MiCA Developments: June 2025
- James Ross
- Jun 29
- 12 min read
Executive Summary
June 2025 signifies a crucial phase in implementing the European Union's Markets (MiCA) regulation, with the approval of several delegated regulations and essential guidance from the EBA. These developments collectively impose strict, bank-like standards on crypto-asset service providers (CASPs) and token issuers, substantially affecting their business models. in Crypto-Asset
The most transformative changes stem from new rules on Conflicts of Interest that directly challenge the prevalent vertically integrated business models in the cryptocurrency industry. These rules require the internal separation of conflicting activities, the mandatory professionalisation of compliance, and trading. This will necessitate a fundamental reevaluation of operational strategies and may lead to market specialisation. CASPs, which di strict controls over employee t
Authorisation requirements for Asset-Referenced Token (ART) issuers introduce an exceptionally rigorous application process, demanding extensive disclosures on business models, financial health, governance, and personnel suitability. This significantly raises the bar for market entry, requiring substantial investment in compliance and robust financial planning.
Further strengthening governance, Liquidity Management policies for ARTs and EMTs mandate sophisticated, bank-like liquidity risk management frameworks, including proactive stress testing and asset segregation, which drive up operational costs and demand board-level accountability.
Comprehensive Crypto-Asset Service Records will require investments in IT infrastructure for standardised data collection (including LEIs and DTIs), leading to increased operational costs and unprecedented supervisory scrutiny, effectively ending unregulated data practices.
Finally, the EBA's Opinion on PSD2 and MiCA overlap clarifies the "dual authorisation" challenge for Electronic Money Token (EMT) services, compelling CASPs to obtain Payment Institution licenses by March 2026 if they handle EMT transfers or custody, leading to cumulative capital requirements and mandatory Strong Customer Authentication (SCA) implementation.
1. Commission Delegated Regulation (EU) 2025/1142 on Conflicts of Interest Policies for Crypto-Asset Service Providers (CASPs)
This Delegated Regulation, supplementing the main Markets in Crypto-Assets (MiCA) Regulation, establishes a detailed and legally binding framework for how all Crypto-Asset Service Providers (CASPs)—such as exchanges, brokers, custodians, and advisors—must identify, prevent, manage, and disclose conflicts of interest. The regulation’s primary goal is to protect clients and ensure market integrity by addressing the wide range of conflicts inherent in the provision of crypto-asset services.
Key Requirements and Scope:
Every CASP must establish a formal, written conflicts of interest policy proportionate to the scale and nature of its services. The management body is directly responsible for its adoption, implementation, and regular review.
Identification of Conflicts: CASPs must identify all actual or potential conflicts that could harm the interests of a client or the CASP itself. Explicit risks highlighted include those arising from combined business functions (e.g., trading platform + proprietary trading), remuneration structures, personal transactions of connected persons, inducements, placing services, and group structures.
Prevention and Management Procedures: The policy must include specific measures to address identified conflicts, such as information barriers between departments, separate supervision of conflicting functions, remuneration controls to remove links between conflicting activities, strict rules for personal trading of connected persons, and the appointment of an independent conflict management function reporting directly to the management body.
Disclosure as a Last Resort: While CASPs must disclose conflicts to their clients, the regulation explicitly states that disclosure alone is insufficient as a mitigation strategy. It is a measure of last resort, to be used only when the firm’s organisational and administrative arrangements are not adequate to prevent a conflict from damaging a client's interests. Disclosures must be detailed, specific, precise, kept up to date, displayed prominently on the CASP's website, and provided in all languages used for marketing services.
Firm Implications:
This regulation imposes the rigorous governance standards of traditional finance onto the crypto services industry, fundamentally challenging some of its most common business models.
Direct Challenge to the Vertically Integrated Model: This is the most significant implication. The standard crypto exchange model—where a single entity acts as the platform, broker, custodian, market maker, and sometimes even trades on its behalf—comes under direct regulatory scrutiny. CASPs must now implement strict internal separations (information barriers, separate management) that functionally "unbundle" these conflicting activities. Failure to do so would make it impossible to manage conflicts in line with the rules.
Professionalisation of Compliance: CASPs can no longer treat compliance as a secondary function. They are legally required to build a professionalised governance structure with an "independent compliance function that has absolute authority, adequate resources, and a direct line to the board." This necessitates significant investment in experienced personnel and sophisticated monitoring systems.
End of Unregulated Employee Trading: The rules on personal account dealing mean the days of employees freely trading on their own or other platforms are over. CASPs must implement strict monitoring, pre-clearance, and reporting systems for employee trading, similar to those at investment banks. This represents a major cultural shift for the industry.
Business Model Reassessment: The high cost and complexity of managing these conflicts may force CASPs to rethink their strategies. Some may choose to specialise in specific services (e.g., pure custody or execution-only brokerage) rather than offering a complete, integrated suite, as the latter now carries a much heavier regulatory and operational burden.
