TLDR
- ESMA starts custody checks as MiCA shifts into active supervision.
- EU crypto firms face reviews on client asset protection systems.
- Regulators will test key storage, governance, and transaction controls.
- MiCA enforcement now moves from registration into compliance testing.
- ESMA report due in 2027 will map custody risks across EU providers.
ESMA has opened a custody review that puts EU crypto firms under sharper post-MiCA supervision. The review targets how authorised providers protect client assets and manage operational risks. It also tests whether firms can meet common standards across the bloc.
ESMA Starts Post-MiCA Custody Review
ESMA launched the coordinated action on July 8 with national regulators across the European Union. The review focuses on authorised crypto-asset service providers that offer custody services. It follows the end of MiCA’s transition phase on July 1.
National competent authorities will select firms through a risk-based sample. Supervisors will focus on providers with higher operational exposure and larger client asset risks. The process will not cover every registered firm.
ESMA wants regulators to assess the strength of digital resilience frameworks. The review will cover governance, storage systems, transaction controls, and response plans. It will also test whether firms manage custody risks with clear internal accountability.
Custody Controls Move Into Focus
The review places key management and storage practices at the centre of supervision. Custody firms control access to client crypto assets, so weak systems can create direct losses. ESMA will assess whether firms use strong controls around those functions.
Supervisors will also review transaction approvals and incident detection processes. These areas matter because custody failures can spread quickly through platforms and service providers. As a result, regulators want firms to show clear risk controls.
The exercise will examine third-party dependencies and smart contract risks. Many crypto firms rely on outside technology vendors and infrastructure providers. ESMA wants national regulators to identify gaps before failures affect clients.
MiCA Enforcement Enters A New Stage
MiCA now gives the European Union a common rulebook for crypto service providers. However, member-state regulators still handle much of the direct supervision. ESMA will use this action to align those national approaches.
The review comes as the EU register of authorised crypto firms continues to grow. Recent approvals have brought more exchanges, custodians, and service providers into the regulated market. That expansion increases pressure on supervisors to test compliance in practice.
ESMA expects the review to run through the first half of 2027. Afterward, the regulator will prepare consolidated findings for its Board of Supervisors. The final report will give the EU a clearer view of custody risks under MiCA.






Be the first to comment