Cracking

MiCA
The Must-Know for
Crypto-Asset Providers
 Table of Contents
Executive Summar 01
The Making of MiC 03
Scope of MiCA Regulation
MiCA Implementation Timelin
Scope of Activities: CASP
Territorial Scope of MiCA for CASPs: Key Point
Crypto Assets Covered under MiC 07
Overview of Crypto Asset Taxonom 08
Understanding ARTs and EMTs under MiC
Crypto-assets not covered under MiC
Brief Summary: Crypto Assets not covered under MiC
MiCA Regulation: What CASPs Need to Know
14
5 a. Key Regulatory and Prudential Requirements for CASPs

5 ai. MiCA Compliance: Essential Regulatory Requirements for CASP

Authorization and registratio
Unified Licensing Regime and Passportin
Specific obligations and minimum capital requirement
Cross-Border Operation
Ongoing Complianc
Segregation of Client Asset
Ensuring fair and transparent practices: conduct of business
rules of CASPs

5 aii. AML/CFT Requirements under MiCA

CD
Transaction monitorin
Internal control
Conclusion 25
Executive Summary

With the passing of the markets in Crypto Act by the European Union’s parliament in 2023, MiCA

will go into effect across all 27 countries of the EU. As a policy framework, MiCA is as innovative as

the cryptocurrency it regulates: It provides across-the-board standardization, which advances

the ease of doing business to levels not seen in any other regions of the world. Now, a trading

platform in Spain will face the same requirements as one in Germany. Each determining the

nightmarish process of following 27 different regulatory frameworks, or worse, triaging which

markets to prioritize. 

MiCA will go into effect beginning June 2023 with licensing for crypto exchanges and wallet

providers to follow from December 2023 to June 2024. Provisions for stablecoin issuers to hold

appropriate reserves will start from June 2024 to December 2025.

MiCA’s taxonomy of crypto-assets

The heart of MiCA is its robust taxonomy of crypto-assets, which allows the framework to clearly

demarcate what it does regulate and what it does not. It defines a crypto-asset as any digital

representation of value or rights that can be stored or transferred electronically using

distributed ledger or similar technology.

Within this overarching category, MiCA regulates three types of crypto-assets. The first are asset

referenced tokens, which maintain a stable value by referencing other values or rights, including

commodities, other crypto-assets, or official currencies, such as Paxos Standard (PAX). The

second are E-Money Tokens (EMTs), which maintain a stable value by referencing a single official

currency, such as the Euro, Pound, or Dollar, as how the USD Coin (USDC) or Tether (USDT) do. The

final category are other crypto-assets that do not fall into the previous two categories, but may

still be subject to disclosure obligations, consumer protection measures, and other requirements

under MiCA. Bitcoin, Ether and other investment or utility tokens would fall into this category.

MiCA is as detailed in what it does not cover. Central bank digital currencies like the Digital Euro;

financial instruments like securities; security, payment, and product-specific tokens; and non-

fungible tokens such as those issued on an NFT marketplace all fall outside the scope of MiCA.

Businesses operating with these assets are thus exempted from its requirements.



01
The creation of CASPs 

Under MiCA, a crypto-asset service provider (CASP) is any natural or legal person who offers one
or more crypto-asset services to third parties in a professional capacity. CASPs thus include
exchanges, custodians, token issuers, traders, wallet providers, and even providers of technical
arrangements (PTAs). 

CASPs that are founded or operating in the EU or European Economic Area (EEA) are subject to
MiCA. CASPs outside of the EU or EEA are also subject to MiCA if a European customer initiates the
use of their service, a process known as reverse solicitation. CASPs that fall within the jurisdiction
of MiCA will be overseen by the European Securities and Markets Authority (ESMA) and national
competent authorities in EU member states. Enforcement of MiCA by these authorities may
involve sanctions, fines, service bans, and even criminal prosecution. There are two exceptions to
MiCA applicability: CASPs that do not offer crypto-assets to people in the EU or EEA and business-
to-business transactions. 

In addition to meeting anti-money laundering (AML) and counter-financing of terrorism (CFT)

requirements, eligible CASPs must also comply with a host of other strict requirements. These
include obligations related to corporate governance, capitalization, segregation and
safeguarding of client assets, cybersecurity, record-keeping, auditing and reporting, and more.

