MiCA Regulation: AML Requirements for Crypto Asset Providers in EU
EU MiCA came into full force December 30, 2024, making it the world's most comprehensive crypto regulation. For CASPs operating in Europe, AML obligations include zero-threshold Travel Rule, mandatory CASP authorization, and sanctions screening requirements backed by penalties up to 10% of annual worldwide turnover.
MiCA Enforcement Timeline
MiCA regulation published in EU Official Journal
MiCA partially in force: stablecoin/e-money token rules (Titles III & IV)
Full MiCA enforcement: all crypto asset services (Title V)
National competent authorities begin CASP authorization reviews
First MiCA enforcement actions announced by EU member states
Ongoing: annual compliance reporting, license renewals, AML audits
MiCA AML Obligations and Penalties
CASP Authorization
Prohibition order, fine up to €500,000All crypto asset service providers must be authorized by a national competent authority before operating in the EU. EU-based firms with existing registrations had a 18-month transition period ending mid-2026.
Travel Rule (All Transactions)
Fine up to 5% of annual worldwide turnoverUnlike FATF's $1,000 threshold, MiCA's transfer of funds regulation requires Travel Rule compliance for all crypto transfers — no minimum transaction size. Originator and beneficiary data must accompany every transfer.
Sanctions Screening
Fine up to 10% of annual turnover or €5MCASPs must screen customers and transactions against EU sanctions lists, UN consolidated list, and OFAC (for US-related business). Real-time screening required. Frozen asset reporting within 24 hours of match.
AML/CFT Program
License suspension, fine up to €700,000 per officerWritten AML policy, designated MLRO (Money Laundering Reporting Officer), risk assessment, transaction monitoring system, SAR filing within 30 days of suspicious activity detection.
Record Keeping
Fine up to €200,000All KYC data, transaction records, screening results, and compliance decisions must be retained for 5 years. Records must be accessible to competent authorities within 24 hours on request.
The Zero-Threshold Travel Rule
MiCA's implementation of the Travel Rule through the Transfer of Funds Regulation (TFR) is stricter than FATF's recommendation. While FATF sets a $1,000 threshold, the EU TFR requires originator and beneficiary information on all crypto transfers, regardless of amount.
This means a €10 USDC transfer between two EU-based exchanges requires the same Travel Rule data as a €1 million transfer. In practice, this drives automation requirements: manual Travel Rule compliance at this scale is not operationally possible.
The CryptoAML API enables automated pre-transaction screening integrated directly into your transfer approval flow. @scorechain_amlbot handles ad-hoc checks for compliance team review before approving unusual transactions.
CASP Authorization Process
To provide crypto asset services in the EU under MiCA, companies must apply for CASP authorization from the national competent authority in their EU member state of establishment. The application requires: a written AML policy, designated MLRO, compliance procedures, IT security documentation, capital requirements proof, and governance structures.
Existing crypto businesses that were registered under previous national regimes (e.g., Germany's BaFin crypto custody license, France's PSAN registration) were given an 18-month transition period ending around mid-2026 to obtain full MiCA authorization.
Key part of any CASP application: evidence of automated transaction monitoring and sanctions screening. @scorechain_amlbot and @ScorechainAML_bot audit logs can serve as documented evidence of your screening program for regulator review.
EU-Compliant Screening
Screen against EU sanctions list, OFAC SDN, and UN consolidated list. All checks logged for MiCA compliance documentation.
Try @scorechain_amlbotAPI for AutomationMiCA Key Numbers
MiCA AML Compliance: FAQ
When did MiCA come into full force?
MiCA was published in June 2023. Rules for asset-referenced tokens and e-money tokens (Titles III and IV) applied from June 2024. Full enforcement for all crypto asset services, including exchanges and wallet providers, began December 30, 2024. By mid-2026, all EU-based CASPs must hold a MiCA authorization from their national regulator.
What is a CASP under MiCA?
CASP stands for Crypto Asset Service Provider. MiCA defines 10 categories of crypto asset services: custody and administration, operation of a trading platform, exchange of crypto for fiat, exchange of crypto for crypto, execution of orders, placing of crypto assets, reception and transmission of orders, providing portfolio management, providing transfer services, and providing advice on crypto assets. Any business providing one or more of these services in the EU is a CASP.
Does the EU Travel Rule apply to all transactions?
Yes — this is the most significant difference from FATF's recommendation. The EU Transfer of Funds Regulation (TFR), which applies under MiCA, requires Travel Rule data collection and transmission for all crypto transfers, not just those above €1,000. Even €1 transfers between VASPs must carry originator and beneficiary information.
Which sanctions lists must EU CASPs screen against?
At minimum: the EU Consolidated Financial Sanctions List (updated by OFAC-equivalent regulations), the UN Security Council Consolidated List, and country-specific sanctions. CASPs with US customer relationships or USD settlement should also screen against OFAC SDN. @scorechain_amlbot covers all of these in a single API call.
What are the penalties for MiCA non-compliance?
Penalties vary by violation type. Operating without a CASP license: up to €500,000 or 5% of annual turnover. Repeated violations: up to 10% of worldwide annual turnover or twice the benefit gained. Criminal penalties for intentional violations in some member states. Regulators can also impose temporary business suspension or permanent license withdrawal.
How does @scorechain_amlbot help with MiCA compliance?
@scorechain_amlbot and @ScorechainAML_bot provide real-time wallet screening against EU sanctions lists, OFAC SDN, and 50+ other lists. The CryptoAML API integrates into your onboarding flow and transaction monitoring system to automate pre-transaction screening — a core MiCA requirement. Audit logs of all checks are retained and exportable for compliance reporting.