J Huang and S Pettigrove

May 7, 20235 min

Fully licensed: What does MiCA mean for crypto intermediaries?

After multiple delays, the highly-anticipated Markets in Crypto-assets Regulation (MiCA) was finally adopted by the European Union on 20 April 2023 making the EU the first major jurisdiction to pass a comprehensive regulatory framework for crypto-assets. MiCA is expected to come into force in 2024, and will apply across the EU. The full text of the final regulation was released last week but has not yet been published in the EU's Official Journal.

We have previously written a series of articles on MiCA covering its application to NFTs and public token offerings, this article will focus on how the new rules affect crypto asset service providers (CASPs or crypto intermediaries) in general.

Who are CASPs and what services are licensed?

Under MiCA, a CASP is a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis. CASPs must be authorised and have a registered office in an EU member state where they carry out at least part of their crypto-asset services, subject to exceptions (Art 59). They shall have their place of effective management in the Union and at least one of the directors shall be resident in the Union.

MiCA lists 10 types of crypto-asset services:

  1. providing custody and administration of crypto-assets on behalf of clients;

  2. operation of a trading platform for crypto-assets;

  3. exchange of crypto-assets for funds;

  4. exchange of crypto-assets for other crypto-assets;

  5. execution of orders for crypto-assets on behalf of clients;

  6. placing of crypto-assets;

  7. reception and transmission of orders for crypto-assets on behalf of clients;

  8. providing advice on crypto-assets;

  9. providing portfolio management on crypto-assets;

  10. providing transfer services for crypto-assets on behalf of clients;

A CASP providing any of the these services is required to apply for a license with relevant authorisations. This list is broad and covers the main activities typically conducted by centralised crypto-asset exchanges. Significantly, it will establish a licensing regime for intermediaries who provide crypto-asset custody, which is a key risk for consumers, as highlighted by the collapse of FTX last year which apparently engaged in widespread misappropriation of client assets.

What are CASP's licensing obligations?

MiCA imposes a number of general obligations on all CASPs, regardless of the specific crypto-asset services they provide. For example, Article 66 requires CASPs must:

act honestly, fairly and professionally in the best interests of clients and prospective clients

A similar obligation applies to financial services licensees under Australian law.

In addition:

Crypto-asset service providers shall provide their clients with fair, clear and not misleading information, in particular in marketing communications, which shall be identified as such.

CASPs are also required to warn clients of risks associated with purchasing crypto-assets.

General obligations applicable to all CASPs include, among others:

  • Prudential requirements (Art 67). CASPs must at all times have in place prudential safeguards, including by holding capital sufficient to meet EU capital requirements and/or an appropriate insurance policy;

  • Governance arrangements (Art 68). Management of CASPs shall be of sufficiently good repute and possess knowledge, experience and skills to perform their duties. Qualifying shareholders are also subject to fit and proper person requirements. CASPs should also adopt policies and procedures that are sufficiently effective to ensure compliance with MiCA;

  • Safekeeping of clients' crypto assets and funds (Art 70). CASPs shall make adequate arrangements to safeguard the ownership rights of clients, especially in the event of insolvency. CASPs that receive client funds (other than e-money tokens) shall place them with a central bank or a credit institution within the next business day; and

  • Other general obligations include having effective policies and procedures on complaint handling, conflicts of interest, outsourcing and orderly wind-down.

In addition, a number of specific obligations may apply to CASPs depending on the specific crypto-asset services they are authorised to provide. For example:

  1. CASPs providing custody and administration shall keep a register of positions corresponding to each client's rights to the crypto-assets. They shall have procedures to keep safe the crypto-assets or means of access to the crypto-assets. They shall provide a statement of position to the clients at least once every three months, and segregate client holdings from their own. Crypto-assets in custody are to be insulated from the CASP's own estate in the event of insolvency (Art 75);

  2. CASPs operating a trading platform shall implement operating rules that, among other things, define what crypto-assets are admitted to trading. Before admitting a crypto-asset to trading, CASPs shall ensure that the crypto-asset complies with the operating rules of the trading platform and shall assess the suitability of the crypto-asset concerned, including the reliability of the technical solutions used and the potential association to illicit or fraudulent activities. Crypto-assets with in-built anonymisation functions are generally prohibited (Art 76);

  3. CASPs exchanging crypto-assets for funds or other crypto-assets shall establish a non-discriminatory commercial policy that indicates the type of clients they agree to transact with and the conditions that shall be met by clients (Art 77);

  4. CASPs executing orders for crypto-assets on behalf of clients shall take all necessary steps to obtain the best possible result for their clients, taking into account a range of best execution factors (Art 78);

  5. CASPs placing crypto-assets shall communicate key information about the placement to the offeror, and obtain the agreement of the issuers of the crypto-assets. CASPs shall also have adequate procedures in place to avoid conflicts of interest (Art 79);

  6. CASPs receiving and transmitting orders on behalf of clients shall implement procedures for prompt and proper transmission of client orders for execution. CASPs shall not receive any benefit for routing client order flow to a particular trading platform or another CASP (Art 80);

  7. CASPs providing advice on or portfolio management of crypto-assets shall assess whether the crypto-assets or services are suitable for the clients, considering their knowledge and experience in investing in crypto-assets, their investment objectives including risk tolerance and their financial situation including ability to bear losses. These CASPs should also comply with a number of obligations similar to those applicable to providers of financial advice (Art 81); and

  8. CASPs providing transfer services for crypto-assets on behalf of clients shall conclude an agreement with their clients to specify their duties and their responsibilities (Art 82).


MiCA's approval puts the EU at the front of the race to establish fit for purpose regulations for crypto-assets which support innovation and basic consumer protections. The regulatory certainty offered by MiCA will likely attract more CASPs to the EU, and encourage investors to confidently deal with CASPs by allowing them to distinguish between licensed and rogue providers.

Further, the broad scope of services covered by the regime is likely to encourage the development of a sophisticated crypto-asset ecosystem encompassing exchanges and other verticals such as custody and advice.

We anticipate that other jurisdictions, including Australia, will borrow from elements of the MiCA regime in preparing their own regulations. We will address other aspects of MiCA in further posts in the coming weeks.