(fra kommisjonsforordningen)

(1) To enable competent authorities to assess whether legal persons or other undertakings that intend to offer to the public or seek the admission to trading of asset-referenced tokens (‘applicant issuers’) meet the requirements laid down in Title III of Regulation (EU) 2023/1114 and do not fall in any of the grounds justifying the refusal of authorisation, the information to be provided in an application for authorisation to offer to the public or to seek admission to trading of an asset-referenced token submitted in accordance with Article 18(1) of that Regulation should be sufficiently detailed and comprehensive. 

(2) The applicant issuer should submit information that is true, accurate, complete and upto-date. For that purpose, the applicant issuer should inform the competent authorities of any changes or updates, occurring after the submission of the application, and before the public offer or admission to trading of the asset-referenced token, that relate to the information provided in the application, and that could be relevant for the assessment of the application. Competent authorities should also be able to enquire whether any changes or updates have occurred before the public offer or admission to trading of the asset-referenced token. 

(3) The application for authorisation should contain information on the applicant issuer, including the identity thereof and information on the suitability of the members of the management body and the sufficiently good repute of the shareholders or members, whether direct or indirect, with qualifying holdings. 

(4) The information contained in the application for authorisation would include personal data. In compliance with the principle of data minimisation, enshrined in Article 5(1), point (c), of Regulation (EU) 2016/679 of the European Parliament and of the Council, only the personal data necessary to enable the competent authority to carry out a comprehensive assessment of the applicant issuer, the assessment of the members of its management body, its ability to comply with the prudential requirements of Regulation (EU) 2023/1114, and that the applicant issuer does not fall into any ground of refusal of the authorisation set out in Article 21(2), points (a) to (e), of Regulation (EU) 2023/1114 should be requested. 

(5) To provide competent authorities with a comprehensive overview of the applicant issuers’ current and planned operations and related organisation, the applicant issuers should include in their application for authorisation a programme of operations. 

(6) Issuers of an asset-referenced token that are not crypto-asset service providers or other obliged entities are not subject to Directive 2015/849/EU of the European Parliament and of the Council or to Regulation (EU) 2023/1113 of the European Parliament and of the Council. However, it is crucial that the applicant issuer’s business model is structured in a manner that does not expose the applicant issuer or the financial sector to risks of money laundering and terrorist financing, since that constitutes a ground of refusal of the authorisation. Accordingly, the applicant issuer should provide an overall risk assessment containing adequate information to enable the competent authority’s assessment of the applicant issuer’s business model’s exposure and sensitivity in relation to money laundering and terrorist financing risks. The overall risk assessment should include information on the mechanisms and arrangements related to the issuance, redemption and distribution of an asset-referenced token and the envisaged involvement of crypto-asset service providers in such mechanisms. Where the applicant issuer’s business model would involve arrangements with cryptoasset service providers, the application for authorisation should include a forwardlooking description prepared by such crypto-asset service provider of their internal controls and continuous compliance with the relevant anti-money laundering and counter terrorism financing Union rules. 

(7) Effective internal control frameworks, including risk management and information and information and communication technology (ICT) systems and risk management are crucial to the sound and prudent management of the activities of the applicant issuer and of the reserve assets to prevent, monitor and mitigate operational and other types of risks. Applicant issuers should therefore provide adequate documentation on their internal control framework and ICT risk management framework demonstrating that they comply with Regulation (EU) 2022/2554 of the European Parliament and of the Council. 

(8) Reserves of assets are crucial to ensure the effectiveness of the stabilisation mechanism underpinning the asset-referenced token and the redemption rights of token holders at all times including in case of stress. Together with the application for authorisation, applicant issuers should therefore submit clear and detailed policies on the composition, constitution, segregation, custody and investment management of such reserves of assets. 

(9) Applicant issuers should provide the competent authority with all necessary and sufficient information enabling the competent authority to carry out a comprehensive assessment of the members of the management body with a view to ensure that they meet the suitability requirements and do not fall in any of the grounds of refusal of the authorisation set out in Article 21(2), points (a) and (b), of Regulation (EU) 2023/1114. For that purpose, the application for authorisation should contain the information relevant to the assessment of reputation including sufficient information that allows to verify that the members of the management body have not been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute, to assess their professional experience, knowledge and skills in the areas relevant to financial services, cryptoassets, other digital assets, distributed ledger technology (DLT), digital innovation, information technology (IT), cybersecurity or management and information enable to assess the adequacy of their time commitment. To ensure coherence and coordination among different financial supervisors’ decisions that information should also include any prior assessments provided by competent authorities. 

(10) In respect of shareholders and members directly or indirectly holding qualifying holdings in the applicant issuer, the application for authorisation should contain all information enabling the competent authority to carry out a comprehensive assessment of the sufficiently good repute of such shareholders or members and that they do not fall within the ground of refusal of the authorisation set out in Article 21(2), point (c), of Regulation (EU) 2023/1114. For that purpose, the application for authorisation should contain the information necessary and sufficient enabling competent authorities to verify that those shareholders or members have not been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute and to establish the certainty and legitimate origin of the funds or other assets used to set-up the applicant issuer and finance the business of that applicant issuer. 

(11) This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Banking Authority, developed in close cooperation with the European Securities and Market Authority and with the European Central Bank. 

(12) The European Banking Authority has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Banking Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council. 

(13) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council7 and delivered an opinion on 17 July 2024,