KYC Under MiCA - Updated Requirements for Crypto-Asset Service Providers

The implementation of the Markets in Crypto-Assets Regulation (MiCA) by the European Union represents a pivotal moment in the evolution of the crypto asset ecosystem, particularly in how it governs digital representations of value or rights stored and transferred using distributed ledger technology. As the first comprehensive regulatory framework specifically designed for crypto assets and service providers operating in the European Union, MiCA aims to enhance financial stability, protect consumers, and foster innovation in the digital finance space. Among its various provisions, Know Your Customer (KYC) obligations stand out as essential tools for promoting transparency and preventing illicit financial activities.

Table of Contents

• MiCA Regulation and Its Scope
• Definition and Scope of Crypto-Asset Service Providers
• KYC Requirements Under MiCA
•  Licensing and Authorization Process for CASPs
• Implications for Crypto Asset Issuers and Trading Platforms
• Technical Standards and Regulatory Oversight
• Integration with the Digital Operational Resilience Act (DORA)
• Market Abuse and Consumer Protection
• Stablecoins and E-Money Tokens

MiCA Regulation and Its Scope

MiCA applies to a broad range of crypto asset services and service providers. Entities that provide crypto asset services or operate as crypto asset service providers (CASPs) must comply with MiCA’s requirements. These include:

• Trading platforms for crypto assets

• Custodian wallet providers

• Service providers authorised to provide portfolio management

• Crypto asset issuers (including those issuing asset referenced tokens or e-money tokens)

• Investment firms and electronic money institutions that offer crypto services

• Alternative investment fund managers

By establishing clear rules for entities that provide crypto asset services, the MiCA regulation aims to increase consumer confidence and ensure a level playing field within the internal crypto asset markets of the European Union.

Definition and Scope of Crypto-Asset Service Providers

Crypto-asset service providers (CASPs) are entities that provide one or more crypto-asset services to clients on a professional basis. The scope of CASPs includes operating a crypto-asset trading platform, exchanging crypto-assets for funds or other crypto-assets, executing crypto-asset orders on behalf of clients, receiving and transmitting crypto-asset orders on behalf of clients, and managing crypto-asset portfolios.

CASPs are subject to the Markets in Crypto-Assets (MiCA) Regulation, which aims to create a comprehensive regulatory framework for crypto-assets in the European Union. The regulation applies to CASPs operating in the EU and provides a unified EU licensing structure for CASPs.

To be considered a CASP, an entity must meet certain criteria, including being a legal person or other undertaking whose occupation or business is to provide one or more crypto-asset services to clients on a professional basis. CASPs must also be authorized to provide such crypto-asset services in accordance with the provisions of the MiCA Regulation.

KYC Requirements Under MiCA

Under MiCA, CASPs and credit institutions are required to implement strong KYC practices, aligning with broader anti money laundering (AML) regulations and the objectives of the Financial Action Task Force (FATF). These measures are designed to identify and verify users, monitor suspicious activity, and ensure the secure storage of customer information.

Key KYC-Related Obligations:

• Customer Identification: Legal persons and natural persons must be clearly identified using official documentation.

• Verification of Identity: Before providing services, CASPs must verify the identity of their customers, whether they are individuals or legal entities.

• Ongoing Due Diligence: CASPs must conduct continuous monitoring of customer relationships to detect unusual or suspicious behavior.

• Record-Keeping: All customer identification data must be stored electronically and be accessible for regulatory inspection.

• Enhanced Due Diligence: Required for high-risk clients or transactions, particularly those involving politically exposed persons or jurisdictions with strategic AML deficiencies.

Licensing and Authorization Process for CASPs

The licensing and authorization process for CASPs involves several steps. First, CASPs must submit an application for authorization to the relevant authorities in their Member State. The application must include various documents, such as a business plan, a description of the services to be provided, and information about the management and shareholders of the CASP.

Once the application is submitted, the authorities will review it to ensure that the CASP meets the requirements set out in the MiCA Regulation. This includes ensuring that the CASP has a sound governance structure, meets the necessary capital requirements, and has adequate systems in place to prevent and detect market abuse.

If the application is approved, the CASP will be granted authorization to provide crypto-asset services in the EU. The authorization is valid across the EU, allowing CASPs to operate in any Member State.

Implications for Crypto Asset Issuers and Trading Platforms

Crypto asset issuers must also meet stringent transparency and disclosure requirements. Any entity that issues crypto assets—including asset referenced tokens and electronic money tokens—must prepare and publish a crypto asset white paper. This document must detail the nature of the crypto asset, the rights and obligations it confers, the associated risks, and the measures taken to ensure security access protocols and prevent market manipulation.

