As crypto-assets increasingly enter mainstream financial activity, the quality of information and advice provided to clients has become a central regulatory concern. Against this backdrop, the European Securities and Markets Authority (ESMA) issued guidelines establishing criteria for the assessment of knowledge and competence of staff operating within the framework of the Markets in Crypto-Assets Regulation (MiCA). These guidelines aim to promote supervisory convergence, enhance investor protection, and ensure that crypto-asset service providers (CASPs) maintain appropriately qualified personnel.
The guidelines apply to competent authorities and CASPs involved in delivering crypto-asset services as set out under MiCA and are intended to reinforce the EU’s commitment to harmonised regulatory standards across Member States.
ESMA developed the guidelines to foster “consistent, efficient and effective supervisory practices” and to ensure the uniform application of MiCA provisions governing conduct toward clients. By clarifying expectations regarding staff expertise, ESMA aims to assist service providers in meeting their duty to act in the best interests of their clients while simultaneously reinforcing investor confidence in the rapidly evolving crypto-asset sector.
Central to the framework is a set of operational definitions. “Staff” refers to natural persons providing services on behalf of a CASP, while “relevant services” include the provision of advice or information relating to crypto-assets or associated offerings. Additionally, “knowledge” and “competence” are understood as the combination of appropriate qualifications and practical experience required to fulfil MiCA obligations.
The general guideline places primary responsibility on CASPs to ensure that their personnel understand applicable regulatory requirements, internal procedures, and ethical standards. Importantly, competence must be proportionate to the nature and complexity of the services delivered. Staff providing investment advice are therefore expected to demonstrate a deeper level of expertise than those offering purely informational support. Additionally, management bodies must review compliance policies at least annually and remedy any shortcomings identified.
Notably, the guidelines recognise the growing role of automated and semi-automated tools in financial services. Even where client communications are technology-driven, responsibility ultimately rests with the individuals who design the content or determine system parameters. Those staff members must therefore possess sufficient knowledge to ensure that the information or advice generated is accurate and appropriately tailored.
Furthermore, for staff tasked with providing information, the guidelines outline an extensive knowledge base. Personnel must understand the characteristics, risks, and operational features of crypto-assets, including the functioning of distributed ledger technology (DLT) and the protocols supporting transactions. Particular care is required when communicating risks associated with complex or highly volatile assets.
Beyond technical understanding, staff should be capable of explaining transaction costs, market structures, valuation mechanisms, and the influence of external factors such as investor sentiment or major economic events on pricing. They must also recognise the regulatory distinctions between protections available under MiCA and those applicable to traditional financial instruments governed by MiFID II, as these differences directly affect investor safeguards.
Risk awareness forms a cornerstone of the framework. Staff should, at minimum, understand threats such as cyberattacks, theft of crypto-assets, improper storage of private keys, software vulnerabilities, and transfer risks linked to unsupported networks. This emphasis reflects the operational fragility that can characterise digital asset markets and the potential consequences for investors.
Staff providing information are expected to complete a professional qualification of at least 80 hours combined with 6 months of supervised experience, or alternatively accumulate one year of supervised experience. Continuous professional development is equally important, with service providers responsible for determining appropriate training levels. In addition, for personnel dealing with less complex products, 10 hours of annual training is suggested as a minimum benchmark.
Moreover, the requirements become more demanding where advice is concerned. In addition to mastering the informational elements, advisory staff must understand suitability obligations, portfolio management fundamentals, diversification principles, and how specific crypto-assets align with a client’s financial circumstances and objectives.
Multiple qualification pathways are recognised for advisers. These include a relevant tertiary degree accompanied by supervised experience, extensive professional formation combined with practical exposure, or prior advisory experience obtained under established regulatory regimes such as MiFID II or the Insurance Distribution Directive. Such flexibility acknowledges the varied professional backgrounds from which expertise in crypto-assets may develop.
The guidelines also emphasise organisational accountability. Service providers must clearly define staff roles, distinguish between informational and advisory functions, conduct annual assessments of development needs, and maintain records demonstrating compliance for review by competent authorities.
Notably, where personnel have not yet acquired the necessary expertise, they may operate under supervision for a limited period. Supervisors must themselves possess the required competence and assume responsibility for the services delivered, including approving suitability reports. In principle, supervision should not exceed 4 years unless otherwise determined by the competent authority.
Subsequently, employees performing purely administrative tasks without client interaction fall outside the framework, whereas providers are encouraged to implement structured training programmes, adopt codes of ethics, monitor advisory practices, and ensure that staff can effectively identify client objectives and communicate associated risks.
Overall, ESMA’s guidelines signal a decisive move toward the professionalisation of crypto-asset services within the European regulatory landscape. By establishing measurable standards for qualifications, experience, and ongoing training, the framework addresses one of the sector’s most pressing vulnerabilities, namely the risk that investors rely on insufficiently informed guidance. Effective implementation will therefore be essential not only for regulatory compliance but also for fostering trust in a market defined by rapid technological change.
For any additional information or assistance, please contact us at info@gtg.com.mt
Author: Alesea Azzopardi Spiteri