On December 30, 2024, the EU Crypto-Asset Market Regulation Act (hereinafter referred to as the "MiCA Act") officially came into effect, marking a new era for the European crypto-asset compliance framework. In our previous series of articles, we have introduced the key definitions of the MiCA Act. Interested readers can click on "Interpreting the EU MiCA Act, How to Comply with Virtual Currency Custody Services? 丨Mankiw Web3 Law Popularization" to view it. For the majority of Web3 practitioners, especially those interested in the European market, how should they respond after the MiCA Act comes into effect? Today, Attorney Mankiw will take you to find out.
Who must comply with MiCA?
Article 2 of the MiCA Act defines the scope of application of the Act as natural persons, legal persons and other enterprises engaged in the following activities within the EU :
1. Issuance: Create new crypto assets.
2. Offer to the Public: Offer crypto assets to the public for subscription.
3. Admission to Trading: Allowing crypto assets to be listed and traded on trading platforms (such as crypto asset exchanges).
4. Provide Services Related to Crypto-Assets: This involves various services provided for crypto-assets, including custody, buying and selling matching, transaction execution, wallet management, etc.
The MiCA Act basically covers all activities related to crypto assets. In short, any entity that wishes to conduct crypto asset-related activities within the EU may fall within the scope of the MiCA Act. We have already sorted out the scope of 10 different crypto asset-related service businesses in previous articles. Readers can click on " Web3 Interpretation | One article explains why Web3 companies need EU MiCA and Dubai VARA licenses " to read.
It is worth noting that regardless of where a virtual asset service provider (CASP) is registered or established, as long as its services involve serving European interests, it may fall within the scope of MiCA regulation.
Who will enforce the MiCA Act?
According to relevant EU regulations, MiCA's implementation bodies are divided into the EU level and the member state level:
1. EU level
There are two main regulators responsible for the enforcement of MiCA: the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA).
ESMA is the regulator of the EU financial markets. Its role is similar to that of China's Securities Regulatory Commission . According to the Financial Times, "ESMA hopes to expand its power to regulate major stock exchanges and other key parts of the EU's financial infrastructure, striving to become the European version of the US Securities and Exchange Commission (SEC)." In the foreseeable future, ESMA will play a more important role in the European financial market.
EBA is the European Union's banking regulator. Its role is similar to that of China's former China Banking Regulatory Commission . It sets unified regulatory standards for the European banking industry.
The differences between ESMA and EBA are as follows:
Different areas of supervision: EBA is mainly responsible for the supervision of the banking industry, while ESMA is responsible for the supervision of the securities market.
Different functional focuses: EBA focuses more on bank operations and depositor protection, while ESMA focuses on investor protection and the orderly operation of the market.
2. Member State Level
Originally, each EU member state independently designated its own national agency to formulate regulatory policies and impose penalties on crypto assets within its jurisdiction. The names and scope of authority of the regulatory agencies in each EU member state are different. For example, Poland’s financial regulatory agency is called the Polish Financial Supervisory Authority (PFSA), and Malta’s is the Malta Financial Services Authority (MFSA).
The MiCA Act encourages regulators between EU member states to work together with EU institutions to improve the efficiency of the enforcement of the Act and closely monitor possible violations in the market. In the foreseeable future, the regulatory framework for crypto assets will be more unified and improved in the EU. So for Web3 practitioners who are planning or already doing business in the EU, what are the core points of the MiCA Act?
Key points of the MiCA Act
1. Unified framework, comprehensive compliance
If the license is compared to a passport, then the direct benefit of the MiCA Act is that Web3 practitioners can travel across Europe with a "Schengen visa".
In the past, the Web3 compliance systems of EU countries were independent of each other and could not form a unified regulatory framework. Now, MiCA has established a unified framework and standards for EU member states. In the foreseeable future, whether it is the issuer, operator or crypto asset service provider of virtual currency, it will reduce duplicate applications and improve compliance efficiency.
