HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
← All Stories

ESMA to scrutinize crypto custody providers' operational resilience

Created at 8 Jul · 11:05 AM1 source↑ Market-relevant
IN SHORT

The European Securities and Markets Authority (ESMA) is launching a supervisory action to assess the operational resilience of crypto-asset service providers (CASPs) focusing on custody services. The review will examine key management, incident response, and third-party dependencies, following the end of MiCA's transition phase.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

July 1MiCA transition phase end date
first half of 2027End of custody reviews
second half of 2027ESMA report publication

Who's Involved

ESMA
EU securities regulator launching crypto custody review
CASPs
Crypto-Asset Service Providers subject to review
NCAs
National competent authorities conducting custody reviews
BitGo
Crypto custody company launching Europe-focused platform

↳ Why This Matters

This action signals heightened regulatory oversight for crypto custody services in the EU, aiming to bolster investor protection and market integrity as the MiCA framework is implemented. It underscores the importance of robust operational security for digital asset service providers.

Key facts

  • ESMA is launching a supervisory action to review crypto custody providers.
  • The focus is on the operational resilience and digital frameworks of CASPs.
  • Key areas of assessment include key management, incident response, and third-party dependencies.
  • National regulators will conduct the reviews across the EU.
  • The review period extends through the first half of 2027.

The European Securities and Markets Authority (ESMA) is initiating a comprehensive review of crypto custody providers to assess their operational resilience and digital frameworks. This move, announced on Wednesday, comes as the EU's Markets in Crypto-Assets (MiCA) framework transitions into full effect.

The common supervisory action (CSA) will involve national competent authorities (NCAs) across the EU examining a sample of authorized crypto-asset service providers (CASPs). The reviews, set to run through the first half of 2027, will delve into critical areas such as key and storage management, governance structures, transaction controls, incident detection and response mechanisms, and the reliance on external technology providers.

ESMA plans to consolidate the findings into a final report by the second half of 2027. This increased regulatory scrutiny follows the end of MiCA's transition phase on July 1, highlighting the EU's focus on ensuring compliance and addressing potential enforcement issues within the burgeoning crypto sector. Custody providers like BitGo are already adapting, with BitGo launching a Europe-focused crypto-as-a-service platform to aid compliance.

Frequently asked questions

ESMA is the European Securities and Markets Authority, a key EU regulator supporting the implementation of the Markets in Crypto-Assets (MiCA) framework.

The review focuses on the operational resilience and digital operational resilience frameworks of crypto-asset service providers (CASPs), specifically concerning custody activities.

The reviews will be conducted by national competent authorities (NCAs) from now through the first half of 2027.

NCAs will assess key and storage management, governance structures, transaction controls, incident detection and response, and dependencies on external service providers.

What Happens Next

01NCAs will conduct risk-based reviews of authorized CASPs.
02ESMA will consolidate findings into a final report.
03The report will be submitted to ESMA's Board of Supervisors.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

ESMA announced a common supervisory action (CSA) focused on crypto custody providers.
The CSA will assess CASPs' digital operational resilience frameworks for custody activities.
Reviews will cover key and storage management, governance, incident response, and third-party reliance.
National competent authorities (NCAs) will conduct risk-based reviews of authorized CASPs.
The reviews will take place from now until the first half of 2027.
ESMA will publish a consolidated report in the second half of 2027.

Sources

T1
ESMA turns spotlight on crypto custody risks after MiCA transitionThe EU securities regulator will assess custody providers’ key management, incident response and reliance on third-party technology providers.Cointelegraph

Related Stories

EU lawmakers adopt stance on crypto regulation post-MiCA
7 Jul · 12:45 PM
Kenya Regulator Seeks Blockchain Tool to Combat Crypto Crime
7 Jul · 5:35 PM
Kraken seeks European banking license to expand services
7 Jul · 6:45 PM
Crypto firms prepare defenses as quantum threat to encryption draws nearer
8 Jul · 10:04 AM
Kraken Seeks Final Judgment After $22 Million Award Against Former Auditor
7 Jul · 7:40 PM