On 28 June 2023, the European Commission presented a series of proposals comprising the Payment Services Directive 3 (PSD3)1 and the Payment Services Regulation (PSR). These new rules are the successors of the Payment Services Directive 2 (PSD2)2, which was introduced to transform the European Union payment market by enhancing user protection, fostering innovation and creating a fair environment for payment service providers (PSPs).
While PSD2 has brought notable improvements, it has faced particular challenges that have required updating the regulatory framework to adapt to the rapidly changing payment landscape.
Significant progress was made under PSD2. In particular, strong customer authentication (SCA) was introduced, which could be interpreted as a crucial step in the fight against fraud. In addition, PSD2 improved the efficiency, transparency and choice of payment instruments for users, offering them enhanced options and greater control over their payments.
However, PSD2 also faced difficulties in creating a level playing field for all PSPs. Non-bank PSPs often needed direct access to major payment systems, which created an imbalance between bank and non-bank PSPs. This imbalance hindered fair competition and innovation in the payment market.
Open Banking also faced challenges related to data access interfaces for service providers, and cross-border payment services expanded while payment systems remained centred in individual Member States. This led to differences in regulation and forum shopping3 between service providers, which further required regulatory changes.
PSD3’s main changes
Despite the excitement of the European Commission’s initial announcements about the need to reform European payment services legislation rather than radical changes, PSD3 introduces enhancements that are unlikely to require significant infrastructure changes but will improve security and service levels.
As digital innovation reshapes financial services, PSD3 becomes a critical step to strengthen customer protection and create a level playing field for non-bank payment service providers.
Stricter requirements for strong customer authentication (SCA)
One of the key changes in PSD3 is more comprehensive requirements for strong customer authentication (SCA), which will add a layer of security to payment transactions. Additional proposed preventative measures include:
Require PSPs to verify that the payee’s name and unique identifier match before initiating credit transfers;
Providing a legal basis for PSPs to share fraud-related information;
Improved transaction monitoring;
Improve consumer rights;
Introducing an obligation for PSPs to inform their employees and customers about the risks and consequences of payment fraud.
Increase consumer protection and trust in payments
Additional attention is being paid to combating fraud, including complex cases such as “spoofing“4. Using IBANs and enhanced transaction monitoring represent new security measures to increase protection.
Open Banking, introduced by PSD2, will also change PSD3. New standards and more efficient data exchange mechanisms will be introduced to improve the concept further. In addition, consumer rights will be enhanced through more transparent communication and the provision of information on payment fees and delayed funds. Separately, more strictly obliging banks to provide bank account services to non-bank PSPs should be emphasised. With appropriate safeguards, this component of PSD3 gives these non-bank PSPs the right to have a bank account. This indicates a “levelling of the playing field” between banks and payment institutions.
New opportunities for customers
PSD3 aims to increase the availability of cash by providing new methods, such as cashback without compulsory purchases in shops and incentivising an increase in the number of ATMs. New rules for managing temporarily held funds will ensure that unused funds are quickly returned to the customer.
Thus, PSD3 represents not only a change in legislation but also a strategic improvement of the payments system aimed at ensuring security, transparency and protection of the interests of all financial market participants in the EU. Nevertheless, in our view, the PSD3 innovations should not be considered “revolutionary” but rather “evolutionary” changes, representing a significant step towards a world of open finance.
What should we prepare for?
The potential effects of PSD3 on financial institutions, payment service providers, consumers, regulators and others falling within the scope of the Directive could be as follows:
Increased competition in the financial market
In light of the fact that PSD3 emphasises the importance of providing PSPs with direct and indirect access to all EU payment systems, including bank accounts and digital banking schemes, and states that credit institutions will be obliged to provide PSPs with access to bank accounts in the future, the Directive essentially takes a position where full integration of PSPs into banking is required, giving them unrestricted access to financial instruments within the European Union.
Changes in the banking landscape
Banks contemplating expansion in Europe or beyond are advised to explore the implementation of Open Banking. The possibility of more accessible access to payment systems may incentivise a bank looking to expand its global footprint to view itself as an electronic money institution (EMI) rather than obtaining a full banking licence.
Improving the level of security of payment transactions
More burdensome payment security requirements will require payment service providers to implement advanced technologies for solid authentication, improve payer data verification systems, actively engage in fraud information sharing, implement more effective transaction monitoring mechanisms, and adapt to new regulations that expand consumers’ refund rights.
Implementation of PSD3 in the Legislation of the EU Member States
The implementation of PSD3 in the Member States of the European Union will follow a structured timetable similar to previous directives. The European Commission will publish the final text of PSD3, specifying its provisions and requirements. EU member states will have a set period to transpose the Directive into national legislation.
The timeframes for transposition may vary but usually range from one to two years after the publication of the final text.
During this period, each Member State must adapt its existing laws and regulations to align them with the provisions of PSD3, ensuring uniformity and consistency across the EU.
