More than the payment itself, it is the companies providing the crypto-assets that are targeted by the legislator. They are not the issuers but act as intermediaries between the decentralised system and the people using the crypto-assets. By holding accounts and data of their users, they must therefore be subject to a special status (I.), attesting to the need to comply with existing obligations (II.).
I. THE STATUS OF THE EXCHANGE PLATFORMS IN CRYPTO-ASSET
To enable payment, platforms provide crypto-asset accounts and the possibility to exchange them for legal currency, stored in an account provided by the company in order to perform the transaction. Once on the dedicated account, the crypto-asset unit can be transferred to any account, with the platform simply retrieving the data to carry out the operation on the instruction of the account holder. These structures are, by the nature of their services, payment service providers (A.), but due to the digital nature of the activity, also personal data processors (B.).
A. A PAYMENT SERVICE PROVIDER
Payment Service Provider status - Payment Service Provider status is of European origin[1]. Transposed into French law[2], a new set of rules relating to payment transactions carried out by means of non-banking payment instruments has been established, reflecting the change in the nature of payment services, which until now has been essentially contractual[3]. A new version of the Directive[4] has been adopted in order to adapt to the new ways in which payment services operate. It thus takes into account the need to open up the EU payments market to companies that offer payment services to consumers or businesses based on access to payment account data, i.e. "payment initiation service providers"[5] and "account information service providers"[6]. Platforms that make accounts available in encrypted form are covered by the directive[7], which has already been transposed into national law[8].
A status outside the banking monopoly - The Payment Service Provider is outside the scope of the banking monopoly. Banking transactions are defined by Article L311-1 of the CMF as the receipt of funds reimbursable to the public, credit transactions and payment banking services[9]. Payment services are removed from the banking monopoly to be offered by both credit institutions and payment institutions. Payment institutions are "legal persons, other than credit institutions, electronic money institutions, ... which provide payment services as a regular occupation"[10]. Payment services are listed[11] and consist mainly of the act of making a payment transaction for another person, defined as any "act of paying, transferring or withdrawing funds, irrespective of any underlying obligation, ordered by the payer on his behalf, or by the payee"[12]. This excludes, in particular, payment transactions between payment service providers for their own account[13]. This means that the payment service provider has no right to dispose of the funds provided unless payment is ordered[14].
The supply of payment services - As the CJUE has recently held that Bitcoin is not a good subject to VAT[15], the ACPR has taken a similar position stating that "in the context of a transaction for the purchase/sale of Bitcoin against legal tender, the intermediation activity of receiving funds from the buyer of Bitcoin and transferring them to the seller is a supply of payment services"[16]. Thus, if the platforms intermediated for the execution of crypto-asset transactions have the status of Payment Service Providers[17]. However, they are not subject to the obligation to respect the right to the account. This position is more consistent[18] than that of the Banque de France[19], which considers that the classification as a means of payment cannot be retained, even though it considers that the activity of exchanging/converting crypto-currency into legal tender falls within the scope of banking regulations[20]. In the absence of monetary recognition, institutions providing only accounts without the possibility of carrying out foreign exchange transactions in legal tender seem to be outside the status of payment service providers, whereas it is clear that minimum regulation is required. It seems then that no distinction is made between a foreign exchange institution and a payment institution, whereas the latter does not necessarily receive funds in legal tender when it only provides accounts in crypto-asset[21].
The existence of a contractual relationship - Regardless of whether the institution offers foreign exchange services, it is a payment service provider since crypto-assets are means of payment. The relationship between the institution and the user is necessarily contractual[22]. It may be a payment account agreement or a deposit account agreement between the user and the credit institution, a specific instrument, or a framework contract for payment services[23]. The latter shall be mandatory where the payment service offered is linked either to an account not subject to a deposit account agreement or to a specific payment instrument[24].. The contract shall specify, in particular, the conditions for the use of the payment service, charges, interest and exchange rates, safeguards and remedies and, finally, the rules for amending and terminating the framework contract[25].
