The French Regulatory Framework for Markets in Crypto-Assets
Cet article n’est disponible qu’en anglais. This article is an introduction to the regulatory framework for crypto-assets as implemented in France as of the date of publication. It will be updated regularly according to the last evolutions of this framework. The content below is provided for your information only and is not to be considered as legal advice. Please direct all comments to [email protected].
“Digital assets” under French legislation
Promulgated on 22 May 2019, French legislation for markets in digital assets (the “PACTE law”) establishes an innovative regulatory framework for some crypto-assets industry actors and their supervision by French financial regulators, the Financial Markets Authority (Autorité des marchés financiers – AMF) and Prudential Supervision and Resolution Authority (Autorité de contrôle prudentiel et de résolution – ACPR).
In the scope are token issuers (see Section II.) and digital assets service providers (DASP), so-called Prestataire de service sur actifs numériques or PSAN in French (see Section III.)
Digital assets in the sense of French law encompass two types of assets: tokens, defined by French law, and virtual currencies, defined in the European regulations on Anti-Money Laundering and Combating the Financing of Terrorism (AMLD5).
Digital assets are defined[mfn]Art. L. 54-10-1 of the French Monetary and Financial Code[/mfn] as:
“1° The tokens mentioned in article L. 552-2, excluding those fulfilling the characteristics of the financial instruments mentioned in article L. 211-1 and the “bons de caisse” mentioned in article L. 223 -1;
2° A digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically”.
Tokens are defined[mfn]Article L. 552-2 of the French Monetary and Financial Code[/mfn] as “any intangible asset representing, in digital form, one or more rights that can be issued, registered, stored or transferred by means of a shared electronic recording device making it possible to identify, directly or indirectly, the owner of said asset”.
Therefore digital assets explicitly exclude security tokens.
Regulatory framework for token issuers
The first brick of the French legislation for markets in digital assets is the optional visa for token issuers. This “ICO visa” is granted by the French Financial Markets Authority (AMF).
Aside from the visa regime, the AMF has also launched in 2017 its UNICORN (Universal Node to ICO’s Research & Network) program to support blockchain project wishing to raise funds using an ICO and to conduct research on these operations in order to develop their expertise and better understand the impact of token offerings on the economy and their implication on the protection of both token issuers and holders.
What is an optional visa?
Optional means that token issuers can – but are not required to – apply for this visa with the AMF. With or without this visa, token issuers will be authorised to sell their tokens to the French public.
How is the credibility of the visa guaranteed?
Even if this is an optional visa, the AMF has some prevention-based method of abuse. First, they can withdraw a visa – temporarily or definitively – if the issuer no longer complies with the underlying requirements. Second, the AMF holds both a “white list” of ICOs who obtained the AMF approval and a “blacklist” of ICOs that have had their approval withdrawn or have published misleading information about the issue of the approval. Lastly, the AMF can “name and shame” any issuer who communicates unfair, unclear or misleading information to the public regarding the ICO visa issuance or its implications.
Are all token issuers eligible for the visa?
The visa is open to token issuers that meet all the following conditions:
- their tokens meet the French legal definition;
- they are established or registered in France as a legal person;
- they sell their tokens to 150+ potential subscribers acting on their own behalf; and
- they apply for the visa before the issuance.
What are the underlying requirements that with which token issuers must comply?
The French Financial Markets Authority (AMF) can issue a visa for an offering when the token issuer complies with some underlying requirements, mainly relating to the content of the white paper and promotional marketing materials, the monitoring and safeguarding of the assets (both legal money and digital assets) collected all along with the ICO and anti-money laundering and counter-financing of terrorism.
Information covered white paper
- Presentation of the issuer(s)
- Presentation of the project
- (Non-technical) features of the ICO
- Technical features of the ICO
- Rights associated with tokens
- Risk factors
- Custody and return of assets collected
- AML-CFT arrangements
- Applicable law and competent jurisdiction
- Certificate of conformity for the content of the white paper
The visa is related to an offer, not an issuer: if an issuer wants to launch several ICOs stamped by the AMF, he will need one visa per offer.
If it is optional, why would one apply for the visa?
This visa is optional, meaning that token issuers are not prohibited to launch their ICO to the French public if they do not ask for the visa or do not obtain it. However, the visa provides some benefits.
The most relevant one is the unrestricted access to banking services: token issuers that have been granted a visa cannot be refused access to deposit and payment account services by credit institutions. When such a refusal happens, or if no answer is received after 2 months, credit institutions must provide the AMF and the ACPR (the French banking supervisor) with the justifications for this refusal. The ACPR can then offer actors the possibility to ask the French Central Bank for appointing one credit institution, that will be required to provide the services.
Another advantage is that the visa can be perceived as a comparative competitive advantage. Indeed, the visa may become one element in the decision-making of potential token buyers.