For Clients and the Market: Clients gain robust new protections against practices such as platforms trading against them or front-running orders. This fosters unprecedented transparency and forces the maturity of the EU crypto market, effectively outlawing "casino"-style operating models.
2. European Commission Adopts Delegated Regulation on RTS on Authorisation for Issuers of ARTs under MiCA
The European Commission has adopted a Delegated Regulation (EU) C(2025) 3221 final, specifying the detailed information required for an application for authorisation to offer Asset-Referenced Tokens (ARTs) to the public or to seek their admission to trading in the EU. This regulation, developed by the EBA in collaboration with ESMA and the ECB, outlines comprehensive information for legal entities (excluding credit institutions) applying to issue ARTs.
Key Information Areas Required:
Applicants must provide comprehensive information across several domains:
Applicant Issuer Identification: Full legal name, trading name, Legal Entity Identifier (LEI), legal form, incorporation details, and contact information.
Programme of Operations (Business Model, Strategy, and Risk Profile): Main features of the ART (name, type, issuance mechanism, DLT protocol), details of other tokens/activities, group overview, business environment analysis, overall business strategy, and comprehensive risk assessment (business, operational, ICT, cybersecurity, financial, ML/TF, third-party).
Financial Information on the Business Plan: Three-year financial forecasts (balance sheets, profit/loss, cash flow) under baseline and stress scenarios, credible planning assumptions, own funds requirements calculations, capital evidence, forecast reserve calculations, and past financial statements.
Internal Governance Arrangements and Structural Organisation: Organisational chart, management body terms, human and technical resources, data reporting procedures, policies (including code of conduct, complaints, and conflicts of interest), disclosure procedures, and details of critical outsourced functions.
Internal Control Framework: Description of internal compliance, risk management, and internal audit functions; risk management systems, ICT systems (DORA compliance), business continuity plan, details for proprietary DLTs, and AML/CTF compliance assessment.
Liquidity Management, Reserve of Assets, and Redemption Rights: Comprehensive framework for reserve constitution, composition, management, and segregation; stabilisation mechanism, external audit details for the reserve, custody and investment policies, third-party arrangements for reserve, redemption rights policies, and recovery/redemption plans.
Suitability of Management Body: Personal details, CVs (emphasising financial services, crypto, DLT, IT, cybersecurity, and digital innovation), personal history (including criminal record and penalties), conflicts of interest, time commitment, and the issuer's suitability assessment.
Shareholders with Qualifying Holdings: Holding structure chart, identity and reputation for each shareholder, appointed management body members, holding details (number, type, value), and financial information.
Firm Implications:
This Delegated Regulation significantly raises the bar for market entry for ART issuers in the EU, requiring a level of institutional maturity, transparency, and operational resilience comparable to that of traditional financial institutions.
Highly Detailed Application Process and Increased Compliance Burden: Firms must prepare for an exceptionally rigorous and detailed application process, which requires extensive disclosures and a substantial increase in compliance burden. This necessitates investment in sophisticated IT infrastructure, as well as expertise in legal, compliance, economic, and technological fields.
Enhanced Due Diligence on Personnel and Shareholders: The regulation requires in-depth background checks on members of the management body and significant shareholders, including verification of their criminal records, professional history, and potential conflicts of interest. This means firms must conduct thorough due diligence before proposing individuals for these roles.
Robust Financial Planning and Stress Testing: Firms must present credible three-year financial forecasts, including stress scenarios, to demonstrate economic viability and ability to meet prudential requirements. This necessitates sophisticated financial modelling capabilities.
Transparency and Accountability for Reserve Assets: Clear and detailed policies are required for the composition, management, segregation, custody, and investment of the reserve assets backing the ARTs. Firms must also commit to regular independent audits of these reserves.
Strong Governance and Internal Controls: Emphasis is placed on robust internal governance arrangements, clear organisational structures, independent internal control functions (including compliance, risk management, and internal audit), and effective complaint handling mechanisms.
Importance of Third-Party Vendor Management: If firms rely on third-party service providers for critical functions (e.g., DLT operation, reserve asset custody, distribution), they must provide extensive details on these arrangements, including rationale, oversight, and business continuity plans.
EU Establishment Requirement: The regulation clarifies that only legal persons or undertakings established in the European Union (EU) are eligible to apply for authorisation. This means non-EU firms wishing to offer ARTs in the EU must establish a legal entity within the EU.
3. Delegated Regulation on RTS on Liquidity Management Policy and Procedures for ARTs and EMTs
The European Commission adopted a Delegated Regulation specifying the minimum contents of liquidity management policies and procedures for issuers of Asset-Referenced Tokens (ARTs) and E-Money Tokens (EMTs). This primarily targets significant issuers but can extend to non-significant ones by competent authorities. The core objective is to ensure issuers can meet redemption requests, even under stress conditions.