CASPs also have high requirements for customer due diligence (CDD). CASPs must identify their
users, obtain essential personal and financial information, and verify their identity. High risk
customers, such as politically exposed persons (PEPs), are subject to enhanced due diligence
(EDD) that will involve gathering more information about their business activities and financial
history. Businesses must also have detailed record-keeping of their CDD and EDD processes, and
ensure they are executed for all customers and all transactions. Unlike other frameworks, there is
no minimum threshold to trigger this documentation. 


MiCA also notably introduces the concept of significance. CASPs who meet three out of seven
requirements, such as thresholds in transaction volume, market capitalization, or holders are
deemed significant. These CASPs will be subject to even greater prudential, governance, and
liquidity requirements than those not yet deemed significant.

02
The Making of MiCA

As is evident in the passing of the general data protection regulation (GDRP), the European Union
has been at the forefront of regulating the digital economy. In April 2023, the EU honed in further
on cryptocurrency with the EU Parliament’s approval of the Markets in Crypto Act (MiCA).

As one of the most comprehensive regulatory frameworks for digital assets to date in the
world, MiCA provides much-needed clarity and regulatory oversight into the space for
existing and would-be players. MiCA is one pillar in the EU’s Digital Finance Package,
coming after the Pilot Regime on Distributed Ledger Technology in June 2022 and the
Digital Operational Resilience Act in November 2022.

03
Scope of MiCA Regulations

With its passing in the European Union parliament, MiCA does not need further approval at the
national level of any individual EU countries. MiCA goes into effect automatically and uniformly
across all 27 countries of the European Union, which provides a consistent, region-wide approach
to regulating the industry across all these individual markets. An exchange in Germany must
follow the same requirements as a custodian in Italy, for example. These businesses are also
spared the hassle of complying with 27 different regulatory frameworks. 

MiCA applies to individuals and entities involved in the issuance, public offering, trading, or
provision of services related to crypto-assets within the European Union. Essentially, MiCA sets out
requirements for crypto-asset issuers and crypto-asset service providers (CASPs). 

Moreover, regulated entities must register with relevant national authorities, comply with

anti-money laundering (AML) and counter-financing of terrorism (CFT) requirements, and adhere
to policies and standards relating to transparency, disclosure, authorization, and supervision of
transactions.

MiCA Implementation Timeline

April 20, 2023: The European Parliament gives

green-light to MiCA.

June 9, 2023: MiCA Text Published in

EU Official Journal.

December 30, 2024: Certain provisions, especially

those governing CASPs will become effective.

June 30, 2024: Provisions for E-money

tokens and Asset-Referenced tokens
become applicable.

04
Scope of Activities: CASPs

MiCA sets out regulatory requirements for crypto-asset service providers (CASPs). MiCA defines a

CASP as a natural or legal person who offers one or more crypto-asset services to third parties in

a professional capacity. CASPs encompass a wide range of entities, including:

Exchanges

These platforms facilitate the trading of crypto-assets, allowing users to buy, sell, and exchange

different digital currencies.

Custodians

Custodians are responsible for securely storing and safeguarding crypto-assets on behalf of their

clients. They play a crucial role in ensuring the safekeeping of digital assets.

Traders

Traders engage in buying and selling crypto-assets on behalf of themselves or their clients. They

may operate as individuals or as part of trading firms or investment companies.

Wallet providers

Wallet providers offer digital wallets that enable users to store, manage, and access their crypto-

assets securely.

