How to Choose the Right Onboarding Solution for MiCA Compliance

MiCA and the Digital Finance Package

On the 24th of September 2020, the EU introduced its “digital finance package”. The “package” was a bundle of suggested legislative and policy measures aiming to:

1. Tackle fragmentation, and creating one “Digital Single Market”.
2. Improve data standards and accessibility.
3. Assure digital resilience.
4. And make sure regulation facilitates innovation.

The EU hoped the digital finance package “would unleash European innovation and create opportunities to develop better financial products for consumers, including for people currently unable to access financial services”. It also hoped it “accelerates cross borders operations… enhance financial market integration in the banking union and the capital markets union, and thereby… strengthen Europe’s economic and monetary union”.

A prominent part of the package, which many of the EU’s above-mentioned hopes rely on, was the Markets in Crypto-Assets Regulation (MiCA). MiCA, which comprised much of the “innovation” component, was hoped to turn the EU into a pioneering hub in the field of crypto assets, hence attract capital and investments into the economically battered Union after covid 19.

Fast-forward 4 years, and it seems this promise is beginning to be fulfilled. in June 2024 Titles III and IV of MiCA, which deal with Asset-Referenced Tokens and E-Money Tokens came into effect. A day before year-end, 30 December 2024, the rest of MiCA was set to enter into force, including Title II which deals with crypto-assets other than asset-referenced tokens or e-money tokens, and Title V, which covers the authorisation and operating conditions for crypto-asset service providers.

MiCA and Client Onboarding

In the context of client onboarding, the entrance into force of MiCA’s remaining titles means a de-facto “MiFID-isation” of crypto assets. In effect, MiCA creates a MiFID-like regime for the trading of crypto assets, therefore very similar – yet distinctively different – duties apply to MiCA-regulated entities as to MiFID-regulated ones.

MiCA itself makes this abundantly clear. For example, Article 60 (which lies under Title V, “Authorisation and Operating Conditions For Crypto-Asset Service Providers”), clearly states that “3.   An investment firm may provide crypto-asset services in the Union equivalent to the investment services and activities for which it is specifically authorised under Directive 2014/65/EU if it notifies the competent authority of the home Member State of the information referred to in paragraph 7 of this Article at least 40 working days before providing those services for the first time”.

The Article continues to equate different services provided under MiFID II (Directive 2014/65/EU) to services provided under MiCA. For example, ” the operation of a trading platform for crypto-assets is deemed equivalent to the operation of a multilateral trading facility and operation of an organised trading facility referred to in Section A, points (8) and (9), respectively, of Annex I to Directive 2014/65/EU”, and “the exchange of crypto-assets for funds and other crypto-assets is deemed equivalent to dealing on own account referred to in Section A, point (3), of Annex I to Directive 2014/65/EU”.

Accordingly, MiCA creates a similar KYC regime to that of MiFID II, one which includes Client Classification, Suitability and Appropriateness. This, in addition to the normal AML requirements which apply as a result of the AMLD and national legislation and international standards.

The Right MiCA Client Onboarding Solution

As a result of the above, the right client onboarding solution for onboarding clients onto a CASP should be one that shares attributes with onboarding systems onto MiFID-regulated entities. Meaning, it should:

1. Cover AML requirements in an intelligent manner! This goes for granted. AML requirements have been expanded in recent years and apply not only to financial institutions but also to a wide range of other practitioners, from law firms to galleries. CASPs are of course required to have robust AML practices, given also the relatively innate high-risk of money laundering that is associated with crypto.

Nowadays, it is standard to have automated AML solutions which include not only automated identity verification and automated screening for PEPs, Sanctions and Adverse Media; but also verifying against digitised registries, accessing corporate data including UBO and shareholders information, as well as of course ongoing monitoring and review options.

Due to the wide range of data-points, it is important to have an onboarding solution which does not only cover all data points, but also grades them consistently, arranges them in a logical and accessible manner, and allows you to get a quick, clear picture of the AML risks, with one glance (when needed – if all is “green”, then it should allow for an automated STP route).

