RTS on competent authority information exchange

Similarly, to ensure that competent authorities can effectively supervise the issuance of asset-referenced tokens, competent authorities should exchange information relating to the technical characteristics of such tokens. In addition, they should exchange information necessary to ensure that asset-referenced tokens are only issued by authorised persons, and offered by the issuer or by a person authorised by the issuer. Furthermore, in order to assess whether an issuer of asset-referenced tokens complies with Title III of Regulation (EU) 2023/1114, competent authorities should exchange information and documents on the prudential requirements and governance arrangements of the issuer, including its management body, its suitability and its shareholders as well as any imposed administrative penalties and measures, enforcement actions and information on the issuer’s relevant compliance and conduct history.

Competent authorities should, in order to be able to effectively monitor the issuance of e-money tokens, exchange information relating to the technical characteristics of such tokens. Furthermore, competent authorities should exchange information to ensure that e-money tokens are issued by entities referred to in Article 48(1) of Regulation (EU) 2023/1114, to ensure that such issuers comply with the relevant requirements in Title IV of that Regulation, and to exchange information on any imposed penalties and measures, enforcement actions and information on the issuers’ relevant compliance and conduct history.

To ensure effective monitoring of crypto-asset service providers, competent authorities should exchange general information, constituting documents and other documents that provide insight into the structure and operational activities of such providers. For the same reason, competent authorities should also exchange information about the authorisation process and the subsequent compliance with Title V of Regulation (EU) 2023/1114. This information should include information on the management body of crypto-asset service providers, its suitability to manage such providers, and the reputation of its members, as well as information about shareholders, imposed penalties and measures, enforcement actions and information of the providers’ relevant compliance and conduct history.

Competent authorities should also exchange relevant information on suspicions of market abuse in order to discharge their supervisory duties in a comprehensive manner.

Finally, competent authorities should exchange information regarding any suspicions of irregularities in the activities of natural and legal persons falling within the scope of Regulation (EU) 2023/1114, as well as details of any risks such irregularities could pose to investor protection or financial stability.

The exchange of information between competent authorities in relation to investigation, supervision and enforcement activities should be carried out in compliance with the right to protection of personal data of the persons concerned, as set out in Articles 7 and 8, respectively, of the Charter of Fundamental Rights of the European Union and must comply with Regulation (EU) 2016/679 of the European Parliament and of the Council(²)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).. It follows that only personal data that are necessary for the purpose of investigation, supervision and enforcement activities under Regulation (EU) 2023/1114 are exchanged and that those data are not kept longer than necessary for that purpose.

This Regulation is based on the draft regulatory technical standards drafted by the European Securities and Markets Authority (ESMA) in close cooperation with the European Banking Authority and submitted to the Commission.

ESMA has requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council(³)Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj)..

ESMA has not conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, nor has it analysed the potential related costs and benefits of introducing such standards, as that would have been highly disproportionate in relation to the scope and impact of those standards, taking into account that this Regulation only affects competent authorities and not market participants.

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council(⁴)Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj). and delivered an opinion on 27 May 2024,