Article Series on Cryptocurreny Regulation

⚠️ Warning
I am definitely not a lawyer, so please inform yourself properly before relying on this summarised information.

With all the fuss about regulation coming to cryptocurrencies, I have been reading up on global, European and Belgian crypto regulation.

Since the focus of this website is still very much security focused, I will try my best to highlight the various security requirements with regard to crypto-assets.

Besides crypto regulation, there is also existing or new security regulation. Most of these are -unsurprisingly- specific to the financial sector. However there is also more encompassing legislation, e.g. the Artificial Intelligence (AI) Act, the Cyber Resilience Act (CRA) or the Critical Entities Resilience (CER) Directive. They all mandate compliance with certain security requirements, for a selection of entities in scope.

Please also note that these requirements often intersect (and overlap 😭) with other risk and compliance domains such as non-financial risk management practices (i.e. operational risk, payment fraud, market abuse), anti-money laundering (know-your-customer, know-your-transaction) etc.

Beware, this subject matter quickly gets pretty complicated... 

• (All Articles)

European regulation 🇪🇺

Crypto specific

• Markets in Crypto-Assets (MiCA) Regulation 
• Pilot Regime for Market Infrastructures based on Distributed Ledger Technology 
• Update of Regulation 2015/847 on information accompanying transfers of funds ("TFR" or "travel rule")

Security related

• (Revised) Network and Information Security Directive (NIS2) 
• Digital Operational Resilience Act (DORA) 
• EBA Guidelines on ICT and security risk management 
• EIOPA Guidelines on ICT security and governance 

Overarching

• Artificial Intelligence (AI) Act
• Cyber Resilience Act (CRA)
• Critical Entities Resilience (CER) Directive

Belgian regulation 🇧🇪

Crypto specific

• Belgian Anti-Money Laundering Act 
• FSMA Communication: Classification of crypto-assets as securities, investment instruments or financial instruments 
• New FSMA Regulation: Rules governing advertisements for virtual currencies 

Global regulation 🌎

Crypto specific

• IOSCO - Policy Recommendations for Crypto and Digital Asset Markets 
• FSB - Global Regulatory Framework for Crypto-asset Activities
• BCBS - Prudential treatment of cryptoasset exposures 
• FATF - Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers

Security related

• CPMI-IOSCO - Guidance on cyber resilience for financial market infrastructures 
• BCBS - Principles for operational resilience and sound management of operational risk, effective risk data aggegration and risk reporting

Acronyms used:

• IOSCO: International Organization of Securities Commission 
• CPMI: Committee on Payments and Market Infrastructures
• FATF: The Financial Action Task Force
• BCBS: Basel Committee on Banking Supervision's
• FSB: Financial Stability Board 
• FSMA: Financial Services and Markets Authority

Please also have a look the European Commission's Blockchain Strategy and the EC's vision of a legal and regulatory framework for blockchain.

Another interesting read: Smart Contracts, a Law + Technology Perspective by Thibault Schrepel

I will make sure to also add relevant info with regard to the European Central Bank Digital Currency (CBDC), called the "Digital Euro".