On 8 March 2018 the European Commission submitted a Proposal for a Regulation of the European Parliament and of the Council on European Crowdfunding Service Providers for Business. Now, over two years later, the final compromise text has been published.

The proposal sets out the authorisation and operating conditions for equity and loan based crowdfunding platforms across the EU and aims to address the problems that a lack of consistent regulation has caused.

In particular, the proposal recognises that having a legal framework that is fragmented along national borders creates substantial legal compliance costs for retail investors, who often face difficulties which are disproportionate to the size of their investment in determining the rules applicable to cross-border crowdfunding services. As a result, investors are often discouraged from investing cross-border via crowdfunding platforms.

The proposal also recognises that because crowdfunding activities have consequently remained largely national this has been to the detriment of a Union-wide crowdfunding market, thus depriving businesses of access to crowdfunding services, especially in cases where those businesses operate in smaller national markets.

The Commission's aim is to set a consistent framework, which will facilitate a cross-border market while providing the necessary investor protection. It lays down uniform requirements for the operation, organisation, authorisation and supervision of crowdfunding service providers ("CSPs"), as well as for transparency and marketing communications in relation to the provision of crowdfunding services in the Union. This article specifically examines the operation, organisation and authorisation requirements specified under the proposal. In a later article we will consider the provisions that deal with ensuring investor protection.

What services will be covered?

The Regulation will apply to the those that provide crowdfunding services in the form of matching the business funding interest of investors and "project owners" (ie those seeking funding) through the use of a crowdfunding platform (defined as a publicly accessible internet-based information system), which consist of facilitating the granting of loans and/or placing of transferable securities and other permitted financial instruments ("investments") issued by project owners or SPVs.

Given the express purpose of the Regulation is to help SMEs, it would not apply where the "project owner" is a consumer, nor to offers by a single project owner with a consideration of over €5 million over a 12 month period.

While CSPs may provide various other services, the proposal is clear that Member States may not require them to be authorised as credit institutions either for facilitating granting of loans or for accepting client funds which will be used for investing into crowdfunding projects. But, of course, the other services may require authorisation under separate legislation – for example, the Regulation will not permit CSPs to act as payment services providers without appropriate authorisation. However, there would be a specific exemption from the Markets in Financial Instruments Directive ("MiFID") for CSPs. Finally, while the proposals does not specifically require CSPs to be subject to EU anti-money laundering legislation, it suggests it is likely to be appropriate, but applied on proportionate basis.


Loans included in the scope of the proposal are loans with unconditional obligations to repay the amount owed to the investor, whereby lending-based crowdfunding platforms merely facilitate investors and project owners to conclude loan agreements without acting as a creditor of the project owner.

Investment-based crowdfunding

In relation to investment-based crowdfunding, transferability is an important safeguard for investors to be able to exit their investment since it provides a legal possibility to dispose of their interest on the capital markets. The proposal therefore covers crowdfunding services related to transferable securities as the concept is widely understood, but also recognises the position of private limited companies. Shares of certain private limited liability companies are allowed, so long as they are not subject to restrictions that would effectively prevent them from being transferred, including restrictions on the way in which they are offered to the public.

Initial Coin Offerings ("ICOs")

While the Commission recognised that ICOs can help to fund SMEs, they are excluded from the proposal as their characteristics are considerably different from the services the Regulation is intended to cover.

What will be the conditions for authorisation as a CSP?

Applicants for CSP authorisation must apply to the competent authority in the Member State of their establishment, providing information about:

  • the legal status and constitution of the CSP
  • the platform website
  • its programme of operations
  • the CSP's governance arrangements
  • how the CSP will manage its data processing systems
  • its operational risks
  • its prudential safeguards
  • its business continuity plan
  • its managers
  • its internal controls to prevent those involved with it from engaging as project owners (see below)
  • its outsourcing arrangements
  • its complaints handling procedures
  • how it will provide payment services
  • how it will verify required information
  • its procedures in relation to investment limits for non-sophisticated investors.

Applicants that are already authorised under relevant EU laws covering credit institutions, investment firms, e-money institutions or payment services providers need not provide information that they have previously provided to the regulators.

Competent authorities are to assess, within 25 working day of receipt of an application, whether an application is complete, by checking that all of the information required has been provided. Where an application is not complete, competent authorities will set a deadline by which the prospective CSP is to provide the missing information. Should an application remain incomplete after the deadline set, the competent authority may refuse to review the application. The competent authority must then make a decision on whether to grant authorisation, and the authorisation should specify which services the provider is authorised to provide.

The proposal stresses that CSPs may also carry on other activities, so long as permitted under EU or national law.

In order to facilitate transparency for investors, the proposal also requires the national regulator to tell the European Securities and Markets Authority ("ESMA") when it approves and application, and requires ESMA to establish a public and up-to-date register of all authorised CSPs and of all operating crowdfunding platforms in the Union.

What will be the operational requirements?

Crowdfunding services may be provided only by legal persons that are established in the EU and have been authorised as CSPs. Once authorised, they must meet a number of high-level organisational and operational standards:

  • Acting honestly, fairly and professionally – CSPs must act honestly, fairly and professionally in accordance with the best interests of their clients
  • Not paying or accepting any remuneration, discount or non-monetary benefit – CSPs must not pay or accept any remuneration, discount or non-monetary benefit for routing investors' orders to a particular crowdfunding offer made on either their platform, or a third party platform
  • Considering the investor's chosen parameters or risk indicators – CSPs may propose to individual investors specific crowdfunding projects which correspond to one or more specific parameters or risk indicators chosen by the investor. However, investors are required to review and expressly take an investment decision in relation to each individual crowdfunding offer.

