The Regulation, which came fully into force on the 30th December 2024, introduces a standardised EU-wide approach to managing crypto-assets and their issuers, to ensure market integrity, investor protection, and financial stability. As businesses prepare to align with these new regulations, understanding the licensing procedure, obligations of license holders, and key timelines is crucial.

1. Who does MiCA apply to, and what specific obligations are imposed?

MiCA governs crypto-assets not covered by existing financial services legislation, such as security tokens or e-money tokens. It applies to all Issuers of Crypto-Assets and Crypto-Asset Service Providers. An Issuer of Crypto-Assets (‘Issuer’) is any legal entity that offers crypto-assets to the public or seeks admission of those assets to trading on a trading platform. A Crypto-Asset Service Provider (‘CASP’) is an entity that provides one or more of the following services:

• Custody and administration of crypto-assets for third parties.
• Operating a trading platform for crypto-assets.
• Exchanging crypto-assets for fiat currencies or other crypto-assets.
• Executing orders for crypto-assets on behalf of clients.
• Offering advice on crypto-assets.
• Providing crypto-asset portfolio management services.
• Issuing asset-referenced tokens (e.g., stablecoins).
• Transferring crypto-assets between accounts.

Certain activities and entities are excluded from MiCA’s scope, namely:

• Decentralised Finance (DeFi): MiCA does not currently regulate fully decentralized systems without identifiable intermediaries, though this may change in future updates.
• Central Bank Digital Currencies (CBDCs): These are outside the scope of MiCA and remain under the jurisdiction of central banks.
• Non-Fungible Tokens (NFTs): Unless they are structured to function as financial instruments, most NFTs are excluded from MiCA’s requirements.

2. Territorial Scope

MiCA compliance is mandatory for all CASPs, and Issuers (including stablecoin issuers), operating within the EU, including entities established outside the EU but offering crypto-related services to EU residents. It goes without saying that businesses already operating under national regulations must transition to MiCA requirements during the specified transitional periods.

3. Penalties for Non-Compliance

Failure to comply with MiCA can result in:

• Financial penalties of up to €5 million or 3% of annual global turnover.
• Suspension or revocation of operating licenses.
• Public notices of non-compliance to warn consumers and stakeholders.

4. Key Aspects of Regulation for Issuers under MiCA

Under MiCA, issuers of crypto-assets must adhere to comprehensive requirements to ensure transparency, stability, and consumer confidence. Issuers are required to obtain authorization from the relevant national competent authority before offering crypto-assets to the public or seeking admission to trading platforms, meeting eligibility criteria such as financial, organizational, and governance standards to demonstrate proper risk management and operational integrity. They must draft and publish a detailed whitepaper prior to launch, containing project objectives, associated risks, terms and conditions for buyers, and rights and obligations of token holders. This document must be approved by the relevant authority or, in certain cases, submitted as a notification. 

Issuers are also obligated to maintain sufficient financial resources to cover liabilities, with additional capital buffers required for certain operations. Consumer protection is a central theme which is emphasized through measures to prevent fraud, ensure transparency regarding risks and returns, and mechanisms for dispute resolution. 

Oversight is provided by the European Securities and Markets Authority (ESMA) for significant issuers, while smaller issuers fall under the supervision of national authorities. Overall, MiCA aims to ensure clear and accessible offerings, mitigate risks to financial stability, and protect consumers, while fostering confidence in the crypto-asset market.

5. Additional requirements for Stablecoins 

Stablecoins are digital assets designed to maintain a stable value, often pegged to fiat currencies or other assets, and are increasingly used for payments and value storage. These include Asset-Referenced Tokens (ARTs) (tokens pegged to a basket of assets, including commodities, currencies, or other values) and e-Money Tokens (tokens pegged directly to a single fiat currency (e.g. a euro or dollar). They are designed to function as electronic substitutes for fiat currencies. Under MiCA, issuers of stablecoins are included within the broader definition of "issuers of crypto-assets," but they are subject to additional and more stringent requirements due to their unique nature and potential systemic impact. In fact, the large-scale use of stablecoins could replicate or replace traditional payment systems, making them integral to the economy. Inadequate reserves or loss of confidence could trigger runs on stablecoins, destabilizing financial markets. By enforcing stricter oversight, MiCA ensures that stablecoins operate securely and transparently, maintaining trust in the financial system while fostering innovation in digital payments.

Additional requirements include maintaining reserves equivalent to issued tokens, guaranteeing redemption rights for token holders, and regularly disclosing reserve composition and risks. Issuers are subject to ongoing compliance, periodic reporting, and mandatory audits, particularly for stablecoin reserves. They are held liable for the accuracy of the whitepaper, with investors entitled to legal remedies in cases of misleading or incomplete information. 

 

6. Licensing Procedure Under MiCA

One of MiCA’s cornerstone principles is the requirement for CASPs and Issuers to obtain licenses to operate within the EU. The licensing procedure is designed to ensure transparency, accountability, and harmonised compliance across the Member States, enabling a more secure and reliable crypto-asset market.

6.1    Steps in the Licensing Process

6.1.1    Application Submission

• The issuer or service provider submits an application to the national competent authority in the EU member state where they intend to be based or primarily operate.
• The application must include detailed documentation, including a business plan, governance framework, financial resources, cybersecurity measures, and risk management policies.

