In May 2019 (in accordance with the Pacte Act) and November 2019 (in accordance with Decree n°2019-1213), France established a new regime for primary market (ICOs) and secondary market (service providers) activities relating to digital assets. Although it is partially inspired by the investment service regime deriving from MiFID2, the new regime is intended to find the right balance between flexibility and proportionality on the one hand and adequate protection of clients and investors on the other hand.
These considerations led to an optional regime (except for custody and fiat-related activities), where registration is not an obligation but an option left to participants wishing to have a regulatory label demonstrating their compliance with a minimum of transparency (ICOs) and organizational rules (service providers). The AMF was given responsibility for finalizing and detailing the provisions of the new regime. This effort is reflected in new Title II of Book VII titled "Service Providers on Digital Assets" and two instructions (DOC 2019-23 and DOC 2019-24).
New Title II
The new Title II provides for the rules applicable for any registration with the AMF and the specific rules applicable, depending on the services provided.
- The information requested within the application for registration is standard: a description of the entity applying and its organization, activities to be carried on with technical and human resources, etc.
- An insurance policy must be entered into with a minimum guarantee of €400,000 per failure and €800,000 per year.
- In order to comply with new requirements deriving from AML directive n°2018/843 (extending current AML EU regulations to activities on virtual currencies), robust procedures and processes must be implemented to manage money laundering risks.
- Custody activities on digital assets or trading of digital assets against fiat currency or other digital assets are subject to additional obligations, which are similar to the ones applicable to securities custodians or securities traders (and aimed at ensuring proper recordkeeping of the assets and a sort of best execution of trades).
Instruction DOC 2019-23
This instruction provides practical requirements for the registration application to be filed with the AMF. Such application must contain:
- Information relating to the applicant;
- Information on the planned activities;
- Information relating to shareholders and executive officers;
- Information relating to AML procedures and systems; and
- Information relating to capital requirements; these requirements are based on the highest amount calculated alternatively on: (i) general cost and expenses; (ii) a minimum predetermined capital (€50,000 or €150,000 depending on the type of services provided); and (iii) business volume (calculated on assets held (if any) and volume of trades).
Instruction DOC 2019-24
This instruction provides specific rules related to cybersecurity.
General requirements are applicable to any kind of business relating to digital assets:
- Storage and recording for a five-year period of any information on any type of transaction; and
- Full responsibility in the case of using outsourcing providers.
In addition, some requirements are applicable for most other activities involving digital assets, depending on the type of activity:
- Setting up of a cybersecurity program (resources, controls, procedures); and
- Minimum technical requirements (security of electronic components and web applications, robustness of authentication processes, security audit to be performed, etc.).
Specific requirements or recommendations are added for the custody of digital assets. These may include using a cold wallet (not connected to the internet) or favoring multiple signatures to authorize a transaction, or discretionary management with access to the wallet under management restricted to the asset manager (and not to the client) in order to hold the manager exclusively liable for the transactions entered into on behalf of the client.