Crypto companies, beware of the PSAN decree!

with No Comments

Most companies in the cryptocurrency sector will soon be affected by the consequences of Decree No. 2019-1213 of November 21, 2019 on digital asset service providers (DASPs). The deadline is short: the last texts implementing the decree (two instructions and the amendment of the General Regulation of the Autorité des Marchés Financiers) are expected during December.

The publication of the PSAN decree in the official gazette on November 22, 2019 has generated enthusiasm among crypto companies. Nevertheless, the devil is in the details. If the broad outlines of the new French regulation have been broadly seen, the consequences are not always fully understood, which may cause painful awakenings.

I - The broad outlines of the French PSAN regulation

The ecosystem has welcomed the reinforced right to account. The legislation has also recognized a specific legal status for PSANs in ten categories. Eventually, there will be three sets of actors that will be affected differently by the regulation.

Reinforced right to accounts

The PACTE law and its implementing decree have created a reinforced right to account in favor of crypto companies. But, let's be clear: the benefit of this regulation will not apply to all companies in the sector.

It can only be invoked by companies that have: i) been registered with the Autorité des Marchés Financiers (AMF) or ii) received the AMF's approval for Initial Coin Offerings or optional PSAN approval.

Recognition of the PSAN status

According to article L54-10-2 of the Monetary and Financial Code, the activities of digital service providers are now grouped into ten categories

1) the service of conservation of digital assets on behalf of third parties,

2) the service of purchase or sale of digital assets in legal tender,

3) the service of exchanging digital assets for other digital assets,

4) the operation of a digital asset trading platform,

5) the services:
(a) the receipt and transmission of orders in digital assets on behalf of third parties,
b) portfolio management of digital assets on behalf of third parties,
c) advice to subscribers of digital assets,
d) underwriting of digital assets,
e) secured placement of digital assets,
(f) unsecured placement of digital assets.

It is critical for ecosystem players to see which category they belong to. With the category or categories defined, crypto companies will be able to see which regulation applies to them.

The PSAN regulations result in three sets of actors:

  • Actors subject to mandatory registration: These are PSANs related to 1 (the third-party custody service of digital assets) and 2 (the service of buying or selling digital assets for fiat).
  • Actors wishing to obtain optional AMF approval: they belong to crypto companies registered in categories 1 and 2 (which additionally wish to have AMF approval) or in categories 3 to 5, for which registration is not compulsory but which may benefit from AMF approval.
  • Actors not subject to the registration obligation and who do not wish or cannot meet the criteria for AMF approval (these are categories 3 to 5).

II - Points to be noted

The complexities of regulations often scare away the crypto sector players who sometimes tend to want to ignore them. However, in this case, it is important that everyone realizes that some provisions of the new regulations are mandatory and that their non-compliance will lead to criminal sanctions.

Some points of the regulation are not optional but mandatory 

Article L. 54-10-3 of the Monetary and Financial Code provides that before carrying on their activity, providers of the services mentioned in 1) and 2) of Article L. 54-10-2 must be registered by the Autorité des marchés financiers.

Article L. 54-10-4 of the same code specifies that the practice of the profession of provider of the services mentioned in 1) and 2) of Article L. 54-10-2 is prohibited to any person who has not been previously registered by the AMF.

While point 2) concerning the service of buying or selling digital assets for fiat is relatively easy to identify, point 1) related to the service of custody of digital assets on behalf of third parties poses more difficulties.

According to Article D. 54-10-1 of the Monetary and Financial Code, this first category is defined as follows:

"The service of conservation of digital assets on behalf of third parties is the fact of controlling, on behalf of a third party, the means of access to digital assets registered in the shared electronic recording device and of keeping a register of positions, opened in the name of the third party, corresponding to its rights on the said digital assets."

"The custody service provider thus defined processes events affecting the digital assets or the associated rights under conditions defined by the general regulations of the Autorité des marchés financiers."

"When the cryptographic technique used by the shared electronic recording device on which the digital assets are recorded is asymmetric cryptography, the means of access to a digital asset are private cryptographic keys."

The holding of private keys and the maintenance of a position register on behalf of a third party, which characterize category 1), can therefore be found in many activities of technical service providers. It is therefore essential for these providers to see whether their activity corresponds to the terms of the above-mentioned definition.

As the article does not distinguish between a principal or accessory professional activity, the companies concerned are directly targeted if they carry out such an activity, even on an accessory basis.

Penalties for non-compliance with regulations

Compliance with regulations should not be ignored, as the Monetary and Financial Code provides for criminal sanctions. Article L. 572-23 states that "Any person subject to the reporting obligation mentioned in Article L. 54-10-3 who fails to file a report or provides inaccurate information to the AMF is liable to a one-year prison sentence and a €15,000 fine."

"Any person acting either on his own behalf or on behalf of a legal entity who fails to comply with one of the prohibitions provided for in Article L. 54-10-4 is liable to two years' imprisonment and a fine of €30,000."

Nevertheless, these sanctions will only be applicable after the adoption of all the implementing regulations for this new regulation. These documents should be published during December 2019.

As of that date, registration procedures will be mandatory. The law provides for a transitional period of 12 months from the publication of the implementing regulations to register with the AMF for persons already carrying out activities 1 and 2.

Please note that this exemption is not valid for companies that will start their activity after the publication of the last application text. These companies will have to register with the AMF prior to any activity. Otherwise, criminal sanctions will apply to them.


This regulation, which was expected, may not make only happy people. The instructions in preparation (the PSAN instruction related to the cybersecurity requirements framework, the instruction related to the regime applicable to digital asset service providers) and the amendment of the AMF General Regulation will aim above all to protect investors and ensure the sustainability of the services provided.

There will be a lot of requests but the elected officials will not be as numerous and in this framework small companies will clearly be disadvantaged.