05
Territorial Scope of MiCA for CASPs: Key Points
Applicability
MiCA applies to all crypto-asset service providers (CASPs) established or physically
present in the EU or EE
CASPs include crypto exchanges, wallet providers, traders, and custodians

Reverse Solicitation
CASPs outside the EU or EEA are subject to MiCA if they offer services to EU or EEA
consumers through reverse solicitatio
Reverse solicitation refers to services initiated exclusively by the customer

Non-Applicability
MiCA does not apply to crypto-assets used by consumers outside the EU or EE
Professional purposes, such as trading between financial institutions, fall outside MiCA's
scope

Enforcement
MiCA is enforced by the European Securities and Markets Authority (ESMA) and national
authorities in EU member states

Sanctions
ESMA and national authorities can impose sanctions on CASPs for MiCA violation
Sanctions may include fines, service bans, and criminal prosecution

06
Crypto Assets Covered under MiCA

tokens tokens)

Electronic money Asset-referenced Other


tokens (EMTs) tokens (ARTs) Crypto-Assets
These represent a claim These refer to an asset or a This category covers a
that they can be redeemed basket of assets, such as broad range of crypto-
at par value on request by commodities or currencies. assets that do not fall into
the issuer. Because these Because their value is the ART or EMT groups and
tokens are redeemable for derived from the underlying are not considered
fiat currency, they are also assets they represent, they regulated instruments
subject to the Electronic are not meant to be a store under existing financial
Money Directive. 
of value on their own. regulations in the EU.

Examples: USD Coin Examples: Paxos
 Examples: Ether (ETH) and

(USDC) or Tether (USDT) Standard (PAX) and DGX Basic Attention Token
(BAT)

07
Overview of Crypto-Asset Taxonomy
MiCA defines a crypto-asset as any digital representation of value or rights that can be stored or
transferred electronically using distributed ledger or similar technology. MiCA clearly distinguishes
between crypto-assets it covers and those it does not. 


MiCA brings clarity to the crypto-asset landscape by introducing a comprehensive taxonomy that
classifies crypto-assets into distinct groups. This classification serves as the foundation for tailored
regulatory requirements, ensuring investor protection and market integrity.
Let's explore the three categories of crypto-assets defined under MiCA in more detail:

Asset Referenced Tokens (ARTs)

ARTs aim to maintain a stable value by referencing other values or rights, including
commodities, other crypto-assets, or official currencies
Examples: Stablecoins pegged to a specific fiat currency or a basket of assets
ART issuers must adhere to additional requirements, such as providing transparency on the
assets backing the token and maintaining stability mechanisms.

E-Money Tokens (EMTs)

EMTs are crypto-assets designed to maintain a stable value by referencing a single official
currency, such as the Euro, Pound, or Dollar
Examples: Stablecoins directly pegged to the value of a specific fiat currency
EMT issuers must comply with relevant e-money regulations, including licensing as an
authorized credit institution or electronic money institution.

Other Crypto-Assets

This category covers a broad range of crypto-assets that do not fall into the ART or EMT
groups and are not considered regulated instruments under existing financial regulations in
the EU
Examples: Cryptocurrencies like Bitcoin and Ether, as well as various investment and utility
tokens
These crypto-assets may be subject to general requirements under MiCA, such as disclosure
obligations and consumer protection measures.

08
Understanding ARTs and EMTs under the MiCA Regime

Stablecoins are classified as either ARTs or EMTs and there are clear requirements for each. This

regime applies to issuers of stablecoins, such as ARTs and EMTs.

ARTs EMTs

Before issuing ARTs, issuers must The issuer must be a legal person

obtain authorization from their established in the EU, hold funds

relevant national authority, equal to the value of the EMTs

maintain reserve funds in low-risk issued, and comply with AML/CFT

Issuer assets to ensure the token’s requirements.

stability, and publish a white

paper about the token. Issuers

must also disclose the risks and

workings of their token, undergo a

yearly audit by an independent

auditor, and protect their systems

through appropriate

cybersecurity measures.  

*ART issuers who also provide

custody or exchange services

must also adhere to the

requirements for CASPs.

The ART must give its holders the Currencies, issued at a price

ability to redeem the token at par equal to the par value of funds

value. held, and used only for payment

transactions, where it should be

Token redeemable at par value. The EMT

should not be subject to

significant fluctuations in value,

nor should it be used for

speculative purposes. The EMT

must be issued at the same price

that funds are held and can only

be used for payment transactions

where it can be redeemed at par

value.

09
Test of Significance

MiCA also introduces an important concept known as significance. Issuers that pass a test of
significance will be subject to greater prudential, governance, and liquidity requirements.



