Under the European Commission's proposed reforms to AIFMD and UCITS V (see here) and the various drafts of the EU Markets in Crypto-assets Regulation ("MiCA"), including the latest European Parliament version (see here), depositaries and custodians of funds and custodians providing services regarding crypto-assets could become subject to increased liability and other obligations. This blog considers the main due diligence and liability aspects of these proposals.
Depositaries of AIFs and UCITS, and custodians as delegates of such depositaries, should note the important liability issues raised by the European Commission's proposed reforms to AIFMD (Directive 2011/61/EU) and UCITS V (Directive 2009/65/EC), and custodians as crypto-asset service providers under MiCA should consider the proposed custodian liabilities under MiCA.
Currently, under AIFMD and UCITS V, a depositary must perform extensive due diligence respecting delegates (entities to whom it delegates holding the fund's financial instruments) and has high liability for loss of financial instruments held by the depositary or its delegates. However, holding financial instruments with a securities settlement system is specifically stated not to be delegation (consistently with market practice, where liability for market infrastructures is impractical).
Under the Commission's proposals to reform AIFMD and UCITS V, if a depositary (or delegate) holds financial instruments with any central securities depository (CSD), this will be regarded as delegation, unless the CSD acts as an issuer CSD – defined in Commission Delegated Regulation (EU) 2017/392 as a CSD providing the core service in point 1 or 2 of Section A of the Annex to CSDR (Regulation EU (909/2014), namely:
(1) Initial recording of securities in a book-entry system (‘notary service’); or
(2) Providing and maintaining securities accounts at the top tier level (‘central maintenance service’)".
Consequently, unless the CSD acts as an issuer CSD (which may not be obvious), where a depositary holds financial instruments with a CSD, the CSD will be a delegate, and the same high level of due diligence and liability will apply to the depositary as when using other delegates. Similarly, where financial instruments are held with the CSD by a depositary's delegate, the delegate will be subject to due diligence obligations.
Imposing liability for market infrastructures is a radical change. If this proposal remains in the final text, depositaries and custodians will need to review their delegation models, assess what additional due diligence is required, and evaluate the cost of their additional liabilities.
Liability imposed on custodians respecting crypto-assets
Although existing legislation does not impose specific liability for loss on custodians, the following custody liability requirements are proposed in MiCAR.
A custodian holding reserve assets for an issuer of asset-referenced tokens must, if financial instruments or cryptoassets are lost, return identical assets or their value to the issuer without undue delay, unless it can prove the loss arose from an external event beyond its reasonable control, the consequences of which would have been unavoidable despite all reasonable efforts to the contrary (similar wording in Commission Proposal, European Parliament text and Council Mandate text). This resembles depositary liability wording in AIFMD and UCITS V, suggesting that asset-referenced tokens are viewed as similar to funds.
A custodian must compensate its client if it is impossible to return to the client the crypto-assets (or means of access), unless due to events not directly or indirectly attributable to the custodian (European Parliament text).
A custodian shall be liable for loss of cryptoassets (or means of access) resulting from an incident attributable to provision of the service or operation of the service provider, capped at the market value of the cryptoassets lost (Council Mandate text)
Note, ‘custody and administration of crypto-assets on behalf of third parties’ is defined as "safekeeping or controlling, on behalf of third parties, crypto-assets or the means of access to such crypto-assets, where applicable in the form of private cryptographic keys". The inclusion of "controlling" makes this much wider than normal definitions of custody.
Custodians entering the crypto-assets space should carefully consider their risk appetite in relation to these liabilities and the broad definition of custody.
Author: Madeleine Yates