Trading platforms are required to establish robust identity verification systems before allowing users to engage in crypto asset transfers or other services related to crypto assets. These platforms are critical nodes in the ecosystem and must comply with strict KYC and AML policies as enforced by the European Securities and Markets Authority (ESMA) and national competent authorities.

Technical Standards and Regulatory Oversight

The European Banking Authority (EBA) and ESMA are tasked with developing technical standards and guidelines for implementing KYC requirements. These bodies will coordinate with national competent authorities to ensure consistency across member states, aligned with applicable national law.

Additionally, CASPs are subject to prudential requirements, including maintaining sufficient own funds to cover operational and compliance risks. These measures are designed to prevent systemic threats to financial stability while enhancing consumer protection.

Integration with the Digital Operational Resilience Act (DORA)

MiCA works in tandem with the Digital Operational Resilience Act (DORA), which mandates that crypto service providers ensure the security and resilience of their IT systems. KYC data, stored electronically, must be protected under robust cybersecurity frameworks to ensure the integrity of customer information.

Market Abuse and Consumer Protection

Preventing market abuse is another critical objective of the MiCA regulation. CASPs and trading platforms must monitor for signs of market manipulation and submit suspicious transaction reports to the competent authority. Transparent marketing communications relating to such crypto assets are required to prevent misleading claims.

Consumer protection is further enhanced by requiring clear communication about the nature and risks of crypto assets. This includes information about how to withdraw funds, rights of redress, and terms of service—all of which must be publicly disclosed.

Stablecoins and E-Money Tokens

Stablecoins and e-money tokens are two types of crypto-assets that are regulated under the MiCA Regulation. Stablecoins are crypto-assets that are backed by a single official (fiat) currency, while e-money tokens are crypto-assets that represent official currencies.

The MiCA Regulation sets out specific requirements for the issuance and trading of stablecoins and e-money tokens. For example, issuers of stablecoins must maintain a sound governance structure and meet the necessary capital requirements. They must also create and maintain a reserve of assets to cover risks related to the assets referenced by the stablecoins and the liquidity risks associated with the redemption rights of the holders.

E-money token issuers must also comply with specific requirements, such as keeping at least 30% of the funds received from the issuance of e-money tokens in a separate account with a credit institution.

Conclusion

MiCA represents a landmark step toward regulating the fast-evolving crypto asset markets in the European Union. The updated KYC requirements for crypto asset service providers serve as a foundational pillar in this comprehensive regulatory framework. By mandating stringent identification, verification, and monitoring obligations, MiCA ensures that crypto markets operate with the transparency and integrity expected of traditional financial institutions.

Crypto businesses seeking to provide crypto asset services within the EU must invest in strong compliance programs that address the full spectrum of MiCA requirements—from public disclosure and portfolio management to preventing market manipulation and ensuring consumer protection.

As MiCA continues to be implemented across member states, the collaboration between service providers, regulators, and international organizations will be critical in shaping a safe, competitive, and innovative future for the global crypto economy.

For more information about how we can help reach out to us. We're here to help and answer any questions you may have.

Contact us!

***

References

• European Union. (2023). Markets in Crypto-Assets Regulation (MiCA). Official Journal of the European Union, Regulation (EU) 2023/1114.
  https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114

• European Securities and Markets Authority (ESMA). (2024). ESMA’s activities on digital finance and crypto assets.
  https://www.esma.europa.eu

• European Banking Authority (EBA). (2024). Regulation and Policy: Crypto-Assets and MiCA.
  https://www.eba.europa.eu

• European Commission. (2024). Digital Finance Package – Shaping Europe’s digital future.
  https://finance.ec.europa.eu

• Chainalysis. (2024). Understanding MiCA and AML Compliance in the EU.
  https://www.chainalysis.com/blog/mica-and-aml-compliance

• Deloitte Luxembourg. (2024). MiCA Regulation: What Crypto Players Need to Know.
  https://www2.deloitte.com/lu/en/pages/financial-services/articles/mica-regulation.html

• Financial Action Task Force (FATF). (2023). Guidance for a Risk-Based Approach to Virtual Assets and VASPs.
  https://www.fatf-gafi.org/publications/fatfrecommendations/documents/guidance-rba-virtual-assets-2023.html

• International Monetary Fund (IMF). (2023). Regulating Crypto: Balancing Innovation and Risk.
  https://www.imf.org/en/Publications/fandd/issues/2023/09/regulating-crypto

• European Parliamentary Research Service (EPRS). (2023). MiCA: Regulating crypto-assets in the EU.
  https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2023)739277

• PwC. (2024). MiCA Regulation: A turning point for the EU crypto industry.
  https://www.pwc.com/gx/en/industries/financial-services/assets/pdf/mica-regulation-crypto.pdf