Compared with the different regulatory frameworks of various countries before, the MiCA Act is generally more detailed and imposes higher compliance requirements on Web3 businesses in Europe . As far as crypto asset service providers are concerned, MiCA has established comprehensive rules for them, covering everything from governance and capital requirements to custody and management. For example, to obtain authorization, CASPs must have at least one director based in the EU and have a registered office in the EU. In terms of marketing, special attention is paid to regulating false statements, complying with the rules of marketing communications and information activities , and conducting activities in a fair manner, otherwise, regulators will issue corresponding warnings and penalties.
2. Sufficient capital and stable value
In order to prevent the occurrence of systemic financial risks in the crypto market, MiCA has formulated special requirements for the issuance of stablecoins, stipulating that issuers must hold sufficient reserve assets to support the stability of their value to ensure the value stability of stablecoins.
Therefore, stablecoin issuers need to maintain sufficient capital and liquidity reserves to cope with potential market fluctuations and redemption needs; in particular, for stablecoin issuers, they need to ensure that there are sufficient reserves to support the issued tokens.
3. Fight crime and regulate the market
The MiCA Act focuses on and prevents possible illegal and criminal activities in the crypto market, such as insider trading and market manipulation . It also requires all crypto asset service providers to implement anti-money laundering (AML) and counter-terrorist financing (CTF) measures, including strict KYC procedures and transaction monitoring, to prevent criminals from engaging in illegal activities through the crypto market. Crypto asset service providers must implement strict customer due diligence (CDD) procedures, monitor suspicious transactions, and report to relevant authorities to prevent money laundering and terrorist financing activities.
Possible penalties for violating the MiCA Act
For Web3 practitioners, the most important thing is whether the project can be carried out normally . The reason for pursuing compliance is that the cost of non-compliance is high . After sorting out, attorney Mankiw summarized the penalties of the MiCA Act into the following four categories:
1. Warning
Warnings are warnings that remind practitioners of the importance of compliance. The EBA will issue a formal warning stating that an issuer has failed to comply with one or more of its obligations under the MiCA Regulation.
Nature: A warning is a formal administrative notice that serves as a formal administrative record indicating that the regulator has noticed a problem with the issuer.
Applicable situations: Usually used when the violation is relatively minor, or occurs for the first time, and the issuer shows a cooperative attitude to correct it. For example, it may involve untimely information disclosure, minor non-compliance in marketing communications, and minor defects in internal management processes.
Impact: A warning itself may not directly result in business disruption or financial loss, but it will have a negative impact on the issuer’s reputation and may lead to greater regulatory scrutiny. If an issuer fails to take timely corrective action after receiving a warning, it may face more severe penalties.
Example: ESMA warns an issuer that its published white paper lacks certain necessary disclosures and requires it to supplement it within a specified period.
2. Fines and daily penalties
Fines and daily penalties are both financial sanctions, and the differences between them are as follows:
In short, fines are retroactive , punishing past non-compliance, whereas periodic penalty payments are prospective , deterring continued or future non-compliance by imposing daily penalties until the obligation is met.
3. Suspension or prohibition of activities
Suspension or prohibition of activities is a more severe penalty than a warning and will have a direct impact on the issuer's business operations.
Suspending Activities: refers to temporarily prohibiting the issuer from carrying out one or more specific activities within a certain period of time. For example, suspending public issuance, suspending trading on the trading platform, suspending marketing activities, etc.
Time limit: There is usually a clear time limit, such as the "maximum single time limit of 30 consecutive working days" mentioned in Article 130.
Applicable situations: Usually used when the violation is serious or the issuer fails to effectively correct the problems pointed out in the previous warning. For example, it involves misleading publicity, failure to manage reserve assets in accordance with regulations, serious deficiencies in internal control, etc.
Impact: Suspension of activity can result in business disruption, loss of revenue, loss of customers, and significant damage to the issuer’s reputation.
