Crypto custody operations face ESMA scrutiny following MiCA implementation

Crypto custody operations face ESMA scrutiny following MiCA implementation

The European securities watchdog has initiated a comprehensive examination of cryptocurrency custody service providers, evaluating their approaches to managing security threats, maintaining operational continuity and safeguarding client assets.

The European Securities and Markets Authority (ESMA), a central regulatory body within the EU overseeing the rollout of the Markets in Crypto-Assets (MiCA) regulatory regime, has announced the initiation of a specialized review process targeting providers of crypto custody services.

According to an official statement released on Wednesday, ESMA intends to execute a common supervisory action (CSA) that will zero in on the operational resilience capabilities of crypto-asset service providers (CASPs), placing particular attention on their custody operations.

"The CSA will assess the maturity of CASPs' digital operational resilience frameworks in relation to custody activities," ESMA said, adding that the reviews will focus on areas including key and storage management, alongside other operational risks.

This initiative arrives on the heels of MiCA's transition period concluding on July 1, triggering heightened scrutiny regarding the methods EU regulatory bodies will employ to monitor adherence to the newly established regulatory structure, including matters related to potential enforcement actions.

National regulators to conduct custody reviews

According to ESMA's announcement, the supervisory initiative will be executed by national competent authorities (NCAs) throughout the European Union, which will evaluate a sample of authorized CASPs selected based on risk assessment criteria.

The examination process is scheduled to extend from the present time through the initial six months of 2027, during which regulatory authorities will scrutinize the methods companies employ to manage operational risks connected to custody services.

Beyond examining key and storage management protocols, NCAs are anticipated to evaluate additional areas including governance frameworks, controls for transactions, systems for detecting and responding to incidents, and the extent of reliance on third-party service providers.

Following the completion of the exercise in the latter half of 2027, ESMA will compile the collected findings into a comprehensive final report for presentation to its Board of Supervisors.

This examination initiative emerges at a time when certain custody service providers have begun offering support to cryptocurrency platforms navigating the challenges of adapting to Europe's evolving regulatory landscape.

Last month, crypto custody company BitGo launched a Europe-focused crypto-as-a-service platform aimed at helping platforms maintain access to the market while working through MiCA-related compliance requirements.

← Back to Blog