Since 2019 and the PACTE Law, digital asset services have been subject to a regulatory framework in France, which leads to a number of obligations for digital asset service providers.
Here is an overview of the main regulations implemented, their impacts, and the obligations we must comply with to ensure the security and transparency of our services.
PACTE LAW AND PSAN REGIME - FRENCH REGULATORY FRAMEWORK
The PACTE Law and the PSAN regime: a pioneering approach in Europe to regulate digital asset services
The PSAN regime, for Digital Asset Service Provider, was created in France by the PACTE Law (LAW n° 2019-486 of May 22, 2019, relating to the growth and transformation of companies) in 2019.
This law establishes the first framework for providing services on crypto-assets, requiring service providers to implement systems that meet various obligations, particularly regarding:
- the integrity of their executives; and,
- the fight against money laundering and the financing of terrorism.
Offering digital asset services to the public requires service providers to be properly registered with the Financial Markets Authority (AMF), the French authority responsible for overseeing market activities.
A strengthened registration status and approval are also possible with the AMF, along with additional obligations.
The PSAN regime has been in effect since 2020 and will end on June 30, 2026, with the MiCA regime taking its place.
Obligations for Coinhouse:
-
Registration with the AMF : Coinhouse was the first institution to obtain PSAN status with the AMF, registering in March 2020 (registration number E2020-001).
-
Obligations regarding AML-CFT (anti-money laundering and combating the financing of terrorism) : Coinhouse implements various systems required for its AML-CFT obligations, particularly those related to customer due diligence. Coinhouse is required to identify and verify the identity of its clients (a requirement implemented when opening an account), and to collect information about the professional and financial situation of its clients.
Coinhouse also implements transaction monitoring systems to detect the use of crypto-assets for illicit purposes.
Impacts for clients:
-
Trust : Coinhouse's registration with the AMF demonstrates a thorough verification of its executives' integrity and the implementation of robust compliance systems.
-
Security and transparency : Service providers must comply with strict security and compliance standards.
- Protection of client funds and interests : Coinhouse implements secure crypto-asset custody solutions and provides support to its clients to facilitate understanding of crypto-assets, how the blockchain works, and the associated risks.
EU REGIME MiCA [Crypto-Asset Markets]
MiCA: a regulatory harmonization across the European Union
The European MiCA Regulation (Markets in Crypto-Assets) is a European regulatory text that will come fully into force on December 30, 2024.
It establishes a single regulatory framework for crypto-asset services and defines standards that any institution wishing to offer such services within the European Union must meet.
This regulation aims to strengthen investor protection and reinforce obligations contributing to financial stability.
Obligations for Coinhouse:
-
Mandatory MiCA approval : After June 30, 2026, MiCA approval will be required for any institution to offer crypto-asset services.
-
Regulatory compliance : Obtaining this approval requires Coinhouse to implement several risk management and compliance systems (these systems already exist and must be reviewed by the competent authority):
- Anti-money laundering and combating the financing of terrorism systems;
- Market abuse prevention and detection system;
- Conflict of interest prevention and management system;
- Segregation of clients' crypto-assets from the crypto-assets held in the company's own account;
- IT security system: conducting regular audits covering cyber risk management systems;
- Compliance with prudential obligations and/or liability insurance;
- Transparency towards clients regarding business practices, fees, and complaint management;
- Risk management and operational resilience system;
- Communication regarding the environmental impact of the tokens offered on the platform.
Impact for clients:
-
Investor protection : MiCA imposes strict requirements regarding transparency, communication, and practices towards clients, strengthening investor protection:
- Protection of crypto-assets in custody;
- Protection against cyber risks;
- Protection against business practices.
-
IT security : MiCA strengthens the already integrated obligations by Coinhouse regarding cybersecurity, through dedicated audits aimed at assessing the security level of information systems.
- Trust : MiCA imposes high standards on European service providers offering crypto-asset services within the EU, where other unregulated foreign players do not offer the same guarantees.
DORA (Digital Operational Resilience Act)
What is DORA?
The DORA regulation (Digital Operational Resilience Act) aims to strengthen the operational resilience of financial institutions against risks related to information and communication technologies (ICT) and cyber risks.
Obligations for Coinhouse:
-
Maintaining robust risk management: various measures must be implemented as part of the obligations arising from the DORA regulation, such as strengthening governance to better monitor ICT and cyber risks, conducting ICT risk analysis, managing ICT service providers, and managing incidents, among others.
Impact for clients:
- Security and trust: the measures derived from the DORA regulation contribute to the reliability and resilience of the technological infrastructures deployed by Coinhouse, ensuring continuity of services and enhanced protection against cyber risks.