top of page
Search

ESMA Guidance on Segregating Regulated and Unregulated Crypto-Asset Services

Executive Summary


This briefing analyses the formal statement issued by the European Securities and Markets Authority (ESMA) on 1 July 11,2025, concerning Crypto-Asset Service Providers (CASPs) that offer both regulated and unregulated services. ESMA identifies a significant investor protection risk, termed the "halo effect," where a firm's authorised status under the Markets in Crypto-Assets Regulation (MiCA) may mislead clients into believing all its offerings are subject to MiCA's safeguards. To mitigate this, ESMA has mandated a series of prescriptive "Dos and Don'ts" requiring CASPs to establish an unambiguous demarcation between their regulated and unregulated activities. The guidance compels firms to ensure absolute transparency through enhanced disclosures, specific documentation, and precise separation in client interfaces, making it a critical compliance priority to prevent supervisory action.

1.0 Introduction and Scope


On 11 July 2025, the European Securities and Markets Authority (ESMA) issued a formal statement to Crypto-Asset Service Providers (CASPs) operating within the European Union. This guidance addresses the material risks of investor detriment when firms offer services both within and outside the scope of the Markets in Crypto-Assets Regulation (MiCA). The statement establishes clear supervisory expectations for ensuring a transparent and unambiguous demarcation between regulated and unregulated offerings, thereby preventing client confusion and the misattribution of regulatory protections.


2.0 Analysis of Key Investor Protection Risks


ESMA has identified a primary risk vector it terms the "halo effect." This phenomenon describes the potential for a CASP's authorised status under MiCA to create a misperception of comprehensive regulatory oversight. Clients may erroneously conclude that all services and products offered by the CASP, or its affiliated group entities, are subject to the full suite of MiCA's prudential and conduct-of-business requirements.


This misattribution of the regulatory perimeter exposes clients to significant risks, as they may not be aware that certain activities lack key MiCA safeguards, including but not limited to:


  • Conflict of Interest Management: Prescribed policies and procedures to identify and manage conflicts.

  • Complaints Handling: Access to formal and binding dispute resolution mechanisms.

  • Asset Safeguarding: Prudential requirements for the custody and segregation of client crypto-assets.

  • Supervisory Oversight: Continuous supervision and intervention powers held by National Competent Authorities (NCAs).


ESMA further notes the risk that firms may deliberately leverage their regulated status for promotional purposes, actively contributing to this ambiguity and increasing the potential for investor harm.


3.0 Prescriptive Mitigation Measures for CASPs


Under the overarching MiCA principle that CASPs must act honestly, fairly, and professionally in the best interests of their clients, ESMA has mandated a series of concrete actions. These "Dos and Don'ts" constitute a baseline for compliance and are intended to ensure all communications are fair, transparent, and not misleading.


3.1 Mandatory Actions (DOs)


  • Enhanced Disclosure Obligations: The regulatory status of each product/service must be explicitly and prominently disclosed at every stage of the client lifecycle, from marketing and onboarding to transaction execution.

  • Information Architecture: Firms must implement a clear structural separation of information on their websites and client interfaces, effectively segregating regulated activities from unregulated ones (e.g., via distinct, clearly labelled domains or sub-domains).

  • Documentation Specificity: Legal and client-facing documentation (e.g., Terms of Service, Risk Disclosures) must be differentiated to delineate the protections and risks applicable to each category of service.

  • Legal Entity Transparency: The specific legal entity providing each service, along with its corresponding legal and regulatory status, must be clearly and unambiguously communicated to the client.

  • Active Client Acknowledgement: For unregulated services, firms must implement mechanisms such as interstitial pop-up windows requiring affirmative client consent (i.e., a "check-the-box" action) to confirm their understanding of the service's unregulated nature before access is granted.

3.2 Prohibited Practices (DON'Ts)

  • Deceptive Terminology: Firms must not use language that implies or suggests an unregulated product is subject to regulatory supervision or approval.

  • Obfuscation of Disclosures: Key information regarding the unregulated status of a product must not be relegated to less prominent sections of legal documents, such as the general Terms and Conditions.

  • Improper Use of Regulatory Status: A CASP's authorisation by an NCA must not be used as a promotional tool in marketing communications related to unregulated activities.

  • Ambiguity of Service Provider: It must not be unclear which legal entity is providing the service or the specific risks associated with that service.

  • Interface Circumvention: Unregulated entities, including those within the same corporate group, are prohibited from offering services through the authorised CASP's client interface if such services are either regulated under MiCA (and the entity is not authorised) or otherwise fall outside the permissible scope of activities.


4.0 Conclusion and Compliance Implications


ESMA's statement signals a proactive supervisory stance aimed at preventing regulatory arbitrage and ensuring the intended protections of MiCA are not diluted. CASPs must undertake an immediate review of their business operations, client-facing interfaces, marketing collateral, and legal agreements to ensure full compliance with this guidance. This includes implementing robust internal controls and governance frameworks to enforce a strict and transparent separation between regulated and unregulated business lines. Failure to adhere to these principles will likely be a breach of the firm's obligation to act in the best interests of its clients, potentially attracting supervisory intervention from NCAs.


 
 
 

Comments

bottom of page