) When implementing and maintaining the policies and procedures to identify, prevent, manage and disclose conflicts of interest as referred to in Article 72 of Regulation (EU) 2023/1114, crypto-asset service providers should take into account the principle of proportionality to ensure that the conflict of interest policies and procedures are sufficient to achieve the objectives of that Article. In accordance with Article 72(1) of Regulation (EU) 2023/1114, crypto-asset service providers are also to take into account the scale, nature and range of crypto-asset services provided. (2) To ensure that the conflict of interest policies and procedures are in the best interest of the crypto-asset service providers and their clients, those policies and procedures should cover situations that may influence or affect, or that may appear to influence or affect, the ability of crypto-asset service providers or of persons connected to those crypto-asset service providers to exercise their duties or responsibilities objectively and independently, in the interest of clients, and the performance of the entity. 14 OJ L 150, 09.06.2023, p. 40, ELI: http://data.europa.eu/eli/reg/2023/1114/oj.

16 (3) Where the crypto-asset service provider belongs to a group, circumstances related to that fact should be also taken into account. (4) Crypto-asset service providers that are part of a group should therefore appropriately address situations that may give rise to a conflict of interest due to the structure and business activities of other entities within their group. To that end, where a crypto-asset service provider provides, on its own or with other entities of its group, multiple crypto￾asset services and related activities, the conflict of interest policies and procedures should prevent any abuse resulting from concentrated control, management of related-party transactions, including transactions involving affiliated companies. Certain conflicts of interest may, however, be particularly acute and cannot be appropriately prevented or managed through effective policies and procedures or internal systems and controls or prohibitions within the same legal entity. This may be the case, for instance, for conflicts of interest resulting from different crypto-asset services or other activities being provided or conducted by the crypto-asset service provider or within the same group. In such cases, measures going beyond the implementation of effective policies and procedures, systems and controls or prohibitions might have to be taken so as to ensure that risks of damage to clients’ or the crypto-asset provider’s interests will be prevented or appropriately mitigated. Such measures may, for instance, include the segregation of conflicting crypto￾asset services or other activities in separate legal entities with independent management. (5) To prevent conflict of interests detrimental to the crypto-asset service providers, conflict of interest policies and procedures should ensure the careful monitoring of situations where persons connected to the crypto-asset service provider have a personal, professional or a political relationship with another person. Such relationships have the potential to influence the objective judgment of the crypto-asset service provider and connected persons. Personal relationships should include those between relatives by blood or marriage, or social relationships not limited to a formal partnership or marriage. Political relationships should include memberships of political parties, or relationships with government or other public officials. Professional relationships should consist in relationships in a professional setting, including at work or in a business context. (6) In order for the conflict of interest policies and procedures to be effective, crypto-asset service providers should have a transparent organisational and managerial structure, which is consistent with their overall strategy and risk profile, and which is well understood by their management body, affiliated entities, national competent authorities, and clients. (7) The sound governance and management of crypto-asset service providers is fundamental to ensure both their functioning and trust in the financial markets. For those reasons, the conflict of interest policies and procedures should deal with cases where the conflicts of interest could impede the ability of the members of the management body to take objective and impartial decisions in the best interests of the crypto-asset service provider and its clients.