Prohibiting Activities : refers to permanently prohibiting the issuer from conducting one or more specific activities. For example, permanently prohibiting the public issuance of a certain token, permanently prohibiting trading on a specific platform, etc.
Nature: This is a very severe penalty, which means that the issuer's business in this field will not be able to continue.
Applicable situations: Usually used when the violation is very serious, or the issuer has repeatedly violated regulations and refused to correct them. For example, it involves major illegal acts such as fraud, money laundering, or acts that seriously damage the interests of investors.
Impact: Prohibited activities will have a devastating impact on the issuer's business and increase the company's operating risks.
4. Delisting or revocation of license
Delisting or revocation of license is the most severe penalty under the MiCA Act.
Nature : It means that the regulator formally revokes the operating license obtained by the issuer under the MiCA Act, making it lose the qualification to provide relevant services in the EU.
When to use: Usually used when the most serious violations occur, such as:
Serious violation of the core provisions of the MiCA Act, causing significant damage to financial market stability or investor interests.
Providing false information to obtain a license.
Continuous and repeated violations of regulations that have not been corrected even after repeated warnings and penalties.
The company is insolvent or facing bankruptcy liquidation.
Impact: Revocation of authorization means that the issuer must immediately cease all relevant business in the EU and may face further legal action and penalties. This is a fatal blow to the issuer, not only leading to the complete termination of business, but also causing irreparable damage to its reputation and future development.
In summary, the four penalties constitute a multi-level penalty system for violations under the MiCA Act. Regulators can choose appropriate penalties based on the specific circumstances of the violations, or combine multiple measures to achieve the best regulatory effect. Of course, the four listed above are not exhaustive. For the disclosure of information under the MiCA Act and for Web3 practitioners, understanding these penalties will help better understand the compliance requirements of the MiCA Act and take necessary measures to avoid violations.
Continuous Compliance: The Future of MiCA
As far as Virtual Asset Service Providers (VASPs) are concerned, the MiCA Act reserves a grace period for practitioners who have registered before the Act takes effect to transition to the time limit specified in the MiCA Act. Each country is different. For example, in Poland, if a company is a registered VASP (old license), it will be allowed to provide services under the VASP license during the grace period until June 30, 2025 (estimated date).
However, for virtual asset service providers that have never applied for a VASP license, they must apply for a CASP license before starting operations.
Regardless of the length of the grace period stipulated by EU countries, the MiCA Act currently stipulates that all crypto asset service providers (CASPs) must complete their license applications by July 2026 .
Of course, the MiCA Act is not static. The regulator will submit a publicly available report to the European Parliament and the Council every year to report on the revision of regulations and the direction of regulatory changes based on market changes and the actual application of the Act. At that time, Mankiw will continue to follow up and provide Web3 practitioners with the latest and most comprehensive compliance guidelines in major crypto regions around the world.
▲Image source: ESMA
Attorney Mankiw's Summary
While MiCA introduces strict regulatory standards, it also creates opportunities for companies to expand into the European market and gain competitive advantages. By proactively meeting compliance requirements, Web3 practitioners can gain official endorsement and seize opportunities in the short term; in the long term , a more transparent and standardized business environment will also be conducive to the sustainable development of the project.
Mankiw & Co. has extensive practical experience and deep expertise in the Web3 field, especially in crypto asset compliance, international business development and cross-border legal support. We will not only continue to pay attention to the implementation of the MiCA Act, but also regularly publish in-depth compliance interpretations and practical guidance based on industry trends and customer needs to help customers grasp the latest policy changes.
By closely combining industry trends with legal expertise, Mankiw is committed to designing customized compliance solutions for clients, helping them to efficiently respond to regulatory challenges, seize market opportunities, and ultimately gain an advantage in the rapidly developing crypto asset market. Whether you are a crypto asset service provider or a token issuer, or other Web3 practitioner planning to conduct global business, we can provide you with comprehensive support from business layout to risk prevention and control, helping your business to achieve long-term development in the EU and around the world.
