📢NAVIGATING CASP AUTHORISATION UNDER MiCA: KEY TAKEAWAYS FROM ESMA's LATEST BRIEFING

With the Markets in Cryptoassets Regulation (MiCA) set to reshape the European crypto landscape, businesses seeking authorisation as Cryptoasset Service Providers (CASPs) must prepare for a rigorous regulatory process. In its latest Supervisory Briefing on CASP Authorisation, the European Securities and Markets Authority (ESMA) provides crucial guidance for National Competent Authorities (NCAs), ensuring a harmonised approach across the EU.

At PCV LLC, we assist businesses in navigating this evolving regulatory framework, ensuring compliance while maximising operational efficiency.

Below you will find what CASPs need to know about the ESMA briefing issued on 31 January 2025 and what it means for their authorisation journey.

Key Highlights from the ESMA Briefing

1. Risk-Based Approach: No ‘Low-Risk’ CASPs

ESMA clarifies that all CASPs are considered high-risk, especially given their direct interactions with retail investors and their relatively short track record in regulatory compliance. Key risk factors that will trigger enhanced scrutiny include:

• Size of the CASP – Entities with over 1,000,000 yearly active users or a balance sheet of €3 billion face heightened supervision

• Complex corporate structures – If a CASP operates within a broader financial group, especially one spanning multiple regulatory frameworks (e.g., MiFID, EMI), National Competent Authorities (NCAs) will demand robust governance mechanisms

• Cross-border operations – CASPs with more than 200,000 yearly active users outside their home country will be subject to closer oversight, ensuring that local NCAs can coordinate effectively with regulators in other jurisdictions

• Business model complexity – Firms offering multiple crypto services (e.g., trading, custody, issuance) will need to demonstrate strong risk management frameworks

2. Substance and Governance Requirements

NCAs will assess whether a CASP has sufficient local autonomy and decision-making power within its home

jurisdiction. The key expectations include:

• On-the-ground presence – At least one (1) executive board member must be resident in the country where authorisation is granted

• Internal governance standards – CASPs must maintain independent risk, compliance, and audit functions, ensuring they are not unduly influenced by parent companies

• Limits on outsourcing – Excessive delegation of key functions, particularly to entities outside the EU, could lead to application rejection

3. Outsourcing Restrictions and DORA Compliance

Outsourcing of critical functions—such as compliance, risk management, or custody services—will be closely monitored. Under the Digital Operational Resilience Act (DORA), NCAs will assess third-party ICT risks to ensure crypto firms retain full control over essential operations.

Key takeaways:

• Outsourcing should not lead to "letter-box entities"

• AML compliance functions cannot be outsourced

• Firms must demonstrate effective oversight of all outsourced activities

4. Fit and Proper Assessment of Management

ESMA places stringent requirements on CASP executives and board members, focusing on:

• Regulatory history – Prior violations (even outside the EU) could trigger higher scrutiny

• Management experience – While crypto native expertise is valuable, firms should also have leadership with regulated finance experience

• Ongoing criminal proceedings – Even unresolved investigations may impact eligibility

5. Business Plan and Financial Viability

Prospective CASPs must submit realistic three-year business plans, including contingency measures in case of financial underperformance.

Projections should be:

• Data-driven, not overly optimistic

• Designed for continuous regulatory oversight

• Aligned with MiCA compliance obligations

6. Notifications and Registration Transparency

To prevent regulatory arbitrage, NCAs will require:

• Publicly accessible CASP registers detailing the scope of authorised services

• Timely notification of incomplete applications, with firms being required to withdraw and reapply if deficiencies persist

How PCV LLC can assist you?

Navigating CASP authorisation under MiCA is complex, requiring a strategic approach to risk management, governance, and compliance.

At PCV LLC, our expert team provides:

• Regulatory advisory for MiCA compliance

• Corporate structuring to meet ESMA’s governance and substance requirements

• AML & risk management framework development tailored to CASPs

• Ongoing legal support post-authorisation, ensuring compliance with evolving regulations

With MiCA’s enforcement rapidly approaching, proactive preparation is essential. Contact us today at info@pelaghiaslaw.com to ensure your CASP is on the path to compliance and success in the European market.