Licensing of cryptocurrency activities in France

Interest in cryptocurrencies and distributed ledger technologies is growing exponentially not only among retail but also among institutional investors and businesses.

This leads to the fact that states and their financial regulators can no longer ignore this area and introduce regulatory rules aimed at regulating activities related to digital currencies.

More and more European countries support the development of blockchain technologies and the use of cryptocurrencies.

One of these countries is France.

France’s desire to become a major European cryptocurrency hub became evident after the adoption of the “Action Plan for the Growth and Transformation of Companies” (PACTE Law) on May 22, 2019.

This law introduced the first regulatory framework to regulate Initial Coin Offerings (ICOs) and Digital Asset Service Providers (DASPs).

Also, the registration or licensing of service providers for the maintenance of digital assets is regulated by the Currency and Financial Code, the instructions of the Financial Markets Authority, and other regulatory acts.

By the provisions of the current legislation, DASPs are required to register with the Financial Markets Authority (Autorité des Marchés Financiers (AMF)) if they provide at least one of the following services:

• storage of digital assets on behalf of third parties;
• buying or selling digital assets for a currency that is legal tender;
• exchange of digital assets for other digital assets;
• managing a platform for trading digital assets.

Illegal implementation of any of the above activities without the appropriate authorization is punishable by two years of imprisonment and a fine of 30,000 euros.

French law also provides for other types of activities related to digital assets:

• receiving and transferring orders for digital assets on behalf of third parties;
• management of a portfolio of digital assets on behalf of third parties;
• advising clients on digital assets;
• underwriting of digital assets;
• placement of digital assets.

To obtain the appropriate authorization, DASPs must have a company registered in France or a registered local branch and prepare the following package of documents:

• a detailed description of the activity;
• a list of digital assets with which they plan to work;
• distribution of activity by geography with an indication of the projected number of customers in each region;
• transparent organizational structure;
• a business plan for the next two years, indicating the projected number of clients and volume of operations;
• description of IT infrastructure and asset protection systems;
• a description of KYC/AML/SFT policies and procedures (with a detailed description of risk assessment and ways to prevent them).

The above services can be provided under one of two regulatory regimes: mandatory registration or optional (optional) license, with the optional license providing more guarantees for investors.

Mandatory registration is required to provide one or all types of services specified in points 1-4.

To register a company as a DASP, the regulator conducts due diligence on:

• the good standing and competence of the applicant’s directors and beneficial owners, including an assessment of the relevance of their education and professional experience to the services to be provided by the organization, as well as a criminal background check that they may have;
• policies and procedures aimed at combating money laundering and terrorist financing.

An optional (facultative) license can be used instead of mandatory registration for the provision of services specified in points 1-4, as well as for the provision of services specified in points 5-9.

To obtain an optional DASP license, the applicant must not only meet the requirements necessary for obtaining mandatory registration but also have:

• professional liability insurance or minimum equity in specified amounts;
• at least one active director;
• human and technical resources;
• stable IT system;
• internal control system;
• complaint handling procedures;
• conflict of interest prevention procedures and policies.

The company must also be registered with the French Prudential Supervision and Resolution Authority (ACPR).

The optional license allows its holders to engage in marketing activities in France, which is prohibited by registered DASPs.

From July 1, 2023, a new enhanced registration regime was introduced, which will become mandatory from January 1, 2024.

The normative base was improved by strengthening the supervisory and enforcement powers of the AMF. The regulator will be able to take precautionary measures if it believes that a DASP may become insolvent, and may also suspend its registration if its activities are deemed to be a threat to the stability of the digital asset market.

As part of the enhanced registration regime, companies are required to provide the following:

• compliance with the requirements of legislation in the field of combating money laundering and financing of terrorism (AML/CFT);
• establishing a sustainable and secure IT infrastructure, adopting a detailed cyber security policy, and submitting an audit report from a certified cyber security consultant (which must be based in France);
• implementation of adequate security and internal control systems;
• use of clients’ assets only after prior agreement with them;
• adoption and implementation of additional procedures related to conflicts of interest, complaints handling, internal control, incident reporting, outsourcing, and pricing policy disclosure;
• adoption of special policies regarding the storage and separation of DASP assets from user assets;
• including mandatory information and disclaimers in the Terms and Conditions and marketing content, providing clear and accurate information that does not mislead customers.

Licensed DASPs must have either adequate reserve capital or a professional indemnity insurance policy providing coverage of €400,000 per claim and €800,000 per insurance year.

The requirements of the enhanced DASP licensing regime are largely similar to the MiCA Regulation. Thus, obtaining a strengthened license should speed up the process of obtaining a MiCA license and the corresponding European passport, which will allow companies to provide their services in all EU member states with a single license.

According to the MiCA Regulation, all CASPs operating in the European market will be required to apply for a CASP license. They will have an 18-month transition period ending in July 2026.

During this period, registered or licensed DASPs can legally continue to offer their services, but without a European passport.

If you want to know more about the procedure and nuances of authorization of cryptocurrency companies from the state regulator or start your own business in France, contact the company “Prihodko and Partners”.

Our experts will analyze your needs, offer individual solutions, and help legalize your cryptocurrency business.