Complying with MiCA: What European businesses should know about cryptocurrencies

Europe accounts for around 25% of the crypto market, so it was only a matter of time before a regulatory project to regulate different types of cryptoassets emerged. The result is MiCA, a set of mandatory requirements for service providers. Both issuers and recipients of cryptoassets will need to prove their identity and their compliance with AML and anti-terrorist financing protocols. 

G

iven the territories that have developed projects mirroring those of the Old Continent, Europe’s influence on the rest of the world in terms of privacy laws and the control of personal data is undeniable. The most relevant case would be the GDPR (General Data Protection Regulation), which has found counterparts globally since its implementation in 2018. Japan, the United States and Singapore have replicated the European experience adapting it to their contexts. Now the spotlight is on MiCA. 

An ambitious plan  

The Markets in Crypto Assets (MiCA) regulation is intended, according to its promoters, to set standards that keep the crypto market away from fraud and illegal activities, which means establishing secure onboarding, for which cryptoasset service providers (CASPs) are fully responsible. It is also intended to serve as a vehicle to mitigate environmental impact (a large amount of electricity and energy is used to produce cryptoassets, always from the point of view of these legislators) and, ultimately, to attract investors and encourage innovation. So far, each state has tried to “contain” crypto activity by dictating its own rules. As in other legislative situations, MiCA attempts to unify different isolated decisions and integrate them into a single framework. At its core, it introduces a requirement to implement document verification and digital identity authentication processes, so that providers can rely, for example, on proven video identification solutions. The broad scope of the text has implications for all aspects of the crypto market. 

The first phase of the regulation, after 3 years of intensive work by the European Commission, was launched in June 2023. The regulation will be fully operational in July 2026, allowing a transition period for all providers to adapt. Spain, however, intends to implement MiCA six months earlier, in December 2025, as announced by the Ministry of Economy and Digital Transition in late October. This maneuver could be an opportunity for companies to choose Spain to operate under this regulation.

Firms that want to comply with MiCA to manage or invest in cryptoassets must have a thorough understanding of its structure, its requirements in the fields of digital onboarding, KYC (Know Your Customer) and AML (Anti-Money Laundering), as well as its risks.

Request advice from one of our KYC and AML experts and learn how MiCA affects your business.

What is MiCA’s scope?  

MiCA defines cryptoassets as “digital representations of value or rights that can be transferred and stored electronically using decentralized recording technology or similar”. Any activity related to cryptoassets, including custody and exchange services, are subject to MiCA, although the scope does not extend to all assets. Those that are already covered by existing legislation will not fall within its reach.    

The three broad categories covered by this regulation are:  

• Utility token. This cryptoasset is created for the purpose of providing digital access to goods or services within a specific platform or ecosystem. Unlike other cryptoassets, which may have primarily storage of value or medium of exchange functions, utility tokens are designed to have a practical use within a particular system. For example, they can be a form of payment within a crowdfunding portal. By supporting a new project with this method, the user makes a profit. On an online gaming platform, the utility token could be used to unlock additional levels, buy virtual items or participate in special events. Here we would be talking about a “non-stable” currency.  
• Asset referenced tokens (ART). This type of asset maintains its value, they are “stable”, because they are linked to an external asset, such as a legal tender, a commodity, such as gold, or another cryptoasset.  
• e-money tokens (EMTs). Linked to a fiat currency and therefore also stable. and used as electronic money to carry out transactions. 

Some sectors related to the cryptocurrency market have expressed doubts about the proportion of the suggested measures, as they imply strict controls for the onboarding of investors and the recording of their transactions. For some, MiCA’s approaches distort the spirit of cryptoassets. The consistency of the regulatory framework is also questioned, precisely because it does not involve all forms of cryptoassets. There are three types that are outside its regulatory scope. These would be:  

• Peer to Peer (P2P) cryptocurrencies. Typical decentralized peer-to-peer cryptocurrencies, such as Bitcoin, Ethereum and many others, allow users to transact directly with each other without the need for financial intermediaries or centralized institutions. These P2P transactions, which are the cornerstone of the decentralized spirit of cryptocurrencies, are outside the scope of MiCA regulation due to their global nature and the difficulty of regulating them from a single jurisdiction.   
• Central Banks Digital Coins (CBDCs). Digital coins issued by central banks are another category of cryptoassets that are not covered by MiCA. These digital coins are issued and backed by the monetary authorities of each country and seek to offer a digital alternative to traditional fiat currencies. Since central banks and monetary authorities are involved in their issuance and control, these cryptocurrencies fall under country-specific regulation and are therefore not within the scope of MiCA.  
• Non Fungible Tokens (NFTs). NFTs are cryptoassets that represent ownership or authenticity of a unique or digital item, such as digital artwork, collectibles, music and more. Unlike conventional cryptocurrencies, NFTs are unique and indivisible, meaning that each token has a unique value and characteristics that cannot be directly exchanged for other tokens. NFTs are not included in MiCA regulation due to their uniqueness and specialized nature. 

Obligations of CASPs  

Cryptoasset service providers or CASPs are defined as “any person whose occupation or business is to professionally provide one or more cryptoasset services to third parties”. With the activation of MiCA, they incur certain obligations.   

The first is that they have to register and obtain authorization in order to operate in the European Union. MiCA does not require a license per country, so the mechanism is based on a banking “passport” system. Thus, if you are licensed in one state, you are licensed throughout the European Union. This makes the provision of cryptoasset services much easier and less costly. 

