MiCA is in force. EU CASPs need a fully documented AML programme before any NCA grants authorisation. We build that programme against MiCA Title VI and EBA CASP guidelines, and provide the KYC/ODD team and compliance support to operate it.
MiCA brings crypto asset service providers within the full EU AML framework. The AML obligations are not new concepts, but their application to crypto activities, on-chain assets and decentralised counterparties introduces requirements that standard AML programmes do not cover.
CASPs must appoint a designated AMLCO with specific responsibility for the AML/CFT programme. The AMLCO must have the authority, resources and access to carry out their function independently.
Full CDD for all customers, with EDD for high-risk individuals, PEPs and customers using privacy-enhancing technologies. Unhosted wallet attribution is a specific challenge for many CASPs.
CASPs must collect, verify and transmit originator and beneficiary information for crypto transfers above €1,000. This requires Travel Rule protocol implementation and counterparty VASP screening.
Monitoring of blockchain transactions for suspicious patterns: mixing, tumbling, high-risk jurisdiction exposure, darknet market associations and other typologies specific to crypto assets.
A documented risk assessment covering crypto-specific risk factors: asset types (privacy coins, tokens), customer types (DeFi users, institutional, retail), geographic exposure and service channels.
Suspicious transaction reporting to the relevant FIU, with documented escalation procedures and case decision trails. Many crypto STRs require blockchain analytics evidence to substantiate the suspicion.
A MiCA CASP application requires a documented, defensible AML programme before the NCA will grant authorisation. We build that programme from scratch against MiCA Title VI and EBA CASP guidelines, and provide the compliance team to operate it once registration is granted.
Full AML programme design against MiCA Title VI and EBA CASP guidelines. This is the core deliverable for any CASP application: the documented framework the NCA reviews before granting authorisation. Built from your specific CASP structure, asset types and customer base, not a generic template.
Crypto-specialised KYC and ODD analysts covering wallet screening using blockchain analytics tools, Travel Rule counterparty identification, EDD for high-risk crypto customers and ongoing monitoring of on-chain activity.
MiCA requires a designated AMLCO. Where your firm is appointing an in-house AMLCO, we support that appointment with programme documentation, onboarding and ongoing advisory. Where additional compliance capacity is needed, we can provide a deputy compliance officer or senior AML analyst to operate alongside your AMLCO.
Preparation of the AML component of your MiCA CASP registration application. This includes the full programme documentation the NCA requires, a gap assessment against the NCA's known review criteria, and briefing of your AMLCO on the examination process.
The MiCA text is uniform across the EU. The NCAs are not. MFSA Malta has different review timelines and documentation preferences from CySEC Cyprus or the Central Bank of Ireland. Our experience across these NCAs means we build AML programmes that match what each regulator actually looks for.
MFSA was an early adopter of crypto regulation under MiCA and has an established review process for CASP applications. Their AML review is thorough and focuses on programme documentation quality, AMLCO credentials and Travel Rule implementation evidence.
CySEC has moved to a risk-based approach under MiCA, with detailed expectations on customer risk scoring methodology and on-chain monitoring tool integration. AML programme quality is assessed against EBA CASP guidelines specifically.
CBI's MiCA CASP regime builds on their existing VASP registration framework. They place particular emphasis on the robustness of the AML programme documentation, the CDD framework for crypto customers, and the quality of SAR decision documentation.
BaFin applies a rigorous AML review standard under MiCA, consistent with their approach to licensed crypto custodians under the Kreditwesengesetz. German-language documentation may be required for some submission components.
The Bank of Lithuania has an established MiCA application process. The AML programme must be fully documented before submission. The Bank of Lithuania expects specific evidence of Travel Rule protocol selection and counterparty VASP screening procedures.
Estonia tightened its crypto AML requirements ahead of MiCA and the NCA is familiar with blockchain analytics evidence in AML case files. Their examination approach includes detailed review of TM alert disposition quality and unhosted wallet procedures.
We understand your CASP structure, target NCA, current AML state and timeline. Written proposal with scope and fixed or monthly fee within two business days.
Where the programme does not yet exist, we build it against MiCA and EBA CASP requirements. Where one exists, we gap-assess against NCA pre-registration criteria.
We mobilise the KYC/ODD team, support the AMLCO appointment and documentation, and structure the outsourcing arrangement. Travel Rule protocol selection and implementation supported in parallel.
We prepare the AML documentation for the NCA application, support through the authorisation process, and continue providing KYC/ODD team capacity and programme advisory as your CASP scales post-registration.
Can't find your answer? Contact us directly. We respond within one business day.
Yes. MiCA requires CASPs to designate an AML Compliance Officer with specific responsibility for the AML/CFT programme. The AMLCO must have adequate authority, resources and access to fulfil the role independently.
The AMLCO can be outsourced under EBA/GL/2021/05, provided the arrangement satisfies the standard outsourcing governance requirements: written outsourcing agreement, independent reporting line, EU data residency and documented oversight. Our compliance officer support engagements are structured to meet these conditions.
The Travel Rule (implemented by the EU Transfer of Funds Regulation 2023) requires CASPs to collect, verify and transmit originator and beneficiary information for crypto transfers above €1,000. For transfers to unhosted wallets, you must collect and verify the beneficial owner of the wallet above that threshold.
In practice this requires: selection and implementation of a Travel Rule protocol (such as TRISA, VerifyVASP or TRUST), counterparty VASP screening against a VASP registry, procedures for unhosted wallet attribution, and a policy for transfers where the counterparty VASP cannot be identified or is non-compliant.
A senior advisor with crypto compliance experience will assess your situation and come back with a clear proposal: what is needed, what it will cost, and how quickly it can be in place. No obligation.
EU-based KYC and ODD analyst teams for licensed fintechs and EMIs. Operational in two weeks. Fixed monthly rate, no placement fees.
View service →Interim, fractional and licence-stage compliance officer provision. Gap cover after departure, licence applications, Deputy compliance officer resilience.
View service →Independent AML effectiveness audit and programme design. Written findings, risk-rated recommendations. Fixed fee agreed before engagement starts.
View service →Risk classification, conformity assessment and cross-regulatory advisory for regulated institutions using AI in credit, insurance or HR screening decisions.
View service →