In addition to the optional visa available for all issuers of Initial Coin Offerings, the French Pacte Law establishes a regulated status as a Digital Assets Services Providers or "DASP".
As it stands, the implementing regulations have not yet been published and will come into force towards the end of 2019.
1. DIGITAL ASSET SERVICES COVERED
The French Pacte Law sets out a framework for various services and provides for mandatory registration for some of them, while others are only subject to optional approval.
2. REQUIREMENTS TO BE MET FOR ALL DASPS
First of all, it should be noted that a permanent presence in France is required since it is necessary to be established or registered in France in order to be covered by the provisions of the French Pacte law.
Whether in the context of registration or accreditation, and regardless of the service provided, all DASPs are all subject to the following requirements:
1° Business operating programme – The draft decree provides that the applicant must submit an operating programme for the two years following registration/approval, which contains information on the activities carried out, the categories of digital assets concerned, the geographical distribution of activities, human resources, outsourced activities, the resilience of the IT system, the management of conflicts of interest, the systems for controlling the company's activities, internal control and risk management, the AML/CFT system.
2° Professional indemnity insurance (PII) or equity – The draft decree leaves the choice to the service provider to have either PII or equity. In the event that it has PII, it is expected that the insurance contract guarantees are sufficient and adapted to the service provided and amount to at least €400,000 per claim and €800,000 per insurance year.
If the service provider opts for equity, it should permanently possess an equity level at least equal to one quarter of the overheads and amounting to at least €50,000 for services without holding client funds and €150,000 for services involving holding client funds. For the custody service, it is proposed to require different levels of equity depending on the value of the portfolio of digital assets held on behalf of third parties. It is also proposed that the maximum level of equity capital should be €3.8 million. An instruction would specify the methods for calculating equity.
3° Adequate security and internal control system – The aim is to apply some essential principles of European rules and in particular Commission Regulation (EU) 2017/565 of 25 April 2016 ("MiFID 2"). A principle of proportionality of these requirements in relation to the activity of the service provider is also provided for in order to allow flexibility in the application of these rules.
4° Resilient and secure IT system – The purpose is to provide provisions to ensure that DASPs have a resilient and secure IT system (competent and sufficient IT staff, effective IT system security against cyber attacks, in particular, regular tests, notification to the AMF of any significant breach of their systems, secure access to IT systems).
5° Management of conflicts of interest – The aim here is to establish provisions for the prevention and management of conflicts of interest (conflict of interest management policy).
6° Communication of clear, accurate and not misleading information to the client – The draft decree provides for a series of information to be communicated to the client (risk warning, definition of technical information related to digital assets, use of language that is easily understandable by the client, information on past and future performance).
7° Claims policy and transparency of pricing policies – Finally, the RGAMF stipulates that a digital assets services providers must establish a claims management policy (free of charge for customers) and an effective pricing policy that is published on their websites.
8° Rules of good conduct – The draft decree lays down a general obligation to act in an honest, loyal and professional manner.
9° Written agreement – It is provided that the service provider concludes a written agreement with his client which includes minimum information (rights and obligations, nature of the services provided, pricing, validity period, confidentiality).
3. REQUIREMENTS FOR SERVICE PROVIDERS SUBJECT TO MANDATORY REGISTRATION
The French Financial Markets Authority (AMF) will verify that the persons who effectively manage the service provider and natural persons who either directly or indirectly hold more than 25% of the service provider's capital or voting rights, or exercise, by any other means, a power of control over the service provider, have the integrity and competence to carry out these activities. The AMF also verifies that shareholders guarantee the sound and prudent management of the digital asset service provider.
The draft decree provides for a series of information and documents to be communicated (the list has not yet been published) to the AMF, including information on the identity of effective directors and shareholders, and documents certifying that they are not or have not been the subject of a criminal conviction or a prohibition to carry on an activity.
In addition, documents attesting to sufficient knowledge and skills (e.g. curriculum vitae) will also be requested to ensure that these managers understand the activities carried out and the risks associated with them. They must have at least six months' experience or qualifying training in digital assets, accounting, banking or other financial activities.
Providers will also be required to demonstrate that they have policies and processes in place to comply with anti-money laundering and anti-terrorist financing obligations.
4. REQUIREMENTS FOR OPTIONAL APPROVAL
The draft decree provides for the applicant to prepare a file containing a whole series of information and documents:
of a general nature: name or corporate denomination, list of services provided, incorporation documents of the company, on the identity of managers and shareholders holding more than 25% of the capital or voting rights, as well as their knowledge, skills and integrity and on the identity of direct or indirect shareholders holding at least 10% of the capital or voting rights;
of a financial nature: information on the financial situation, forecast data, planning assumptions, regulatory financial statements, reports of the auditor, if applicable, establishing the existence of a professional liability or equity contract of a sufficient level;
concerning the organisation of the company, including a programme of activities;
relating to the operating rules of a trading platform for digital assets, if applicable.