6.1.2    Eligibility Criteria

• The applicant must demonstrate that they meet the financial requirements, including minimum capital requirements, sufficient capital to cover liabilities and maintain solvency.
• Governance standards must include a clear organizational structure, robust internal controls, and qualified management personnel.
• Risk management systems should address operational, market, and cybersecurity risks.

6.1.3    Whitepaper Approval (for Issuers)

• Issuers of crypto-assets are required to draft and submit a comprehensive whitepaper, detailing the project, associated risks and token holder rights.
• The competent authority reviews the whitepaper to ensure compliance with MiCA’s disclosure requirements.

6.1.4    Assessment by Competent Authority

• The national authority evaluates the application against MiCA’s standards, including the applicant’s operational integrity, financial health, and compliance framework.
• The review includes an assessment of the applicant’s ability to safeguard consumer interests and mitigate systemic risks.

6.1.5    Timeline and Outcomes

The licensing process duration may vary depending on the complexity of the application and the responsiveness of the applicant in addressing the competent authority’s inquiries.

6.2    Special Considerations for Stablecoin Issuers

As previously mentioned, Issuers of stablecoins are subject to additional licensing requirements. They must ensure

• Sufficient reserves to back the issued tokens.
• Redemption mechanisms for token holders.
• Enhanced disclosures and regular audits of their reserves.

7. Passporting Rights

A significant advantage of MiCA licensing is the ability to operate across all EU Member States without the need for additional national authorizations. Once licensed in one EU Member States, a CASP or Issuer can offer services throughout the single market without the need for separate authorizations in the other Member States.

This streamlined mechanism fosters a unified market, reduces regulatory burdens, and promotes cross-border activities in the crypto-asset industry. While entities must notify their home state authority of plans to operate in host states, no additional licensing is required. MiCA’s harmonized framework ensures consistent rules and supervision across member states, with the home state authority primarily responsible for compliance monitoring. 

By encouraging cross-border competition and innovation, passporting rights create a more integrated and accessible crypto-asset market across the EU.

8. Why choose to be licensed in Malta?

Malta was an early adopter of crypto-specific legislation, which originally came into force in 2018. Thus, Malta thus developed a robust ecosystem that supports blockchain innovation well before many EU Member States,. A strong community and networking opportunities with local and international events such as the Malta AI & Blockchain Summit attract global players, providing opportunities for partnerships and growth. 

The Maltese Government has demonstrated strong support for blockchain and cryptocurrency initiatives through grants and subsidies aimed at advancing research and development. Establishing a business in Malta is efficient and straightforward, thanks to streamlined processes for registration, licensing, and operations. Furthermore, Malta's position as an EU member state located in the Mediterranean provides businesses with access to European markets while serving as a gateway to North Africa and the Middle East.

• Malta has integrated MiCA into its legislative framework through key updates to existing laws as well as the enactment of new legislation, specifically the Markets in Crypto-Assets Act and the Markets in Crypto-Assets Act (Fees) Regulations, ensuring a smooth transition to the new EU-wide framework.
• Under MiCA and the updated Maltese framework, CASPs and Issuers can obtain a licence from the Malta Financial Services Authority (‘MFSA’). The Virtual Financial Assets (Amendment) Regulations have also come into force to amend the original legislative framework.

These regulations form part of the exercise being carried out locally to implement MiCA and provide for the manner in which the provisions of the original framework will cease to apply as the provisions of MiCA, the Markets in Crypto-Assets Act and any regulations and rules issued thereunder come into force. Malta thus provides a stable regulatory and holistic environment that offers clarity, certainty and experience to businesses in the crypto sector. 

The passporting rights afforded by MiCA allow an entity to operate across the EU once licensed in Malta, streamlining cross-border operations whilst benefitting from Malta’s corporate tax incentives which allow companies to benefit from an effective tax rate as low as five per cent (5%), through Malta's refund mechanism. Additionally, the country’s extensive network of over seventy (70) double-tax treaties minimizes tax burdens for international enterprises, making it a highly attractive jurisdiction for global crypto operations.

9. How BDO Can Help

The MiCA’s licensing process and compliance obligations requires a deep understanding of both EU-level regulations and local frameworks like Malta’s VFA Act. BDO offers end-to-end support tailored to the needs of crypto businesses:

• Strategic Guidance: We provide detailed assessments of how MiCA impacts a client’s business model and operational strategy;
• Licensing Support: We guide clients through every step of the MiCA licensing process, from application preparation to liaising with the MFSA;
• Compliance Audits: Our experts conduct detailed audits to identify gaps and ensure alignment with MiCA’s operational and governance standards;
• Whitepaper Drafting and Review: We assist in drafting compliant whitepapers that meet MiCA’s rigorous transparency requirements;
• Cross-Border Operations: With expertise in passporting rights, we help clients expand their services across the EU seamlessly;
• Training and Updates: We offer bespoke training sessions and regular updates to ensure a client stays informed about regulatory changes.

Conclusion

MiCA represents a transformative step for the European crypto market, bringing clarity and consistency to a rapidly evolving industry. With its structured licensing procedures and robust obligations, MiCA aims to foster innovation while safeguarding market integrity and investor trust. For businesses looking to thrive in this new regulatory environment, BDO is your trusted partner, offering expert guidance every step of the way. Contact us on legal@bdo.com.mt.


Get in touch