RTS on CASP conflicts of interest

Crypto-asset service providers that are part of a group should therefore appropriately address situations that may give rise to a conflict of interest due to the structure and business activities of other entities within their group. To that end, where a crypto-asset service provider provides, on its own or with other entities of its group, multiple crypto-asset services and related activities, the conflict of interest policies and procedures should prevent any abuse resulting from concentrated control, management of related-party transactions, including transactions involving affiliated companies.

To prevent conflict of interests detrimental to the crypto-asset service providers and its clients, conflict of interest policies and procedures should ensure the careful monitoring of situations where persons connected to the crypto-asset service provider have a personal, professional or a political relationship with another person. Such relationships have the potential to influence the objective judgment of the crypto-asset service provider and connected persons. Personal relationships should include those between relatives by blood or marriage, or social relationships not limited to a formal partnership or marriage. Political relationships should include memberships of political parties, or relationships with government or other public officials. Professional relationships should consist in relationships in a professional setting, including at work or in a business context.

In order for the conflict of interest policies and procedures to be effective, crypto-asset service providers should have a transparent organisational and managerial structure, which is consistent with their overall strategy and risk profile, and which is well understood by their management body, affiliated entities, national competent authorities, and clients.

The sound governance and management of crypto-asset service providers is fundamental to ensure both their functioning and trust in the financial markets. For those reasons, the conflict of interest policies and procedures should deal with cases where the conflicts of interest could impede the ability of the members of the management body to take objective and impartial decisions in the best interests of the crypto-asset service provider and its clients.

The potential and actual conflicts of interest to be taken into consideration by crypto-asset service providers pursuant to Article 72(1) of Regulation (EU) 2023/1114 should be those affecting, or potentially affecting, the interests of clients as well as those affecting or potentially affecting the performance and situation of the crypto-asset service provider as such and thus, indirectly, also affect the interests of clients.

To ensure transparency about the measures taken to mitigate identified conflicts of interests, crypto-asset service providers should comply with the requirements to disclose conflicts of interests set out in Article 72(2) of Regulation (EU) 2023/1114. However, to ensure that conflicts of interest policies and procedures meet their objective, crypto-asset service providers should not rely on simply disclosing conflicts of interests as a way to address them. Therefore, they should comply with the requirements of disclosure, but also ensurethe identification, prevention and management of conflicts of interest.

The remuneration of staff involved in the provision of crypto-asset services to clients can give rise to conflicts of interest. While crypto-asset service providers are free to determine their remuneration policies in general, they should ensure that their remuneration policies and practices do not create conflicts between the interests of clients and those of the crypto-asset service provider or connected persons and do not impair the ability of connected persons to carry out their duties and responsibilities in an independent and objective manner. To ensure the efficient and consistent application of the conflicts of interest requirements in the area of remuneration, the notion of remuneration should include all forms of payment and financial or non-financial benefits provided directly or indirectly by crypto-asset service providers to persons with an impact, directly or indirectly, on crypto-asset services provided by the crypto-asset service providers or on their corporate behaviour. Remuneration policies implemented in the context of conflict of interest policies should ensure that clients are treated fairly and their interests are not impaired by the remuneration practices adopted by the crypto-asset service providers in the short, medium or long term.

In view of appropriate implementation, maintenance and review of conflict of interest policies and procedures, such policies and procedures should ensure that there are adequate and internally independent human resources for the management of conflicts of interest. Those human resources should also have the necessary skills, knowledge and expertise on conflicts of interest. For that reason, the person responsible for the management of conflicts of interest should be able to access and report directly to the relevant internal reporting channel in its management function and, where applicable, in its supervisory function.

To ensure that clients can take an informed decision, crypto-asset service providers should keep up-to-date the information disclosed about the general nature and sources of conflicts of interest and the steps taken to mitigate them pursuant to Article 72(2) of Regulation (EU) 2023/1114. Such disclosure should take into account the various types of clients it is addressed to, including the fact that those clients have varying levels of knowledge and experience.

Crypto-asset service providers may often operate in a vertically integrated manner or in close cooperation with affiliated entities or entities of the same group. To make clear to clients in what role and capacity the crypto-asset service provider is acting, the disclosures referred to in Article 72(2) of Regulation (EU) 2023/1114 should include a sufficiently detailed, specific and clear description of the situations which give or may give rise to conflicts of interest. That information is particularly relevant in situations where the crypto-asset service provider markets itself engaging in crypto-asset exchange but actually engages in or combines multiple functions or activities, including operating a trading platform in crypto-assets, market-making, offering margin trading, facilitating custody, settlement, lending, borrowing and proprietary trading. To ensure investor protection, prospective clients and clients should have access to the disclosures referred to in Article 72(2) of Regulation (EU) 2023/1114 in a language with which they are familiar. Therefore, crypto-asset service providers should make available such disclosures in all languages used by crypto-asset service provider to market their services or communicate with clients in the relevant Member State.

Union law on data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council(²)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)., is applicable to the processing of personal data by crypto-asset service providers, including the information collected through their conflicts of interest policies and procedures.

In line with the principle of data minimisation as laid down in Regulation (EU) 2016/679, crypto-asset service providers should specify which categories of personal data they will process to identify, prevent and manage the conflicts of interest in their policies and procedures referred to in Article 72(1) of Regulation (EU) 2023/1114, taking into account the scale, nature and range of crypto-asset services and other activities provided or carried out by the crypto-asset service provider and the group to which it belongs.

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council(³)Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj). and delivered an opinion on 17 July 2024.

This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority, in close cooperation with the European Banking Authority.

The European Securities and Markets Authority has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council(⁴)Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj).,