MiCA Authorisation: A Legal Analysis for Founders

MiCA Authorisation: A Legal Analysis for Founders

For fintech founders, navigating the Markets in Crypto-Assets (MiCA) Regulation requires more than a checklist; it demands a nuanced understanding of the legal obligations now in force across the EU. This is not merely a registration exercise; it is a formal authorisation process with significant legal consequences for non-compliance.

📜 THE LEGAL FRAMEWORK

MiCA creates a single, harmonised regime, but authorisation is granted by a National Competent Authority (NCA). The legal principle of "passporting"¹ allows a Crypto-Asset Service Provider (CASP) authorised in one state to operate across the Union. However, this hinges on satisfying stringent initial and ongoing legal requirements.

⚖️ THE SUBSTANCE DOCTRINE: ARTICLE 62

The requirement for a "real EU presence" is a critical legal threshold. Article 62 of MiCA mandates that a CASP must have its place of effective management in the Union and that at least one of the directors must be resident in the Union². This is a direct legal countermeasure against "letterbox" entities, requiring demonstrable operational substance and local decision-making authority.

🧠 "FIT AND PROPER" TEST: ARTICLE 68

The "fit and proper" test under Article 68 is not a mere formality. It requires that members of the management body possess "sufficiently good repute" and have "appropriate knowledge, skills and experience"³. NCAs are actively scrutinising backgrounds for any criminal records related to financial crime or previous regulatory sanctions.

🏛️ PRUDENTIAL SAFEGUARDS: A LEGAL OBLIGATION

MiCA imposes legally binding prudential requirements. For CASPs providing custody, Article 63 mandates own funds equal to at least one-quarter of the preceding year's fixed overheads⁴. These are not just financial hurdles; they are legal obligations designed to ensure operational resilience.

❓ THE FOUNDER'S LEGAL CHALLENGE

The primary legal challenge for founders is demonstrating a holistic and embedded compliance culture from day one. The application itself, which can take 6-12 months to process, requires a detailed legal and operational plan covering everything from AML/CFT procedures (under AMLD5)⁵ to IT security protocols (under DORA)⁶. Any perceived weakness in this plan can lead to rejection.

References

¹ Regulation (EU) 2023/1114 (MiCA), Article 61 ² MiCA, Article 62(1)(c) ³ MiCA, Article 68(1) ⁴ MiCA, Article 63(3) ⁵ Directive (EU) 2018/843 (AMLD5) ⁶ Regulation (EU) 2022/2554 (DORA)