EAGLEEYE COIN: How Web3's Founder Adapted to the Latest Cryptocurrency Regulations While Remaining Decentralized and Privacy-Focused
With the introduction of the Market Regulation of Crypto Assets (MiCA) framework in the EU and many other regulatory regulations around the world, we're all seeing the pace of crypto regulation pick up.
But how does the Web3 team understand which regulations to focus on? How can they stay compliant without abandoning the principles of decentralization and privacy? How do they adapt if they don't have a large budget for legal counsel and rapid technology transformation?
This is the TLDR on crypto-asset regulation that answers all of these questions.
Summary of major global crypto-asset regulations
Some of the most relevant regulations currently being legislated or already in place include:
- this Market for Crypto Assets (MiCA) (European Union)
- this Transfer of Funds Regulation (ToFR) (European Union)
- this Virtual Currency Tax Fairness Act (us)
- this Digital Goods Trading Act (us)
- this Digital Goods Consumer Protection Act (us)
- this Digital Asset Anti-Money Laundering Act (us)
But if you don't have time to study all of these, it's definitely worth keeping an eye on the EU's Market for Crypto Assets (MiCA). It's been called a "landmark rule set" because it's probably the most comprehensive crypto legislative framework to date. It is likely that many others will follow in its footsteps. The Act will come into force in December 2024, making the EU the first major jurisdiction to have comprehensive and customized rules for digital assets.
What impact will MiCA have on your Web3 business?
In short, MiCA's 150+ page textual provision:
If you issue a crypto-asset (other than asset-backed tokens or e-currency tokens), you will need to publish a "crypto-asset whitepaper" describing the project, the rights attached to the tokens, the risks and so on. There are exemptions for small offerings. Offers below €1 million.
If you provide services related to crypto-assets, such as operating an exchange or hosting service, you will need to be authorized by a crypto-asset service provider. Article 3 defines Crypto Asset Custody and Management as "the custody or control of Crypto Assets on behalf of a third party, or the control of access to Crypto Assets, where the Crypto Assets or access are held on a distributed ledger." This suggests that if browser wallets control crypto assets or access on behalf of users, they may fall within the scope of escrow services.
Customized rules on market abuse apply to crypto assets that are allowed to be traded. For example, Section 82 defines market manipulation and Section 83 prohibits insider trading and unlawful disclosure of insider information. For natural persons, penalties may include fines of at least €500,000 to €5 million.
Overall, it will require cryptocurrency companies to comply with clear rules and authorization requirements. For example, Article 54 lists the data points that cryptocurrency providers must submit as part of an application for authorization, including business plans, governance arrangements, capital, infrastructure, policies and procedures. Article 58 requires compliance with national anti-money laundering and counter-terrorist financing laws. This creates a risk of centralization and increases the burden of internal and on-chain DPR compliance.
The newspaper also sets out additional rules and regulations for the launch of stablecoins, known as e-currency tokens.
MiCA also specifies requirements that founders must be aware of:
Founders need to have robust governance arrangements in place: suitable and appropriate board members and shareholders, have controls and processes in place to manage risk, have strong system security, record keeping, etc.
They need to maintain minimum capital requirements. Exchanges and wallet providers need to hold a minimum amount of regulatory capital based on their activities to absorb potential losses. This can act as a financial buffer.
Exchanges must have fair and clear rules on platform access, trading rules and fee structures. They need to ensure the resilience of trading systems and conduct market surveillance to detect abuses. Article 2(2) excludes fully decentralized services without intermediaries, but centralized and partially decentralized providers seem to be included regardless of the technical setup.
Wallet providers must keep client assets separate from their own, have adequate hosting arrangements (e.g., using cold storage), and ensure timely access to client assets when needed.
There is also guidance on the application process, ongoing monitoring and business rule enforcement.
Are you thinking, "My protocol is decentralized, so MiCA won't affect me?" Better think twice.
Many of you may be thinking: if I'm just a decentralized protocol developer, all these rules are irrelevant to me. But unfortunately, it's not easy.
While MiCA recognizes certain entities that are organized in a decentralized manner, such as DAOs, it does not specify how specific protocols or companies are classified. As a result, the regulator may have its own opinion on whether you are decentralized or not. Even if you do get classified as a decentralized entity, you still have some obligations - such as anti-money laundering compliance.
So, if you're thinking right now, "Man, this sounds like ...... a pain in the ass," then you're right. It is.
But there is a solution.
How can they be complied with without a team of lawyers and strong community opposition?
Let's face it: few startups have the resources to meet all of these compliance requirements. Even if they have the budget, finding the right lawyers to fulfill compliance requirements on a global scale can take a long time. Don't forget the users: most cryptocurrency users hate traditional KYC and AML checks.
So what can you do? A Zug-based company called Swiss Electronic seems to have solved both pain points with its Web3 compliance platform.
Swisstronik is a set of chain-agnostic tools that help you achieve KYC, AML, and DPR compliance in your chosen jurisdiction while protecting your users' privacy. Think of it as the dApp's "compliance layer" that keeps your product compliant on a pay-per-user basis.
A key component of Swisscom is its self-regulatory network of local compliance service providers that keep the entire system compliant even as regulations change.
For example, to comply with KYC and AML, all you need to do is connect the Swisstronik Decentralized Identity Module to your (d)App and run KYC and AML authentication without having to process user data. All you'll see are ZK proof credentials proving that a specific user can (or can't) access specific features of your dApp. This means you no longer face DPR, KYC and AML hurdles - and your users no longer need to worry about data security! The only entity that can see user data is the KYC/AML provider themselves (an unavoidable evil - ugh! - the law cannot avoid it). Moreover, your users can reuse these credentials in other(d) applications and even monetize them - a good reason to stop hating KYC and live with the new reality.
Does Swisstronik help to accommodate other effects of MiCA? Yes. With the Swisstronik tool, you can also launch a ZK version of your token, make it compliant in the location of your choice, prove your asset reserves on the chain in terms of stablecoins, or do many other things that require you to familiarize yourself with local regulations and rules. Adapt your product to them with minimal technical modifications.
Swisstronik helps "scale compliance" just as the second layer of the chain scales throughput. Outsource legal hurdles in a decentralized way and focus on your core business.