The Existing Regulatory Regime: Crypto-Assets as Financial Instruments


The Existing Regulatory Regime: Crypto-Assets as Financial Instruments

As has been discussed previously by this author, the EU Markets in Crypto-assets Regulation, (“MiCA”) is on course to be the first large-scale and mainstream regulatory regime that aims to govern and regulate crypto-asset issuers and service providers in the world.

That said, MiCA is still some way from its final form, let alone coming into force and while it is awaited there are existing pieces of legislation in force that have the potential to capture crypto-assets. In the EU the most significant (existing) piece of legislation that crypto-asset service providers ought to be aware of is, what is referred to as MiFID II — two pieces of legislation designed to regulate firms conducting more traditional investment activities.

This article considers how MiFID II might apply to crypto-assets and the difficulties that exist in applying the legislation to crypto-assets. It will further be considered how it is proposed MiCA will operate in tandem with MiFID II. Other existing legislation relevant to crypto-service providers will also be discussed alongside a brief consideration of the assessment of crypto-assets as securities in US law.

The Current Regime for Security Tokens Under MiFID II

As MiCA progresses through the legislative process, currently there is no regulatory regime in the EU specifically targeting crypto-assets and crypto-asset-related activities. However, there does exist pieces of legislation that could still bring certain crypto-asset activities into scope (despite not being designed for such purposes).

The primary pieces of legislation potentially capturing crypto-assets is the EU’s revised Markets in Financial Instruments Directive 2014/65 and Markets in Financial Instruments Regulation 600/2014 (collectively known as “MiFID II”). MiFID II’s provisions provide for requirements and regulatory obligations for “investment firms” that provide services in relation to financial instruments.

Entities Qualifying as Investment Firms

In effect, to qualify as an investment firm under MiFID II, an entity will be involved in certain investment activities relating to financial instruments. It is for this reason that the case-by-case assessment of whether a crypto-asset qualifies as a financial instrument is so significant. If a specific crypto-asset is found to qualify as a financial instrument, its issuer (and any entity involved in the provision of services or activities in respect of that crypto-asset) will likely be subject to an array of regulatory requirements and obligations under MiFID II due to their resulting categorisation as an investment firm.

Assessing a Crypto-Asset as a Financial Instrument

When assessing whether a crypto-asset qualifies as a MiFID II financial instrument, advice published by ESMA describes how “the precise facts and circumstances of the crypto-asset (its nature, rights attached to it, negotiable on the capital market, etc.) and national law” ought to be considered.

Furthermore, in January 2019 ESMA published research into how and when EU regulators actually interpreted crypto-assets as being categorised as financial instruments. The research described how it appears the functionality of a given crypto-asset is the key factor that is considered — not for example, how a given token is described. In addition, certain crypto-assets while not starting out as MiFID II financial instruments can subsequently qualify as such over time.

In light of this, the assessment of when a crypto-asset is financial instrument is far from straightforward. The very fact that there are also different categories of financial instruments further complicates any such assessment.

Categories of Financial Instruments

While a comprehensive list of what is categorised as a financial instrument under MiFID II can be found at Annex 1, Section C of the Markets in Financial Instruments Directive 2014/65, common examples of financial instruments under MiFID II are as follows:

1. transferable securities (such as shares, bonds and any other securities giving the right to acquire or sell any such transferable securities);

2. money market instruments;

3. units in collective investment undertakings; and

4. options, futures, swaps and other derivative contracts.

Should a crypto-asset qualify as a financial instrument, any person or entity providing investment services relating to that crypto-asset will likely need to be authorised under MiFID II and be regulated by its provisions.

Investment Services

Under MiFID II an “investment firm” is as any person whose regular occupation or business is the provision of one or more investment services to third parties; or the performance of one or more investment activities on a professional basis — or both.

Under MiFID II the following services and activities relating to financial instruments will constitute “investment services and activities” and as such will require :

1. the reception and transmission of orders in relation to one or more financial instruments;

2. the execution of orders on behalf of clients;

3. the dealing on own account;

4. portfolio management;

5. investment advice;

6. the underwriting of financial instruments or placing of financial instruments on a firm commitment basis (or both);

7. the placing of financial instruments without a firm commitment basis;

8. the operation of a Multilateral trading facility (MTF); and

9. the operation of an Organised Trading Facility (OTF).

