All you need to know about MiCA and the licence application

If you’re a cryptoasset service provider (CASP), you might be researching MiCA to understand what’s required of your business under the new regulation before applications open on 30 December 2024 for countries in the EU. 

While the information available about the MiCA regulation is extensive, it can also lead to more confusion than clarity. For example, you might have the following questions. 

• What exactly do you need to do before the deadline? 
• How can you successfully apply for a MiCA licence with the limited resources and expertise you have in-house? 
• How can you get buy-in from senior stakeholders who might not see compliance as a top-level priority for the business

At fscom, our team of senior experts has successfully managed and completed numerous applications, ensuring compliance with all relevant regulations. As such, we have an excellent understanding of the industry, especially from a regulatory perspective, and can outline what you need to know about MiCA.

In this article we’ll cover: 

• What is MiCAR?
• Who needs a MiCA licence?
• What are the MiCA licence requirements?
• How to prepare for your MiCA licence application
• How fscom can help you prepare and submit your MiCA licence application

Looking to complete your MiCA licence application? Get in touch and discover how fscom can help. 

What is MiCAR? 

Established by the European Banking Authority (EBA), the Markets in Crypto Assets Regulation (MiCA) is a comprehensive regulatory framework for cryptoassets in the European Union (EU). Its primary objective is to protect customers and investors and mitigate risks to financial stability. The MiCA regulation sets out to prevent market abuse in the previously unlegislated cryptoassets sector and includes rules against: 

• unlawful disclosure of inside information;
• insider trading; and
• actions that might disrupt or manipulate the financial market.

Who needs a MiCA licence?

MiCA applies to all firms operating in the issuance and service provision of cryptoassets (i.e., CASPs) in the EU. This includes issuers and providers of: 

• e-money tokens (EMTs);
• asset-referenced tokens (ARTs); and
• other crypto assets, like non-stablecoins. 

Although there is just one MiCA licence, the level of detail required in the application will vary depending on your business model. EMTs and ARTs, for example, will have to adhere to stringent guidelines, whereas other cryptoassets will be subject to less scrutiny. Here’s a breakdown of the CASP services and activities regulated by MiCA.

• Safeguarding and administering cryptoassets for clients.
• Running a cryptoassets trading platform.
• Managing the exchange of cryptoassets for cash or other assets (e.g., utility tokens).
• Placing and executing cryptoasset orders for clients.
• Processing cryptoasset orders.
• Offering advice, managing portfolios, and transferring cryptoassets.

What are the MiCA licence requirements?

MiCA requirements for VASPs

Until now, anti-money laundering (AML) legislation has been responsible for regulating virtual asset service providers (VASPs). Any VASPs registered before 30 December 2024 will require a cryptoasset service provider (CASP) authorisation before 30 December 2025. 

MiCA has suggested that the EU member states can choose to extend the transitional period to a maximum of 18 months, but it’s up to each EU country to decide. The Central Bank of Ireland (CBI), for example, has agreed to a transitional period of 12 months. 

Additional requirements 

To achieve your authorisation under MiCA, in-scope digital asset firms must adhere to the following requirements around information and marketing communications, capital adequacy, and governance. 

MiCA whitepaper

Firms in the crypto market have always published whitepapers alongside the release of a new asset, such as a new cryptocurrency. For the sake of transparency and accountability, MiCA is turning the whitepaper into a regulatory requirement. A MiCA whitepaper must contain a standardised set of information deemed useful and relevant to investors. Before you can publish it, you need to have your local governing body or competent authority validate it. 

The purpose of these regulated whitepapers is to avoid cryptoasset scams like OneCoin, which The Times described as “one of the biggest scams in history”. When OneCoin launched, it published a whitepaper making many claims that convinced people to buy into it. To prevent this from happening again, MiCA ensures that firms are beholden to the information they publish.

MiCA marketing guidelines

MiCA requires firms to make their marketing content and disclosures straightforward, honest, and free of any misleading or unclear information. They must clearly present the risks and potential returns of crypto investments and openly disclose any conflicts of interest.

