International Organizational Structure under MICA

International Organizational Structure under MICA 

The new EU Markets in Crypto-Assets (mica) regulation aims to provide legal certainty for crypto-asset issuers and service providers across borders. However, MICA also introduces complex compliance requirements for companies with international ambitions. Building an optimal cross-border structure while meeting regulatory obligations demands careful planning and execution. This article outlines key considerations for international crypto firms under MICA.

Choosing the Right International Structure

MICA applies irrespective of the legal structure adopted by crypto-asset businesses. Hence, the first step is deciding the proper setup for your global aspirations after evaluating the pros and cons:

  • Subsidiaries allow localized management discretion and limit cross-border liability but mean duplicating compliance and governance structures across multiple jurisdictions, leading to higher costs. They provide flexibility for regional expansion but decentralized control.
  • Branches enable centralized governance and control through unified policies and procedures. However, they offer less flexibility for local customization in products, services, and processes to meet market-specific nuances and regulations.
  • Joint ventures allow the pooling of expertise and resources with a local partner. However, they require meticulous structuring of responsibilities, liability, and revenue sharing to avoid regulatory arbitrage. Governance complexities also increase.

Before deciding on the ideal structure, you must carefully assess parameters like the projected scale and scope of operations, the need for localized decision-making, costs of establishing compliance locally, and implications for funding and capital deployment. Consulting regional compliance experts early is advisable to pre-empt regulatory alignment issues.

Implementing Strong Governance and Internal Controls

MICA requires crypto-asset firms to have stringent internal governance and control mechanisms across their organizations. Some key aspects to address:

  • Document detailed governance policies and procedures covering risk appetite, conflicts of interest, insider dealing, clients’ funds safeguarding, remuneration structure, compliance monitoring, outsourcing, internal audit, complaints handling, data protection, and record-keeping. Keep them updated on regulatory changes.
  • Designate a management body and senior managers accountable for day-to-day operations, internal control, regulatory liaison, money laundering prevention, information security, business continuity, and other functions depending on the activities undertaken. Assign clear reporting lines and responsibilities.
  • Establish robust risk management frameworks tailored to crypto-asset activities like trading, custody, lending, staking, etc. Conducted regular risk assessments and implemented mitigation measures around operational, cyber, liquidity, market, and counterparty risks. Maintain appropriate risk limits.
  • Implement stringent know-your-customer (KYC), anti-money laundering (AML), and counter-terrorism financing (CTF) measures, including transaction monitoring, name screening against sanctions lists, detecting sources of funds, and suspicious activity reporting protocols.
  • Ensure reliable and consistent record-keeping and reporting on transactions, positions, losses, governance meetings, compliance issues, and actions taken. Put systems in place to promptly identify and resolve reporting discrepancies.

Striking the Right Balance Between Standardization and Localization

International Organizational Structure under MICA

For international crypto firms under MICA, finding the optimal blend between standardized processes for efficiency and localized adaptation to market needs is critical. Some good practices:

  • Standardize core processes around KYC/AML procedures, crypto-asset transaction validation protocols, custody management systems, cybersecurity frameworks, internal reporting formats, staff training content, and compliance monitoring workflow. It promotes efficiency and consistency.
  • Adapt localized strategies and processes for customer acquisition, marketing channels, sales support, customized offerings, staff incentives, and service delivery channels to align with regional regulations and business environments. Appoint local leadership where prudent.
  • Make sizable technology investments in integrated systems and data infrastructure for seamless data sharing, consolidated reporting, and collaborative work across entities. Use unified ERP and compliance management systems across locations where possible.
  • Foster regular two-way communication between global and local teams through workshops, town halls, knowledge exchanges, and periodic staff rotations. These help align processes, address localization needs and share regional best practices.

Understanding Key Regulatory Requirements

Navigating MICA’s extensive regulatory requirements associated with an international setup requires particular attention:

  • MICA prescribes minimum capital and liquidity that must be maintained locally by branches and subsidiaries. Regional regulators oversee this local capital and liquidity adequacy. Global reserves do not count towards local entity requirements under MICA.
  • Outsourcing rules restrict the outsourcing of critical functions like compliance, risk management, and internal audit. Extensive due diligence and monitoring mechanisms for third-party providers are required. Binding agreements stipulating liability are a must even for intra group outsourcing.
  • With units across the EU, compliance with data protection regulations like GDPR becomes crucial. Ensure lawful data transfer mechanisms between entities and localized data storage by GDPR norms. Assign data protection officers locally where mandated.
  • Getting local authorization from each EU jurisdiction’s regulators is necessary for providing covered services therein – a lengthy process requiring dedicated compliance personnel familiar with local regulations.
  • Extensive reporting requirements mandated by MICA on aspects ranging from transactions to cyber incidents apply at the entity level. Hence, robust data collection, reconciliation, and integration mechanisms are essential to avoid gaps.