Finally, ICOs that have been approved by the AMF are granted the authorisation to be marketed directly to the French public.
However, it should be noted that the visa only guarantees that the token issuer complies with the requirements of the AMF. The authority does not examine the appropriateness of the project, nor authenticate information, nor verify the smart contract. Moreover, when the AMF issues a visa, the white paper must inform potential token buyers of the risks arising from such operations through a “general warning notice.”
What is the procedure to obtain an ICO visa?
The token issuer applies for the ICO visa by filing a request with all the necessary elements.
The AMF has a 20-days delay to answer after receiving a complete file. If no answer is provided in the delay, the visa is granted.
What are the post-visa requirements that token issuers must respect?
Once the AMF grants its visa, the white paper is published online by both the issuer – within 2 days – and the AMF that updates the “white list” of ICOs published on its website. The white paper is valid for 6 months following the visa grant and during the whole duration of the ICO.
After issuing tokens, issuers must provide their underwriters with additional information:
- assets collected from the ICO 2 days maximum after the end of the ICO: total assets collected, number of tokens issued, token allocation between categories of owners, total assets collected and already used / sold (when appropriate);
- annual information to clients on the use of assets collected, and;
- (if any) secondary market options.
Regulatory framework for digital assets service providers
The second brick of the French legislation for markets in digital assets is the regulation of digital asset service providers to regulate the secondary market and peripheral services for subscribers of digital assets.
To this end, the law establishes a list of nine “services on digital assets”. They are widely inspired by investment services subject to European financial regulations and mirror closely activities and operations that virtual asset service providers (VASPs) conduct under the definition given by the Financial Action Task Force (FATF) in their Recommendations[mfn] “Virtual asset service provider means any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: i) exchange between virtual assets and fiat currencies; ii) exchange between one or more forms of virtual assets; iii) transfer of virtual assets; iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.” [/mfn].
Article L. 54-10-2 of the French Monetary and Financial Code defines “crypto-asset services” as:
- 1° Custody of crypto-assets (“crypto-custody”)
- 2° Buying or selling crypto-assets against legal money (“crypto-fiat exchange”)
- 3° Exchange of crypto-assets with other crypto-assets (“crypto-crypto exchange”)
- 4° Operation of a crypto-asset trading venue
- 5° Other services on crypto-assets such as:
- RTO on behalf of clients
- Portfolio management
- Investment advice
- Underwriting on a firm commitment basis
- Placing on a firm commitment basis
- Placing without a firm commitment basis.
The regulation of digital assets service providers (so-called DASPs, or PSAN in French) is based on two regimes:
- the mandatory registration of providers of services 1° and 2° (crypto-custodians and crypto-fiat service providers) ;
- the optional license of any digital asset service provider that requests it and meets underlying requirements.
So if all DASPs can – but are not forced to – ask the AMF for the optional license, crypto-custodians and crypto-fiat exchanges must register with the Authority.
⚠️ Crypto-crypto service providers and operators of digital assets trading platforms will also fall in the mandatory registration regime by 2021
Mandatory registration for DASPs
Do DASPs have an obligation to register with the AMF?
When not registered, crypto-custodians and crypto-fiat service providers are prohibited from providing their activities (see sanctions below).
Those DASPs must be registered prior to providing their services.
Crypto-custodians and crypto-fiat service providers that started their activity before 24 May 2019 have to register with the AMF no later than 18 December 2020.
⚠️ Crypto-crypto service providers and digital assets trading venues must register before June 10, 2021.
Must DASPs located outside of France register with the AMF?
All the DASPs in the scope of the French DASP regime that carry on their activity on the French territory must be registered with the AMF.
This includes two scenarios:
- when they are established in France;
- when they provide services to clients who are resident or established in France.
The AMF has set a list of criteria to determine which company could fall under the latter situation in a Q&A document (see 3.2), among them: postal address or telephone numbers in France, a .fr domain name, business or marketing premises in France, promotional communication sent to clients who are resident or established in France, etc.
DASPs that must register with the AMF are not subject to an obligation of establishment in France: they can be established in another country that belongs to the European Union or in the European Economic Area (EEA), as long as they follow the registration procedure with the AMF.
What are the underlying requirements with which registered DASPs are obligated to comply?
Registered DASPs must comply with the following provisions:
- honourability and competence of managers;
- honourability, competence and sound and careful management by individuals that have a supervisory power, and;
- application of Anti-Money Laundering and Combating the Financing of Terrorism (AML-CFT) measures.
Among AML-CFT regulatory requirements, the issuer must define and put in place a system to ensure compliance with KYC obligations regarding their clients; a system to assess and monitor ML-FT risks, and comply with assets freeze requirements (when appropriate).
Does the registration provide DASPs with specific rights?
