MiCA’s AML and CTF requirements: What crypto companies need to know

The MiCA regulation was adopted in the EU in May 2023, and the transition period will continue until July 2026. Here's what crypto companies need to know.

Gabriela Taranu

Content Manager
Two people sitting next to a window, in a brightly lit office.

As the EU’s MiCA regulation comes into effect, crypto companies will be required to fight money laundering and terrorist financing.

This article explores the fundamental AML (anti-money laundering) and CTF (counter-terrorism financing) obligations under MiCA and how they will impact businesses in the crypto space. 

What is MiCA?

The MiCA (Markets in Crypto-Assets) regulation is a framework established by the European Union to regulate crypto-assets.

The regulation aims to harmonise the regulatory framework and facilitate operations across the EU member states, promote consumer protection and safeguard the markets' integrity, specifically against market abuse and money laundering.

A crypto asset is a digital representation of value or rights that can be transferred and stored electronically using distributed ledger technology or similar technologies.

The regulation was adopted in May 2023, and the rules concerning e-money and asset-linked tokens have been enacted since June 2024.

The transition period for the MiCA regulation will continue until July 2026. After this date, all EU crypto asset service providers (CASPs) must comply with these regulations.

A comprehensive framework for crypto-asset markets is deemed necessary for several reasons, such as: 

  • Ensuring confidence in crypto assets; 
  • Promoting the development of a robust market for crypto assets; 
  • Creating opportunities for innovative digital services, alternative payment instruments, and new sources of financing for companies within the Union; 
  • Increasing legal certainty and ensuring that users of crypto assets are treated equally across member states; 
  • Preventing fragmented regulation and the resulting distorted competition. 

Who is affected by MiCA? 

The actors that MiCA aims to regulate are the following:  

  • Issuers of crypto assets: credit and e-money institutions that issue e-money tokens. 
  • Providers of crypto asset services: this category encompasses existing financial entities wishing to offer crypto-asset services and new providers, including: 
    • Custody and administration of crypto assets on behalf of clients. 
    • Operation of trading platforms for crypto assets. 
    • Exchanging crypto assets for traditional funds. 
    • Exchanging one crypto asset for another. 
    • Executing orders for crypto assets on behalf of clients. 
    • Placement of crypto assets. 
    • Receiving and transmitting orders for crypto assets on behalf of clients. 
    • Providing advice on crypto assets. 
    • Portfolio management of crypto assets. 
    • Providing crypto asset transfer services on behalf of clients. 
  • Persons dealing in crypto assets: This section addresses market abuse and includes both physical and juridical persons. It's important to note that physical persons are prohibited from providing crypto asset services or offering crypto assets to the public. Additionally, rules concerning market abuse are still in effect. 

How does MiCA affect the crypto asset service providers? 

With the implementation of the MiCA regulation, crypto companies will face stricter AML and CTF requirements.

These regulations require businesses to adopt comprehensive systems for collecting customer data and verifying customer identities (KYC), monitoring transactions for suspicious activity, and promptly reporting to authorities.

Key aspects include performing enhanced due diligence on high-risk customers, monitoring cross-border transactions, and maintaining detailed records of transactions for at least five years.

Crypto firms must also implement real-time transaction surveillance and ensure their platforms can detect and flag potential money laundering or terrorist financing activities.

Additionally, MiCA introduces tighter controls on crypto-to-fiat transactions, obligating firms to report suspicious activities and collaborate with financial intelligence units across the EU. Firms must also set up internal policies to train employees on AML and CTF risks.

By aligning with MiCA’s AML and CTF standards, crypto companies can enhance trust, mitigate fraud risks, and avoid hefty penalties for non-compliance. As the regulatory environment becomes more stringent, proactive compliance will be essential for businesses aiming to thrive in the evolving crypto market. 

How can companies prepare for the implementation of MiCA? 

Per Friberg, Senior Financial Crime Surveillance Officer at Trapets, notes that: 

“Since there's ongoing progress regarding the implementation of MiCA, it's important to stay informed and leverage the transition period to ensure early compliance with the regulations.”

Companies can already begin the authorisation process, as each EU country is allowed to set a transition period for firms already registered or authorised with its supervisory authority. 

In Sweden, for instance, companies already registered with the Swedish Financial Supervisory Authority (Finansinspektionen) need to apply for permission by September 30, 2025.