Under MiCA regulations, stricter provisions will apply to issuers of asset-referenced tokens
classified as significant

For ARTs, if a token is classified as "significant," the issuer will be subject to more stringent
provisions to protect consumers and market integrity

The criteria for determining the significance of ARTs includes providing core platform services
designated as gatekeepers under the Digital Market Act and international activity outside the
EU

Additionally, MiCA regulations will require issuers of EMTs to be authorized credit institutions or
electronic money institutions and comply with applicable sectoral legislation
MiCA regulations also set out rules for categorizing certain EMTs as "significant," subjecting
them to additional requirements and supervision.

10 million holders and a market

capitalization over €5 billion.

Daily trading volume above 2.5

million and daily transaction
volume above €500 million.
According to the Digital Markets
Act, the issuer has been
designated a gatekeeper.
Issuers are considered significant if
used for remittances, payments, or
interconnected with financial system.

The issuer offers other ARTs or

EMTs, or crypto-asset services.

10
Crypto Assets not covered under MiCA

Central Bank Financial Security

Digital Currencies instruments Tokens
(CBDCs)
Because these are issued by These fall under EU's MiFID II Because these are tokens
central banks, MiCA does Directive, even if the that represent traditional
not consider these
 financial instruments are financial instruments, they
crypto-assets.
represented in digital form. are already regulated under
EU securities regulations.

Payment Product-specific Non-fungible

tokens tokens tokens
Compared to utility tokens, Like payment tokens, these NFTs are not clearly defined
payment tokens can only be can only be used within a in terms of regulation under
used for remuneration given product, service, or MiCA. While NFTs issued as
exclusively within a given ecosystem. part of a large collection
product, service, or may be considered non-
ecosystem. fungible and subject to
MiCA, other NFTs would fall
outside its scope. The
definition of a large
collection is unclear and will
likely require case-by-case
rulings to determine.

11
Crypto-assets not covered under MiCA


Considerations for Crypto-Asset Taxonomy under MiCA

Utility tokens

Utility tokens serve as a means to access existing goods or services, providing value within

specific ecosystems. Recognizing their limited function, utility tokens are generally exempted from

the regulatory requirements outlined in MiCA. However, it is crucial to note that utility tokens

utilized for fundraising infrastructure development purposes fall within the scope of MiCA

regulations and are subject to the corresponding obligations. As such, issuers and participants

involved in these token offerings must ensure compliance with the applicable regulatory

framework to maintain transparency and adhere to investor protection measures.



Regulated Instruments

Transferable securities, structured deposits, e-money, and securitizations belong to the category

of regulated instruments, each with distinct characteristics and governing regulations.

MiCA does not encompass these instruments, and they remain subject to existing regulatory

frameworks and requirements.

Transferable securities
Structured deposits


Financial instruments
Financial products combining

representing an ownership
a traditional deposit with

interest in an entity, such

investment components,

as stocks or bonds, which

offering potential returns

can be freely bought, sold,

linked to specific underlying

or transferred.
assets or indices.

E-money
 Securitizations


Digitally stored Process of pooling and

monetary value, typically repackaging various types

in the form of prepaid of debt, such as mortgages

cards or electronic or loans, into tradable

wallets, used for making financial instruments called

electronic payments. asset-backed securities.

12
As such, the rules and obligations specific to each regulated instrument, such as
securities laws, e-money regulations, and securitization guidelines, continue to apply to
ensure market integrity and investor protection. It is essential for market participants to
be aware of and comply with the applicable regulations governing these regulated
instruments to maintain regulatory compliance and ensure a robust and well-
regulated financial ecosystem.

Central Bank Digital Currencies Non-Fungible Tokens


(CBDCs) (NFTs)