17 (8) The potential and actual conflicts of interest to be taken into consideration by crypto-asset service providers pursuant to Article 72(1) of Regulation (EU) 2023/1114 should be those affecting, or potentially affecting, the interests of clients as well as those affecting or potentially affecting the performance and situation of the crypto-asset service provider as such and thus, indirectly, also affect the interests of clients. (9) To ensure transparency about the measures taken to mitigate identified conflicts of interests, crypto-asset service providers should comply with the requirements to disclose conflicts of interests set out in Article 72(2) of Regulation (EU) 2023/1114. However, to ensure that conflicts of interest policies and procedures meet their objective, crypto-asset service providers should not rely on simply disclosing conflicts of interests as a way to address them. Therefore, they should comply with the requirements of disclosure, but also ensurethe identification, prevention and management of conflicts of interest. (10) The remuneration of staff involved in the provision of crypto-asset services to clients can give rise to conflicts of interest. While crypto-asset service providers are free to determine their remuneration policies in general, they should ensure that their remuneration policies and practices do not create conflicts between the interests of clients and those of the crypto-asset service provider or connected persons and do not impair the ability of connected persons to carry out their duties and responsibilities in an independent and objective manner. To ensure the efficient and consistent application of the conflicts of interest requirements in the area of remuneration, the notion of remuneration should include all forms of payment and financial or non-financial benefits provided directly or indirectly by crypto-asset service providers to persons with an impact, directly or indirectly, on crypto-asset services provided by the crypto-asset service providers or on their corporate behaviour. Remuneration policies implemented in the context of conflict of interest policies should ensure that clients are treated fairly and their interests are not impaired by the remuneration practices adopted by the crypto-asset service providers in the short, medium or long term. (11) Personal trading by connected persons can create situations where personal financial interests may conflict with one’s professional obligations, leading to biased decision￾making. Without appropriate oversight by the crypto-asset service provider through the provisions of conflicts of interest policies and procedures, there is the risk that connected persons might misuse confidential or insider information for personal gain, engage in front-running client trades, or prioritize their interests over those of clients, potentially harming client outcomes and undermining the crypto-asset service provider's obligations under Regulation (EU) 2023/1114, as well as its reputation. Monitoring personal transactions is thus essential for identifying, preventing, managing and disclosing conflicts of interest. The conflicts of interest policies and procedures should also clarify that those personal transactions that may result in infringements of Regulation (EU) 2023/1114 or of other applicable legislation should be prohibited. For instance, personal transactions that would result in a breach of Articles 89 (Insider dealing) or 90 (Prohibition of unlawful disclosure of inside information) of Regulation (EU) 2023/1114 or those that involve the misuse or improper disclosure by a connected person of

18 confidential information relating to clients or transactions with or for clients carried out by that connected person on behalf of the crypto-asset service provider, should be prohibited. (11)(12) In view of appropriate implementation, maintenance and review of conflict of interest policies and procedures, such policies and procedures should ensure that there are adequate and internally independent human resources for the management of conflicts of interest. Staff dedicated to the implementation, maintenance and review of conflicts of interest policies and procedures Those human resources should also have the necessary skills, knowledge and expertise on conflicts of interest. For that reason, the person responsible for the management of conflicts of interest should be able to access and report directly to the relevant internal reporting channel in its management function and, where applicable, in its supervisory function. (12)(13) To ensure that clients can take an informed decision, crypto-asset service providers should keep up-to-date the information disclosed about the general nature and sources of conflicts of interest and the steps taken to mitigate them pursuant to Article 72(2) of Regulation (EU) 2023/1114. Such disclosure should take into account the various types of clients it is addressed to, including the fact that those clients have varying levels of knowledge and experience. (13)(14) Crypto-asset service providers may often operate in a vertically integrated manner or in close cooperation with affiliated entities or entities of the same group. To make clear to clients in what role and capacity the crypto-asset service provider is acting, the disclosures referred to in Article 72(2) of Regulation (EU) 2023/1114 should include a sufficiently detailed, specific and clear description of the situations which give or may give rise to conflicts of interest. That information is particularly relevant in situations where the crypto-asset service provider markets itself engaging in crypto-asset exchange but actually engages in or combines multiple functions or activities, including operating a trading platform in crypto-assets, market-making, offering margin trading, facilitating custody, settlement, lending, borrowing and proprietary trading. To ensure investor protection, prospective clients and clients should have access to the disclosures referred to in Article 72(2) of Regulation (EU) 2023/1114 in a language with which they are familiar. Therefore, crypto-asset service providers should make available such disclosures in all languages used by crypto-asset service provider to market their services or communicate with clients in the relevant Member State. (14)(15) Union law on data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council15 , is applicable to the processing of personal data by crypto-asset service providers, including the information collected through their conflicts of interest policies and procedures. 15 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).

19 (15)(16) In line with the principle of data minimisation as laid down in Regulation (EU) 2016/679, crypto-asset service providers should specify which categories of personal data they will process to identify, prevent and manage the conflicts of interest in their policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114, taking into account the scale, nature and range of crypto-asset services and other activities provided or carried out by the crypto-asset service provider and the group to which it belongs. (16)(17) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council16 and delivered an opinion on 17 July 2024. (17)(18) This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority, in close cooperation with the European Banking Authority. (18)(19) The European Securities and Markets Authority has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council17 , HAS ADOPTED THIS REGULATION: Article 1 Definitions For the purposes of this Regulation, the following definitions apply:

1. ‘connected person’ means any of the persons referred to in Article 72(1), points (a)(i) to (a)(iv), of Regulation (EU) 2023/1114;
2. ‘group’ means a group as defined in Article 2, point (11), of Directive 2013/34/EU of the European Parliament and of the Council18 . 16 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj). 17 Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj). 18 Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182, 29.6.2013, p. 19, ELI: http://data.europa.eu/eli/dir/2013/34/oj).