The promising benefit to be registered with the AMF – giving the strong requirements to meet, in particular AMLD5 – was the unrestricted access to banking services. Like token issuers whose ICO gets a visa, DASPs registered with the AMF should not be refused access by credit institutions to deposit and payment account services.
But in practice ? For now, credit institutions still show reluctance to engage into business relationships with players involved in digital assets activities, even if a DASP is registered with the AMF. Adan is committed to find a solution to this situation and is able to help.
When they refuse or do not answer to the actor’s request after a 2 months delay, credit institutions must provide the AMF and the ACPR with the reasons for this refusal. The ACPR can offer actors the possibility to ask the French Central Bank for appointing one credit institution to provide required services.
What is the registration procedure?
There are two distinct procedures for registration.
For crypto-custodians and crypto-fiat service providers, the AMF will check that the prospective DASP complies with all requirements, first AMLD5. The AMF will collect the assent of the French banking supervisor (ACPR).
By 6 month after the prospective DASP sends its complete application to the AMF, silence is deemed to signal acceptance.
Once registered, crypto-custodians and crypto-fiat service providers are added to the DASP white list held by the AMF.
For crypto-crypto service providers and digital assets trading facilities, there’s no pre-approval process by the AMF. The registration process only involves the filing of a complete file to the AMF. Once registered, those service providers are added to the DASP white list held by the AMF.
What happens if a DASP does not register?
If the activity of a DASP falls into the scope of the mandatory registration and the company does not comply, if incorrect or incomplete information was submitted, or if the company fails to implement the KYC/AML measures described in the file, the sanctions are set forth as follows:
|Not declaring to the AMF changes in business conduct that would have an impact on the registration or communication of incomplete informations
|1 year of imprisonment
|Not registering with the AMF or pretending to be registered when it’s not the case
|2 years of imprisonment
|Non-cooperation or unwilling cooperation with the AMF in the conduct of their oversight mission
|1 year of imprisonment
|Infringement of registration obligations
|reprimand or warning, possibly with penalty
|up to €5,000,000
|Infringement of AML-KYC policies
|reprimand or warning, possibly with penalty
|up to €5,000,000
|Plus: where there’s a direct and personal responsibility of the directors and/or executive in charge of the implementation of KYC/AML policies in the non-conformity.
|Prohibition from exercising an executive position for the director (up to 10 years) and / or prohibition from exercising management functions for the executive in charge of implementing the AML-KYC (up to 5 years)
|up to €5,000,000
Optional license of DASPs
What does “optional license” mean?
DASPs can – but are not required to – get the DASP license. Even without the license, DASPs are not prohibited from providing their services (except for crypto-custodians and crypto-fiat service providers, see §III.1 above).
Are all DASPs eligible for the license?
Yes: the scope of DASPs that are eligible to the AMF’s license is broader than all other PACTE’s regulatory mechanisms.
To be able to ask for the license, actors must:
- exercise one of the activities described in §III above;
- be established as a company (subsidiary or branch) in France.
What are the conditions required to apply?
To get the license, DASPs must comply with a common package or rules for all service providers, but also to some specific rules depending on services that they offer.
The common rules are the following:
- General information, notably: name, address, contact point, list of services that will be provided with and without a license, identity of shareholders and (natural or legal) persons who can exercise a significant influence over the management of that company, incorporation document;
- Financial information, notably: the current financial position of the applicant, forecast data, financial statements for existing companies;
- Having a professional liability insurance or respect specific capital requirements;
- Safety and internal control system;
- Resilient and secure IT system;
- Conflicts of interest management system;
- Fair, clear and not misleading information provided to clients (including concerning risks related to crypto-assets);
- Publication of their pricing policy;
- Efficient claim management policy.
Then, depending on the service they provide, DASPs that apply for the license must meet specific conditions:
|Digital asset service
|Crypto-fiat and crypto-crypto service providers
|crypto-asset trading venue
|RTO and portfolio management
|Underwriting and placing
If it is purely optional, why apply for the license?
DASPs that got the AMF license benefit from the unrestricted access to banking services and are authorised to market their services directly to the general public.
Moreover, the license can constitute a guarantee of credibility and a business positioning for actors.
What is the procedure to obtain the DASP license?
The AMF will check that the prospective DASP complies with all underlying requirements. If they need it, they can consult the National Cybersecurity Agency of France (ANSSI). By 6 month after the prospective DASP sends its complete application to the AMF, silence is deemed acceptance.
Once they are granted the license, DASPs are added to the DASP whitelist held by the AMF.
Are there sanctions associated with this optional regime?
Yes. If you are granted a license with the AMF, you must operate in the way described in the file that you have submitted to the regulator.
Failure to do so will result in harsh sanctions (up to 5 years of imprisonment and €375,000 fine, or harsher sanctions where the KYC/AML dispositions are not respected).