Regulatory Glossary

A set of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. In crypto, AML requirements mandate that exchanges verify customer identities, monitor transactions for suspicious activity, and report potential money laundering to authorities.

Under MiCA regulation

A type of crypto-asset that maintains a stable value by referencing multiple currencies, commodities, or other crypto-assets. ARTs are subject to specific authorization requirements under MiCA, including capital requirements and reserve asset rules. Issuers must publish a white paper and maintain reserves equal to the value of tokens in circulation.

The formal approval granted by a regulatory authority allowing a company to provide crypto-asset services. Under MiCA, CASPs must obtain authorization from their home member state's National Competent Authority (NCA) before offering services. Authorization differs from registration in that it requires meeting more stringent ongoing requirements.

Bundesanstalt für Finanzdienstleistungsaufsicht

Germany's Federal Financial Supervisory Authority, responsible for regulating banks, insurance companies, and securities trading—including crypto-asset service providers. BaFin is one of the primary regulators for MiCA CASP licensing, known for rigorous standards and strong reputation. Applications typically require German-language documentation.

A method of storing crypto-assets offline, disconnected from the internet, to protect against hacking and unauthorized access. Regulatory frameworks often require custodians to keep a significant portion (typically 90%+) of client assets in cold storage. This is a key security measure evaluated during CASP authorization.

Regulations and procedures designed to prevent funds from being used to finance terrorist activities. CFT requirements are typically bundled with AML obligations (together referred to as AML/CFT) and require crypto service providers to screen transactions and customers against sanctions lists and report suspicious activities.

Under MiCA regulation

A legal entity authorized to provide one or more crypto-asset services to clients on a professional basis under the MiCA framework. CASP services include custody, trading platform operation, exchange services, order execution, placement, transfer services, advisory, and portfolio management. CASPs must obtain authorization from their NCA and can then passport services across all EU member states.

Cyprus Securities and Exchange Commission

Cyprus's financial regulatory agency responsible for supervising investment services, including crypto-asset service providers. CySEC is a popular choice for MiCA CASP licensing due to its English-friendly processes, lower capital requirements compared to other jurisdictions, and established fintech ecosystem.

An EU regulation establishing uniform requirements for the security of network and information systems of financial entities, including CASPs. DORA requires entities to implement comprehensive ICT risk management frameworks, conduct regular testing, and report ICT-related incidents. It complements MiCA's operational requirements.

A digital system for recording, sharing, and synchronizing data across multiple locations without a central administrator. Blockchain is the most common type of DLT. MiCA defines crypto-assets as digital representations of value or rights that can be transferred and stored electronically using DLT or similar technology.

Under MiCA regulation

A crypto-asset that purports to maintain a stable value by referencing a single official currency (e.g., EUR, USD). EMTs are similar to traditional e-money and can only be issued by authorized credit institutions or e-money institutions. Under MiCA, EMT issuers must maintain reserves and grant holders redemption rights at par value.

European Securities and Markets Authority

An independent EU authority that contributes to safeguarding the stability of the European Union's financial system. Under MiCA, ESMA develops technical standards, maintains the register of authorized CASPs, and coordinates supervision of significant stablecoin issuers. ESMA also provides guidance on classifying crypto-assets.

An intergovernmental organization that sets international standards for combating money laundering, terrorist financing, and other threats to the integrity of the international financial system. FATF's recommendations on virtual assets have shaped crypto regulation globally, including the Travel Rule requiring VASPs to share customer information.

United Kingdom

The UK's financial regulatory body responsible for regulating crypto-asset businesses for AML purposes. Post-Brexit, the FCA operates its own registration regime separate from MiCA. The FCA has taken a strict approach to crypto regulation, banning the sale of crypto derivatives to retail consumers and requiring detailed registration applications.

The process of verifying the identity of customers before or during the time they start doing business with a financial institution. For crypto exchanges, KYC typically involves collecting government-issued ID, proof of address, and sometimes source of funds documentation. KYC is a core component of AML/CFT compliance.

EU Regulation 2023/1114

The European Union's comprehensive regulatory framework for crypto-assets, which came into full effect on December 30, 2024. MiCA establishes uniform rules for crypto-asset issuers and service providers across all 27 EU member states, replacing the previous patchwork of national VASP regimes. It covers authorization requirements, consumer protection, market integrity, and prudential rules.

A senior individual within a regulated firm responsible for overseeing AML/CFT compliance, including reporting suspicious activities to authorities. CASPs under MiCA must appoint an MLRO who has sufficient authority, resources, and access to relevant information to fulfill their duties effectively.

The designated regulatory body in each EU member state responsible for authorizing and supervising CASPs under MiCA. Examples include BaFin (Germany), CySEC (Cyprus), AMF (France), and CONSOB (Italy). Once authorized by one NCA, CASPs can passport their services to other EU member states.

The ability of a firm authorized in one EU member state to provide services in other member states without needing separate authorization in each country. Under MiCA, authorized CASPs can passport their services across all 27 EU countries by notifying their home NCA, which then informs the host state authorities.

A type of cryptocurrency designed to maintain a stable value relative to a reference asset, typically a fiat currency like USD or EUR. Under MiCA, stablecoins are categorized as either E-Money Tokens (EMTs) if pegged to a single currency, or Asset-Referenced Tokens (ARTs) if backed by multiple assets. Both have specific regulatory requirements.

A document that financial institutions and CASPs must file with authorities when they detect known or suspected violations of law, or suspicious activity that might indicate money laundering, terrorist financing, or other financial crimes. Filing SARs is a key AML/CFT obligation for all regulated crypto service providers.

FATF Recommendation 16

A FATF requirement that obligates VASPs and CASPs to collect, hold, and transmit originator and beneficiary information during crypto-asset transfers. Similar to rules for traditional wire transfers, the Travel Rule aims to prevent anonymous transfers that could facilitate money laundering or terrorist financing. Implementation varies by jurisdiction.

Pre-MiCA terminology

The term used by FATF and in pre-MiCA national regulations for entities providing crypto services. In the EU, the VASP registration regime was replaced by MiCA's CASP authorization framework as of December 30, 2024. New service providers must now apply for CASP authorization rather than VASP registration. The term VASP is still used in non-EU jurisdictions.

Dubai, United Arab Emirates

Dubai's independent regulator established in 2022 to oversee the virtual assets sector. VARA is the world's first independent regulatory authority specifically created for virtual assets. It provides a comprehensive regulatory framework for exchanges, brokers, and other crypto service providers operating in Dubai.