persona-logo
Industry
Published February 10, 2025
Last updated March 17, 2025

What cryptocurrency companies need to know about the EU’s Markets in Crypto-Assets (MiCA) Regulation

Find out what the new regulation means for crypto service providers, and learn how to stay compliant.
Jeff Sakasegawa
Jeff Sakasegawa
6 min
Key takeaways
The EU’s Markets in Crypto-Assets (MiCA) Regulation went into effect on December 30, 2024. 
MiCA outlines a set of rules and provisions around transparency, disclosure, and supervision that crypto-asset service providers (CASPs) need to follow. 
To comply with MiCA, you may need to reconsider your KYC program.

Cryptocurrency companies have new compliance considerations to be aware of. In June 2023, the European Union passed the Markets in Crypto-Assets (MiCA) Regulation, which went into effect in installments over the course of 2024, with the regulation in full effect on December 30, 2024. 

Created to make the crypto industry safer and more transparent, MiCA provides a new legal framework for individuals and companies in the EU that issue and trade crypto-assets. 

Below, we break down key facts about MiCA, including who the regulation affects, what it requires, and how to adjust your KYC/KYB programs accordingly. 

What is MiCA and why does it matter?

The Markets in Crypto-Assets Regulation is a regulation designed to make the crypto industry safer for traders and consumers. The legislation applies to crypto-assets in the EU that haven’t been previously subject to financial regulations. 

The cryptocurrency industry has long operated without centralized governance. Traders appreciate the anonymity of crypto, but the lack of oversight can lead to considerable theft. In an effort to make the crypto market safer, the EU expanded its Anti-Money Laundering Directives (AMLDs) in 2023 to include crypto-asset service providers (CASPs) as “obliged entities.”

As a result, CASPs were required to implement anti-money laundering (AML) measures like identity verification, transaction monitoring, and enhanced due diligence. However, a lot of crypto service providers didn’t fall under the directive’s scope.  

Enter: MiCA, which was introduced to bring consistency to previously ungoverned cryptocurrency exchanges in the EU — as well as increased market integrity. The regulatory framework accomplishes the following: 

  • Establishes provisions around the transparency, disclosure, authorization, and supervision of crypto-asset transactions

  • Supports market integrity and financial stability

  • Ensures consumers are more informed about the risks associated with crypto 

Who does MiCA affect?

MiCA has wide-ranging implications for crypto investors and consumers alike, but the regulation specifically addresses crypto-asset service providers (CASPs), which are businesses or entities that offer one or more crypto-asset services to clients. Think: custodial wallets, crypto-trading platforms, and crypto portfolio managers. 

MiCA defines a crypto-asset as “a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology.” MiCA covers crypto-assets that fall into the following categories:

  1. Electronic or e-money tokens (EMTs)

  2. Asset-referenced tokens (ARTs)

  3. Other crypto-asset tokens that don’t fall into one of the above two groups

Crypto-asset services cover a range of activities, including exchanging crypto-assets for funds, trading crypto-assets, administering crypto-assets on behalf of clients, providing transfer services for crypto-assets, and providing advice or portfolio management services related to crypto-assets. 

What’s excluded from MiCA?

MiCA does not cover the following: 

  • Crypto-assets that qualify as financial instruments, since they’re subject to existing regulations. This includes structured deposits, securitization portions, insurance, and certain pension products. 

  • Crypto-assets that are unique and not interchangeable with other crypto-assets, like digital art and collectibles. 

  • Crypto-assets that represent services or physical assets that are unique and not interchangeable, like product guarantees or real estate. 

MiCA compliance requirements

MiCA has a multitude of specific guidelines for CASPs, but here are some of the main requirements:

  • Designate at least one EU-based director and maintain a registered office within the EU if you want to be authorized to operate in the EU.

  • Implement AML systems and procedures for data security and business continuity. 

  • Assess and periodically review the effectiveness of your policy arrangements and procedures. 

  • Act honestly, fairly, and professionally — and in your clients’ best interests. This includes providing an avenue for clients to voice their concerns and receive fair and timely resolutions.

  • Ensure all communications with clients, including marketing materials, are fair, clear, and transparent. Don’t mislead clients about the real or perceived advantages of crypto-assets, and warn clients about the risks associated with crypto-asset transactions. Give clients links to any crypto-asset white papers related to the crypto-assets you’re advising on or issuing. 

  • Put your policies on pricing, costs, and fees in a prominent, publicly accessible place on your website. 

  • Share information about the adverse environmental impact of crypto-asset trading in a prominent place on your website. 

There are also specific guidelines for different types of CASPs and the activities they perform, from operating a crypto trading platform to transferring crypto-assets and advising on crypto portfolios. Crypto-asset issuers, for example, are required to develop and publish a crypto-asset white paper that details the crypto-asset project, offeror, technology used, and potential risks. 

You can see MiCA’s complete text and the nuances of their rules here

Penalties for noncompliance

CASPs that don’t comply with MiCA rules are subject to penalties from their EU member states, including maximum administrative fines of at least €700,000 for individuals and €5 million for legal entities, or penalties ranging from 3-12.5% of the CASP’s total annual turnover. 

Member states also have the right to ban CASPs from engaging in crypto-asset services in the areas they govern. 

How does MiCA affect your KYC program?

Know Your Customer (KYC) is a due diligence process that requires you to verify your customers’ identities to prevent fraud. If you haven’t already developed a KYC process for your crypto service, now’s the time. Under MiCA, CASPs have to adhere to the sixth AMLD, which requires implementing AML checks. One part of that includes building a KYC program. 

An effective crypto KYC program needs to:

  • Collect customer data efficiently 

  • Store customer data safely to ensure the integrity and confidentiality of the information

  • Comply with MiCA regulations, as well as regional and industry-specific laws

  • Offer minimal friction for users

  • Use a variety of verification methods for seamless identity verification

  • Be flexible and customizable

Case study
BitGo reduces manual review by 98% with Persona’s flexible identity platform
See how

How Persona can help you comply with crypto regulations like MiCA

Persona’s robust identity platform makes it easy to verify crypto traders across the globe and meet shifting AML compliance requirements

With Persona, you can customize your crypto onboarding flows and automatically adjust friction based on the user information you collect. Flag users from high-risk countries for manual review, for example, or add step-up verifications for users who request higher trade limits. 

Protect users’ accounts by reverifying them at key touchpoints, like during account updates or fund withdrawals. Plus screen users who require enhanced due diligence via Persona’s watchlist screenings and adverse media screenings

Ready to get started? Learn more about Persona’s platform, see how we help BitGo consolidate and automate its compliance program, or request a demo today. We’re here to help!

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Jeff Sakasegawa
Jeff Sakasegawa
Jeff Sakasegawa is Persona's trust & safety architect. Prior to Persona, Jeff worked in fraud and compliance operations at Square, Facebook, and Google.
Continue reading
  • The importance of KYC for crypto exchanges
    7 mins

    The importance of KYC for crypto exchanges

    Here’s what crypto exchanges need to know about KYC compliance.

  • Top cryptocurrency theft statistics of 2023
    9 mins

    Top cryptocurrency theft statistics of 2023

    See how cryptocurrency thefts occur, dig into the biggest heists of all time, and get some tips for protecting users.

  • How do AML regulations apply to crypto exchanges?
    5 mins

    How do AML regulations apply to crypto exchanges?

    If your business operates in the crypto space, it’s critical that you understand the tenets of AML so you can...