CBDCs represent digital forms of fiat NFTs are not specifically addressed
currency issued and regulated by or included. EU lawmakers have
central banks. These CBDCs, emphasized that merely assigning a
however, are not included within the unique identifier to a crypto-asset
scope of MiCA. The reason behind does not automatically classify it as
their exclusion lies in the fact that unique or non-fungible. However, it is
CBDCs are subject to their distinct worth noting that MiCA considers the
regulatory frameworks and issuance of crypto-assets as
guidelines. Central banks maintain fractional representations of an NFT
authority over the issuance, or NFTs within a larger series or
management, and oversight of collection as an indication of their
CBDCs, ensuring compliance with fungibility. In such cases, these
specific regulations tailored to tokens would be deemed as
central bank-issued digital regulated crypto-assets under MiCA.
currencies. By excluding CBDCs from It is important to keep in mind that
MiCA, the regulation acknowledges the treatment of NFTs may involve
the unique nature and regulatory considerations beyond the scope of
landscape surrounding these official MiCA, including existing or future
digital currencies, allowing central regulations pertaining to digital
banks to establish and enforce their assets, intellectual property, and
regulatory frameworks to govern consumer protection.
CBDCs effectively.

13
 MiCA Regulation: What CASPs Need to Know

The new MiCA Regulation has established a regulatory framework for Crypto-Asset Service
Providers and issuers. 

Essentially, CASPs refer to entities that provide services related to crypto-assets, including
custody, exchange, transfer, and trading of crypto-assets. Any CASP that falls into one of the
following possible categories has to comply with requirements relating to governance,
outsourcing, prudential provisions, information disclosure, complaint handling, asset safekeeping,
and even wind-down plans.

Exchange of

crypto-assets for

other crypto-assets

Custody and
administration of
crypto-assets Reception and
transmission of orders
for crypto-assets

Operation of a
crypto-asset
Financial advice
trading platform
or portfolio
management on
behalf of a client

Exchange of
crypto-assets for
fiat currency

14
Providers of technical arrangements (PTAs)

PTAs are a subset of CASPs that provide only technical arrangements for the operation of a
crypto-asset system. Their expertise lies in creating and maintaining the technical infrastructure
that enables seamless and secure transactions within the crypto asset market.

For instance, wallet providers offer secure digital wallets that allow users to store, manage, and
transact with their crypto-assets. They develop user-friendly interfaces and implement robust
security measures to protect private keys and ensure the safe custody of the assets. Wallet
providers may generate revenue through wallet management fees, transaction fees, or premium
features. Similarly, blockchain infrastructure developers focus on building the underlying
technology and infrastructure that powers the crypto asset ecosystem. They contribute to the
development of decentralized networks, smart contract platforms, or blockchain protocols.

Additionally, MiCA has set minimum requirements for CASPs to ensure their proper governance
and safekeeping of assets. These requirements are designed to ensure that CASPs provide their
services in a safe and sound manner and protect the interests of their clients. By adhering to
these requirements, CASPs can operate in a regulated environment that promotes market
integrity, investor protection, and financial stability.

15
Key Regulatory and Prudential Requirements for CASPs under MiCA

Audit and Reporting Requirements: CASPs must undergo regular audits by independent auditors
to ensure compliance with MiCA requirements. They must also submit annual reports to the
competent authority

Authorization: All CASPs must obtain authorization from the competent authority of the
Member State where they are established or provide services.

Organizational Requirements: CASPs must have effective corporate governance

arrangements, including internal control mechanisms, compliance policies, and sound
administrative and accounting procedures.

Capital Requirements: CASPs must maintain a minimum level of capital at all times. The
capital requirement varies depending on the type of service provided.

Segregation of Client Assets: Custody service providers must segregate clients' assets from
their own assets and maintain adequate records.

Conduct of Business Rules: CASPs must conduct business in a fair, transparent, and non-
discriminatory manner. They must also ensure that their clients are adequately informed
about the risks and costs associated with crypto-assets.

Safeguarding of Client Funds: CASPs must safeguard client funds and hold them in separate
accounts.

Cybersecurity Requirements: CASPs must establish and implement robust and effective
cybersecurity measures to protect their systems and data from unauthorized access or attack.

Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF): CASPs must have
effective AML and CTF policies and procedures in place, including customer due diligence,
ongoing monitoring, and suspicious transaction reporting.

Record-Keeping Requirements: CASPs must keep accurate and up-to-date records of their
transactions and clients for a minimum of five years.

