The impact of European legislation on the Dutch crypto industry

The crypto sector is on the brink of significant changes due to the introduction of MiCAR (Markets in Crypto Assets Regulation) and DORA (Digital Operational Resilience Act). What effect will this have on the operations of Dutch crypto companies?

This article is partly based on the episode 'Compliance in de Cryptowereld' of the podcast Compliance Adviseert, featuring Sanne de Gier, Chief Legal & Compliance Officer at Amdax.

MiCAR and DORA

The final part of MiCAR came into effect on December 30, 2024, introducing a licensing requirement for crypto companies across the European Union. This aims to professionalize the sector and better protect consumers. The regulation is largely based on MiFID, a well-known directive for traditional financial markets. Key aspects include:

• Consumer protection: Always acting in the client's best interest.

• Capital requirements: Companies must maintain sufficient reserves to ensure continuity.

• Conflicts of interest: Identification and mitigation of conflicts are mandatory, as well as transparency about them.

• Market abuse policy: Strict rules to counter manipulation and abuse.

• Complaint procedures: Customers must be able to easily file and have complaints processed.

• Ongoing supervision: Crypto companies will come under the supervision of the Autoriteit Financiële Markten (AFM).

In addition to MiCAR, DORA came into effect on January 17, 2025. This legislation focuses on strengthening digital security for all financial institutions. For crypto companies, this means:

• Business continuity: Ensuring systems and processes can continue to run and sufficient backups are in place.

• ICT risk management: Identifying and mitigating technological risks.

• Contractual obligations: Stricter requirements for collaborations with external ICT providers.

• Testing procedures: Regular checks to keep systems robust.

A particular challenge is dealing with non-European suppliers unfamiliar with DORA. This requires close cooperation and sometimes adjustments to contracts.

While both MiCAR and DORA have come into effect, there is still a transition period for MiCAR where existing crypto companies with a pending application have until mid-year to obtain the license.

Professionalization and Consolidation

The new regulations, especially MiCAR, are seen as a step towards professionalizing the crypto sector. This is generally viewed positively as it better protects customer interests. However, the question arises whether all parties in the Netherlands can meet these requirements. This leads to a 'survival of the fittest' scenario.

The regulations are so far-reaching that it may become unfeasible for smaller parties to obtain a MiCAR license in the future, due to the high costs and efforts involved. This could lead to reduced competition in the market.

The ongoing costs, particularly the supervisory costs that must be borne by the sector itself, can be quite high. If these costs are divided among only a small number of crypto service providers, this can form a heavy financial burden.

This leads to consolidation in the market, with smaller players being taken over or ceasing their activities.

Disproportionate requirements

According to De Gier, some requirements are disproportionate. For example, MiCAR mandates the use of LEI codes (Legal Entity Identifiers) for customers, while these were originally intended for other purposes such as transaction reporting. This also leads to additional costs without clear benefits.

Differences between MiCAR and MiFID

MiCAR and MiFID are very similar, but there are also differences, De Gier explains. An important difference is that MiCAR does not require a product approval process, which is the case with MiFID.

Additionally, there are differences in how conflicts of interest must be disclosed. Under MiCAR, all conflicts of interest must be disclosed, regardless of the risk to clients, while under MiFID this is only necessary when there is a high risk of harm to clients.

The Ball is in the Court of Traditional Financial Institutions

De Gier sees traditional financial institutions becoming more involved in crypto.

Institutional parties are keeping a close eye on everything that's happening. For traditional financial institutions, the step towards crypto services is much simpler from a regulatory perspective, for example by starting the notification procedure under MiCAR.

However, the real challenge lies in the willingness of these financial institutions to make this strategic choice. Many parties remain hesitant, but De Gier expects that the integration of crypto services at traditional financial institutions is inevitable.

"I think it's going to happen anyway, and then you'll see who is progressive and who is too slow," says De Gier. "They will then have to solve that in a different way afterwards, for example by acquiring a party that has already arranged it."