Key facts
- ESMA is launching a supervisory action to review crypto custody providers.
- The focus is on the operational resilience and digital frameworks of CASPs.
- Key areas of assessment include key management, incident response, and third-party dependencies.
- National regulators will conduct the reviews across the EU.
- The review period extends through the first half of 2027.
The European Securities and Markets Authority (ESMA) is initiating a comprehensive review of crypto custody providers to assess their operational resilience and digital frameworks. This move, announced on Wednesday, comes as the EU's Markets in Crypto-Assets (MiCA) framework transitions into full effect.
The common supervisory action (CSA) will involve national competent authorities (NCAs) across the EU examining a sample of authorized crypto-asset service providers (CASPs). The reviews, set to run through the first half of 2027, will delve into critical areas such as key and storage management, governance structures, transaction controls, incident detection and response mechanisms, and the reliance on external technology providers.
ESMA plans to consolidate the findings into a final report by the second half of 2027. This increased regulatory scrutiny follows the end of MiCA's transition phase on July 1, highlighting the EU's focus on ensuring compliance and addressing potential enforcement issues within the burgeoning crypto sector. Custody providers like BitGo are already adapting, with BitGo launching a Europe-focused crypto-as-a-service platform to aid compliance.