Key Requirements:
Robust Policies and Procedures: Issuers must establish comprehensive strategies for identifying, measuring, managing, and monitoring liquidity risk across various time horizons. These policies require approval from the management body and the setting of risk tolerance for each token.
Maintenance of Reserve Assets: Adequate levels of liquid reserve assets must be maintained to meet redemption requests at all times, with ongoing monitoring of market value, creditworthiness, and concentration risk.
Overcollateralisation: An assessment of overcollateralisation is required, particularly for volatile referenced assets or those not part of the reserve, to ensure stability of reserve value.
Intra-day Liquidity Management: Robust management of intra-day liquidity risk is mandated, including identifying needs and having processes to meet them.
Contingency Planning and Early Warning Indicators: Issuers must develop a liquidity contingency plan with calibrated early warning signals. This includes monitoring for maximum deviations between the market value of the token, the reserve assets, and the referenced assets to anticipate large-scale redemptions.
Liquidity Stress Testing: The policy must include detailed procedures for regular liquidity stress tests, covering risks, parameters, scenarios (including reverse stress testing), and documented outcomes with remedial actions.
Segregation of Policies: Liquidity management policies must be established and applied separately for each ART or EMT issued, and they must be kept separate from other business activities.
Custodian Management: Regular monitoring of custodians and internal limits is necessary to mitigate concentration risk associated with any single custodian.
Firm Implications:
This regulation imposes a sophisticated, "bank-like" liquidity risk management framework on ART and EMT issuers, with significant operational consequences.
Mandatory Sophistication in Risk Management: Issuers can no longer rely on simple liquidity management. They must implement a dynamic, data-driven framework comparable to the Internal Liquidity Adequacy Assessment Process (ILAAP) used by banks. This requires significant investment in expertise, systems, and processes.
Board-Level Accountability: The requirement for the management body to approve policies and set risk tolerance levels places direct, auditable responsibility on senior leadership for liquidity adequacy.
Proactive Stress Testing as a Core Function: Liquidity stress testing is not a periodic, check-the-box exercise. It must be a regular, ongoing process, including reverse stress testing, with results directly feeding back into and modifying the firm's contingency plans and risk limits.
Increased Operational Costs: The need for constant monitoring of asset values, custodian concentration, and early warning indicators, as well as the potential need for overcollateralisation, will increase operational complexity and costs.
No One-Size-Fits-All Approach: The requirement to have separate, tailored liquidity policies for each token issued means firms with multiple offerings face a significant compliance multiplier. Each policy must be individually justified and maintained.
Heightened Supervisory Scrutiny: The detailed documentation required for stress testing (parameters, assumptions, outcomes) provides supervisors with a powerful tool to scrutinise an issuer's resilience and to mandate stronger liquidity requirements if they deem the internal models or assumptions inadequate.
4. Commission Delegated Regulation (EU) 2025/1140 on Standards for Crypto-Asset Service Records
This Delegated Regulation supplements MiCA by establishing detailed and uniform rules for Crypto-Asset Service Providers (CASPs) on the records they must keep for all their services, activities, orders, and transactions. The overarching goal is to enable competent authorities to effectively supervise CASPs, enforce regulations, and monitor for market abuse.
Key Record-Keeping Requirements: CASPs must maintain comprehensive and
standardised records across three main categories:
General Business and Client Records (Annexe 1): Documentation of the entire operational and compliance framework, including policies, client agreements, safekeeping details, complaints handling, and outsourcing arrangements.
Granular Order and Transaction Records (Annexes 2 & 3): Precise details for every order and transaction in a standardised format, including party identification (client, decision-maker, executor), crypto-asset identification, trade details (time to microsecond UTC, quantity, price, order type), and transmission data.
On-Chain Data (Annexe 4): Capture and link specific on-chain data to off-chain transactional records, including transaction hash, buyer/seller wallet addresses, smart contract addresses, and network fees.
Standardisation and Identification:
Strict identification standards are imposed for consistency across the EU:
Legal Entities (Clients & CASPs): Must be identified with a Legal Entity Identifier (LEI) (ISO 17442). CASPs must ensure clients have an LEI.
Natural Persons (Clients and Traders): Must be identified by a unique code that combines their country of nationality's ISO code with a specified national identifier (e.g., national ID card, passport).
Crypto-Assets: Must be identified using a Digital Token Identifier (DTI) (ISO 24165) or ESMA-approved equivalent.
Algorithms: Trading and execution algorithms must be assigned unique identifiers.
Data Retention and Accessibility:
Records must be retained for a minimum of five years, and up to seven years if requested by a competent authority. They must be stored in a secure, immutable, and easily accessible medium for regulators.
