MiCA's Approach to High-Risk Transactions and Enhanced Due Diligence for VASPs

As the crypto asset market matures, regulatory frameworks are evolving to ensure transparency, protect consumers, and prevent financial crime. The European Union’s Markets in Crypto-Assets Regulation (MiCA) represents a milestone in this journey. Among its key focuses is the need for enhanced due diligence (EDD) by Crypto Asset Service Providers (CASPs), especially when dealing with high-risk transactions. This article explores how MiCA tackles high-risk crypto activity, outlining compliance expectations and best practices for CASPs operating under the new regulatory regime.

Table of Contents

• Understanding Markets in Crypto Assets (MiCA) and Its Scope
• High-Risk Transactions and Enhanced Due Diligence (EDD)
• Key Elements of EDD under MiCA
• MiCA Requirements for CASPs Handling High-Risk Transactions
• Market Abuse Prevention
• Stablecoins and E-Money Tokens
• The Role of the European Authorities in Crypto Asset Regulation
• Enhanced Due Diligence in Practice
• MiCA’s Relationship with AML and Other EU Crypto Assets Regulation
• Compliance Best Practices for Crypto Asset Service Providers
• Timeline for Implementation
• Future Outlook

Understanding Markets in Crypto Assets (MiCA) and Its Scope

MiCA is the EU’s comprehensive regulatory framework designed to govern crypto assets, crypto asset services, and the activities of CASPs. The Markets in Crypto-Assets Act (MiCA) was initiated by the European Union and approved by the European Parliament to create consistency across EU member states, addressing issues such as investor protection and regulatory alignment with existing financial regulations. MiCA covers a wide range of instruments, including asset-referenced tokens (ARTs), e-money tokens (EMTs), and other crypto assets not classified as financial instruments under existing legislation. The crypto assets MiCA regulation is significant as it ensures financial stability while protecting investors in the crypto-asset sector.

MiCA applies to all service providers authorised to offer crypto asset services in the EU, such as:

• Operating a crypto asset trading platform

• Providing crypto asset transfer services

• Offering custody services (e.g., custodian wallet providers)

• Providing services related to the issuance or exchange of crypto assets

Through a comprehensive regulatory framework, MiCA aims to support financial stability, strengthen market integrity, and promote consumer protection while fostering innovation across the crypto asset markets.

High-Risk Transactions and Enhanced Due Diligence (EDD)

One of the cornerstones of MiCA’s anti-money laundering (AML) and consumer protection strategy is the obligation to apply EDD to high-risk transactions. These include:

• Transfers involving unusually large amounts of crypto assets

• Transactions from or to jurisdictions with inadequate regulatory frameworks

• Transfers to self-hosted wallets without proper identification

• Cases where customer behavior raises red flags

In addition to these measures, public disclosure and transparency and disclosure requirements are essential for maintaining transparent and fair markets. To mitigate the risks associated with these scenarios, CASPs must go beyond standard KYC and AML checks and implement enhanced due diligence procedures.

Key Elements of EDD under MiCA

1. Verification of Identity and Source of Funds

• CASPs must collect robust identifying information from customers, including legal entity status, physical address, account information, and the nature and purpose of the business relationship.

• This applies especially to legal persons or legal entities transacting large volumes of crypto assets, and must be aligned with the authorisation process for issuers of asset-referenced tokens within the European Union.

2. Risk-Based Assessment

• MiCA promotes a risk-based approach where crypto asset service providers assess transaction risks based on the origin, destination, amount, and frequency of transfers.

• This assessment is supported by technical standards and guidance from the European Banking Authority (EBA) and national competent authorities.

3. Ongoing Monitoring

• CASPs must conduct continuous monitoring of crypto asset transfers, especially those crossing borders or involving electronic money tokens or asset-referenced tokens.

• Suspicious activity should be flagged and reported, in line with applicable national law, and issuers must adhere to prudential requirements to ensure a sound governance structure and manage reserves of assets to mitigate potential risks.

MiCA Requirements for CASPs Handling High-Risk Transactions

Under MiCA, crypto asset service providers are subject to several obligations, including securing appropriate licenses and submitting required documentation to the relevant national competent authority. This ensures compliance with regulatory standards and operational guidelines. Additionally, issuers of crypto-assets must adhere to legal obligations by submitting white papers and other necessary documents to the competent authority to maintain transparency and governance.

1. Internal Controls and Compliance

• Providers must establish internal policies to assess, detect, and prevent market abuse, money laundering, and terrorist financing. These policies should align with the latest consultation package released by ESMA, which outlines phases of consultations regarding technical standards and guidelines related to financial regulations.