20 Article 2 Conflicts of interest potentially detrimental to the crypto-asset service provider 3. The policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114 to identify, prevent, manage and disclose conflicts of interests potentially detrimental to the crypto-asset service provider shall specify the circumstances which are capable of directly or indirectly affecting the objectivity and impartiality of the connected persons in exercising their duties and responsibilities. Such policies and procedures shall take into account, at least, situations or relationships where a connected person: (a) has an economic interest in a person, body or entity with interests conflicting with those of the crypto-asset service provider; (b) has a present relationship with a person, body or entity that has interests conflicting with those of the crypto-asset service provider that could be of a personal, professional or political nature or had that relationship within the previous 3 years, starting from when the assessment is made; (c) carries out conflicting tasks or activities, is entrusted with conflicting responsibilities or is hierarchically supervised by a person in charge of conflicting functions or tasks. 4. For the purposes of identifying the persons, bodies or entities with conflicting interests to those of crypto-asset service providers, crypto-asset service providers shall take into account, at least, whether that person, body or entity: (a) is likely to make a financial gain, or avoid a financial loss, at the expense of the crypto-asset service provider; (b) has an interest in the outcome of a crypto-asset service provided or an activity carried out by the crypto-asset service provider, which is distinct from the crypto-asset service provider’s interest in that outcome; (c) carries out the same business as the crypto-asset service provider or is a client, consultant, adviser, delegatee, outsourcee, service provider or other supplier (including subcontractors) of the crypto-asset service provider and there are demonstrable grounds that there may be a conflict of interests with the crypto￾asset service provider. 5. For the purposes of paragraph 1, point (a), crypto-asset service providers shall take into account situations where the connected person that is a member of the management body, employee of the crypto-asset service provider or a shareholder or member that has a qualifying holding in the crypto-asset service provider: (a) holds shares, tokens (including governance tokens), other ownership rights or membership in that person, body or entity; (b) holds debt instruments of or has other debt arrangements with that person, body or entity;

21 (c) has any form of contractual arrangements related to the activities regulated under Regulation (EU) 2023/1114 with that person, body or entity. 6.1. Conflict of interest policies and procedures shall ensure that transactions resulting in a position in or exposure to a crypto-asset effected by or on behalf of a connected person are subject to close scrutiny and monitoring where at least one of the following criteria are met: (a) the connected person is acting outside the scope of the activities that the connected person carries out in its professional capacity; (b) the transaction is carried out for the account of any of the following persons: (i) the connected person; (ii) any person with whom a connected person has a family relationship or close links as referred to in Article 3(1), point (31), of Regulation (EU) 2023/1114; (iii) a person in respect of whom the connected person has a direct or indirect material interest in the outcome of the transaction, other than obtaining a fee or commission for the execution of the transaction. For the purposes of the first subparagraph, point (b)(ii), person with whom aconnected person has a family relationship shall mean any of the following: (c)(a)the spouse of the connected person or any partner of that person considered by national law as equivalent to a spouse; (d)(a)a dependent child or stepchild of the connected person; (e)(a) any other relative of the connected person who has shared the same household as that person for at least 1 year during the 5 years preceding the date of the personal transaction concerned. Article 3 Conflicts of interest potentially detrimental to clients For the purposes of identifying the conflicts of interest that arise when providing crypto-asset services and that may damage the interests of clients, crypto-asset service providers shall take into account whether the crypto-asset service provider or any connected person: (a) is likely to make a financial gain, avoid a financial loss, or receive another benefit, at the expense of the client; (b) has an interest in the outcome of a crypto-asset service provided to the client or of a transaction carried out on behalf of the client, which is distinct from the client’s interest in that outcome;

22 (c) has a financial or other incentive to favour the interest of one or more clients over the interests of another client; (d) carries out the same business as the client; (e) receives or will receive from a person other than the client an inducement in relation to a service provided to the client, in the form of monetary or non-monetary benefits or services. Article 4 Conflict of interest policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114

