Skip to content

From the FinCrime Agent course

Want to do this for a living?

This is the kind of story financial-crime professionals act on every day. Learn the craft in Marco’s AML & Financial Crime course.

AML & Financial Crime course →
Back to Issue №6

MiCA transition ends: unauthorised crypto firms must now cease all EU activity

The transitional period under the EU crypto rulebook closed on 1 July 2026, and any crypto-asset service provider still operating without full authorisation is now in breach of EU law.

Act now Crypto Regulatory Enforcement AML EU

What happened

The transitional period under MiCA (the EU Markets in Crypto-Assets Regulation) closed on 1 July 2026. Under that regime, crypto-asset service providers (CASPs) working under national rules could keep serving EU clients while they pursued full MiCA authorisation. That legal basis has now closed.

Any firm still providing crypto-asset services without MiCA authorisation is in breach of EU law and must cease operating. ESMA (the European Securities and Markets Authority) sets out the authorisation framework on its MiCA hub. On 23 June 2026, ESMA called on unauthorised CASPs to wind down in an orderly manner, keeping anti-money laundering and countering the financing of terrorism (AML/CFT) controls and the Travel Rule live throughout.

Industry analysis, not ESMA, supplies the scale. Before MiCA, more than 1,200 virtual asset service provider (VASP) entities held national registrations across the EU. That same analysis put the conversion rate to full authorisation under 18%, meaning over 80% of formerly registered entities had not secured MiCA authorisation by May 2026.

Why it matters

The deadline has passed, and most formerly registered VASPs did not convert. That leaves a large cohort of firms that must now exit the EU market or operate illegally. For banks and authorised firms, this is a live counterparty problem, not a distant regulatory milestone.

An unauthorised CASP has no lawful basis to serve EU clients. If you hold its accounts, process its flows, or rely on it in a payment chain, its legal status just changed under you. The pressure point is the fiat off-ramp. Firms winding down, or exiting in disorder, will move client funds, and that movement is where laundering and misappropriation risk concentrates.

Practitioner angle

Treat this as a counterparty review, not a crypto-desk issue.

  • Confirm every CASP you bank, fund, or rely on appears in the ESMA Register as authorised under MiCA. Pull the register, match legal entities, and document the check.
  • Treat any counterparty that is not authorised as a firm that must now cease EU activity. Reprice the exposure and set an exit or offboarding path.
  • Watch the fiat off-ramp closely. Flag unusual outbound movements of client funds from crypto counterparties as a wind-down red flag, and keep the Travel Rule and AML/CFT monitoring live on every transfer.
  • Expect coordinated supervisory action from ESMA and national authorities against firms still operating, and prepare for information requests on your exposure.

The one action this quarter: reconcile your full crypto counterparty list against the ESMA Register, and offboard anyone who is not authorised.

Share:

Want to do this for a living?

Turn this weekly intelligence into a career. Marco’s AML & Financial Crime course takes you from curious to hireable.

AML & Financial Crime course →