HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

EU regulators scrutinize crypto custodians' operational resilience post-MiCA licensing

Created at 10 Jul · 2:13 PM1 source↑ Market-relevant
IN SHORT

The European Securities and Markets Authority (ESMA) has launched a supervisory action to assess the operational resilience of crypto asset service providers, focusing on custody services. This review, following MiCA licensing, tests whether custodians can meet security and resilience standards, moving beyond mere authorization to operational proof.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

1Common Supervisory Action launched by ESMA

Who's Involved

ESMA
European Securities and Markets Authority, launching a supervisory action
Sebastien Dessimoz
Co-founder and managing partner at Taurus, commenting on regulatory signals
Jody Mettler
Chief operating officer of BitGo and president of BitGo Trust, discussing client inquiries
Markus Levin
Co-founder of XYO, highlighting the difference between authorization and resilience
Yuriy Brisov
Lawyer at Digital & Analogue Partners, explaining regulatory frameworks

↳ Why This Matters

This regulatory action signals a heightened level of scrutiny for crypto custodians in the EU, pushing them to prove operational robustness beyond initial licensing, which could impact institutional adoption and market confidence.

Key facts

  • ESMA has launched a Common Supervisory Action (CSA) to review the operational resilience of crypto asset service providers (CASPs).
  • The review specifically targets custody services under the EU's Markets in Crypto-Assets Regulation (MiCA).
  • CASPs will be assessed on their ability to demonstrate security and resilience in areas like key management and incident response.
  • This initiative signifies a move from simply obtaining a license to proving operational robustness.
  • The review integrates requirements from both MiCA and the Digital Operational Resilience Act (DORA).

The European Securities and Markets Authority (ESMA) has initiated a Common Supervisory Action (CSA) to scrutinize the operational resilience of crypto asset service providers (CASPs) operating under the Markets in Crypto-Assets Regulation (MiCA).

The review, which focuses on custody services, aims to assess whether licensed firms can meet stringent security and resilience standards, moving beyond the initial authorization phase. This marks one of the first major supervisory exercises under the EU's new crypto framework.

Industry executives view this as a significant shift, expecting custody providers to demonstrate their operational controls rather than just claim them. The CSA will examine frameworks for key and storage management, transaction controls, incident response, and third-party dependencies. This development aligns with the increasing integration of digital assets into regulated financial infrastructure, requiring traditional market-level security and accountability.

The review operates under both MiCA, which sets custody obligations, and the Digital Operational Resilience Act (DORA), which outlines technology risk requirements for financial entities. Experts note that the concentration of custody technology in a few vendors presents a challenge, as a single weak supplier could impact many firms. The findings from this review are expected to inform ongoing debates about MiCA's future and the potential for more centralized crypto supervision by ESMA.

Frequently asked questions

MiCA, or the Markets in Crypto-Assets Regulation, is a framework established by the European Union to regulate crypto-asset service providers and crypto-assets.

The Common Supervisory Action (CSA) by ESMA aims to assess the operational resilience and security standards of crypto custodians licensed under MiCA.

The Digital Operational Resilience Act (DORA) sets technology risk requirements for financial firms, and this review integrates DORA's standards alongside MiCA's custody obligations.

What Happens Next

01ESMA will publish findings from the Common Supervisory Action.
02Discussions on centralized crypto supervision in the EU may be influenced by the review's outcomes.
03The review of MiCA may incorporate lessons learned from this supervisory exercise.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

The European Securities and Markets Authority (ESMA) launched a Common Supervisory Action (CSA).
The CSA will examine the operational resilience of crypto asset service providers (CASPs).
Custody services are the central focus of the ESMA review.
The review assesses CASPs' digital operational resilience frameworks for custody activities.
Key areas of focus include key and storage management, transaction controls, and incident response.
The action marks a shift from claiming security to evidencing it for custody providers.
The review aligns with both MiCA's custody obligations and DORA's technology risk requirements.
Findings may influence discussions on centralized crypto supervision in the EU.

Sources

T1
MiCA licensing only the beginning as crypto custodians face scrutinyA MiCA license allows crypto firms to operate in the EU, but the ESMA’s review will test whether custodians can meet the required security and resilience standards.Cointelegraph

Related Stories

EU crypto rules may be bypassed by foreign firms, report says
10 Jul · 7:11 AM
JPMorgan: Private Blockchains, Not MSTR, Threaten Bitcoin
9 Jul · 8:40 PM
Bitcoin-Backed Preferred Shares Face First Major Test
9 Jul · 5:50 PM
Circle Receives Final US Trust Bank Approval, Shares Climb
10 Jul · 10:57 AM
Standard Chartered Reiterates $100,000 Bitcoin Target, Calls Asset "A Screaming Buy"
10 Jul · 1:55 PM