← Back to all briefings
Compliance 5 min read Published Updated Credibility 89/100

Compliance Briefing — May 16, 2023

EU finance ministers gave final approval to MiCA, activating phased licensing, stablecoin, disclosure, and sustainability rules for crypto-asset issuers and service providers.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
6 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: The Council of the European Union formally adopted the Markets in Crypto-Assets (MiCA) regulation on 16 May 2023, establishing the first comprehensive EU-wide framework governing crypto-asset issuance, trading, and service providers. MiCA introduces licensing, prudential, governance, and disclosure requirements for crypto-asset service providers (CASPs) and stablecoin issuers, with stablecoin provisions applying 12 months after publication and the remainder after 18 months. Firms operating in or marketing to the EU must align their business models, risk controls, and reporting systems with the regulation’s phased obligations.

The regulation covers asset-referenced tokens (ARTs), e-money tokens (EMTs), and other crypto-assets not already captured by existing EU financial law. Issuers must publish white papers with detailed risk disclosures, maintain reserve assets, and implement governance arrangements to protect consumers and financial stability. CASPs—including exchanges, custodians, and portfolio managers—need authorisation from a national competent authority, comply with capital requirements, segregate client assets, and implement policies for market abuse detection.

Capability implications

MiCA drives capabilities across multiple domains:

  • Licensing and passporting. CASPs must secure authorisation in one Member State, after which they can passport services across the EU, provided they maintain compliance and risk management standards.
  • Stablecoin resilience. ART and EMT issuers must maintain reserve assets, implement liquidity and redemption policies, and provide daily disclosures on reserve composition. Significant tokens face enhanced oversight by the European Banking Authority (EBA).
  • Consumer protection. White papers must outline rights, technology risks, and governance arrangements, while marketing communications must be fair, clear, and not misleading.
  • Market integrity. CASPs must monitor trading for market abuse, implement procedures to detect insider dealing and wash trading, and maintain incident reporting mechanisms to competent authorities.
  • Sustainability disclosures. Issuers must disclose adverse environmental and climate-related impacts of consensus mechanisms, aligning with EU sustainability goals.

Implementation roadmap

Organisations should sequence implementation in line with MiCA’s timeline:

  • Gap assessment and governance setup. Conduct a comprehensive assessment of products, services, and entities to determine MiCA applicability. Establish cross-functional steering committees covering compliance, legal, risk, technology, and operations.
  • Authorisation strategy. Decide on the Member State of authorisation, engage early with national competent authorities, and prepare application dossiers including business plans, governance frameworks, AML/KYC policies, and IT security controls.
  • Stablecoin compliance. For ART/EMT issuers, design reserve management strategies, custodial arrangements, redemption policies, and stress-testing regimes. Implement governance for significant tokens, including remuneration policies and recovery plans.
  • Market surveillance and reporting. Deploy surveillance technology to monitor trading, detect manipulative behaviours, and produce regulatory reports. Integrate with transaction reporting, suspicious activity monitoring, and incident management workflows.
  • AML and travel rule alignment. Update customer due diligence, travel rule data sharing, and sanctions screening programmes so they integrate with MiCA licensing and ongoing compliance obligations.
  • Sustainability and transparency. Collect energy consumption data, supply-chain emissions, and ESG metrics for consensus mechanisms. Develop public disclosures aligned with EU sustainable finance taxonomy expectations.

Firms should also align MiCA workstreams with the EU’s Anti-Money Laundering (AML) package, the Transfer of Funds Regulation (TFR) travel rule updates, and existing e-money or payment institution licences.

Timeline and supervisory coordination

Stablecoin provisions apply from mid-2024, while CASP authorisation requirements take effect 18 months after entry into force, giving firms limited time to secure licences and upgrade controls. Transitional relief allows existing providers to continue operating until July 2026 if they submit applications before July 2025.

ESMA and the EBA will issue numerous regulatory technical standards on complaints handling, conflict of interest, sustainability disclosures, and reserve management. Firms must monitor consultations, respond to feedback opportunities, and incorporate final standards into product and compliance roadmaps.

Responsible governance

MiCA raises governance expectations across management bodies:

  • Board accountability. Boards must ensure fit-and-proper management, effective risk management, and oversight of outsourcing arrangements. They should set risk appetite for crypto exposures, reserve management, and technology resilience.
  • Internal control functions. Compliance, risk, and internal audit functions must be independent, well-resourced, and empowered to challenge business decisions. Establish dedicated MiCA control frameworks and reporting lines.
  • Operational resilience. Implement robust IT security, incident response, and business continuity plans, including segregation of duties, penetration testing, and third-party risk management.
  • Customer safeguarding. Maintain segregated client accounts, reconciliation procedures, and transparent fee disclosures. Provide complaint handling mechanisms and investor education materials.

Governance programmes should integrate with broader enterprise risk management, aligning with DORA, PSD2/PSD3, and upcoming EU cyber resilience regulations.

Sector playbooks

  • Crypto-asset exchanges. Prioritise licensing readiness, implement surveillance and AML controls, and revise listing due diligence to ensure token issuers meet white paper requirements. Provide risk disclosures to retail investors.
  • Stablecoin issuers and fintechs. Establish treasury functions capable of managing high-quality liquid assets, design real-time reserve reporting dashboards, and coordinate with banking partners for redemption operations.
  • Banks and payment providers. Evaluate strategic entry into MiCA-regulated services, leveraging existing compliance infrastructures, but ensure crypto-asset activities remain ring-fenced and capitalised appropriately.
  • Custody and wallet providers. Implement segregation of assets, key management policies, insurance coverage, and transparency on recovery procedures. Align with EBA and ESMA technical standards once published.

Measurement and assurance

Develop metrics and evidence packages to demonstrate MiCA compliance:

  • Authorisation progress. Track submission milestones, regulator feedback, and remediation actions for licensing applications.
  • Reserve adequacy. Monitor reserve coverage ratios, asset diversification, stress-test results, and redemption performance for stablecoins.
  • Market surveillance effectiveness. Measure detection-to-resolution times for suspicious activity, false positive rates, and quality of regulatory reports.
  • Customer protection metrics. Track complaints, dispute resolution times, and client asset reconciliation outcomes.
  • ESG disclosure readiness. Maintain data quality scores, assurance status, and stakeholder feedback on environmental impact reporting.

Regularly update boards and investors on these metrics, and prepare for supervisory reviews coordinated by ESMA and the EBA as they develop technical standards and guidelines.

Coordinate MiCA transformation with DORA, PSD3/PSR, and the upcoming AML Regulation to build a unified digital asset control framework covering technology resilience, payments, and financial crime obligations.

Zeph Tech supports MiCA programmes with licensing playbooks, stablecoin reserve governance, and surveillance analytics that convert regulatory obligations into trusted crypto operations.

Timeline plotting source publication cadence sized by credibility.
6 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Crypto regulation
  • European Union
  • Financial compliance
Back to curated briefings