Implementing the PSD3 into national law is a pivotal step to ensure its effective implementation. It involves the relevant public authorities of each Member State taking the necessary legislative measures to implement the requirements of the PSD3 in their national jurisdictions. This process may require the amendment of existing laws or the adoption of new legislation to comply fully with the Directive’s provisions.
Entry into Force
The final implementation schedule for PSD3 and PSR has yet to be determined. Final versions should be available by the end of 2024. Typically, Member States are given a transition period of 18 months, which implies that PSD3 and PSR could enter into force around 2026.
In conclusion, all persons subject to the scope of the new rules require a clear strategy, risk assessment, and diligent execution to successfully manage the potential consequences of the entry of the regulations under PSD3 and PSR into force.
It is critical for financial institutions to remain informed of all changes affecting them and to clearly define the overall strategy and interim steps to achieve compliance with such changes.
COREDO’s team of experts can advise you on any of the above points and their potential impact on your business and help you better navigate the new regulatory landscape.
We are being approached by more and more clients who have bought/established a crypto-company in the Czech Republic but are not sure what all activities this company can perform or are not sure how to run their business in a way that does not violate the law.
Cooperation with COREDO eliminates these concerns. COREDO is headquartered in the Czech Republic, has a wide client base from all over the world, and most importantly has experienced staff that handles various situations related to the cryptocurrency business on a daily basis.
Information on how we work
Already, during the registration of crypto-companies, we address whether the client also needs other authorisations for so-called accompanying services. That means that we deal with the individual business models of our clients. This approach is a good prevention against unauthorised provision of services (e.g. payment or investment services).
We provide the option of renting an office that will not be treated as a virtual office – this can make all the difference when opening a bank account.
We have a wide network of banking partners who are willing to open a bank account for our clients (not a payment account or e-wallet).
Clients can make any changes within their crypto-company and deal with authorities or partners (contractual negotiations) through us. Their presence in the Czech Republic is thus not a condition for running their businesses.
We enable comprehensive servicing of crypto companies, including AML, accounting, whistleblowing, data protection, preparation of contractual documents, etc.
It doesn’t end with the sale/registration of the company for us. If you buy a crypto company directly from us, we will give you priority service when you contact us later with any problem or question.
We have published articles on cryptocurrency companies in the past that may help you find answers to your most common questions. Cryptocurrencies have long been an area of interest for us.
At COREDO, we also already know that no problem is so big that it can’t be solved! Your success is our priority.
In the world of cryptocurrencies and blockchain technologies, the classification of crypto assets plays a crucial role in defining their characteristics and legal status. The reflection of this classification in legislation is paramount for companies engaging in operations involving such assets. In this article, we will explore the widely accepted classification of crypto assets, their regulation at the European Union level, and the legal status of various crypto assets in the Czech Republic, with a particular emphasis on the role of the Czech VASP (Virtual Assets Service Provider) licence in this context.
What does Crypto Asset mean?
A crypto asset (token) is a digital representation of value or rights that can be transferred and stored electronically using distributed ledger technology (DLT) or similar technology.
According to the commonly accepted classification of crypto assets, tokens are differentiated as follows:
Fungible Tokens are tokens that are not identical and can be exchanged with one another. Fungible tokens are typically classified as follows:
Payment Tokens can serve as a means of exchange or payment;
Utility Tokens may provide access to a specific product or service;
Investment Tokens may represent financial claims against the issuer or grant governance rights to their holders (token-holders).
Non-Fungible Tokens (NFTs) tokens that cannot be interchangeable due to their uniqueness. Such a token is tied to specific information or an asset, such as a music track, video, or image.
How are Crypto Assets regulated at the European Union level?
The crypto-sphere is subject to regulation by the MiCA Regulation and MiFID II Directive. MiCA aims to establish uniform rules for crypto-assets in the European Union. In contrast, MiFID II focuses on financial instruments and the provision of investment services. MiCA’s provisions will come into effect from December 30, 2024. However, the final version of the Regulation has already been published and approved as of June 23, 2023. Moreover, specific token categories may also fall under the regulation of MiFID II.
The MiCA Regulation sets standards for identifying and classifying crypto-assets in the European Union. Based on the crypto-assets definition, MiCA differentiates individual tokens into three subcategories: utility tokens, asset-referenced tokens, and electronic money tokens.
Utility Token (as per MiCA interpretation) is a digital token that provides access to goods or services through digital platforms. It lacks financial purposes and is associated with the token issuer. Unlike asset-referenced or electronic money tokens, a utility token is not tied to a specific asset. Its primary purpose is to facilitate the functional use of blockchain systems rather than creating future cash flows.