1. The conflict of interest policies and procedures shall be set out in writing and shall take into account: (a) the scale, nature and range of crypto-asset services and other activities provided or carried out by the crypto-asset service provider; (b) where the crypto-asset service provider is a member of a group, any circumstances which may give rise to a conflict of interest due to the structure and business activities of other entities within the group. Where policies and procedures as well as internal systems and controls are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of clients or the crypto-asset service provider will be prevented or appropriately mitigated, other additional specific measures shall be decided on and put in place to prevent or manage the relevant conflicts of interest, which could not have been managed appropriately within the adopted policies and procedures either within the same legal entity or at the level of the group. Where this has been the case, the crypto￾asset service provider shall also update the policies and procedures accordingly.
2. The management body of the crypto-asset service provider shall be responsible for the definition, adoption, implementation of those policies and procedures. It shall periodically assess and review their effectiveness and address any deficiencies in that respect.
3. Crypto-asset service providers shall establish effective internal channels to inform and provide ongoing access to employees and members of the management body of their conflict of interest policies and procedures and provide appropriate updated training on those conflict of interest policies and procedures.
4. The conflict of interest policies and procedures shall include: (a) in relation to any crypto-asset service or activity provided by the crypto-asset service provider or carried out on its behalf by a consultant, adviser, delegatee or outsourcee, a description of the circumstances which may give rise to a conflict of interest as referred to in Articles 2 or 3;

23 (b) the processes to be applied in order to identify, prevent, manage, and disclose the conflicts of interest referred to in Articles 2 and 3; (c) a clear reference to the organisational and managerial structure of the crypto￾asset service provider. 5. The conflict of interest policies and procedures shall take into account the risk of damage to the interests of one or more clients or the interests of the crypto-asset service provider. 6. The processes referred to in Article 4(4), point (b), shall include at least the following elements: (a) measures to report and communicate promptly to the designated internal reporting channel any matter that may result, or has resulted, in a conflict of interest; (b) measures to prevent and control the exchange of information between connected persons engaged in activities involving a risk of a conflict of interest where the exchange of that information may harm the interests of one or more clients; (c) the separate internal oversight of connected persons whose principal functions involve carrying out activities on behalf of, or providing services to, clients whose interests may conflict with each other or with the interests of the crypto￾asset service provider; (d) the removal of any direct link between the remuneration provided to the crypto￾asset service provider’s employees, delegatees, outsourcees, subcontractors or members of the management body principally engaged in one activity and the remuneration of, or revenues generated by, different employees, delegatees, outsourcees, subcontractors or members of the management body of the crypto￾asset service provider principally engaged in another activity, where there are demonstrable grounds that a conflict of interest may arise in relation to those activities; (e) measures to ensure that connected persons who perform outside business activities related to the crypto-asset service provider are prevented from having inappropriate influence within the crypto-asset service provider regarding those activities; (f) measures to prevent or control the simultaneous or sequential involvement of a connected person in separate crypto-asset services or activities where such involvement may impair the proper management of conflicts of interest; (g) measures to ensure that conflicting activities or transactions are entrusted to different persons; (h) measures to establish the responsibility of the members of the management body to inform other members of and abstain from voting on any matter where that member has or may have a conflict of interest;

24 (i) measures to prevent members of the management body from holding management positions in competing crypto-asset service providers outside of the same group; (j) measures to prevent and control the exchange of information between connected persons engaged in activities involving a risk of a conflict of interest where the exchange of that information may affect the performance of such connected person’s responsibilities to the crypto-asset service provider. 7. The crypto-asset service provider shall ensure theat conflicts of interest policies and procedures referred to in paragraph 3, point (b), provide reasonable reassurance that the risks of damage to the interests of the crypto-asset provider or its clients will be prevented or appropriately mitigated. 8. The conflicts of interest policies and procedures shall ensure that adequate resources, including adequate and independent human resources are dedicated by the crypto-asset service provider to their implementation, maintenance and review, including the appointment of a person that is responsible for the identification, prevention, management and disclosure of conflicts of interest. That person shall have the authority necessary to discharge their responsibilities appropriately and independently and shall report directly to the management body. Where that person has been entrusted with other roles or functions, those shall be appropriate given the scale, nature and range of crypto-asset services and other activities of the crypto-asset service provider, and shall not compromise the independence and objectivity of that person. The conflict of interest policies and procedures shall define the skills, knowledge and expertise necessary for staff in charge of the responsibilities referred to in the first subparagraph and shall provide for such staff to have access to all relevant information for the discharge of their responsibilities. 9.1. In relation to the transactions referred to in Article 2(4), the policies and procedures shall ensure that: (k)(a)with respect to the decision to execute such transactions: (i) such transactions are identified by or notified to the person responsible for the management of conflicts of interest before a decision on the execution of the transaction and its conditions is taken and that such transactions are documented; (ii) decisions to enter into such transactions are taken objectively, in the interest of each party; (iii) the conditions for the transaction are equivalent to the conditions that would have applied between independent parties for the same transactions in the absence of a conflict of interest.

