Source: OJ L 150, 9.6.2023, pp. 40–205Current language: EN
- Markets in crypto-assets
Basic legislative acts
- MiCA regulation
Article 73 Outsourcing
Crypto-asset service providers that outsource services or activities to third parties for the performance of operational functions shall take all reasonable steps to avoid additional operational risk. They shall remain fully responsible for discharging all of their obligations pursuant to this Title and shall ensure at all times that the following conditions are met:
outsourcing does not result in the delegation of the responsibility of the crypto-asset service providers;
outsourcing does not alter the relationship between the crypto-asset service providers and their clients, nor the obligations of the crypto-asset service providers towards their clients;
outsourcing does not alter the conditions for the authorisation of the crypto-asset service providers;
third parties involved in the outsourcing cooperate with the competent authority of the crypto-asset service providers’ home Member State and the outsourcing does not prevent the exercise of the supervisory functions of competent authorities, including on-site access to acquire any relevant information needed to fulfil those functions;
crypto-asset service providers retain the expertise and resources necessary for evaluating the quality of the services provided, for supervising the outsourced services effectively and for managing the risks associated with the outsourcing on an ongoing basis;
crypto-asset service providers have direct access to the relevant information of the outsourced services;
crypto-asset service providers ensure that third parties involved in the outsourcing meet the data protection standards of the Union.
For the purposes of point (g) of the first subparagraph, crypto-asset service providers are responsible for ensuring that the data protection standards are set out in the written agreements referred to in paragraph 3.
Crypto-asset service providers shall have a policy on their outsourcing, including on contingency plans and exit strategies, taking into account the scale, the nature and the range of crypto-asset services provided.
Crypto-asset service providers shall define in a written agreement their rights and obligations and those of the third parties to which they are outsourcing services or activities. Outsourcing agreements shall give crypto-asset service providers the right to terminate those agreements.
Crypto-asset service providers and third parties shall, upon request, make available to the competent authorities and other relevant authorities all information necessary to enable those authorities to assess compliance of the outsourced activities with the requirements of this Title.
Relevant recitals
Recital 81 Organisational fitness, ownership suitability, and controls
Crypto-asset service providers should be subject to strong organisational requirements. The members of the management body of crypto-asset service providers should be fit and proper and should, in particular, not have been convicted of any offence in the field of money laundering or terrorist financing or of any other offence that would affect their good repute. The shareholders or members, whether direct or indirect, natural or legal persons, that have qualifying holdings in crypto-asset service providers should be of sufficiently good repute and should, in particular, not have been convicted of any offence in the field of money laundering or terrorist financing or of any other offence that would affect their good repute. In addition, where the influence exercised by shareholders and members that have qualifying holdings in crypto-asset service providers is likely to be prejudicial to the sound and prudent management of the crypto-asset service provider taking into account, amongst others, their previous activities, the risk of them engaging in illicit activities, or the influence or control by a government of a third country, competent authorities should have the power to address those risks. Crypto-asset service providers should employ management and staff with adequate knowledge, skills and expertise and should take all reasonable steps to perform their functions, including through the preparation of a business continuity plan. They should have sound internal control and risk assessment mechanisms as well as adequate systems and procedures to ensure the integrity and confidentiality of the information received. Crypto-asset service providers should have appropriate arrangements to keep records of all transactions, orders and services related to the crypto-asset services that they provide. They should also have systems in place to detect potential market abuse committed by clients.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
- where the offeror or person seeking admission to trading of crypto-assets other than asset-referenced tokens or e-money tokens has its registered office in the Union, the Member State where that offeror or person has its registered office;
- where the offeror or person seeking admission to trading of crypto-assets other than asset-referenced tokens or e-money tokens has no registered office in the Union but does have one or more branches in the Union, the Member State chosen by that offeror or person from among the Member States where it has branches;
- where the offeror or person seeking admission to trading of crypto-assets other than asset-referenced tokens or e-money tokens is established in a third country and has no branch in the Union, either the Member State where the crypto-assets are intended to be offered to the public for the first time or, at the choice of the offeror or person seeking admission to trading, the Member State where the first application for admission to trading of those crypto-assets is made;
- in the case of an issuer of asset-referenced tokens, the Member State where the issuer of asset-referenced tokens has its registered office;
- in the case of an issuer of e-money tokens, the Member State where the issuer of e-money tokens is authorised as a credit institution under Directive 2013/36/EU or as an electronic money institution under Directive 2009/110/EC;
- in the case of crypto-asset service providers, the Member State where the crypto-asset service provider has its registered office;
- providing custody and administration of crypto-assets on behalf of clients;
- operation of a trading platform for crypto-assets;
- exchange of crypto-assets for funds;
- exchange of crypto-assets for other crypto-assets;
- execution of orders for crypto-assets on behalf of clients;
- placing of crypto-assets;
- reception and transmission of orders for crypto-assets on behalf of clients;
- providing advice on crypto-assets;
- providing portfolio management on crypto-assets;
- providing transfer services for crypto-assets on behalf of clients;
- designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;
- designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens;