15 February 2023

The Regime For Crypto-asset Service Providers Under The Markets In Crypto-Assets Regulation

Ganado Advocates


Ganado Advocates is a leading commercial law firm with a particular focus on the corporate, financial services and maritime/aviation sectors, predominantly servicing international clients doing business through Malta. The firm also promotes other areas such as tax, pensions, intellectual property, employment and litigation.
The Markets in Crypto-Assets Regulation (MiCA or the Regulation) will introduce the first European framework for crypto-assets. The regime covers three main types of crypto-assets, namely asset-referenced tokens (ARTs),...
Malta Technology
To print this article, all you need is to be registered or login on


The Markets in Crypto-Assets Regulation (MiCA or the Regulation) will introduce the first European framework for crypto-assets. The regime covers three main types of crypto-assets, namely asset-referenced tokens (ARTs), e-money tokens (EMTs) and other crypto-assets (a catch-all category for tokens that are not ARTs or EMTs).

Among other matters, MiCA sets the scene for Europe to become an attractive base for crypto-asset service providers (CASPs) to undertake business globally. Owing to the EU taking the regulation route, rather than enacting a directive, MiCA will be directly applicable across all EU Member States – including Malta – without the need of further implementation at a national level. The Malta Financial Services Authority (MFSA) is already working to bridge the gap between the homegrown VFA Act (Chapter 590 of the laws of Malta) and MiCA. The objective is to grant Maltese CASPs a competitive edge by ensuring an immediate and seamless transition to MiCA, once the VFA Act is repealed.

The Framework for CASPs

A CASP intending to provide crypto-asset services to EU customers will require prior authorisation by the competent authority in its (home) EU Member State.

The list of crypto-asset services under MiCA is inspired by the MiFID II regime (Directive 2014/65/EU), which also served as a blueprint for the VFA Act. Authorisation under MiCA is required if a CASP provides any one or more of the following services in respect of crypto-assets to EU-based clients:

  1. custody and administration services,
  2. the operation of a trading platform in respect of crypto-assets,
  3. the exchange of crypto-assets for funds/crypto-assets for other crypto-assets,
  4. the execution of orders on behalf of third parties,
  5. placement services,
  6. transferring crypto-assets from one address or account to another address or account,
  7. the reception and transmission of orders,
  8. investment advice, and
  9. portfolio management services.

The differences between the services under MiCA and the VFA Act are minimal. Both legislative frameworks cater for the same activities, yet the MiCA definition of dealing on own account, while retaining the same scope as the local definition, is divided into two separate services depending on whether the exchange will be between crypto-assets or between fiat currencies and crypto-assets.

The licence classifications under MiCA also vary slightly from the VFA Act. Unlike the four classes under the local regime, the types of ‘passportable' activities under MiCA are divided into three classes whereby trading on own account and the operation of trading platform are grouped under one licence label.

MiCA prescribes rules for CASPs including governance, capital, insurance and transparency requirements. It is striking how EU legislators, notwithstanding that crypto-assets are often regarded as a riskier asset class than traditional financial instruments (whether in terms of transparency, money laundering, or market volatility) have opted for a €150,000 minimum capital requirement for the major CASP players – when compared to the €750,000 minimum capital requirement which is applicable under MIFID II for the provision of similar service types (i.e. dealing on own account and operating a trading platform).

A key feature of MiCA is that authorisation by the home regulator will allow “passporting” across the EU, either via a physical branch or on a cross-border basis. Accordingly, if a CASP is licensed by the MFSA, the authorisation in Malta will be valid across all EU Member States without any additional authorisation requirements.

MiCA is clear that it applies to crypto-assets as defined therein – and not to assets falling within existing EU financial services legislation, such as financial instruments covered by MiFID II, deposits, structured deposits, funds under PSD II, insurance or pension products. Non-fungible tokens and decentralised finance (DeFI) are also excluded from MiCA.

Reverse Solicitation

The concept of reverse solicitation also features in MiCA. Authorisation will not be necessary if: (i) a non-EU firm provides a crypto-asset service at the “own exclusive initiative” of an EU customer; and (ii) the crypto-asset service is limited exclusively to the service requested by the client. In other words, the request must not be in response to advertising or marketing. The European Securities and Markets Authority is expected to issue more detailed guidelines shortly.

Firms Already Authorised under other Legislation

There are certain classes of firms, which are already licensed under their respective regulatory regimes, that may provide crypto-asset services without authorisation under MiCA. These firms include, amongst others, MiFID investment firms, alternative investment fund managers, UCITS management companies, credit institutions and e-money institutions.

This is encouraging news for firms in Malta that may fall within the scope of MiCA. For instance, MiFID investment firms may, without authorisation under MiCA, provide crypto-asset services deemed to be equivalent to the MiFID activities for which they are already authorised. In each case, firms should plan in advance. The MFSA will need to be notified and provided with the required information at least forty working days before the service is provided for the first time. The principal documents would include: (a) the programme of operations, (b) a description of the governance, IT and risk arrangements, and (c) the business continuity plan.

MiCA – The Trendsetter?

The effective date of MiCA is fast approaching. The trickiest part is understanding whether your business with EU customers will be impacted by the Regulation. This will allow you to determine whether a new licence is required, you may rely on an existing licence subject to certain conditions, or fall out of scope entirely.

The EU  Parliament's plenary vote on MiCA should take place in April 2023. If the vote proceeds, MiCA should enter full force after a transitional period of 12 months for stablecoin issuers (Q2 2024) and after 18 months for CASPs (Q4 2024). The collapse of FTX last November has sparked serious debate for regulatory intervention across the crypto world, and MiCA may well become the blueprint for crypto regulation globally.

This article was first published in the Times of Malta (13 February 2023).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More