Requirements for internal policies and governance principles

Under MiCA, your internal processes must be similar to those of other regulated financial services organisations. These include: 

• Anti-money laundering
• Data protection
• Risk management
• Consumer and investor protection
• Safeguarding
• Business continuity
• Avoiding conflict of interest
• Capital adequacy requirements 

How to prepare for your MiCA licence application

In our experience, a licence application tends to take  a minimum of 12 weeks to prepare. At the moment, it is still relatively new and requires considerable preliminary work. To help you get started, here are eight considerations that can guide you in preparing for your application: 

1. Understand the scope: Be clear about which elements of MiCA apply to your financial institution, so you know from the start what documents you need to prepare and who you need to involve.
2. Get the right governance frameworks in place: Ensure you have adequate policies and procedures and that you are following the MiCA guidelines and requirements properly.
3. Evaluate your security infrastructure: Confirm you have the right security arrangements in place, for example, that you’re GDPR compliant.
4. Review your human resources: Make sure you have adequate human resources with the relevant knowledge and experience.
5. Assess your financial stability: Ensure you can meet the capital adequacy requirements, you’ve got sufficient financial stability, and you can prove it in your application.
6. Review your third parties: If you’re working with third parties, ensure you understand the security risks and have a clear overview of the outsourcing process from an operational perspective. This includes due diligence when onboarding new partners and on an ongoing basis.
7. Bring on advisors: Consider hiring external advisors to support from a compliance, legal, and tax point of view, to help fill any knowledge gaps.
8. Check your documentation: Make sure you have everything you need to submit the application. For example, you want to review your compliance framework, policies and procedures; capital adequacy requirements; whitepapers; and evidence that your marketing meets the guidelines.

It might feel like a lot of work but, once you have a licence in one EU state, you can passport the licence out to other states. So you only have to apply and obtain a licence once to be compliant across all your EU markets.

How fscom can help you prepare for a MiCA licence application

Our teams of experienced compliance experts can support digital asset firms throughout Europe with their licence applications, and assist in the following ways:

Get practical support with your documentation

Pulling together and preparing the right documents is time-consuming, especially when you’re doing so for the first time. 

To take the pressure off your teams and ensure you meet the requirements, we’ll provide you with experts to help compile and draft all the documentation required for the application. So you can be sure you complete everything correctly without putting undue pressure on your teams.

Keep the application on track with a dedicated project manager

A project like this can often involve many stakeholders, making it difficult to manage everyone’s time and responsibilities effectively. We can support by creating a project plan and holding meetings and workshops to ensure you stay on track. 

As well as getting the right people in the room at the right times, workshops allow us to gather the information we need to provide the most relevant advice. They also highlight areas where you need to make decisions or put new policies in place. As a result, everyone in your firm has a clear idea of what they need to do and when, and can fill any policy gaps before submitting the application.

Ensure you have the right governance frameworks in place

Compliance isn’t everyone’s priority, especially in fast-paced businesses focused on hyper-growth. We’ll help you get senior-level buy-in so that you’re set up for long-term compliance success. 

We’ll also help you design your governance frameworks and ensure your committees are meeting often enough and have the right documentation. In this way, you’ll be able to prove your organisation is compliant by design.

Check your application with an external Case Officer Review

In our experience, preparing the necessary application documentation often involves going back over documents you think you’ve completed. As a result, you might have made an update in one place but not in another, causing inconsistencies throughout the application. 

To avoid this, we can provide a case officer review. This person will objectively review the application with a fresh pair of eyes to ensure all the names are correct and the information is consistent. So you can submit the final application, confident that you’ve formatted and presented everything as required. 

You don’t have to face MiCA alone

Compliance and authorisation procedures are not new to the EU Crypto industry. However, MiCA is the first framework that regulates the crypto-asset market from a comprehensive standpoint. This will be new to many firms. Senior executives might not fully recognise the significance of the legislation and you might not have the in-house expertise needed to complete the application successfully.

We’ve been helping crypto firms with their compliance for a long time. We know it is easy to underestimate the workload and level of detail required when preparing these licence applications. The good news is that you don’t have to do it by yourself – in fact, we recommend you don’t.

Bringing in experienced experts will help with the heavy lifting, provide training for your teams, and ensure buy-in at the board level. As a result, you’ll embed compliance into your processes without putting undue pressure on your teams.

If you’d like to explore how we can help you complete your MiCA licence application, get in touch.