MiCA Regulation Requires Robust Compliance Functions

The MiCA regulation is designed to ensure that crypto-asset service providers (CASP) have robust compliance functions in place. However, many firms are struggling to meet the standard, which requires a collective approach to compliance rather than simply appointing individual officers.

To comply with the regulation, CASPs must demonstrate three key aspects: collective knowledge coverage, documented structural independence, and real institutional substance.

Collective knowledge coverage refers to the ability of the management body to cover traditional financial markets expertise, DLT and cybersecurity proficiency, and organizational governance capability. This means that the team should have a diverse range of skills and experience, rather than relying on individual specialists.

Documented structural independence is also essential, as each internal control function - including compliance, risk assessment, and internal audit - must have a named owner and direct reporting line to the management body. The firm's organizational chart should clearly demonstrate this structure.