top of page

Understanding MiCA: Key Takeaways from the Financial Supervision Authority Briefing




lawyers discuss MiCA licence in Estonia

A briefing was conducted today (13.11.2024) by the Estonian Financial Supervisory Authority (FI) regarding the implementation of the MiCA regulation, with a particular emphasis on the process of applying for a CASP activity license.


Officials from the Financial Supervision Authority provided insights into key considerations for prospective license applicants to ensure a seamless start and progression of the CASP license procedure.


The briefing aimed to illuminate FI's strategy derived from their oversight of different financial activity licenses.

 

Applicants are expected to take a friendly and proactive approach, even before submitting the necessary documents for the business license. However, applicants must conduct their legal research and fully comprehend the requirements of the activity license they are seeking.

 

It is worth noting that the application period for MICA permits in Estonia commences on 31.12.2024, with a transition period extending until mid-2026. Service providers holding a VASP license issued by FIU can operate until 01.07.2026.

 

FI emphasized that the implementation of the new legal framework (MiCA) is associated with the new supervision framework, which will be conducted by the Financial Supervision Authority instead of the former FIU. Actual supervision commences upon acquiring the license.

 

Key takeaways from the Financial Supervision Authority briefing about implementing MiCA in Estonia are outlined below, though not exhaustive, that the business license applicant should consider.


The fee for processing the activity permit is EUR 3,000.

The procedural process involves three stages: 5 days for document reception and preparation for evaluation, 30 days for assessing document completeness, and up to 40 days for document evaluation and decision-making.

 

The submitted application is evaluated from three aspects:

  1. The organizational model and its suitability

  2. Internal rules, procedural rules, and customer protection

  3. Reliability assessments

 

FI suggests giving more attention to the management and key individuals within the organization. They emphasize that this is a crucial aspect. One of their core principles is the requirement of a physical presence - meaning that in order to obtain a permit in Estonia, the majority of the company's operations must be conducted there. Historically, the main focus has been on assessing the suitability of key personnel, ensuring they have the necessary qualifications and a clean record. These individuals need to be well-suited for their respective roles.

 

When applying for an activity license, it is essential to include a legal analysis of the proposed service. It is advisable for the applicant to determine which MiCA service category their business license application aligns with.


Regarding the organization, the applicant is required to describe of:

  • The structure of the organization, its management structure, critical functions

  • Action plan and business plan/model

  • Strategy

  • Risk profiles

  • Employees

  • Third-party service providers

  • Contracts


Internal controls and regulations should include:

  • Compliance documentation

  • Risk management

  • Internal audit

  • Conflict of interest

  • Remuneration policy

  • Technical IT documenattion


Internal regulations and guidelines should include customer protection mechanisms.


The applicant needs to determine if the client will have any control over the asset or if it will be fully transferred to the service provider. In the latter scenario, the asset must be free of any liens and should not be used in the company's operations.


Availability is crucial in addressing customer complaints. All complaints should be documented, and the steps taken to resolve them must be recorded.


When discussing the provision of an exchange service, focus on the implementation methodology and the application of non-discriminatory principles towards customers.


For portfolio management or advisory services, it is mandatory to evaluate whether the service is appropriate for the specific client.


The market abuse detection system must include a warning system, thorough analysis capabilities, trained personnel, and a protocol to notify the financial institution when market abuse attempts or manipulations are identified by the service provider.


CASP must have an emergency plan and exit strategy in place, as well as a whistleblowing policy. Additionally, regular audits of ICT systems and cyber security must be conducted.


The company's managers must possess the required knowledge and experience collectively. Moreover, it is important to ensure that key personnel dedicate enough time to their roles (e.g. everyone should hold a primary position within the company).


The expectation for individuals with a substantial interest in the company includes having a positive reputation and avoiding any penalties.


When using external service providers, it is essential to conduct risk mapping, establish contracts, and contemplate the transition to a new service provider - what is the applicant's strategy and procedure in this case?


It is likely that automated systems will handle multiple processes. In such instances, preliminary contracts may be concluded. Manual tasks need to be rationalized and should align with the organization's scale and the type of operation.


To sum up,


The briefing provided market participants with an outline of the procedure for obtaining an activity license and the expectations of the Financial Supervision Authority for applicants, as well as its role in overseeing crypto companies.


Furthermore, in addition to supervising services, new obligations are imposed on issuers, providers, or individuals seeking approval for trading crypto assets, who must inform financial supervision of their activities or obtain prior authorization, depending on the asset type.


The FInantsinspektsioon said that the recording (in Estonian) is to be posted on their website as well so that everyone can easily access and get the necessary knowledge.


Furthermore, essential details regarding the process of applying for CASP activity permits are currently accessible here The operating license in markets of crypto assets



bottom of page