25 (l)(a) decision-making processes for entering into those transactions are set out and that thresholds, expressed as the volume of the transaction, above which such a transaction requires the approval by the management body are established; (m)(a) employees and members of the management body are aware of the rules applied on those transactions, and of the measures established by the crypto￾asset service provider in relation to them; (n)(a)the crypto-asset service provider is informed promptly of any of those transactions; (o)(a)a record is kept of the transaction identified or notified to the crypto-asset service provider, specifying the date and time of the transaction, the conditions, its volume, the counterparty and any authorisation or prohibition in connection with that transaction. Article 5 Policies and procedures on conflict of interest in the context of remuneration

1. In their conflict of interest policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114, crypto-asset service providers shall define and implement remuneration policies and procedures taking into account the interests of all their clients in the short, medium and long term. For the purposes of this article, remuneration shall be understood as any form of payment or other financial or non-financial benefits provided directly or indirectly by crypto-asset service providers in connection with the provision of crypto-asset services to clients.
2. Crypto-asset service providers shall ensure that the remuneration policies and procedures referred to in paragraph 1: (a) do not create a conflict of interest or incentive that may lead the persons to whom they apply to favour their own interests or the crypto-asset service provider’s interests to the potential detriment of any client or that may lead the persons to whom they apply to favour their own interests to the detriment of the crypto￾asset service provider; (b) appropriately mitigate conflicts of interest which may be caused by the award of variable remuneration and underlying key performance indicators and risk alignment mechanisms, including the pay out of instruments to employees or management body as part of the variable or fixed remuneration.
3. Crypto-asset service providers shall ensure that their remuneration policies and procedures referred to in paragraph 1 apply to all of the following: (a) their employees and any other natural person whose services are placed at the disposal and under the control of the crypto-asset service provider and who is

26 involved in the provision of crypto-asset services by the crypto-asset service provider; (b) members of their management body; (c) any natural person directly involved in the provision of services to the crypto￾asset service provider under an outsourcing arrangement for the purpose of the provision of crypto-asset services by the crypto-asset service provider. 4. The crypto-asset service provider’s remuneration procedures, policies and arrangements shall apply to persons referred to in paragraph 3 that have an impact, directly or indirectly, on crypto-asset services provided by the crypto-asset service providers or on its corporate behaviour, regardless of the type of clients, and to the extent that the remuneration of such persons and other relevantincentives may create a conflict of interest that encourages them to act against the interests of any of the crypto-asset service provider’s clients or to favour their own interests to the detriment of the crypto-asset service provider. Article 6 Policies and procedures on conflicts of interest in the context of personal transactions

1. Conflict of interest policies and procedures shall ensure that transactions resulting in a position in or exposure to a crypto-asset effected by or on behalf of a connected person are subject to close scrutiny and monitoring where at least one of the following criteria are met: (a) the connected person is acting outside the scope of the activities that the connected person carries out in its professional capacity; (b) the transaction is carried out for the account of any of the following persons: (i) the connected person; (ii) any person with whom a connected person has a family relationship or close links as referred to in Article 3(1), point (31), of Regulation (EU) 2023/1114; (iii) a person in respect of whom the connected person has a direct or indirect material interest in the outcome of the transaction, other than obtaining a fee or commission for the execution of the transaction. For the purposes of the first subparagraph, point (b)(ii), person with whom aconnected person has a family relationship shall mean any of the following: (c) the spouse of the connected person or any partner of that person considered by national law as equivalent to a spouse; (d) a dependent child or stepchild of the connected person;

