Article Series on Cryptocurreny Regulation

⚠️ Warning
I am definitely not a lawyer, so please inform yourself properly before relying on this summarised information.

With all the fuss about regulation coming to cryptocurrencies, I have been reading up on global, European and Belgian crypto regulation.

Since the focus of this website is still very much security focused, I will try my best to highlight the various security requirements with regard to crypto-assets.

Besides crypto regulation, there is also existing or new security regulation. Most of these are -unsurprisingly- specific to the financial sector. However there is also more encompassing legislation, e.g. the Artificial Intelligence (AI) Act, the Cyber Resilience Act (CRA) or the Critical Entities Resilience (CER) Directive. They all mandate compliance with certain security requirements, for a selection of entities in scope.

Please also note that these requirements often intersect (and overlap 😭) with other risk and compliance domains such as non-financial risk management practices (i.e. operational risk, payment fraud, market abuse), anti-money laundering (know-your-customer, know-your-transaction) etc.

Beware, this subject matter quickly gets pretty complicated... 

• (All Articles)

European regulation 🇪🇺

Crypto specific

• Markets in Crypto-Assets (MiCA) Regulation 
• Pilot Regime for Market Infrastructures based on Distributed Ledger Technology 
• European travel rule for crypto-asset transfers
• Tax transparency rules for crypto-asset transactions (DAC8)

Security related

• (Revised) Network and Information Security Directive (NIS2) 
• Digital Operational Resilience Act (DORA) 
• EBA Guidelines on ICT and security risk management 
• EIOPA Guidelines on ICT security and governance 

Overarching

• Artificial Intelligence (AI) Act
• Cyber Resilience Act (CRA)
• Critical Entities Resilience (CER) Directive

Belgian regulation 🇧🇪

Crypto specific

• Belgian Anti-Money Laundering Act 
• FSMA Communication: Classification of crypto-assets as securities, investment instruments or financial instruments 
• New FSMA Regulation: Rules governing advertisements for virtual currencies 

Global regulation 🌎

Crypto specific

• IOSCO - Policy Recommendations for Crypto and Digital Asset Markets 
• FSB - Global Regulatory Framework for Crypto-asset Activities
• BCBS - Prudential treatment of cryptoasset exposures 
• FATF - Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers

Security related

• CPMI-IOSCO - Guidance on cyber resilience for financial market infrastructures 
• BCBS - Principles for operational resilience and sound management of operational risk, effective risk data aggegration and risk reporting
• BCBS - Principles for the sound management of third-party risk

Acronyms used:

• BCBS: Basel Committee on Banking Supervision's
• CPMI: Committee on Payments and Market Infrastructures
• EBA: European Banking Authority
• EIOPA: European Insurance and Occupational Pensions Authority
• FATF: The Financial Action Task Force
• FSB: Financial Stability Board 
• FSMA: Financial Services and Markets Authority
• IOSCO: International Organization of Securities Commission

Additional reading

Please also have a look the European Commission's Blockchain Strategy and the EC's vision of a legal and regulatory framework for blockchain.

Another interesting read: Smart Contracts, a Law + Technology Perspective by Thibault Schrepel

Digital euro 💶

I am also compiling interesting content on a European central bank digital currency, called the "digital euro". Please refer to Articles Series on Central Bank Digital Currencies (CBDCs)