ESMA Targets Crypto Custody Risks in Post-MiCA Regulatory Crackdown
The European Securities and Markets Authority (ESMA) is taking a closer look at crypto custody risks, following the transition of the Markets in Crypto-Assets (MiCA) framework. The regulator will conduct a common supervisory action (CSA) focused on the operational resilience of crypto-asset service providers (CASPs), with a specific emphasis on custody services.
The CSA will assess the maturity of CASPs' digital operational resilience frameworks in relation to custody activities, including key and storage management, governance structures, transaction controls, incident detection and response, and dependencies on external service providers. National competent authorities (NCAs) across the EU will conduct the reviews, examining a risk-based sample of authorized CASPs.
The supervisory action comes shortly after the end of MiCA's transition phase on July 1. ESMA said the reviews will run from now through the first half of 2027, with regulators examining how companies handle custody-related operational risks. The regulator will later consolidate the findings into a final report to be submitted to its Board of Supervisors after the exercise concludes in the second half of 2027.




