MiCAR Transitional Period

Following the official conclusion of the Markets in Crypto-Assets Regulation’s (MiCAR) transitional period on the 1st of July 2026, firms are now strictly required to hold a valid authorisation as MiCAR-compliant crypto-asset service providers (CASPs) to continue operating within the European Union. This regulatory milestone is driving immediate, major structural shifts across the EU’s crypto-asset sector, bringing specific money laundering and terrorist financing (ML/TF) risks to the forefront.

To help the market manage this shift, the Anti-Money Laundering Authority (AMLA) has published an advisory note outlining targeted measures for transitioning virtual asset service providers (VASPs), authorised CASPs, AML/CFT supervisors, and Financial Intelligence Units (FIUs).

As unauthorised players exit the market, large volumes of customer relationships are being moved or terminated, concentrating crypto-asset activity into a smaller pool of authorised entities. Crucially, AMLA emphasises that when a customer transitions from an unauthorised VASP to an authorised CASP, the receiving firm must conduct an individualised, risk-based customer assessment rather than adopting an approach of blanket de-risking.

Unauthorised VASPs

For entities currently winding down their operations, there is an elevated risk of weakened AML/CFT controls during the off-boarding process, particularly among businesses that already have known compliance deficiencies. To prevent this, exiting entities must establish robust wind-down plans and ensure their off-boarding methodologies are clearly documented.

Another distinct threat during these abrupt market exits is the risk of illicit flow concealment. Rapid closures can drastically reduce regulatory transparency over customer assets and relationships, creating opportunities for sanctions evasion and the swift movement of illicit funds. Throughout this wind-down phase, firms must maintain full compliance with their AML/CFT obligations until all activities have completely ceased. This includes keeping customer due diligence (CDD) records entirely up to date and remaining vigilant in identifying and reporting suspicious transactions.

Authorised CASPs

On the receiving side, authorised CASPs are at high risk of sudden shifts in their risk exposure, as influxes of new clients alter their established business models and customer portfolios. This migration places immense pressure on transaction monitoring frameworks. To manage these risks effectively, CASPs must ensure their systems are fully scalable and capable of handling a drastically increased volume of asset transfers.

Furthermore, firms need to strengthen their onboarding and risk integration processes. Instead of turning away large blocks of clients out of caution, firms must focus on individualised risk profiling to integrate legitimate users safely while catching bad actors.

AML/CFT Supervisors

Regulators and supervisors are facing their own unique hurdles, notably the potential for supervisory blind spots during this rapid market consolidation, alongside the risk of inconsistent AML/CFT enforcement across different jurisdictions. The sheer volume of concurrent client migrations creates a visibility challenge for authorities, while differing national approaches to the end of the transition can open doors for regulatory arbitrage, where illicit actors exploit the weakest regulatory links.

AMLA recommends that, where legally permitted, supervisors should prioritise the direct oversight of exit planning to maintain transparency over asset transfers. Close cross-border coordination is vital; supervisors must carefully track how capital flows from winding-down entities might alter the risk profiles of the receiving CASPs within their home states.

Financial Intelligence Units (FIUs)

Finally, FIUs must adapt to emerging and shifting typologies linked to these mass migrations. Shifting client bases can easily obscure illicit flows if funds are moved rapidly across multiple CASPs and legal jurisdictions, a trend that will likely trigger a massive spike in suspicious activity reporting. AMLA stresses that enhanced domestic and cross-border cooperation is the only way to maintain visibility over these complex flows. Where these asset movements indicate genuine risk, FIUs must ensure the timely dissemination of relevant financial intelligence to competent authorities and law enforcement agencies.

Conclusion

The end of the MiCAR transitional period represents a vital step toward a safer, more transparent European digital asset market. However, the current migration phase requires heightened vigilance from all industry stakeholders. By replacing blanket de-risking with tailored risk assessments, ensuring transaction monitoring systems can scale to demand, and fostering seamless cross-border intelligence sharing, the financial sector can successfully manage these structural changes while robustly protecting the financial system from crime.

For any additional information or assistance, please contact us at info@gtg.com.mt

Author: Dr Kimberley Blundell

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content