Understanding Dual Licensing for Payment Processors Accepting Fiat and Crypto Payments: PSD2 and MiCA Compliance
When a company or payment processor operates in both traditional fiat currency and the rapidly evolving crypto-asset space, a key question arises: does the entity need to be licensed under both the Payment Services Directive 2 (PSD2) and the Markets in Crypto-Assets Regulation (MiCA)? The answer, in most cases, is yes. Below, we break down the circumstances under which dual licensing would be required.
1. Payment Service Provider (PSP) License under PSD2
The PSP license is required under the Payment Services Directive 2 (PSD2) for entities that facilitate the movement of fiat currency. This typically covers the following activities:
- Facilitating Payments in Fiat Currency: When a payment processor enables the transfer of fiat payments from customers to merchants (e.g., credit card processing, bank transfers, or direct debits), it is engaging in regulated payment services. For instance, if a company operates a platform where customers pay in euros, and these funds are subsequently transferred to a merchant’s account, this activity falls squarely under the remit of PSD2.PSD2 was enacted to promote transparency, security, and competition in the EU payment services market. It sets out licensing requirements to ensure that companies operating in this space adhere to strict regulatory standards, including consumer protection, security measures, and anti-money laundering (AML) obligations.Example of PSP Activities:
- An e-commerce payment gateway that accepts credit card payments on behalf of merchants.
- A platform that transfers fiat funds between users (e.g., a digital wallet or a peer-to-peer payment service).
In these cases, the entity must hold a PSP license issued by the relevant national regulator (e.g., the Central Bank of Cyprus). Without this license, the entity would be in violation of EU law and unable to legally offer these payment services.
2. Crypto-Asset Service Provider (CASP) License under MiCA
On the other hand, if the same entity is involved in crypto-related activities, it may also need a Crypto-Asset Service Provider (CASP) license under MiCA. MiCA specifically regulates activities involving crypto-assets, which are distinct from traditional fiat currency. The types of activities that would necessitate a CASP license include:
- Accepting and Exchanging Crypto-Assets: If the processor accepts crypto-assets as payment and either exchanges them for fiat currency or for other crypto-assets, it is engaging in crypto-asset services. For example, a processor that accepts Bitcoin or Ethereum on behalf of merchants and subsequently converts these crypto-assets into euros or dollars would require a CASP license.
- Transferring Crypto-Assets: If the entity facilitates the transfer of crypto-assets from one user to another or between wallets, this activity also falls under MiCA and would require appropriate licensing. This could include, for instance, providing wallet services or crypto-custody services.
MiCA introduces a comprehensive framework for the regulation of crypto-assets across the EU, aiming to establish uniform rules for the issuance, offering, and provision of services related to crypto-assets. It also covers requirements related to AML, consumer protection, and market integrity.
Example of CASP Activities:
- A payment processor that allows merchants to accept payments in Bitcoin and then converts those payments into fiat currency for the merchant.
- A company that facilitates crypto-to-crypto transactions, such as allowing a user to pay in Ethereum and converting it into Bitcoin for the merchant.
In these cases, the entity would need to obtain a CASP license from the relevant national authority (e.g., CySEC in Cyprus), which regulates crypto-asset services under MiCA. This license ensures that the entity complies with EU-wide rules governing the safe and transparent handling of crypto-assets.
3. Overlapping Activities: Why Both Licenses May Be Required
If a payment processor operates in both fiat and crypto spaces—accepting payments in euros as well as Bitcoin—it would be engaged in activities regulated by both PSD2 and MiCA. Each regulatory framework governs distinct aspects of financial and crypto transactions, which means that the entity must comply with the specific obligations of both regimes.
- Fiat Transactions: Governed by PSD2, which requires a PSP license to ensure security, consumer protection, and compliance with payment regulations in the EU.
- Crypto Transactions: Governed by MiCA, which requires a CASP license to ensure that crypto-asset services are conducted in accordance with EU-wide standards for transparency, security, and market integrity.
For example, a company that processes payments for e-commerce merchants and accepts both fiat (such as credit card payments) and crypto (such as Bitcoin payments) would likely need to:
- Obtain a PSP license for its fiat payment operations.
- Obtain a CASP license for its crypto-related services.
Operating without either of these licenses, when required, could expose the company to significant legal risks, including fines, enforcement actions, and even the suspension of its business activities within the EU.
4. Conclusion: The Necessity of Dual Licensing
In conclusion, a payment processor accepting both fiat and crypto payments would most likely require both a PSP license under PSD2 and a CASP license under MiCA. The PSP license would cover the entity’s fiat-related payment services, while the CASP license would regulate its activities in the crypto-asset domain.
It is crucial for such entities to carefully assess their business operations to ensure they comply with both PSD2 and MiCA. Failure to obtain the necessary licenses could result in regulatory sanctions and legal repercussions.
If you require assistance in navigating these regulatory requirements or need help with the application process for obtaining a PSP or CASP license in Cyprus, our team can provide you with the necessary guidance and support.