• Be fast! When it comes to crypto assets, it is also important to remember that the clients are more “tech-y” than usual. Meaning, their patience or even tolerance for manual processes and for lengthy document collection processes is limited. If clients of MiFID-regulated trading platforms expect a fast, easy registration-like process; this is even more true in the crypto field. The right onboarding solution must, therefore, has a built-in client reach-out tool, as well as a high level of automation (if not completely automated).
• Cover Client Classification! if MiFID classifies clients into Retail, Professional, and Eligible Counterparties (as well as, of course, the opt-ups and opt-downs, which can be seen as categories of their own); MiCA classifies them into “Retail Holders” and “Qualified Investors”.

Client Classification is a vital, integral part of the onboarding process; and any onboarding solution which does not allow for proper classification either:

• narrows the CASP’s range of prospective clients;
• puts the CASP in risk of incompliance; or
• both!

At this day and age, there is absolutely no reason for that to happen. Client Classification is key for knowing one’s customer: it is hard to think of a more fundamental determination in relation to a client than their basic category. It determines, for example, if one needs to draw a white paper in some cases, or if the client has a “right of withdrawal”.

A good onboarding solution should provide you with a clear, complete picture of the prospective client, and as the client’s regulatory classification according to MiCA is vital for both identifying the opportunities with them and safeguarding you from incompliance, a good onboarding solution should be able to present you with the client’s MiCA categorisation.

• Cover Suitability! As shown above, MiCA draws clear parallels between services provided under MiCA to those provided under MiFID II. Not only that, it creates what is referred to as a “MiFID-like regime”. This also includes the requirement to perform a Suitability assessment while providing advice and/or portfolio management services, similar to MiFID II.

This is clearly stated in Article 81, titled “Providing advice on crypto-assets and providing portfolio management of crypto-assets”. The Article states:

“1.   Crypto-asset service providers providing advice on crypto-assets or providing portfolio management of crypto-assets shall assess whether the crypto-asset services or crypto-assets are suitable for their clients or prospective clients, taking into consideration their knowledge and experience in investing in crypto-assets, their investment objectives, including risk tolerance, and their financial situation including their ability to bear losses”.

MiCA makes it very clear that if the prospective client indicates they are interested in the provision of advice and/or portfolio management services, the Suitability assessment should be performed during the initial onboarding (when they are still “prospective clients”). Therefore, in order to be fully compliant with MiCA, an onboarding solution needs to include a Suitability assessment component as well. It is also good practice from a customer experience point of view, as it may aggravate clients to receive a Suitability assessment after being onboarded – it can feel, to some, as if they are not trusted by the institution, and they may wonder why are they being asked for additional details to those already provided.

• Provide an overall risk assessment. MiCA mentions in several places, for example Article 60, requirements to provide “a description of… the risk assessment framework for the management of money laundering and terrorist financing risks”.

Client Risk plays a major part in the overall ML and TF risks, and therefore a vital and indispensable part of any risk framework.

As most of the data related to ML and TF risks is captured during the initial onboarding of clients, this too – the ability to automatically produce a client risk score, or better still, a detailed CRA (Client Risk Assessment) – should be a part of any MiCA onboarding solution.

In Summary

In summation, a good MiCA onboarding solution is one that is:

1. Fast – crypto clients are digital beings, and as such have little patience or tolerance for long and/or manual processes.
2. Provides a complete picture – as MiCA’s provisions are intertwined one with the other (a client’s rights, for example, depend on their classification; and the services they desire depend on their assessment as suitable or not; etc.), it makes little sense to separate the processes related to onboarding a client. The client’s classification, suitability for services, risk level etc. should all form an integral part of the onboarding report.

Done correctly, onboarding onto a CASP can provide you with a key differentiator, and allow you to both comply and compete.

When done right, compliance becomes a growth driver, enabling smarter, more precise business decisions while strengthening your reputation in the eyes of clients and regulators alike.