European Union body wants stricter rules for cryptos
5 min readTable of Contents
The European Securities and Markets Authority (ESMA) has called on European Union (EU) lawmakers in Brussels to strengthen cryptocurrency regulation. This could come with external audits of crypto companies’ cyber defenses.
ESMA stated that these measures are essential to protect consumers’ interests. After all, attacks on the cryptocurrency sector have increased dramatically in recent years.
According to a scoop this Wednesday (16) by the Financial Times, the ESMA proposal seeks to amend the Markets in Cryptoassets Regulation (MiCA). This is a comprehensive regulatory framework for cryptocurrencies in the European Union, which is due to come into force in December 2024.
Esma Wants to Level Up Europe's Crypto’s Cyber Armor!
The EU's regulator is pushing for mandatory audits to beef up security after $1.5B got stolen in just 6 months.
With FTX and Binance meltdowns still fresh, Esma says it’s time for exchanges to harden up before the new rules… pic.twitter.com/5D9fbl8IHm
— Mario Nawfal’s Roundtable (@RoundtableSpace) October 16, 2024
With this, MiCA aims to bring more clarity and protection to the crypto sector, which is currently largely unregulated in the European economic area. In addition, this market has been the scene of some scandals, such as the collapse of the FTX exchange.
ESMA seeks crypto regulation in the European Union
As part of its recommendations, ESMA proposed that cryptocurrency companies would need to conduct third-party audits of their systems. These would focus on identifying potential vulnerabilities.
These growing concerns come as regulators are concerned about the sector’s growing susceptibility to cyberattacks, as the European Union is in the midst of a process to regulate the cryptocurrency market.
For example, in the first half of 2024, cryptocurrency platforms are expected to suffer thefts of over $1.5 billion. This represents an 84% increase compared to the first half of 2023, making it even more urgent to improve cybersecurity.
However, the European Commission rejected ESMA’s proposal. According to the body, the idea on the table would go beyond the scope of MiCA.
ESMA declined to comment on the European Commission’s refusal. However, analysts argue that stricter rules are needed due to the growing threat of attacks against crypto companies.
There have been several high-profile cryptocurrency hacks in recent years in different parts of the world. For example, in September this year, hackers stole $45 million from Singapore-based cryptocurrency exchange BingX. Another $230 million was siphoned off from Indian cryptocurrency exchange WazirX months earlier in July.
These incidents further highlight an ongoing need for more robust security protocols across the crypto industry. This is according to Charles Kerrigan, partner at law firm CMS:
“Security is not something you can take lightly.”
Kerrigan emphasizes the need for cryptocurrency ventures to invest in stronger security measures to prevent hacks.
Regulatory pressure increases worldwide
The European Union’s MiCA regulation already requires cryptocurrency companies to comply with a number of security rules to obtain a license. It also institutes anti-money laundering controls and requires senior executives at companies to meet “fit and proper” standards.
However, as cryptocurrency exchanges continue to fall victim to sophisticated cyberattacks, regulators have been calling for more proactive measures.
In addition to ESMA’s push for stricter security oversight, the European Parliamentary Research Service (EPRS) recently called for greater regulation beyond the EU’s borders.
ICYMI: What did #MEPs discuss in the September 2024 European Parliament Plenary session?
Our quick round-up 👇https://t.co/yH8U8lgyKV@berndlange @bbudka @AuroreLalucq @MAStrackZi @FZarzalejos @MHohlmeier @GiuseppeLupoPD @J_Lewandowski @Lucia_Yar @negrescuvictor
— European Parliamentary Research Service (@EP_EPRS) September 23, 2024
The EPRS report highlighted the risks posed by lax cybersecurity measures in non-EU jurisdictions. This is particularly the case in the US, which has highly fragmented regulation of cryptocurrencies, varying from state to state.
As MiCA approaches full implementation, it remains unclear whether the EU will adopt ESMA’s recommendations regarding mandatory external audits.
However, the call for more advanced security standards aligns with ongoing efforts around the world to increase regulation of the crypto sector.
Danger that comes from within
Concerns about possible hacker attacks have not been a focus of European regulators. After all, they seem to be more attentive to possible internal risks of exchanges. For example, they mention the danger of terrorist financing and money laundering by platform users.
Therefore, a large part of the text pending implementation by the EU concerns precisely these types of crimes, aiming to remedy them through heavy surveillance.
The new rules, which still need final approval from EU institutions, aim to identify, trace, freeze, manage and confiscate property and funds deemed to be the proceeds of crime on exchanges.
In other words, if certain cryptocurrency funds are identified as being of criminal origin, EU member states could even confiscate the money.
Spanish Justice Minister Félix Bolaños García endorsed the proposed rules in this regard:
“The profits from criminal activity are staggering. Only if governments have the means to recoup these profits will they have any chance of combating organized crime.”
Another initiative, already mentioned, is the crackdown on potential criminal agents in positions of trust in cryptocurrency companies. Therefore, the EU wants to require heavy surveillance of the names of executives, including verification of suitability.
The basics of the new cryptocurrency regulatory measures were agreed upon by EU authorities in mid-2023. Furthermore, the rules mention crypto assets by their specific name.
Authorities may act if they conclude that the recipient “should have known” that the transfer was intended to avoid seizure.
Industry also seeks security measures
Security concerns are not exclusive to regulatory bodies — both within and outside the European Union. After all, companies also fear potential losses from hacks. That is why they have been adopting an increasingly proactive stance.
A recent PwC survey indicated that 9% of CEOs of large companies want to modernize their cybersecurity infrastructure in the next 12 months. In addition, 45% of them prioritize investing in and optimizing current technology. Finally, 40% of executives emphasize the importance of maintaining security training.
The goal, of course, is to avoid losses. After all, as the study points out, the percentage of companies with losses above US$ 1 million due to data breaches increased from 27% to 36% between 2023 and 2024.
Investments in technology can be especially important for these companies. In fact, the possibility of adopting resources based on artificial intelligence (AI) for cyber defense is one of the most promising applications cited in the PwC research.