In the context whereby a crypto-asset is deemed a financial instrument, given this broad range of “investment services activities” it is likely the majority of entities partaking in activities in respect of the crypto-asset will qualify as an investment firm. In such a case such entities will be required to be authorised and be subject to requirements and obligations under MiFID II.

Crypto-Assets as Different Categories of Financial Instruments

A non-exhaustive list of how crypto-assets might qualify as different types of MiFID II financial instruments is considered below.

1. Transferable Security

Under MiFID II, to be a transferable security, a crypto-asset must meet the following requirements:

a. The crypto-asset must belong to a class of securities;

b. The class of securities must be capable of being negotiated on the capital markets; and

c. The crypto-asset must not be a payment instrument.

ESMA has published advice describing how once a crypto-asset is part of a class of securities which is capable of being negotiated on the capital markets, and the crypto-asset has attached profit rights, then the crypto-asset is likely to be considered a transferable security. It is further not necessary that the crypto-asset itself confers any ownership or control rights to its holder for the crypto-asset to be considered a transferable security. ESMA further describes how utility tokens are unlikely to constitute transferable securities.

2. Collective Investment Undertaking

Collective investment undertakings are vehicles, such as investment funds, that enable the pooling together of investor capital for the purpose of splitting an investment’s return and whereby the investors themselves have no control over the undertaking or investment.

In light of this, a crypto-asset could potentially be categorised as a collective investment undertaking if it were to allow a number of investors to generate a return from an investment (for example, put towards some investment opportunity or venture). In such a case, a crypto-asset could be considered a unit in a collective investment undertaking and therefore a MiFID II financial instrument.

3. Derivatives

The term derivative refers to a type of financial contract whose value is dependent on the performance of an underlying asset or benchmark. An example when a crypto-asset might qualify as a financial instrument derivative might be when that crypto-asset constitutes an agreement to buy or sell a crypto-asset at a predetermined price at a specified time in the future.

Interpretational Difficulties Across Member States

As described, there are various categories of financial instrument into which a given crypto-asset might (most likely unintentionally) fall. This is also complicated by the sheer amount of different types of crypto-asset — over 17,000 according to a recent publication by the European Supervisory Authorities (March 2022). These various crypto-assets exhibit a wide number of different features and traits which can make their categorisation very difficult — especially in cases whereby a crypto-asset might be hybrid, multi-purpose and simultaneously exhibiting components of different categories of crypto-asset. However, to complicate things even more, Member States of the EU have not even interpreted and implemented the definitions within MiFID II in the same manner.

After conducting research into the how Member States have interpreted MiFID II, ESMA concluded that the majority (16) of the Member States have no additional criteria in their national legislation to identify transferable securities (i.e. in addition to those set out under MiFID II). However, some (12) do have such additional criteria. As a result of this here are different interpretations of what constitutes a “transferable security” across Member States.

Therefore, whether or not a crypto-asset is defined as a financial instrument, or transferable security, relies on how the notion of ‘transferable security’ has been implemented in the relevant Member State. It is therefore possible that the same crypto-asset could be considered a ‘transferable security’ or another financial instrument in one jurisdiction and not in another. Such a situation effectively manifests itself as market fragmentation within the supposed EU single market and is further one of the drivers behind the EU’s MiCA regulation that aims to harmonise crypto-asset regulation across the EU.

EBA and ESMA on Crypto-Assets as Financial Instruments

Helpfully, there have been comments from the EBA and ESMA describing that the majority of crypto-assets do not fall under EU financial services legislation and do not qualify as financial instruments.

On 9 January 2019, the EBA and ESMA published reports with advice to the European Commission on the applicability and suitability of the EU financial services regulatory framework on crypto-assets. These reports were based on the mandate given to them under the Commission’s FinTech action plan, published in March 2018.

Both the EBA and ESMA come to the overall conclusion that while some crypto-assets may fit the definition of a financial instrument under MiFID II, most of them, do not.

Regulation of Security Tokens Under the Proposed MiCA Regulation

The impact assessment of MiCA (published by the Commission alongside MiCA) defines security tokens as those crypto-assets that qualify as financial instruments under MiFID II. This impact assessment states that crypto-assets that qualify as financial instruments will remain regulated under existing Union legislation, regardless of the technology used for their issuance or their transfer.

Proposed Amendment to MiFID II Financial Instrument Definition

However within the Commission’s MiCA draft, it is proposed to amend MiFID II in order to clarify its existing definition of “financial instruments” in order to capture financial instruments based on distributed ledger technology (DLT). MiCA also proposes a pilot regime on DLT market infrastructures for these instruments which will allow for “experimentation within a safe environment and provide evidence for possible further amendments”.

