A Checklist for MiCA Compliance for Traditional Banks

The landscape of traditional finance (TradFi) is undergoing a significant transformation with the introduction of the Markets in Crypto-Assets (MiCA) regulation on December 31, 2024, and the accompanying European Banking Authority's (EBA) updated guidance. These changes necessitate that traditional banks strengthen their anti-money laundering (AML) frameworks to address the unique challenges and risks crypto-assets present. They can't simply ignore crypto-asset risk with a "no crypto" stance. The flow of funds from Crypto-Asset Service Providers (CASPs) into their systems creates an inherent exposure that needs to be addressed in their AML framework.  

Here's a comprehensive checklist to help banks navigate MiCA compliance:

1. Update AML Policies and Procedures

   
   

   • Incorporate Crypto-Asset Exposure (Crucial, Even with "No Crypto" Policies): Banks must review and update their existing AML policies and procedures to explicitly include the risks associated with crypto-asset firms or crypto-assets. This is critical even if a bank has a stated "no crypto" policy, as exposure can arise from incoming transfers from the newly regulated Crypto-Asset Service Providers (CASPs) and other sources.

     
     

   • Identification of CASP/VASP Transfers: The updated policies and procedures must cover the identification of transfers originating from or destined to Crypto-Asset Service Providers (CASPs, EU-regulated) and Virtual Asset Service Providers (VASPs, non-EU-regulated). Banks need to establish processes to recognize these transactions within their systems.

     
     

   • Enhanced CDD/EDD: Enhance Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) processes to effectively identify and assess crypto-related risks, considering the source and destination of funds and the involvement of CASPs/VASPs.

     
     

   • Retrospective Approach: While CASPs and Virtual Asset Service Providers (VASPs) might seem like recent developments, crypto exchanges have existed since around 2010. Therefore, even though MiCA regulation came into full effect on December 31, 2024, banks may have already been exposed to illicit funds related to crypto transactions in prior years. A retrospective analysis is strongly recommended to identify clients and transactions that could present historical AML risks.

     
     

2. Invest in Know Your Transaction (KYT) Tools and Technologies

   
   

   • Transaction Monitoring Systems: Update transaction monitoring systems to detect transfers involving Crypto-Asset Service Providers (CASPs).

     
     

   • Advanced Analytics: The EBA guidelines request that you assess the need for advanced analytics tools for KYT investigations. These tools can include pattern analysis and anomaly detection to identify suspicious activity.

     
     

   • Blockchain Analytics Tools (BATs): Invest in and implement blockchain analysis tools to gain visibility into crypto transactions and identify suspicious activity. These tools are a must if you interact with blockchain directly, but they are also handy in assessing the risks of your current clients who already interact/interacted with crypto (around 20% of your client base). Many of these tools also offer an assessment of risks related to VASP.

     
     

   • Crypto-related Enhanced Due Diligence Tools: Adopt specialized crypto-related Enhanced Due Diligence (EDD) tools (such as ChainComply) that work next to BATs but are designed for traditional banks' first line of defence and compliance teams. These tools are simpler to use and can provide enhanced insights into the source of funds, risk assessments of accounts and wallets, counterparty analysis, and other crucial information for compliance. See a comparison between them here.

     
     

3. Enhance Staff Training

   
   

   • Crypto Basics and Beyond: Staff needs to assimilate general knowledge of crypto (airdrops, staking, mining, NFTs, launchpads) and extend to advanced concepts (liquid staking, wrapping, bridges) and specialized knowledge (different protocols, blockchain transaction logic).

     
     

   • Crypto-Asset Risks Awareness: Increase staff training to ensure awareness of new risks associated with crypto-assets.

     
     

   • Advanced Analytics Tools: Provide training on using advanced analytics tools (see point 2 above) and interpret their outputs.

     
     

   • Suspicious Transaction Recognition: Train staff to recognize suspicious crypto transactions and the appropriate procedures to follow. The depth of this training should depend on your average client profile and whether your crypto stance is strictly defensive (focusing on the threat) or embracing, focusing on opportunity.

4. Crypto-related Enhanced Due Diligence - a KYT focus

   
   

Due to blockchain technology's inherent characteristics, Enhanced Due Diligence in the context of crypto-assets necessitates a strong emphasis on Know Your Transaction (KYT).

• What to do: Prioritize Transaction Analysis

  • Blockchain's fundamental structure as a chain of pseudo-anonymous transactions underscores the importance of transaction analysis in crypto-related EDD. 

  • EBA guidelines mandate that banks "take reasonable and appropriate measures to understand the background and purpose of crypto-related transactions" (EBA guideline 4.61.a), including assessing the customer's likelihood of engaging in such transactions.  

    
    

• How far to investigate: Balancing Depth and Efficiency

  • While verification of the source of funds (for companies) and the source of wealth (for individuals) remains crucial in crypto-asset investigations (EBA guideline 4.64), the depth of the investigation must be balanced with the need for efficiency.  

  • Financial institutions must be "reasonably satisfied" with the plausibility of a customer's source of wealth and funds (EBA guideline 21.12.c.ii), acknowledging the need for risk-based, efficient procedures. 

    
    

• How: Digitalization from the outsetDisclaimer: This paragraph is the author's opinion and is not part of the new EBA guidance!

  • To effectively meet these requirements, banks must implement robust internal procedures for gathering, analyzing, and documenting the source of funds and source of wealth information, specifically adapted for the complexities of crypto transactions.

  • Excel-based manual processes cannot provide the necessary efficiency and introduce unacceptable risks.

  • It is highly recommended that these processes be digitalised from the outset to manage the inherent complexity. Enhanced KYT tools are essential for analysing blockchain transactions, assessing risk, and streamlining investigations.  

    
    

• For further guidance, see our Mica Compliance Guide to Enhanced DD

5. Reap the Benefits of Proactive Compliance

   
   

By implementing this checklist, traditional financial institutions and CASPs/VASPs can make significant strides towards MiCA compliance and effectively manage the evolving risks associated with crypto-assets. 

These proactive steps will position banks to serve the growing crypto market effectively and responsibly, building loyalty with existing crypto-holding clients and attracting new ones. Younger, crypto-holding clients will reward you for this.

Contact us to learn more about how we can help your institution navigate these changes.