RTS on ART issuer authorisation

The information contained in the application for authorisation would include personal datameans personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679;. In compliance with the principle of data minimisation, enshrined in Article 5(1), point (c), of Regulation (EU) 2016/679 of the European Parliament and of the Council(²)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)., only the personal datameans personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679; necessary to enable the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; to carry out a comprehensive assessment of the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets;, the assessment of the members of its management bodymeans the body or bodies of an issuer, offeror or person seeking admission to trading, or of a crypto-asset service provider, which are appointed in accordance with national law, which are empowered to set the entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the entity and include the persons who effectively direct the business of the entity;, its ability to comply with the prudential requirements of Regulation (EU) 2023/1114, and that the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; does not fall into any ground of refusal of the authorisation set out in Article 21(2), points (a) to (e), of Regulation (EU) 2023/1114 should be requested.

To provide competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; with a comprehensive overview of the applicant issuersmeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets;’ current and planned operations and related organisation, the applicant issuersmeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; should include in their application for authorisation a programme of operations.

Issuersmeans a natural or legal person, or other undertaking, who issues crypto-assets; of an asset-referenced tokenmeans a type of crypto-asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies; that are not crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; or other obliged entities are not subject to Directive (EU) 2015/849 of the European Parliament and of the Council(³)Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73, ELI: http://data.europa.eu/eli/dir/2015/849/oj). or to Regulation (EU) 2023/1113 of the European Parliament and of the Council(⁴)Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 (OJ L 150, 9.6.2023, p. 1, ELI: http://data.europa.eu/eli/reg/2023/1113/oj).. However, it is crucial that the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets;’s business model is structured in a manner that does not expose the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; or the financial sector to risks of money laundering and terrorist financing, since that constitutes a ground of refusal of the authorisation. Accordingly, the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; should provide an overall risk assessment containing adequate information to enable the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens;’s assessment of the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets;’s business model’s exposure and sensitivity in relation to money laundering and terrorist financing risks. The overall risk assessment should include information on the mechanisms and arrangements related to the issuance, redemption and distribution of an asset-referenced tokenmeans a type of crypto-asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies; and the envisaged involvement of crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; in such mechanisms. Where the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets;’s business model would involve arrangements with crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59;, the application for authorisation should include a forward-looking description prepared by such crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; of their internal controls and continuous compliance with the relevant anti-money laundering and counter terrorism financing Union rules.

Effective internal control frameworks, including risk management and information and information and communication technology (ICT) systems and risk management are crucial to the sound and prudent management of the activities of the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; and of the reserve assets to prevent, monitor and mitigate operational and other types of risks. Applicant issuersmeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; should therefore provide adequate documentation on their internal control framework and ICT risk management framework demonstrating that they comply with Regulation (EU) 2022/2554 of the European Parliament and of the Council(⁵)Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/2554/oj)..

Reserves of assetsmeans the basket of reserve assets securing the claim against the issuer; are crucial to ensure the effectiveness of the stabilisation mechanism underpinning the asset-referenced tokenmeans a type of crypto-asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies; and the redemption rights of token holders at all times including in case of stress. Together with the application for authorisation, applicant issuersmeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; should therefore submit clear and detailed policies on the composition, constitution, segregation, custody and investment management of such reserves of assetsmeans the basket of reserve assets securing the claim against the issuer;.

Applicant issuersmeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; should provide the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; with all necessary and sufficient information enabling the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; to carry out a comprehensive assessment of the members of the management bodymeans the body or bodies of an issuer, offeror or person seeking admission to trading, or of a crypto-asset service provider, which are appointed in accordance with national law, which are empowered to set the entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the entity and include the persons who effectively direct the business of the entity; with a view to ensure that they meet the suitability requirements and do not fall in any of the grounds of refusal of the authorisation set out in Article 21(2), points (a) and (b), of Regulation (EU) 2023/1114. For that purpose, the application for authorisation should contain the information relevant to the assessment of reputation including sufficient information that allows to verify that the members of the management bodymeans the body or bodies of an issuer, offeror or person seeking admission to trading, or of a crypto-asset service provider, which are appointed in accordance with national law, which are empowered to set the entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the entity and include the persons who effectively direct the business of the entity; have not been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute, to assess their professional experience, knowledge and skills in the areas relevant to financial services, crypto-assetsmeans a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology;, other digital assets, distributed ledger technologyor ‘DLT’ means a technology that enables the operation and use of distributed ledgers; (DLT), digital innovation, information technology (IT), cybersecurity or management and information enable to assess the adequacy of their time commitment. To ensure coherence and coordination among different financial supervisors’ decisions that information should also include any prior assessments provided by competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens;.

In respect of shareholders and members directly or indirectly holding qualifying holdingsmeans any direct or indirect holding in an issuer of asset-referenced tokens or in a crypto-asset service provider which represents at least 10 % of the capital or of the voting rights, as set out in Articles 9 and 10 of Directive 2004/109/EC of the European Parliament and of the Council(32) Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC (OJ L 390, 31.12.2004, p. 38)., respectively, taking into account the conditions for the aggregation thereof laid down in Article 12(4) and (5) of that Directive, or which makes it possible to exercise a significant influence over the management of the issuer of asset-referenced tokens or the management of the crypto-asset service provider in which that holding subsists; in the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets;, the application for authorisation should contain all information enabling the competent authoritymeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; to carry out a comprehensive assessment of the sufficiently good repute of such shareholders or members and that they do not fall within the ground of refusal of the authorisation set out in Article 21(2), point (c), of Regulation (EU) 2023/1114. For that purpose, the application for authorisation should contain the information necessary and sufficient enabling competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; to verify that those shareholders or members have not been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute and to establish the certainty and legitimate origin of the fundsmeans funds as defined in Article 4, point (25), of Directive (EU) 2015/2366; or other assets used to set-up the applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets; and finance the business of that applicant issuermeans an issuer of asset-referenced tokens or e-money tokens who applies for authorisation to offer to the public or seeks the admission to trading of those crypto-assets;.

This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Banking Authority, developed in close cooperation with the European Securities and Market Authority and with the European Central Bank.

The European Banking Authority has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Banking Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council(⁶)Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12, ELI: http://data.europa.eu/eli/reg/2010/1093/oj)..

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council(⁷)Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj). and delivered an opinion on 17 July 2024,