27 (e) any other relative of the connected person who has shared the same household as that person for at least 1 year during the 5 years preceding the date of the personal transaction concerned. 2. In relation to the transactions referred to in Article 2(4)paragraph 1, the policies and procedures shall ensure that: (a) with respect to the decision to execute such transactions: (i) such transactions are identified by or notified to the person responsible for the management of conflicts of interest before a decision on the execution of the transaction and its conditions is taken and that such transactions are documented; (ii) decisions to enter into such transactions are taken objectively, in the interest of each party; (iii) the conditions for the transaction are equivalent to the conditions that would have applied between independent parties for the same transactions in the absence of a conflict of interest. (b) decision-making processes for entering into those transactions are set out and that thresholds, expressed as the volume of the transaction, above which such a transaction requires the approval by the management body are established; (c) employees and members of the management body are aware of the rules applied on those transactions, and of the measures established by the crypto-asset service provider in relation to them; (d) the crypto-asset service provider is informed promptly of any of those transactions; (e) personal transactions resulting in the infringement of Regulation (EU) 2023/1114 or of applicable legislation are prohibited; (f) a record is kept of the transaction identified or notified to the crypto-asset service provider, specifying the date and time of the transaction, the conditions, its volume, the counterparty and any authorisation or prohibition in connection with that transaction. Article 76 Disclosures by the crypto-asset service provider as referred to in Article 72(2) of Regulation (EU) 2023/1114

1. The disclosures made in accordance with Article 72(2) of Regulation (EU) 2023/1114 shall contain a detailed, specific and clear description of: (a) the services, activities or circumstances giving rise, or which may give rise, to conflicts of interest as referred to in Article 2(1) and Article 3(1), including the

28 role and capacity in which the crypto-asset service provider is acting when providing the crypto-asset service to the client; (b) the nature of the conflicts of interest identified; (c) the risks identified in relation to the conflicts of interest referred to in Article 2(1) and Article 3(1); (d) the steps and measures taken to mitigate the identified conflicts of interest. 2. The disclosures referred to in paragraph 1 shall not be considered as a sufficient way to manage and mitigate conflicts of interest. 3. Crypto-asset service providers shall make available to their clients the information referred to in paragraph 1 at all times in a prominent place on their website and in formats available on any device through which the crypto-asset service is provided to the client. Where the crypto-asset service provider makes such disclosures on the relevant device, the crypto-asset service provider shall also provide a link to the same disclosures made on its website. 4. Crypto-asset service providers shall keep the information referred to in Article 72(2) of Regulation (EU) 2023/1114 updated at all times. 5. For the purposes of the disclosure referred to in paragraph 2, crypto-asset service providers shall keep up-to-date records of all situations giving rise to actual and potential conflicts of interest, including the relevant crypto-asset services or activities, and of the measures taken to prevent or manage such conflicts in the relevant situations. The records shall be kept for a period of 5 years. 6. Crypto-asset service providers shall make the disclosures available in all languages used by them to market their services and to communicate with their clients in the relevant Member State. Article 87 Additional requirements in relation to placing

1. For the purposes of identifying the types of conflict of interest that arise where the crypto-asset service provider provides placing services, crypto-asset service providers shall take into account, without prejudice to Article 79(2) of Regulation (EU) 2023/1114, the following situations: (a) the crypto-asset service provider is also offering pricing services in relation to the offer of crypto-assets; (b) the crypto-asset service provider is also providing execution of orders for crypto￾assets on behalf of clients and research services; (c) the crypto-asset service provider is placing crypto-assets of which itself or an entity from its group is the issuer.

29 2. Crypto-asset service providers shall establish, implement and maintain internal arrangements to ensure all of the following: (a) that the pricing of the offer does not promote the interests of other clients of the crypto-asset service provider or the crypto-asset service provider’s own interests, in a way that may conflict with the issuer client's interests; (b) that the pricing of the offer does not promote the interests of the issuer client’s, the crypto-asset service provider’s own interests or the interests of a connected person, in a way that may conflict with other clients’ interests; (c) the prevention of a situation where persons responsible for providing services to the crypto-asset service provider's investment clients, or deciding which products should be included in the list of products offered or recommended by the crypto-asset service provider, are directly involved in decisions about pricing to the issuer client; (d) the prevention of a situation where persons responsible for providing services to the crypto-asset service provider’s investment clients are directly involved in decisions about recommendations to the issuer client on allocation; (e) the prevention of the exercise of staking rights without prior consent of the investment client. 3. Crypto-asset service providers shall have in place a centralised procedure to identify all their placing operations, including the date on which the crypto-asset service provider was informed of potential placing operations. Article 98 Entry into force This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, For the Commission The President Ursula VON DER LEYEN