Managing MiCA
With the full MiCA application deadline just over two months away, find out how EU financial firms can meet their obligations in time
In June 2023, the Markets in Crypto-Assets regulation (MiCA) entered into force in the EU, becoming the first comprehensive regulatory regime, globally, that is tailored specifically to cryptoassets trading.
MiCA aims to provide regulatory certainty and stronger protections for consumers and service providers in the crypto market without stifling innovation in the sector. MiCA covers cryptoassets that are not currently regulated by existing financial services legislation.
The legislation creates key provisions for cryptoasset service providers (CASPs) and the trading and issuance of stablecoins (including asset-reference tokens (ARTs)) and e-money tokens (EMTs), — covering transparency, disclosure, authorisation and the supervision of transactions.
CASPs include crypto exchanges, crypto trading platforms and crypto custody/advisory firms. Ultimately, the MiCA framework will support market integrity and financial stability by regulating the provision of cryptoassets and by ensuring consumers are better informed about their associated risks.
MiCA defines an ART as a cryptoasset that seeks to maintain a stable value by referencing several currencies that are legal tender, one or several commodities, one or several cryptoassets, or a basket of such assets. An EMT is defined under MiCA as a cryptoasset that is intended primarily as a means of payment, which aims to stabilise its value by referencing or being on a one-for-one basis against the fiat currency that they represent. EMTs function similarly to electronic money.
In addition, MiCA seeks to establish mechanisms that ensure stablecoins remain pegged to the asset that they track, provide enhanced transparency and prevent market players from creating excessive risk, while also ensuring that the assets under custody are protected.
MiCA is being rolled out in a staged approach, with some provisions having been in application since June 2024. In particular, the issuers of ARTs and EMTs have been subject to the regulations from this point in time. From 30 December, 2024, the remaining provisions of MiCA will come into effect, applying to traders and issuers of cryptoassets other than ARTs and EMTs (namely utility tokens) and to CASPs.
Under the terms of MiCA, only authorised credit institutions, electronic money institutions and platforms can issue EMTs and ARTs. Issuers must submit detailed white papers to supervisory authorities, outlining governance structures, asset reserves, risks and redemption rights.
Specifically, the MiCA framework covers the following services:
Financial firms providing custody and administration of cryptoassets on behalf of clients.
Financial firms operating a cryptoasset trading platform for cryptoassets.
Financial firms exchanging cryptoassets for funds;
Financial firms exchanging cryptoassets for other cryptoassets;
Financial firms executing cryptoasset orders on behalf of clients;
The placing of cryptoassets;
Receiving and transmitting orders for cryptoassets on behalf of clients;
Financial firms providing advice on cryptoassets;
Financial firms providing portfolio management on cryptoassets;
Financial firms providing transfer services for cryptoassets on behalf of clients.
As such, it is important for EU-based financial institutions to understand their regulatory obligations to the MiCA framework.
In order to offer cryptoasset services in the EU, an entity should meet the following criteria:
An authorised CASP as a legal entity or undertaking. You can see the entire authorisation application process for CASPs here.
An authorised financial institution such as a bank or credit institution, central securities depository, investment firm, market operator, electronic money institution, UCITS management company, or an alternative investment fund manager.
As such, some types of financial institution, such as banks, do not need authorisation to provide crypto-related services outlined above. Nevertheless, there are some requirements that authorised financial institutions must meet in order to provide crypto services. These include:
Notification to competent authority: All entities intending to provide cryptoasset services, regardless of their type, must notify the competent authority in their native Member State at least 40 working days before offering these services for the first time. This notification is a crucial step in ensuring regulatory oversight and compliance with relevant laws.
Comprehensive operational, risk, and security information: CASPs are required to submit information related to their operational, risk management, and security protocols. This information should include various aspects, such as internal control mechanisms, policies, and procedures to comply with anti-money laundering and counter-terrorist financing laws. In addition, providers must outline their risk assessment framework for managing money laundering and terrorist financing risks. The submission should also include details of the business continuity plan, technical documentation of ICT (Information and Communication Technology) systems, and security arrangements. They also have specific obligations they need to comply with depending on the service provided.
Assessment by Competent Authority within 20 working days: Upon receiving the notification, the competent authority has a responsibility to assess whether all the necessary information has been provided within 20 working days. If the authority finds that the notification is incomplete, it will inform the entity and set a deadline for providing the missing information. This process ensures that the competent authority has a clear understanding of the crypto-asset service provider's operations and safeguards the interests of investors and the integrity of the financial system.
With the MiCA enforcement deadline a little over two months away, it is vital for in-scope firms to become familiar with the rules and ensure they meet compliance requirements.