In addition, they must adhere to a number of rules for the development of their marketing and advertising campaigns. Mainly, they must not target minors and must not launch confusing or misleading advertising. Practices that aim to artificially alter market trends or disseminate information that leads users to receive “false impressions” are also prohibited. We will discuss this red flag further down.  

Finally, they are obliged to protect investors with several actions. These include publishing a Key Information Document (KID) prior to launching the crypto project, alluding to the associated risks, and maintaining asset reserves to deal with potential problems. 

To make the draft legislation more robust, the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) have been mandated to provide additional detail to some aspects of MiCA that are only broadly regulated. These include complaints handling procedures and the identification, prevention, management and disclosure of conflicts of interest by CASPs.   

Both bodies plan to publish drafts of their proposals at different stages between now and 2024 and submit them for comments from any interested party. 

Contact a TrustCloud specialist now and learn about the obligations of cryptoasset providers.

Unavoidable Risks 

The crypto movement shook the foundations of central banks and the financial system as a whole. The decentralized, innovative and unique nature of the cryptoasset ecosystem inevitably clashes with any rigid attempts at regulation and control.   

With privacy at the heart of the debate, MiCA raises a multitude of implications for the rights and freedoms of individuals and businesses. Europe claims, despite dissenting voices, that the aim of the regulation is to protect providers and consumers from scams and fraud and to offer greater protection for their transactions within the Union’s borders. But let’s take a look at article 68 of the text, one of the articles that has raised the most fuss among the actors affected by the law, as it establishes extensive mandatory guidelines on AML or KYC verification for CASPs. 

Licensed cryptoasset service providers, according to the article, must establish certain operating rules. These rules include requirements, approval and due diligence processes for admitting cryptoassets to the platform, defining exclusion categories, establishing policies and procedures, ensuring fair and orderly trading, and establishing conditions for the suspension of cryptoasset trading. In addition, it requires the assessment of the quality of cryptoassets and, in the most relevant part of the text, the identification of holders and their transaction history. CASPs will redouble their efforts to comply with MiCA’s guidelines on identity authentication and customer verification through video identification solutions, documents, data or reliable and independent information. Prices and trading depth of cryptoassets, as well as details of executed transactions, should be made public. Fee structures should be transparent and non-discriminatory, and providers should have resources and back-up facilities to inform the competent authorities at all times of any incidents. Another aspect highlighted in this article is that all rules must be published on the service provider’s website. 

From this perspective, compliance costs soar, to the detriment of smaller companies, which find it more difficult to cope with these items. In addition, protecting sensitive information stored on a massive scale is a technical challenge that, once again, not all providers and intermediaries have the capacity to meet. The larger and more valuable the data stored, the greater the possibility of an attack.  

The system imposes significant fines on intermediaries who do not cooperate with the authorities in providing information and disclosing data that distorts or manipulates market trends. These regulations are detailed in Title VII of MiCA (Articles 81-120), which sets out the supervisory powers of the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA). These bodies are responsible for prohibiting insider dealing, supervising activity and imposing sanctions. 

MiCA regulation, especially in some of its articles, as we have seen, is highly restrictive and could limit the growth and innovation of the blockchain industry, as well as the privacy and security of businesses and user communities. The blockchain industry is still in its early stages of development and a one-size-fits-all regulatory approach may not be the best solution. Instead, a dynamic approach is needed that allows for evolution, while ensuring compliance with regulatory requirements and protecting the interests of all parties. Rather than suggesting a specific technical solution, regulators should allow intermediaries the flexibility to consider their own risk-based solutions that balance the need for compliance with the need for innovation and privacy. The key would be to continue to facilitate confidential transactions while complying with regulatory requirements, if that is even possible. 

Success and compliance  

Technology providers specializing in trust building, digital identity management and compliance play a crucial role as a resource for businesses to comply with MiCA and succeed in their approach to cryptocurrencies and cryptoassets. As one of the key objectives of MiCA is to build a barrier against fraud and money laundering, the right hand of crypto managers will be technologies that implement accurate AML protocols. 

Despite the contingencies mentioned above, the regulations require that the custody, exchange and payment with cryptoassets be supported by rigid digital identification, documentary verification and KYC services. Following the implementation of MiCA, intermediaries will have to strengthen their signature processes, video identification, etc… 

Although both the crypto-asset market and the related regulations are new fields, technological experts with experience in, shall we say, traditional sectors (banking, insurance or gambling), can guarantee compliance and provide expertise in the application of similar rules. They could be instrumental in meeting the AML and KYC obligations set out in the MiCA text.  

The companies involved have two options, either to end the transitional period or to update their strategies and set themselves apart from the competition by catching up as soon as possible. 

It is important to have platforms and services that make onboarding as easy as possible and enable real-time monitoring of transactions, as well as comprehensive and accurate reporting to comply with regulatory requirements. In addition, CASPs must have effective anti-money laundering (AML) and fraud prevention measures in place. This implies having systems in place to monitor and detect suspicious activities, as well as establishing mechanisms to report any illicit behavior to the competent authorities. Service orchestration would allow for efficient management of compliance operations, ensuring the security of transactions and the protection of sensitive user data.  

Only through powerful KYC approaches could a solid foundation be built for sustainable growth and mass adoption of digital assets in the regulatory framework established by MiCA. 

Request a free demo with one of our experts in secure digital transactions and onboarding.