Obtaining prior approval - An intermediary, managing a crypto-asset exchange website and carrying out on behalf of its customers purchase/sale operations against a legal tender currency, performs "a payment service on behalf of third parties"[26]. Consequently, this company provides a service that can be analysed as a payment service within the meaning of Article L314-1 of the Monetary and Financial Code and a financial intermediary activity governed by Article L511-5 of the Monetary and Financial Code and by Article L519-2 of the Monetary and Financial Code, "requiring, in France, approval from the Autorité de Contrôle Prudentiel"[27], similar to the framework established in the United States[28]. The AMF notes that some ICO originators may also be subject to these regulations[29], but points out that in some cases they may be exempted from authorisation as payment institutions or electronic money institutions[30].
B. A PERSONAL DATA CONTROLLER
A crypto-asset: personal data - Personal data is data relating to an identified or identifiable person. Any data exchanged on the "blockchain" relating to an identified or identifiable person (identification thanks to unique cryptographic keys), the data collected must be considered as personal data[31].
The status of personal data controller - As crypto-assets are personal data, they therefore fall within the scope of the law on data processing, files[32] and freedoms and the regulation on the protection of individuals with regard to the processing of personal data and the free movement of such data[33]. Thus, all stored crypto-assets will have to be subject to these obligations, whether they are monetary or commercial "tokens" or financial securities transposed into a "blockchain". This is what emerges from the analysis of respondents to the AMF's consultation on ICOs, which states that the DPMR "could apply when personal data is processed in the course of an ICO operation"[34]. Since it is necessary to identify subscribers and originators of ICOs, there is no doubt that the data collected will be of a personal nature, implying that they will be protected.
All my posts are linked each other, so if you don't understand everything or you want to learn more about crypto-currencies in France please check the links below :
French Legal Aspects of Cryptocurrencies - Introduction 1/2 ;
The BlockChain, A Method of Issuing Dematerialized Securities 1/2;
French Legal Regulation of Crypto-assets Financing Mechanisms (or DeFi) - Lending and Borrowing;
French Legal Analysis of Crypto-payment – An Usefull Alternative Method of Payment 1/2.
[1] EU Directive 2007/64/EC of 13 November 2007 on payment services in the internal market, amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC, OJEU L319/1, 5 December 2007, known as "PSD 1".
[2] Ord. n° 2009-866 of 15 July 2009 relating to the conditions governing the provision of payment services and setting up payment institutions, JORF no. 0162, 16 July 2009, supplemented Decree 2009-934 of 29 July 2009 implementing Order 2009-866 of 15 July 2009 relating to the conditions governing the provision of payment services and setting up payment institutions, JORF no. 0175, 31 July 2009 and two orders of 29 July and 29 October 2009.
[3] J-F. Riffard, « Synthèse 40. Services bancaire », JurisClasseur Banque Crédit Bourse (Maj, 9 sept. 2017), par. 52-53.
[4] Dir. UE n°2015/2366, 25 nov. 2015, concernant les services de paiement dans le marché intérieur, modifiant les dir. 2002/65/CE, 2009/110/CE et 2013/36/UE et le règl. (UE) n°1093/2010, et abrogeant la dir. 2007/64/CE, JOUE L337/35, 23 déc. 2015, dit « DSP 2 ».
[5] Art. L314-1, II,7°, C. mon. fin.
[6] Art. L314-1 II., 8°, C. mon. fin.
[7] DSP2, cons. 27 ; R. Bonhomme, « Instrument de crédit et de paiement – Introduction au droit bancaire », éd. LGDJ, 12ème éd., p. 20, par. 22.
[8] Ord. n°2017-1252, 9 August 2017, transposing Directive 2015/2366 of the European Parliament and of the Council of 25 Nov. 2015 on payment services in the internal market, JORF n°0186, 10 August 2017, known as "Sapin 2".
[9] These three operations delimit banking activity and its monopoly.
[10] Art L522-1 C. mon. fin.
[11] Art. L314-1, C. mon. fin.
[12] Art. L. 133-3, I, C. mon. et fin.
[13] J-F. Riffard, « Synthèse 40. Services bancaire », Jurisclasseur Banque Crédit Bourse (Maj, 9 sept. 2017), par. 54.