Get Free Consultation on Company Formation, Fintech &
Crypto Licensing, AML/CTF Compliance, Business Advisory &
Banking Solutions!

Get in Touch


Maintaining Transparent Communication with Regulators

Given MICA’s stringent regulations, maintaining open and positive engagement with both regional and global regulators is vital when expanding overseas:

  • Be proactive in informing relevant regulators early about the intent to establish operations in their jurisdiction. Keep them regularly updated on implementation milestones and plans.
  • Invest time during authorization to clarify regulator expectations on governance, controls, outsourcing, reporting, and intragroup arrangements. Be transparent in explaining group-wide processes and information-sharing protocols.
  • Respond promptly and comprehensively to regulator queries and information requests post-authorization. It helps demonstrate ongoing compliance rigor and vigilance.
  • Proactively highlight compliance investments made across locations, expanding local teams, training initiatives, and process enhancements to reassure regulators about seriousness.
  • Coordinate audit and regulatory inspection readiness proactively across entities to ensure consistency in practices, data quality, and openness.

Adopting a Forward-Looking Approach to Regulatory Risk Management

Given how rapidly regulations concerning crypto-assets are evolving globally, it is imperative to make regulatory risk management an integral part of the strategy:

  • Continuously monitor emerging regulations, draft proposals, implementation timelines, and enforcement trends across jurisdictions. Participate in industry consultations wherever possible.
  • Conduct regular group-wide reviews of changes to licensing norms, governance guidelines, reporting standards, etc., and their operational impact. Identify gaps proactively.
  • Proactively assess existing systems, processes, and organizational structures against upcoming regulatory changes. Enhance them ahead of implementation deadlines.
  • Develop contingency plans and capital buffers to accommodate potential compliance costs from new regulations. Avoid reactive firefighting.
  • Maintain open communication lines with local regulators. Apprise them for implementation plans and challenges regarding upcoming regulations. Seek guidance proactively.

How Investment Firms Can Offer Crypto Services Under MiCA

The new Markets in Crypto-Assets (MiCA) regulation introduced by the European Union contains a valuable provision for investment firms already licensed under the Markets in Financial Instruments Directive II (MiFID II).

This provision prevents investment firms from refraining from undergoing a separate authorization process under MiCA to provide crypto-asset services. Instead, these firms can immediately expand into offering crypto services by leveraging their existing MiFID II license.

Here’s how it works:

There is an equivalence between certain crypto-asset services listed under MiCA and investment services covered under MiFID II. For example:

Operating a crypto trading platform is equivalent to running a Multilateral Trading Facility for securities under MiFID II.

We provide exchange services between crypto and fiat currencies or between crypto token maps to execute client orders for securities under MiFID II.

Similarly, other MiCA crypto services like order reception/transmission, placement, portfolio management, and investment advice have parallels under existing MiFID investment services.

Thus, if an investment firm is licensed to provide specific investment services under MiFID II, it can seamlessly extend equivalent services to crypto-assets using its current authorization.

The investment firm needs to inform its national regulator about the crypto-asset services it intends to offer and in which countries. The firm must also ensure its governance, risk management policies, and prudential safeguards like capital buffers and insurance coverage apply appropriately to crypto activities.

Additionally, the firm must fully comply with all other conduct, organizational, and transparency obligations under MiCA. But the shortcut avoids lengthy re-authorization purely for crypto services.

This approach acknowledges that while MiCA covers crypto-assets that are not deemed financial instruments, security tokens are already regulated as financial instruments under MiFID II. So, the EU uses MiCA to regulate other crypto-assets precisely without amending MiFID II.

Investment firms can conveniently unlock new crypto service revenue streams under the MiCA framework by leveraging existing systems and authorizations. With some compliance adjustments, they can rapidly capitalize on rising crypto adoption.

Additionally, other licensed subjects from the classical financial industry, such as Electronic Money or Credit institutions will be able to also provide part of crypto related services without additional authorization, just via the notification process at the supervisory authority (e. g., the Bank of Lithuania).


While MICA enhances the legitimacy and adoption prospects for crypto-assets globally, its extensive compliance requirements make international expansion highly complex. However, by investing adequately in strong yet flexible governance structures, seamless business processes, proactive regulatory engagement, and forward-looking risk management, crypto firms can build compliant and efficient cross-border operations to tap into the enormous opportunity MICA offers.