16
MiCA Compliance: Essential Regulatory Requirements for CASPs

Authorization and Registration

CASPs must obtain authorization from the competent authority in their jurisdiction to provide
crypto-asset services. They need to demonstrate compliance with the regulatory framework,
including the necessary capital requirements, internal control measures, and risk management
systems. CASPs may also be required to register with relevant authorities or regulatory bodies
Jurisdictional Scope

MiCA's regulatory reach encompasses CASPs offering crypto-asset services within the EU.
For entities located outside the EU targeting EU clients, full authorization becomes a vital
requirement. To obtain authorization as a CASP, companies must establish a registered
office and conduct operations within an EU member state, maintain an effective place of
management within the EU, and appoint at least one EU resident director
Organizational requirements

To become authorized as a CASP under MiCA, companies must meet strict organizational
requirements. This includes being a registered legal entity in at least one EU member state,
demonstrating sufficient capital, implementing strong governance arrangements, and
establishing internal control systems that prioritize client interests. Fulfilling these
requirements ensures compliance with MiCA regulations and enhances trustworthiness in
the crypto-asset market.

Establish a legal Prepare and submit

entity within the EU a comprehensive
application

Undergo regulatory
Demonstrate sufficient evaluation and
capital resources compliance
assessment
Authorization
Process
Implement effective
governance Await the
arrangements authorization decision

Establish Maintain ongoing

comprehensive internal compliance with MiCA's
control systems requirements

17
 Unified Licensing Regime and Passporting

MiCA introduces a unified licensing regime for CASPs, enabling seamless passporting of services
across multiple EU jurisdictions. Authorized CASPs can operate and offer their services throughout
the EU under a single license. This harmonized approach simplifies regulatory compliance and
streamlines market expansion for CASPs within the EU, promoting efficiency and consistency.

One significant advantage of MiCA's authorization is the provision of passporting rights. CASP
licenses are recognized throughout the EU, allowing them to deliver their services across EU
member states without the need for additional local licenses. This passporting mechanism
facilitates efficient cross-border operations, promotes market consistency, and ensures a level
playing field within the EU, creating new opportunities for CASPs to thrive in a dynamic business
environment.



Specific Obligations and Minimum Capital Requirement

MiCA outlines distinct obligations tailored to different types of crypto-asset services,

accompanied by general requirements applicable to all CASPs. CASPs must be aware
of these specific obligations and pay attention to the requirement of maintaining
permanent minimum capital, which varies depending on the type of servic
Trading platforms: €150,00
Custodians and exchanges: €125,00
Other CASPs: €50,000

18
 Cross-Border Operations

MiCA offers a unique advantage through passporting rights, allowing authorized CASPs to provide
services across multiple EU member states under a single license. This streamlined approach
facilitates market expansion and ensures consistency in regulatory standards across the EU

Ongoing Compliance and Reporting

Authorized CASPs must maintain ongoing compliance with MiCA's requirements. This includes
regular reporting to the regulatory authority, maintaining appropriate capital levels, conducting
transaction monitoring, and adhering to anti-money laundering and counter-terrorism financing
measures. Failure to comply with MiCA's obligations may result in sanctions and reputational
damage

Segregation of Client Assets

MiCA imposes a crucial requirement on crypto CASPs to segregate client assets from their own
assets. This serves to enhance the protection and security of client funds

Conduct of Business Rules for CASPs

CASPs are required to adhere to the conduct of business rules to ensure fair and transparent
practices and provide clients with essential information.

Segregation of Client Assets: Ensuring Protection and Transparency

Clear Segregation
Separate Accounts

Maintain a clear Establish dedicated

separation between accounts for client
client assets and CASP's assets separate from
own assets. operational accounts.

Robust Accounting

Comprehensive Independent Audit

Safeguarding
accounting practices to Undergo periodic Measures

track client assets — independent audits to Implement security

detailed records of client verify segregation measures to protect
balances, transactions, practices. client assets.
and fund movements.

19
Ensuring Fair and Transparent

Practices: Conduct of Business

Conduct Rules for CASPs

01 Fair and Transparent

Practices

CASPs must conduct business
operations with fairness,
transparency, and without
discrimination.
Client Information
 02
CASPs must provide clear
information about the risks
and costs associated with
crypto-assets to clients.

03 Adequate Disclosure


CASPs should offer

comprehensive and timely
information to help clients
make informed investment
decisions.
Risk Warnings
 04
CASPs must provide
appropriate risk warnings
regarding the inherent
volatility of crypto-assets.

