ESMA Launches Review of Crypto Custodian Resilience Under MiCA
What Happened: ESMA Targets Crypto Custodian Resilience
The European Securities and Markets Authority (ESMA) has announced a comprehensive review of the operational resilience and governance frameworks of crypto custodians operating in the EU. This initiative, part of ESMA's broader mandate under the Markets in Crypto-Assets (MiCA) regulation, aims to assess how custodians manage risks, ensure business continuity, and maintain robust governance structures. The review comes as MiCA's full application approaches, with stablecoin rules already effective and crypto-asset service provider (CASP) requirements applying from December 2024.
Why It Matters: Strengthening Custody Standards
Crypto custodians are critical to the safe custody of digital assets, and recent market volatility has exposed vulnerabilities in operational practices. ESMA's review will focus on several key areas:
- Cybersecurity: Assessment of measures to protect against cyber threats and data breaches.
- Business continuity: Evaluation of disaster recovery and contingency planning to ensure uninterrupted services.
- Asset segregation: Verification that client assets are properly segregated from the custodian's own assets.
- Governance: Review of board oversight, risk management frameworks, and internal controls.
The findings could lead to stricter operational standards and additional guidance for crypto custodians, impacting firms that are either already authorized under MiCA or in the process of seeking authorization. ESMA may also issue recommendations to national competent authorities to harmonize enforcement across member states.
Parallel Developments: US Digital Asset Market Clarity Act
Across the Atlantic, the Digital Asset Market Clarity Act continues to advance, with a new merged draft expected soon from the Senate Banking and Agriculture Committees. The bill includes the Blockchain Regulatory Certainty Act (BRCA), which exempts certain software developers from being classified as money transmitters—a provision that has drawn criticism from law enforcement groups concerned about illicit finance. The White House is reportedly engaging stakeholders to address these objections, while the bill faces a tight timeline before the summer recess. Key sticking points include an ethics provision restricting senior officials' crypto ties and the need for 60 Senate votes.
What Organizations Should Do
For crypto firms operating in the EU or seeking MiCA authorization, ESMA's review signals that regulatory scrutiny on custody operations will intensify. Organizations should:
- Review current custody practices against MiCA requirements and emerging ESMA expectations.
- Strengthen cybersecurity and business continuity plans to demonstrate operational resilience.
- Ensure proper asset segregation and clear client asset protection policies.
- Enhance governance frameworks with board-level oversight of crypto custody risks.
In the U.S., firms should monitor the Digital Asset Market Clarity Act's progress and prepare for potential changes to money transmitter classifications and federal preemption rules.
Track Multi-Jurisdictional Crypto Regulations
Navigating overlapping regulatory regimes across the EU and U.S. requires robust compliance tools. AIGovHub's regulatory intelligence platform provides real-time alerts and guidance on MiCA, the Digital Asset Market Clarity Act, and other crypto regulations across 47+ jurisdictions. For AML compliance, RisksRadarAI offers AI-powered screening of crypto transactions against global sanctions lists and suspicious activity detection, helping firms meet both MiCA and FinCEN requirements.
This content is for informational purposes only and does not constitute legal advice.