EU Crypto-Assets Regulation (MiCA): What Businesses Need to Know

This summer’s introduction of the Markets in Crypto-Assets (MiCA) is a significant step toward the harmonization of cryptocurrency regulation at the EU level. The new rules will help businesses better protect their assets — as well as those of customers and investors.

In July 2023 the European Supervisory Authorities published the first of three consultation packages on the June 2023 MiCA regulation. The regulation builds on a previously fragmented approach to crypto-asset requirements, which relied on national legislation and the extension of existing EU regulations, such as MiFID II, to capture cryptocurrency.

The consultation will be run by the two authorities supervising MiCA compliance at the EU-level: the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA). The authorities will seek feedback from the public on technical standards and measures – such as the monitoring, detection and notification of market abuse, record keeping, sustainability indicators and governance – before they’re implemented in 2024.

MiCA – What Is It and What’s in Scope?

Part of the wider EU Digital Finance Package, MiCA brings crypto-assets, their issuers and service providers under one regulation. The regulation seeks to improve market integrity, consumer protection and financial stability – as well as promoting innovation and the use of crypto-assets. One welcome change to consumers is that crypto-asset service providers (CASPs) will have to protect users’ wallets and investors from investment and fraud risks. Market abuse, including market manipulation and insider dealing, will also be tightly regulated.

Stablecoin issuers and businesses that offer crypto-currency exchange, custody and advisory services — such as portfolio management advice — are all captured under MiCA. The new rules classify the following three types of crypto-assets:

• E-money tokens (EMTs)
• Asset-referenced tokens (ARTs)
• Utility tokens

The EBA will be supervising issuers of “significant” EMTs and ARTs, while ESMA will supervise “significant” CASPs (those with at least 15 million active users) [source: MiCA, Chapter 5, Article 85]. National-level authorities will supervise non-significant crypto-currency issuers and service providers.

MiCA also presents opportunities for businesses; those successful in obtaining authorization from one EU country will be able to conduct business, or “passport” across the entire EU. This not only promotes business growth but creates a gold standard for crypto-asset businesses in the EU and across the world.

MiCA and Anti-Money Laundering (AML)

The introduction of MiCA contributes to the fight against money laundering, as compliance with the EU 4^th Money Laundering Directive (4MLD) is one of the authorization requirements. Crypto-asset providers that are in scope of MiCA will have to demonstrate how they meet the 4MLD rules (MiCA Section 16).

For example, crypto-asset service providers will have to conduct Know Your Customer (KYC) checks on all their clients and conduct demonstrable extra due diligence on customers from EU High Risk Third Countries, as these have been identified as having deficient AML/CFT regimes (MiCA Section 77).

MiCA also goes hand in hand with the EU “Travel Rule” which now extends to crypto-assets. The regulation requires payment originator and beneficiary information to be provided and stored, ensuring the traceability of crypto assets and enabling suspicious activity is detected, investigated and reported. Crypto-asset service providers will also have to demonstrate how they apply a risk-based approach to the monitoring of customers throughout their lifecycle, among other anti-money laundering measures under 4MLD.

Preparing for MiCA’s Impact on Businesses

The main impact that MiCA will have on business relates to the authorization requirements for CASPs. In order to obtain authorized status, CASPs will be required to have a physical presence and effective management within the EU; satisfy general obligations toward prudential safeguarding, governance, compliance and AML; and meet specific obligations towards commercial policies and the firm price of assets. Beyond these, there will be minimum capital requirements, and, for CASPS providing advice and portfolio management, requirements around quarterly reporting and marketing communications.

The best way to be MiCA-ready is to start preparing now.

While MiCA will enter into force in 2024, there is a lengthy implementation process that can take four to five months, and certain EU countries have already started holding consultations with companies on how to obtain authorization. It will be important for new and existing market participants alike to have a detailed understanding of the MiCA requirements, as well as existing market regulations, including the EU’s Money Laundering Directives, in order to successfully obtain authorization.

As CASPs face increased regulatory scrutiny, firms would need to heighten scrutiny to prevent compliance breaches, respond to risk, remediate major issues, monitor ongoing business activities, and expand digital asset product offerings safely.

Learn how we can help CASPs align their AML compliance programs with internationally recognized financial services industry standards and European regulatory expectations.