[14] Art. L522-4, C. mon. fin.
[15] CJUE 22 oct. 2015, aff. C-264/14, « Skatteverket c/ Hedqvist, Skatteverket c/ David Hedqvist ».
[16] ACPR, n° 2014-P-01, 29 janv. 2014, relative aux opérations sur Bitcoins en France.
[17] P. PAILLER, "Quelles règles pour l'encadrement de la monnaie virtuelle en France", Revue Internationale des Services Financiers, 2014/4, p. 42 ; analysis shared by N. MATHEY, "La nature juridique des monnaies alternatives à l'épreuve du paiement", Revue de Droit bancaire et financier n° 6, nov. 2016, dossier 41, par. 42.
[18] H. Lefebvre, S. Polrot et C. Abitbol, « Moyens de paiement - Blockchain : premier (s) pas vers la règlementation des « cryptomonnaies » et autres actifs numériques », La Semaine Juridique Entreprise et Affaires n° 19, 11 mai 2017, par. 112.
[19] H. Lefebvre, S. Polrot et C. Abitbol, « Moyens de paiement - Blockchain : premier (s) pas vers la règlementation des « cryptomonnaies » et autres actifs numériques », La Semaine Juridique Entreprise et Affaires n° 19, 11 mai 2017, par. 112.
[20] Banque de France, « Les dangers liés au développement des crypto-monnaies : l'exemple du bitcoin », Focus n°10, 5 décembre 2013, p. 6.
[21] P. PAILLER, "Quelles règles pour l'encadrement de la monnaie virtuelle en France", Revue Internationale des Services Financiers, 2014/4, p. 40, who notes that while it is possible for the platform manager to execute payment transactions "still, he must actually collect the funds from the buyer and pay the funds to the seller, activité́ which is not necessarily characteristic for the conversion platform, but rather for the associated payment institution".
[22] Art. L314-13, I. and II., C. mon. fin. which provides for the provision of specific documents.
[23] J-F. Riffard, « Synthèse 40. Services bancaire », Jurisclasseur Banque Crédit Bourse (Maj, 9 sept. 2017), par. 57.
[24] Art. L314-12, C. mon. fin.
[25] J-F. Riffard, « Synthèse 40. Services bancaire », Jurisclasseur Banque Crédit Bourse (Maj, 9 sept. 2017), par. 58.
[26] CA Paris, 26 sept. 2013.
[27] J-F. Riffard, « Synthèse 40. Services bancaire », Jurisclasseur Banque Crédit Bourse (Maj, 9 sept. 2017), par. 4.
[28]V. Jamet, « La « bit licence » Perspective nord-américaine d'un cadre juridique pour un « bit génération » encore en devenir », Revue Internationale des Services Financiers, 2014/4, p. 12.
[29] AMF,« Synthèse des réponses à la consultation publique portant sur les Initial Coin Offering (ICO) et point d’étape sur le programme « UNICORN » », 22 févr. 2018, p.12.
[30] ACPR, position No. 2017-P-01, Oct. 25, 2017, regarding the concepts of "limited network of acceptors" and "limited range of goods and services", transcribed at s. 2017-P-01. L511-7, II, C. mon. fin.
[31] Simmons & Simmons LLP, « Le droit et la technologie blockchain : une approche sectorielle », Contrats Concurrence Consommation n° 10, oct. 2017, étude 10, par. 9.
[32] L. n° 78-17, 6 Jan. 1978, relative à l'informatique, aux fichiers et aux libertés, JORF, 7 Jul. 1978.
[33] EU Dir. No. 95/46/EC, 24 Oct. 1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJEU L281/31, 23 Nov. 1995, known as "PGRD", replaced by Reg. EU Reg. 2016-679, 27 Apr. 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Dir. 95/46/EC (General Data Protection Regulation), OJEU L119/1, 4 May 2016.
[34] AMF, « Synthèse des réponses à la consultation publique portant sur les Initial Coin Offering (ICO) et point d’étape sur le programme « UNICORN » », 22 févr. 2018, p. 12.
[sponsors]
If you want to support that kind of publication, feel free to tip and follow me to be informed of the last content published.