It therefore appears that, after MiCA comes into force, the current existing regulatory regime that captures security tokens (as financial instruments under MiFID II), will be the same regime that will govern security tokens after MiCA’s implementation — except for the newly proposed definition of financial instruments. In line with this, MiCA expressly excludes from its scope crypto-assets that qualify as financial instruments, deposits or structured deposits under EU financial services legislation.

In effect it is proposed that MiCA operates in tandem with the provisions of MiFID II in respect of the governance of crypto-assets falling under the category of financial instrument.

What can further be gained from MiCA’s Impact Assessment is that it appears that the term security token is being used to apply to crypto-assets which qualify as financial instruments.

EU Parliament’s Proposed Role for ESMA in Classifying Security Tokens

On 17 March 2022, the European Parliament’s Economic and Monetary Affairs Committee (ECON) published its approved draft legislative resolution on the European Commission’s MiCA proposal. Within ECON’s adopted version of the proposed regulation (which will form the Parliament’s negotiating position on the Regulation) MEPs voted to assert ESMA be the regulatory body to identify clearly the requirements for classifying a crypto-asset as a financial instrument stating “ESMA should specify the conditions under which a crypto-asset should be treated as a financial instrument based on its substance and regardless of its form”. This anticipates a role for ESMA in clarifying when crypto-assets are financial instruments/security tokens above and beyond merely changing definitions in existing legislation and is potentially as a direct result of the interpretational issues that have arisen around classifying crypto-assets as financial instruments, as discussed above.

Other Existing Legislation Relevant to Crypto-Assets

Crypto-Assets under the Electronic Money Directive II (EMD2)

Despite being the prime candidate out of existing legislation to likely capture crypto-assets, MiFID II is not the only the only piece of legislation whose scope crypto-assets might fall under. Some crypto-assets, especially some commonly referred to as stablecoins, could qualify as electronic money under EMD2 if they satisfy all elements of the definition in the directive (notably by giving users a direct claim on the reserve backing the ‘stablecoin’). In such a case, placing those crypto-assets on the market in the EU requires an e-money license.

Crypto-Assets under the second Payment Services Directive (PSD2).

Other existing legislation that crypto-service providers ought to be aware of is the second Payment Services Directive (PSD2). An crypto-asset service provider carrying out regulated payment services may require authorisation as a payment institution under PSD2 (or depending on the business model as an electronic money institution under EMD2), unless an exemption from regulation is available.

US Assessment of Crypto-Assets as Securities

Further of note is that in the US several lawsuits have raised the issue of whether crypto-assets qualify as securities. Similar to the EU, the assessment is significant in the US as it determines which legislation applies to a particular asset. In the US the SEC have issued warnings that many crypto-assets could qualify as securities and be regulated as such. However the SEC has ruled that Bitcoin and Ethereum are not securities, due in part to their decentralised nature with no person or company in control of each respective crypto-asset.

The Howey Test

In a similar fashion to an assessment as to whether a crypto-asset qualifies as a MiFID II financial instrument, when determining whether a digital asset is a security in the US, the SEC considers whether the asset constitutes an “investment contract”. The test for conducting such a determination is called the Howey Test. The test evaluates whether certain transactions qualify as “investment contracts” and was developed in the Supreme Court case SEC v. W.J. Howey Co. (1946).

Under the Howey Test, a transaction is an investment contract if:

1. it is an investment of money;

2. there is an expectation of profits from the investment;

3. the investment of money is in a common enterprise; and

4. any profit comes from the efforts of a promoter or third party.

While not officially relevant to the laws of EU member states , the significance and relevance of the Howey Test in the US is evidence that the complications of the regulatory landscape surrounding the classification of crypto-assets is not restricted to Europe. It appears that the US shares the same issues in shoe-horning crypto-assets into laws not designed for that purpose.


Existing crypto-asset service providers would be wise to consider if their activities fall under any of the pieces of legislation discussed above. It is therefore important for entities to be aware if crypto-assets which they are interacting with qualify as financial instruments. In such a case service providers are required to be authorised as investment firms under MiFID II.

It has also been discussed how exactly MiCA will operates in tandem with the provisions of MiFID II in respect of the governance of crypto-assets falling under the category of financial instrument — however, potentially with an added amendment to the definition of a MiFID II financial instrument.