• These controls must include robust security access protocols and clear escalation procedures. Additionally, providers should be aware of the delegated acts under the MiCA regulation, which define the conditions under which the activities of stablecoin issuers are deemed significant, streamlining the regulatory framework for cryptocurrency services in the EU.

2. Due Diligence and Record-Keeping

• CASPs are required to maintain records of high-risk transactions and due diligence actions, including obtaining prior authorisation from the National Competent Authority (NCA) for certain activities.

• This includes documenting the originator’s and beneficiary’s account number, transaction execution date, and other identifiers, ensuring that the entity is recognized as a legal person.

• These records must be stored electronically and made available to competent authorities upon request.

3. Disclosure Obligations

• Crypto asset issuers and CASPs must ensure transparency through clear and fair marketing communications relating to such crypto assets, particularly focusing on the requirements for admission to trading under the MiCA Regulation.

• For high-risk crypto assets, a crypto asset white paper must include a detailed risk disclosure, adhering to the transparency and disclosure requirements established by MiCA to ensure investor protection and market integrity.

Market Abuse Prevention

The MiCA regulation incorporates provisions aimed at detecting and preventing market abuse on crypto-asset markets. The regulation lays down rules to prohibit certain types of behavior, including insider dealing, disclosure of inside information, and market manipulation. These provisions apply not only to transactions on trading platforms but to all transactions in crypto-assets, whether on or off a trading platform. All participants who professionally organize or execute transactions involving crypto-assets must have systems in place to prevent and detect market abuse. The European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) will play a crucial role in enforcing these provisions and ensuring that crypto-asset service providers comply with the regulatory framework.

Stablecoins and E-Money Tokens

The MiCA regulation sets out a framework governing the issuance of asset-referenced tokens (stablecoins) and electronic money tokens. The framework has been applicable since 30 June 2024. Issuers of asset-referenced tokens must obtain prior authorization and publish a white paper. Authorized European credit institutions do not need additional authorization to issue asset-referenced tokens. Issuers of asset-referenced tokens and electronic money tokens must demonstrate compliance with own funds requirements and governance arrangements. Restrictions apply to the use of stablecoins as means of exchange, with limits on transactions. The regulation aims to ensure that stablecoins and e-money tokens are issued and traded in a safe and transparent manner, and that investors are protected from potential risks.

The Role of the European Authorities in Crypto Asset Regulation

MiCA places significant responsibility on European institutions, including:

• European Securities and Markets Authority (ESMA): Supervises CASPs and enforces technical standards.

• European Banking Authority (EBA): Coordinates anti-money laundering oversight and provides guidance for high-risk crypto transactions.

• Alternative investment fund managers and investment firms: Although exempt from MiCA authorization requirements when providing certain crypto-asset services, they must still comply with specific regulatory frameworks established by MiCA.

These bodies work in conjunction with national competent authorities (NCAs) across member states to ensure uniform implementation and enforcement.

Enhanced Due Diligence in Practice

Let’s explore what enhanced due diligence might look like on a crypto asset trading platform under MiCA:

• A new user from a high-risk jurisdiction initiates a crypto asset transfer exceeding €10,000, utilizing the platform's crypto services.

• The CASP’s compliance team requests further information, including source of funds documentation, proof of beneficial ownership, and a declaration of purpose for the transaction, especially if the user engages in portfolio management.

• The platform flags the transaction for closer monitoring and initiates a Suspicious Activity Report (SAR) if anomalies persist.

This illustrates the necessity of having both automated tools and human oversight to assess high-risk transactions in real-time.

MiCA’s Relationship with AML and Other EU Crypto Assets Regulation

MiCA does not operate in isolation. It complements existing EU AML frameworks, including:

• The 5th Anti-Money Laundering Directive (AMLD5)

• The forthcoming Anti-Money Laundering Regulation (AMLR)

• The Digital Operational Resilience Act (DORA), which enhances ICT risk management for financial institutions

Additionally, MiCA is part of a broader strategy to integrate digital finance into the existing financial ecosystem. It ensures consistency and compliance across EU member states while addressing the unique challenges posed by crypto assets. Under the MiCA framework, issuers of electronic money tokens must be authorized credit institutions or electronic money institutions, adhering to specific legislative standards, including the publication of a white paper and compliance with sectoral regulations.

Together, these laws reinforce MiCA’s mandate by ensuring that crypto companies provide crypto asset services responsibly, especially when handling large-scale or suspicious transfers.