CSPs may provide individual portfolio management of loans but must do so according to the parameters provided by the investors and take all necessary steps to obtain the best result possible for investors. Further, CSPs are required to disclose to investors the decision process they use when acting on a discretionary mandate, but may then make decisions within the agreed parameters without requiring investor consent.

Effective and prudent management. The requirement to have effective and prudent management includes:

  • Establishing adequate policies and procedure – CSPs must have adequate policies and procedures to ensure effective and prudent management, including the segregation of duties, business continuity and the prevention of conflicts of interest, in a manner that promotes the integrity of the market and the interest of their clients;
  • Establishing appropriate systems and controls – the management of CSPs should establish, and oversee the implementation of, appropriate systems and controls to assess the risks related to the loans intermediated on the platform, and those that allocate investor loans between projects should have appropriate risk and financial modelling controls; and
  • Assessing the credit risk – where a CSP determines the price of a crowdfunding offer, it must carry out a reasonable assessment of the credit risk and the price, based on set criteria, monitor its compliance with these conditions and keep appropriate records to demonstrate compliance".

Undertaking due diligence – CSPs should undertake at least a minimum level of due diligence in respect of project owners to include (1) evidencing that the project owner has no criminal record for breach of national commercial, insolvency, financial services, anti-money laundering or fraud laws or national professional liability obligations, and (2) evidencing that the project owner is not established in a non-cooperative jurisdiction or in a high-risk third country.

Portfolio management of loans – where a CSP offers individual portfolio management of loans (essentially, auto-investing for investors) the mandate from the investor must include that every loan in the portfolio will have to comply with at least two of the criteria on maximum and minimum interest rates and maturity dates, range and distribution of risk categories and reasonable certainty of achieving a target return. The CSP must have in place processes and methodologies to assess these factors. Records of mandates will need to be kept, and the CSP will need to keep records on every investment for at least 3 years after its maturity and report on the investor's request on the composition of the portfolio with details of the investments.

Complaints handling – CSPs must have in place and publish descriptions of effective and transparent procedures for the prompt, fair and consistent handling of complaints. Clients must be able to file complaints against CSPs free of charge and CSPs must develop and make available to clients a standard template for complaints, keeping a record of all complaints received and the measures taken. CSPs should investigate all complaints in a timely and fair manner and communicate the outcome within a reasonable period of time.

Conflicts of interest – CSPs must not have any participation in any crowdfunding offer on their crowdfunding platforms, and may not have shareholders who hold 20% or more of share capital or voting rights, or individuals linked to them, acting as "project owners". CSPs that accept such persons as investors in the projects offered on their crowdfunding platform are required to fully disclose this on their website, ensure that these investments are made under the same conditions as those of other investors and ensure that these investors do not enjoy any preferential treatment or privileged access to information.

In addition to this, CSPs are required to maintain and operate effective internal rules to prevent conflicts of interest and take all appropriate steps to prevent, identify, manage and disclose conflicts of interest. CSPs are required to disclose to their clients the general nature and sources of conflicts of interest and the steps taken to mitigate those conflicts.

Outsourcing – when relying on a third party for the performance of operational functions, CSPs should take all reasonable steps to avoid additional operational risk. Additionally, the CSP will remain fully responsible for the activities, and outsourcing of operational functions should not impair the quality of the CSP's internal control and the ability of the competent authority to monitor the CSP's compliance with the proposal.

Client asset safekeeping and providing payment services – where asset safekeeping services and payment services are provided CSPs should inform their clients about the nature and terms and conditions of those asset safekeeping services, whether those services are provided by them directly or by a third party, and whether payment services are provided by the CSP or through a third party provider acting on their behalf. It sets requirements to protect investors where CSPs provide payment transactions, and where instruments are held in custody.

Prudential requirements – CSPs to have in place at all times prudential safeguards, within set criteria based on own funds, appropriate insurance or a mixture of the two, that are equal to an amount of at least the highest between (1) €25,000, and (2) one quarter of the fixed overheads of the previous year, including the cost of servicing loans for three months when the CSP also facilitate the granting of loans.

Will there be any ability to passport?

An authorised CSP intending to provide crowdfunding services in another Member State must submit specified information to its "home state" regulator noting the services it wishes to provide and how it will do so. The "home state" regulator must provide this information to the "host state" regulators and to ESMA within 10 days, and inform the CSP that it has done so. Once the CSP gets this confirmation it may start to provide crowdfunding services in the target Member State.

What is ESMA's role?

ESMA will play a key role in setting standards, maintaining registers, and monitoring compliance with the Regulation. As is increasingly the case, the proposal requires ESMA to provide a number of technical standards detailing the requirements under various provisions of the Regulation, as well as maintaining the Register.

How will investors be protected?

Part 2 of our article will focus on the key provisions of the proposal around acceptance of investors on a platform, and the information they must receive.

How does Brexit affect this?

The Regulation will not come into force before the end of the transition period, so the UK will not be bound to implement it. However, the UK regulators will be following its process with interest, as in the context of ongoing discussions on the future EU-UK relationship on financial services it will be important to understand in which respects the EU regulatory framework differs from that of the UK.

This article is for general information only and reflects the position at the date of publication. It does not constitute legal advice.