Firm Implications: This regulation marks a significant step in formalising the operational and compliance landscape for the crypto industry.
Compliance and Operational Lift: It imposes an enormous compliance and operational burden, requiring CASPs to invest heavily in sophisticated IT infrastructure and data governance frameworks to build structured databases that conform to dozens of specific fields and formats. This represents a significant technical and financial challenge, especially for smaller entities.
Increased Operating Costs: The costs of implementing and maintaining these systems, managing vast amounts of data, training staff, and ensuring ongoing compliance (e.g., renewing LEIs for the firm and its clients) will be substantial. This could lead to market consolidation.
Shift in Client Onboarding: The requirement for CASPs to ensure their legal entity clients have an LEI will change client onboarding and lifecycle management processes, placing a direct data-gathering and administrative burden on the CASP.
Heightened Scrutiny and Liability: With such detailed records, CASPs are under a microscope. Any failure to comply or data indicating market abuse can be easily identified, significantly increasing accountability.
End of the "Wild West": The rules force a convergence with traditional finance (TradFi) standards, eliminating regulatory arbitrage for EU-based firms.
For Regulators and Market Supervision: Dramatically enhanced supervisory capabilities and effective market abuse detection due to standardised, data-driven insights.
For the Broader Crypto-Asset Market: Increased institutionalisation and trust, harmonisation within the EU, and pressure on anonymity by linking on-chain data to identified off-chain entities.
5. EBA Opinion on PSD2 and MiCA Overlap
The EBA issued an opinion addressing the regulatory conflict and uncertainty arising from the overlap between MiCA and the Payment Services Directive 2 (PSD2), specifically concerning Electronic Money Tokens (EMTs). The core issue is that EMTs are considered both "crypto-assets" under MiCA and "electronic money/funds" under PSD2, potentially forcing Crypto-Asset Service Providers (CASPs) to seek burdensome "dual authorisation."
Two-Pronged Solution:
Short-Term Guidance (for National Competent Authorities - NCAs) until PSD3/PSR is Adopted:
PSD2 License Required For:
Transferring EMTs on behalf of clients.
Custody and administration of EMTs where the wallet allows transfers to and from third parties (considered a "payment account").
PSD2 License NOT Required For:
Exchange of crypto-assets for funds or other crypto-assets where the CASP uses its capital.
Intermediating the purchase of any crypto-asset using EMTs.
Supervisory Priorities & Forbearance: NCAs must prioritise the enforcement of Strong Customer Authentication (SCA) for wallet access and transfers, as well as cumulative funds requirements and fraud reporting. They are advised not to prioritise complex PSD2 rules related to Open Banking, safeguarding (as MiCA's rules apply), unique identifiers, and specific information disclosures that are technically challenging.
Transition Period: CASPs have until March 1, 2026, to obtain the necessary PSD2 authorisation.
Long-Term Legislative Advice (for EU Lawmakers):
Preferred Solution: The EBA strongly recommends amending MiCA to incorporate key payment-related protections from the upcoming PSD3/PSR. This would create a single, comprehensive regulatory framework for EMT services under MiCA, eliminating the need for a separate payment license.
Rejected Solution: The EBA firmly opposes excluding EMTs from payment regulations solely, as this would create an unlevel playing field and expose consumers to undue risk.
Firm Implications for Stakeholders:
For Crypto-Asset Service Providers (CASPs): Mandatory action is required to assess if EMT-related services qualify as payment services. If so, CASPs have until March 1, 2026, to obtain a Payment Institution (PI) license under PSD2 or partner with a licensed provider. Prepare for Cumulative Capital Requirements, meaning holding capital satisfying both MiCA and PSD2, potentially increasing capital needs (e.g., an entity could require a minimum of €250,000 (€125,000 under MiCA + €125,000 under PSD2)). Implementing Strong Customer Authentication (SCA) by the deadline is a top priority for compliance. CASPs gain temporary operational relief from certain challenging aspects of PSD2, such as Open Banking API access.
For Banks and Traditional Payment Service Providers (PSPs), this creates partnership opportunities with CASPs and ensures a level playing field in the long term.
For Consumers: Enhanced security through mandatory SCA will reduce fraud risk. While greater clarity and trust are fostered, short-term protection gaps remain in areas such as fee transparency and liability for incorrect transfers.
Conclusion:
These June 2025 MiCA developments together mark a significant change in the European Union's regulatory framework for crypto-assets. The delegated regulations on conflicts of interest and authorisation for ARTs, in particular, will require a fundamental review of business models, governance structures, and operational processes for many firms. While these changes impose considerable compliance, operational, and financial burdens, they are aimed at fostering the realisation and maturity of the EU crypto market, ultimately seeking to improve consumer protection, market integrity, and institutional trust. Firms must proactively adjust to these strict requirements to stay competitive and compliant in the evolving regulatory landscape.
Comments