For several years, the KNF, Poland’s financial regulator, took a prudential approach towards cryptoproducts that resulted in several warnings being issued to consumers on the risks connected with cryptoproducts.
In a warning on 11 December 2020, the KNF assessed how various types of tokens (utility tokens, investment tokens, exchange tokens) might be classified legally. The authority pointed out that, despite the lack of proper regulations, tokens resemble other legally regulated services and products and could therefore fall within the scope of the legal framework for other kinds of financial products and services, such as investment funds, loan activities or payment services. Conducting such activity without the relevant legal permissions usually results in a penal or administrative fine. Offering cryptoproducts to consumers (natural persons) also entails additional obligations of the seller towards buyers.The KNF stated that the majority of cryptoservice providers failed to comply with these obligations, and customers were not protected under the procedures of the Act on the Bank Guarantee Fund, or the Act on the handling of complaints by financial market entities and on the Financial Ombudsman.
The KNF’s warnings feature typical examples of fraud perpetrated using cryptocurrencies, including: Ponzi schemes, using ‘cryptomixers’ that make it possible to exchange cryptocurrencies in order to lose proof of records, or using fake authorisation allegedly from national regulatory bodies.
In addition, the KNF and the National Bank of Poland launched a website entitled uwazaj na kryptowaluty (‘beware of cryptocurrencies’) containing information on the risks connected with investing in cryptoproducts.
No wonder the market was reluctant to provide services for businesses dealing in cryptocurrencies. For example, banks were reluctant to open and maintain bank accounts for such entities.
AML V – national solutions
The situation changed noticeably after the EU’s Fifth Anti-Money Laundering Directive (AML V) was transposed to Polish law in the Polish AML Act, which created a new EU-wide environment for entities that deal in cryptoservices and cryptoproducts. The AML V Directive has been implemented in all EU member states.
In Poland, as of April 2021 all entities that
- provide exchanges between cryptocurrencies and other means of payment
- provide exchanges between cryptocurrencies
- act as an intermediary in such exchanges
- maintain accounts that enable authorised persons to use cryptocurrency units, which includes carrying out transactions to exchange them
are required to register in Register of Virtual Assets Activity (“VAAR”) (rejestr działalności w zakresie walut wirtualnych)
New entities are only entered online in the ePuap system. All documents required by the AML Act, such as a statement of knowledge or experience relating to the business of virtual currencies, or a statement of a clean criminal record, must be signed electronically and also presented in electronic form. This may turn out to be a challenge for individuals residing outside Poland. Entities wishing to become registered in the VAAR should first have a Polish tax identification number. The transitional provisions for unregistered entities are not in effect anymore, and entities that offer cryptoproducts without being registered in the VAAR may face administrative proceedings (with a possible fine up to 100,000 złotys). The VAAR is maintained and supervised by the Minister of Finance.
Organisational aspects of conducting cryptoservices in Poland
Cryptocurrency-related services in Poland may be conducted by either a Polish entity registered in Poland or, temporarily, by a foreign entity from another EU country based on the freedom of providing services under the Treaty on the Functioning of the EU (“TFEU”). Organisationally, a large number of international entities have decided to establish a Polish entity or to act as branches in Poland. Only a few have decided to act under the freedom of providing services under the TFEU.
Having a prior licence as a payment institution or investment fund in another EU member state or in Poland does not create any kind of exemption from the requirement to register in the VAAR.
Several stumbling blocks can be found in the newly-created AML V Directive regime. One perfect example is the lack of a ‘passporting regime’. Entities already registered in one EU country have to repeat the registration procedure in other EU countries if they wish to provide services there. Some EU member states have decided to ‘gold-plate’ the requirements imposed by the AML V Directive, meaning that entities have to undergo additional procedures in order to be able to offer their products.
The MiCa Regulation
The discrepancies that exist among EU member states were noticed by European institutions, and the EU Commission, in cooperation with the European Council, proposed a new regulation for the market in cryptoassets (MiCa Regulation).
The primary goals of the Regulation are to create equal opportunities for entities to expand cryptoservices in every EU member state, to ensure the security of transactions, and to protect consumers.
The Regulation will be enforceable in every EU member state without the need for implementation as was the case with the AML V Directive. The Regulation provides a new framework for offering cryptoassets in the EU. We still await publication of implementing provisions by the Polish legislator and supranational bodies such as the EBA or ESMA.
The Regulation introduces some new solutions:
- It makes a distinction between three types of tokens: asset-referenced tokens, utility tokens and e-money tokens, each of which have different requirements for their issuance and issuer, including preparing a ‘white paper’ subject to the national regulator’s consent on possible investment risks.
- The EBA may categorise certain coins as ‘significant’. Such a classification will mean that the issuer must comply with stronger capital, investor and EBA supervisory requirements.
- It introduces a category of cryptoasset service providers (CSPs) whose services include, e.g., operating a trading platform for cryptoasset, the exchange of cryptoassets for fiat currency and other cryptoassets, or providing advice on cryptoassets. CSPs will be subject to extended supervision by the national regulators. CSPs will have to provide detailed risk information, inner control documentation, AML procedures, complaint procedures, minimum capital, and non-discriminatory trade procedures and outsourcing.
- It introduces ‘passporting regimes’ for CSPs registered in one EU member state to facilitate offering services throughout the EU.
- It obliges CSPs to report ESG issues.
- It seeks to eliminate market abuse, insider trading and market manipulation by establishing fines for such activities (up to €5,000,000 for companies).
The Regulation is not addressed to cryptoproducts that fall within the MiFiD, PSD 2 or MAAR regulations or those that are offered for parent companies or subsidiaries.
The MiCa Regulation is a milestone for crypto businesses and for customers, though at present it is hard to evaluate how effective the new regulations will be. Judging from the scope of the solutions proposed, it seems that the regulatory direction will be beneficial, both for entities that offer cryptoservices and for customers investing in cryptoproducts.