Asset-Referenced Token is a type of crypto-asset aimed at maintaining price stability by being pegged to multiple fiat currencies, commodities, or other crypto-assets. It can be used for payments and savings. For the public offering or trading such tokens, the issuer must obtain a licence from the competent authority of its EU member state. It is important to note that, unlike utility token issuers, issuers of asset-referenced tokens must submit a “White Paper” for approval to the competent authority of their EU member state. The “White Paper” is considered approved upon the issuer obtaining a licence for the public offering or trading of such tokens on a crypto platform. This requirement is introduced to enhance consumer protection and market integrity.
Electronic Money Token – a crypto-asset tied to a fiat currency and designed for stable payments. Unlike asset-referenced tokens, this token is primarily used for purchasing goods and services. The issuer of such a token must comply with a banking licence or electronic money provider licence requirements (depending on the situation) and publish its “White Paper.” Companies wishing to deal with this crypto-asset do not need a separate licence, as the issuance of this token is regulated by banking and electronic money laws. The issuer must also publish the “White Paper,” notifying the supervisory authority of its EU member state. However, similar to the utility token, the “White Paper” of an electronic money token does not necessarily require approval by the competent authorities of its EU member state.
However, despite the MiCA Regulation closing the existing regulatory gap regarding crypto-assets, it does not affect the regulation of crypto-assets already falling under the existing regulatory framework (e.g., MiFID II).
An interesting point
Notably, some non-fungible tokens (NFTs) remain outside the scope of MiCA Regulation. The Regulation explicitly states: “This Regulation should not apply to crypto-assets that are unique and not fungible with other crypto-assets, including digital art and collectables.”
Nevertheless, MiCA establishes that merely assigning a unique identifier to a token does not indicate its non-fungibility. According to the Regulation, tokens issued in large series may be deemed fungible, and, consequently, issuers and providers may need to obtain the necessary licence. At the same time, NFTs could hypothetically fall under the scope of MiFID II if the token exhibits characteristics of a financial instrument (e.g., representing a tokenized security or tokenized share).
Therefore, non-fungible tokens currently remain outside the realm of precise legal regulation at the EU level. In this regard, we strongly recommend issuers and providers to carefully examine the features and characteristics of each NFT they intend to work with to obtain the relevant licence if necessary and avoid penalties and criminal prosecution.
Considering the aspects reflected in the MiCA Regulation and MiFID Directive, the differentiation of crypto-assets can be illustrated as follows:
And what is the situation with the status of a crypto asset in the Czech Republic?
The status of crypto-assets in the Czech Republic involves a combination of European and Czech legal frameworks, each contributing its definitions and regulations for dealing with crypto-assets. Here are some clarifications based on Czech legislation.
In the Czech Anti-Money Laundering (AML) Act, the term “virtual asset” was established by the legislator. A virtual asset, as defined in the AML Act, is a unit stored or transmitted electronically capable of performing payment, exchange, or investment functions, except when it qualifies as a security, investment, or monetary instrument under the Payment System Act.
According to the AML Act, a virtual asset, in its broad sense, covers all types of crypto-assets described above, excluding tokens exhibiting characteristics of securities and qualifying as investment instruments under the Investment Company and Investment Funds Act.
The Czech National Bank asserts that although Czech legislation does not recognise digital securities (except for dematerialized securities held in central or separate custody), foreign crypto-assets may be considered securities under foreign law. Similarly, Czech or foreign crypto assets may be regarded as derivatives under Czech and foreign law.
From the above, it follows that tokens acting as investments may fall under the definition of an investment instrument under the Investment Company and Investment Funds Act. For instance, a security token could be such an investment instrument. Therefore, anyone wishing to provide services related to security tokens can engage in such activities only based on a licence issued by the Czech National Bank and in line with the Investment Company and Investment Funds Act. A Czech VASP licence would be sufficient in all other cases. Further details about its capabilities are provided in our article “How we helped our client launch a cryptocurrency exchange in the Czech Republic?”
An exciting nuance
Due to the favourable climate in the cryptocurrency sphere in the Czech jurisdiction, individuals without a VASP licence in the Czech Republic are authorised to engage in the following activities:
Simply accepting virtual assets as payment for goods or services;
Managing a mining centre or mining pool;
Issuing in-game currency (i.e., when a computer game operator issues in-game currency, but it is not considered a virtual asset).
Thus, despite the incompleteness of the legal regulation of the crypto sphere, we observe how European legislators are gradually taking steps to fill gaps in the legal status of crypto assets and related activities.
The Czech Republic is keeping pace with overall European trends and is systematically and flexibly introducing new norms to regulate the cryptocurrency industry, creating a favourable landscape for individuals wishing to engage in crypto activities within the Republic.
However, in Czech legislation, like in other jurisdictions, there are specific nuances, especially considering that the MiCA Regulation still needs to be in effect. In such intricacies, the company COREDO can assist you. Understanding the classification of crypto assets and their regulation is crucial for successful business operations in the Czech Republic and the European Union as a whole.