The reverse solicitation rule has become increasingly important in the cross-border financial services sector since Brexit. In short, it enables the cross-border provision of financial services or the granting of loans without the necessary authorisation in the recipient country if the service is requested at the customer’s exclusive initiative.

For a long time, there was no generally applicable regulation on reverse solicitation. Anyone in an EU Member State who decided to obtain, for example, a loan from a US entity or a financial service from the United Kingdom could not be denied on the grounds that the respective US entity didn’t have an EU license to lend business or the UK entity didn’t have an EU license to provide financial services. The customer could decide whose services they wish to obtain and from where. But where are the limits for protecting the domestic financial market and ensuring compliance with strict EU financial market regulations?

The reverse solicitation rule applies under the Markets in Financial Instruments Directive II (MiFID II) and Markets in Crypto-Assets Regulation (MiCAR) in the European Union. Accordingly, in their scope of application, the rule is now clearly defined, especially under MiCAR with regards to cryptocurrency services, which, due to their purely digital nature, are easily and frequently purchased or distributed across borders in practice.

Reverse solicitation is subject to increasingly restrictive limits by the EU

Since Brexit, the use of the reverse solicitation rule has been subject to increased supervision by the EU and national competent authorities because of concerns that third-country firms may be using this rule to circumvent regulatory requirements in the EU and, consequently, might be providing investment or other financial services to EU clients without the necessary authorisation.

Regulators have been closely examining whether firms are genuinely complying with the requirements for reverse solicitation or are merely using it as a loophole. For example, some firms appeared to attempt to circumvent MiFID II requirements by including general clauses in their terms of business or through the use of online pop-up “I agree” boxes whereby clients state that any transaction is executed on the client’s exclusive initiative, which has been criticized explicitly by the European Securities and Markets Authority (ESMA).

According to Article 42 of MiFID II, the reverse solicitation rule applies when a retail or professional client within the EU initiates at their “own exclusive initiative” the provision of an investment service or activity by a third-country firm.

In 2021, ESMA issued a public statement reminding firms of MiFID II’s rules on reverse solicitation. According to ESMA, where a third-country firm (a firm not established or situated in the EU) solicits clients or promotes investment services in the EU, it should not be considered as a service provided at the client’s “own exclusive initiative”.

Any means of communication, such as press releases, internet advertising, brochures, telephone calls or face-to-face meetings, should be provided for assessment. ESMA’s opinion clearly demonstrates that application of the reverse solicitation rule is to be restricted. Standard contractual clauses in practice, which confirm in general terms that the contract was concluded at the sole request of the recipient of the service, should not be sufficient for assuming that the provision of the corresponding service in the EU is exempt from authorisation requirements.

Additionally, in this restrictive sense, Germany’s Federal Financial Supervisory Authority consistently states that anyone who deliberately focuses on the German market for regulated activity must possess the necessary license or permission unless there is a valid exemption (like reverse solicitation). If no such exemption applies, it could be considered as conducting unauthorized business.

Article 61 of MiCAR takes it one step further, providing stricter boundaries: any inducement – even a minor one – by the service provider, directly or indirectly, shall lead to exclusion of the exception. MiCAR expressly says that a clause stating that the contract was concluded at the exclusive instigation of the customer doesn’t lead to exemption from authorization under this standard.

At the same time, MiCAR also clarifies what the requirements for the exception are: the customer must be a resident or established in the EU while the crypto-asset services provider must be established in a third country and provide a crypto-asset service or carry out an activity in connection with crypto assets. However, once a provider from a third country has provided a service to a customer in the EU based on the reverse solicitation exception (the contractual relationship has been established on this basis) the subsequent offer of additional services to this customer is still not allowed without having the necessary EU authorisation. This significantly restricts the contractual relationship and is a clear limitation of the reverse solicitation rule, which has been in a gray area before.

Additionally, according to MiCAR, any marketing by a third party that has a connection to the third-country service provider means that the service is deemed to have not been provided at the sole instigation of the customer.

MiCAR takes into consideration how contracts for crypto services are usually concluded online via various marketing tools that are not only offered by the crypto services provider itself. However, MiCAR now states that reverse solicitation does not apply in any case in which the crypto-asset service provider from a third country has only indirectly launched its products within the EU and should not be able to invoke the fact that it did not carry out such marketing itself. Any promotion, advertising or marketing should be treated independently of the entity through which it has been carried out. This almost makes it impossible for the servicer to have control.

When is the advertising aimed at which market? How can the service provider protect itself against its services being offered online by a third party in a market for which it has no authorisation? From a regulatory point of view, the service provider must be able to rule this out before providing services to an EU customer based on the reverse solicitation rule.

Is the strict MiCAR regime the new benchmark?

Essentially every regulation only applies to the object of regulation. For MiFID II, these are securities and other financial instruments. For MiCAR, these are crypto services. In the area of lending, for example, there is no comparable regulation to date. Nevertheless, between MiCAR and ESMA’s 2021 statement, the EU has introduced an extremely clear interpretation of the reverse solicitation rule, which will likely no longer be ignored in national supervisory practices in other regulated areas.

Companies that rely on the reverse solicitation rule should evaluate their current practice in terms of supervisory law and, if necessary, make improvements to ensure that the main features of the current understanding of the EU supervision are adhered to. The legal consequences are clear: if an EU (national) financial authority assumes that the reverse solicitation rule was not actually applicable to the provision of a financial service or banking transaction, the penalties are immense, both in the form of fines and criminal offenses.