05 Communication Channels

CASPs should establish
efficient communication
channels to address client
inquiries and concerns

Client Consent
 06 promptly.

CASPs must obtain explicit

client consent before
conducting transactions or
providing crypto-asset
services.
07 Conflict of Interest

CASPs should identify, manage,
and disclose any potential
conflicts of interest in their
operations.

Compliance Monitoring
 08
CASPs must regularly monitor
and review their compliance
with conduct of business
rules.
20
AML/CFT Requirements for CASPs under MiCA Article

07 08 09

Risk-based Customer due Enhanced due

approach diligence diligence

20 08 21

Suspicious Ongoing Co-operation

Transaction monitoring & Information

Reporting Sharing

Under MiCA, CASPs are required to comply with several AML/CFT requirements. The first key point

is that CASPs must apply a risk-based approach to identify, assess, and mitigate money

laundering and terrorist financing risks. Second, CASPs must conduct CDD on their customers,

including verifying their identity, assessing their risk level, and monitoring their transactions. In

addition, CASPs must maintain records of customer identification data and transaction records. 


Third, CASPs must apply EDD measures for higher-risk customers, such as Politically Exposed

Persons (PEPs) and high-risk third countries. Fourth, CASPs must have systems and procedures in

place to detect and report suspicious transactions to competent authorities, as well as

maintaining records of STRs for at least five years. Fifth, CASPs must continuously monitor their

customers' transactions for suspicious activities and take appropriate measures if any are

detected. Lastly, CASPs must cooperate with competent authorities and share information when

required by law and have procedures in place to ensure the confidentiality and protection of

shared information.

21
Customer Due Diligence (CDD)

CDD lies at the heart of MiCA. CASPs are obligated to conduct CDD on their customers as part of
their relentless pursuit to combat money laundering and terrorist financing. Irrespective of
transaction value, CASPs must rigorously adhere to the following key requirements under MiCA.

Key CDD Requirements for CASPs under MiCA

Identification and Verification

CASPs must identify their customers and verify their identit

This includes obtaining essential details such as name, address, date of birth, and nationalit
Additional information, such as occupation and source of funds, may also be required

Enhanced Due Diligence (EDD) for High-Risk Customers

CASPs must conduct EDD on high-risk customers, such as politically exposed persons (PEPs)
or individuals from high-risk countrie
EDD involves gathering comprehensive information about the customer's business activities
and financial history

Record-Keeping

CASPs must maintain detailed records of their CDD and EDD procedure
This includes documentation of the information collected from customers and the steps taken
to verify their identities

Applicability to All Customers

These requirements apply to all customers, irrespective of the value of the transactio
CASPs must conduct CDD for every customer, ensuring no exceptions or compromises

In addition to these requirements, CASPs may also be required to conduct ongoing monitoring of
their customers, continually assessing transactions for suspicious activity. Any suspicious activity
must be promptly reported to the relevant authorities, including the Financial Intelligence Unit (FIU).

22
Transaction Monitoring

MiCA mandates that CASPs implement effective transaction monitoring systems to detect and
report suspicious transactions. Transaction monitoring under MiCA involves the ongoing,
systematic, and risk-based scrutiny of transactions carried out by VASPs. It aims to identify and
report suspicious transactions that may be linked to money laundering or terrorist financing. By
implementing rigorous monitoring systems, VASPs enhance their ability to detect patterns,
anomalies, and red flags, safeguarding the crypto-asset ecosystem from illicit actors.

MiCA emphasizes a risk-based approach to transaction monitoring, recognizing that the level of
scrutiny should align with the inherent risks involved. VASPs must assess the type of crypto-asset
service provided, customer profiles, and the risk of AML/CFT. This approach enables tailored
monitoring strategies, ensuring resources are efficiently allocated and potential risks are
effectively mitigated.

Enhancing Transaction Monitoring: Best Practices and Illustrative

Examples

Implementation of Transaction Monitoring System

VASPs must establish transaction monitoring systems capable of identifying and

reporting suspicious transactions
These systems should be designed to detect various indicators, including
transactions involving large sums of money,
high-risk countries or regions
high-risk individuals or entities, and
unusual patterns of activity.