Compliance Best Practices for Crypto Asset Service Providers

To meet MiCA’s enhanced due diligence expectations, CASPs should:

1. Implement Advanced Monitoring Tools

• • Use AI and distributed ledger technology to flag unusual patterns in crypto asset transfers, especially for those operating trading platforms.

2. Develop a Tiered Risk Framework

• • Create transaction categories (low, medium, high risk) and adjust KYC measures accordingly, considering crypto-assets stored using distributed ledger technology or similar technology.

3. Train Staff Regularly

• • Ensure compliance teams are updated on technical standards and new threats in the crypto markets.

4. Strengthen Cross-Border Collaboration

• • Work with international organizations and financial institutions engaged in regulatory oversight.

5. Engage with Regulators Early

• • CASPs applying for authorization should consult with NCAs to clarify EDD expectations before launch.

Timeline for Implementation

The MiCA regulation will become fully applicable on 30 December 2024, subject to a discretionary transition period. Individual Member States can notify the European Commission to use transitional measures. Firms should note that relying on grandfathering provisions does not grant them the status of a MiCA crypto-asset service provider. The implementation timeline is as follows:

• 30 June 2024: Titles III (Asset-Referenced Tokens) and IV (E-Money Tokens) of the MiCA Regulation took effect.

• 30 December 2024: The MiCA Regulation will become fully applicable.

• January 2025: Crypto Asset Service Providers (CASPs) must begin applying for licenses to operate within the EU.

• July 2026: All CASPs must achieve comprehensive compliance with MiCA requirements. The European Commission, ESMA, and EBA will continue to work on the implementation of the MiCA Regulation, including the development of technical standards and guidelines. The regulation will provide a comprehensive framework for the regulation of crypto-assets in the EU, and its implementation will have a significant impact on the crypto-asset markets and service providers operating in the EU.

Future Outlook

The crypto asset industry is facing a regulatory reckoning, with MiCA leading the way in the European Union. The 'transitional period' allows crypto-asset service providers to continue operations past the cutoff date of December 30, 2024, until July 1, 2026, ensuring compliance with existing national laws and regulations during this adjustment phase. As other countries adopt similar crypto assets regulation frameworks, there is growing pressure for crypto businesses to implement globally harmonized standards for high-risk transaction monitoring.

CASPs that demonstrate a strong commitment to compliance and EDD will gain a competitive edge, win customer trust, and reduce the risk of sanctions or fines. Moreover, as the Markets in Crypto-Assets (MiCA) regulation evolves, those who adapt early will be better positioned to scale and serve a broader client base.

Conclusion

MiCA sets a new benchmark for regulatory compliance in the crypto asset markets. Its focus on high-risk transactions underscores the importance of transparency, security, and consumer protection. For crypto asset service providers, enhanced due diligence is no longer optional—it’s essential.

By implementing strong internal controls, leveraging advanced compliance technology, and staying ahead of EU regulatory changes, CASPs can navigate MiCA’s demands and thrive in a maturing crypto landscape.

For more information about how we can help reach out to us. We're here to help and answer any questions you may have.

Contact us!

***

References

• European Parliament. (2023). Regulation (EU) 2023/1114 on Markets in Crypto-assets (MiCA). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114

• European Securities and Markets Authority (ESMA). (2024). MiCA and ESMA’s supervisory role. https://www.esma.europa.eu

• European Banking Authority (EBA). (2024). Guidelines for Crypto-Asset Service Providers. https://www.eba.europa.eu

• Financial Action Task Force (FATF). (2021). Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. https://www.fatf-gafi.org/publications/fatfrecommendations/documents/guidance-rba-virtual-assets-2021.html

• European Commission. (2023). Digital Finance Package: MiCA explained. https://finance.ec.europa.eu/publications/digital-finance-package_en

• Chainalysis. (2023). Crypto and Compliance: Meeting AML and KYC Requirements under MiCA. https://www.chainalysis.com

• Deloitte. (2024). The future of compliance in digital assets: What MiCA means for crypto businesses. https://www2.deloitte.com

• MarketGuard. (2024). How CASPs Can Prepare for MiCA’s Enhanced Due Diligence Requirements. https://marketguard.io/blog

• International Monetary Fund (IMF). (2022). The Rise of Crypto Assets and Regulatory Approaches. https://www.imf.org/en/Publications

• ComplyAdvantage. (2024). Crypto Compliance in the EU: Preparing for MiCA. https://complyadvantage.com