Reporting Suspicious Transaction

VASPs are obligated to report any identified suspicious transactions to the relevant
authorities including FIUs
The reported transactions will be subject to investigation by the authorities, who will
take appropriate action as necessary.

Cooperation with Competent Authoritie

VASPs must cooperate fully with the competent authorities, providing any additional
information or assistance as required during the investigation of reported suspicious
transactions.

23
Internal Controls

Under MiCA, robust internal control measures play a critical role in maintaining trust and integrity

within the industry. These internal controls encompass the systems and procedures to ensure

accurate and comprehensive record-keeping, reliable financial reporting, and the prevention and

detection of fraudulent activities and other irregularities.

Crypto businesses must establish rigorous internal control systems that go beyond mere

compliance. These systems act as the backbone of their operations, safeguarding against

potential risks and reinforcing transparency in financial practices.

MiCA requires VASPs to have an effective internal control system in

place. This system must be designed to

Identify and assess risks to the VASP's operation

Implement appropriate controls to mitigate those risk

Monitor the effectiveness of those control

Report on the effectiveness of the internal control system to the VASP's management and

board of directors.

VASPs must have a written code of

conduct that sets out the standards of

behavior expected of their employees.

VASPs must have a system in place for

identifying and assessing risks to the

their operations.

Key

VASPs must implement appropriate

Requirements
controls to mitigate those risks.

for VASPs

VASPs must monitor the effectiveness of

those controls.

VASPs must report on the effectiveness of

the internal control system to the their

management and board of directors.

24
Conclusion

With MiCA going into effect in June 2023, the vast majority of CASPs will be hyper-focused on the

nuts-and-bolts of the framework. There are so many new prudential, governance, and liquidity

requirements after all. Complying with them will demand a company-wide effort - and in some

cases a complete transformation - to adhere to the specific needs in everything from

capitalization to corporate governance to cybersecurity. 

Given the Herculean effort needed to follow MiCA, some CASPs will view the framework as an

operational burden. It’s another regulatory hurdle that stands in the way of innovation, of

servicing customers. But this view is short-sighted. While MiCA is indeed exhaustive in its

requirements, the benefits are significant for CASPs that comply.

The most basic advantage is the ease of doing business. By following MiCA, which affords CASPs

passporting rights, organizations only need to adhere to one framework to effectively launch in all

27 countries of the EU. This benefit is an enormous advantage for any CASP located in the EU or

the EEA. With a population of 447 million people, this region will give CASPs an enormous potential

customer base - CASPs can scale quicker given the region’s size. 

This advantage is comparable to the crop of Chinese startups that became unicorns in the 2010s,

owing largely to the immense domestic market that they could readily service. CASPs can

similarly grow quickly from European customers and expand to other parts of the world. Compare

this business environment with CASPs in other regions of the world, who must contend with wildly

different legislation. For these non-European CASPs to expand, they must slowly launch from

country to country - if their home nation’s market is even sizable enough to propel them to

regional expansion.

In short, CASPs should view MiCA as an unprecedented opportunity: they can grow their business

faster than in any other part of the world. The strict requirements of MiCA will also help make

customers more receptive to their innovations. Since MiCA provides tight consumer protections,

Europeans will be more willing to support their products and services. Greater consumer trust will

inspire even more CASPs to set up shop in Europe, and eventually the region may lead the world

as a major hub in the industry due to this virtuous cycle. 

Indeed, Europe was once said to be the cradle of western civilization. With MiCA in place, it may

very well be the cradle of cryptocurrency: great innovations in the space will continue to be born

on this hallowed ground.




25
About Merkle Science

Merkle Science provides predictive blockchain risk intelligence and monitoring services that
empower compliance teams to prevent illicit cryptocurrency activities and exceed regulatory
requirements with confidence. We’ve raised over $27M in funding from top-tier investors and are
the leading innovator in blockchain analytics. Our solutions power over 100+ crypto companies, law
enforcement agencies, and financial institutions.

Contact us
contact@merklescience.com www.merklescience.com

Follow Us merklescience @MerkleScience merklescience Merkle Science