MiCA's First Year: Lessons for UK Crypto Firms Operating Across Borders

Executive summary: MiCA became fully effective across the EU in December 2024, and by April 2026 firms have sixteen months of live operational experience under the regime. UK crypto firms with EU operations now face the practical reality of dual-jurisdiction compliance, with the UK's own authorisation gateway opening in September 2026. The divergences between the two regimes are significant, and managing them simultaneously has material cost and resource implications for your finance function.

What MiCA Actually Required in Practice

MiCA (Markets in Crypto-Assets Regulation, EU Regulation 2023/1114) is a comprehensive regulatory framework covering three categories of cryptoasset: asset-referenced tokens (ARTs), e-money tokens (EMTs), and a residual category of other crypto-assets (including utility tokens). The regulation came into force in stages, with ART and EMT provisions applying from June 2024 and the full CASP (Crypto-Asset Service Provider) authorisation requirements completing the picture in December 2024.

Sixteen months of live operation have clarified what the regulation actually demands. The headline obligations are well understood, but the operational detail is where firms have struggled. CASP authorisation requires firms to demonstrate adequate organisational structures, sound administrative and accounting procedures, internal control mechanisms, risk assessment procedures, and IT systems capable of meeting MiCA's ongoing reporting requirements. The initial applications submitted to national competent authorities (NCAs) in the first half of 2025 revealed the extent to which many applicants had underestimated the documentation burden.

For CASPs, the key licence categories are: exchange of crypto-assets for fiat, exchange between crypto-assets, execution of orders, reception and transmission of orders, portfolio management, custody and administration, and operation of a trading platform. Each carries its own prudential capital floor and conduct requirements. A firm operating a crypto exchange that also offers custody services must satisfy the requirements for both activities simultaneously.

White Paper Obligations

The white paper requirement under MiCA is one of the most operationally demanding elements. For ART and EMT issuers, the white paper must be approved by the relevant NCA before publication. For other crypto-assets, issuers must notify their NCA at least 20 days before publication, but approval is not required. The white paper must contain prescribed information including rights and obligations attached to the token, redemption procedures, underlying technology, risk factors, and financial information about the issuer.

The liability framework attached to the white paper is significant: issuers are civilly liable to holders for losses arising from false, misleading or incomplete information in the white paper. This is not a boilerplate disclosure exercise. CFOs need to ensure the financial information in the white paper, including reserve composition and issuer capital position, is accurate, audited where required, and updated when material changes occur.

Reserve Requirements for ARTs and EMTs

ARTs must maintain a reserve of assets covering all claims at all times, with the reserve composition prescribed by MiCA. EMTs, by contrast, must be backed 1:1 by deposits or highly liquid low-risk assets denominated in the reference fiat currency. The practical distinction matters: an EMT issuer faces a straightforward 1:1 cash-equivalent backing requirement, whereas an ART issuer faces a more complex reserve composition exercise that depends on the basket of assets or currencies referenced by the token.

In practice, the EMT regime is significantly closer to the UK's proposed stablecoin regime than the ART regime. For firms operating in both jurisdictions, EMT issuance is therefore more tractable from a dual-compliance perspective.

Navigating Dual-Jurisdiction Compliance

UK firms with EU operations have faced a particular challenge: they have needed to obtain CASP authorisation in an EU member state to continue serving EU clients, while simultaneously preparing for the UK's own authorisation gateway. Most have chosen to incorporate a subsidiary in an EU member state, with Ireland, Luxembourg, and the Netherlands attracting the majority of UK crypto firm applications. The ESMA passporting mechanism allows a CASP authorised in one member state to passport its services across the EU27, which makes the single-subsidiary approach viable.

The dual structure creates immediate CFO complexity. You are maintaining two regulated entities, each with its own capital requirements, each requiring its own regulatory reporting, each with its own audit, compliance, and legal overhead. For a mid-size firm, the cost of running two regulated structures typically runs to £600,000 to £1.2 million per annum in additional overhead before you begin to count the capital that must be held in each entity.

MiCA CASP min. capital

€50kCustody/admin services only

MiCA CASP max. capital floor

€150kTrading platform operators

UK crypto PMR (proposed)

£50k+Varies by activity class

ESMA passporting

One authorisation covers all EU27 member states

Where the Divergences Are Most Significant

The UK's own crypto regime, as set out in the FCA's consultation papers CP25/14 and CP25/15, will open its authorisation gateway in September 2026. Firms that have been through MiCA will find some familiarity, but there are important structural differences that require careful navigation. Mapping those differences is a prerequisite for managing dual compliance efficiently.

Asset scope

ARTs, EMTs, other crypto-assets; DeFi and NFTs largely out of scope

Fiat-referenced tokens, crypto exchange, custody, lending, staking

UK scope includes staking; MiCA does not regulate staking directly

Reserve requirements

EMT: 1:1 in deposits/liquid assets. ART: prescribed basket composition

1:1 backing with ODDR (5%), BACR, ILAR layered on top

UK ILAR is additional own-balance-sheet buffer; no MiCA equivalent

Capital floors

€50k to €150k per activity; FOR (25% fixed overheads) also applies

PMR £50k+, FOR (3 months opex), K-factors including K-SII (2% of SII)

UK K-SII scales with issuance size; MiCA ART/EMT caps differ

Passporting

Full EU27 passport available once authorised in one member state

No passport; UK authorisation covers UK only

UK firms need separate EU entity for EU clients; no equivalence yet

White paper

Mandatory; NCA approval required for ARTs and EMTs

Cryptoasset disclosure document (CDD) required; FCA review process

Similar in intent; UK CDD format and liability framework differ in detail

The passporting divergence is the most commercially significant. A UK firm that has obtained CASP authorisation via an EU subsidiary can serve EU clients via passport from that subsidiary. But there is currently no equivalence decision between the UK and EU regimes, meaning a UK-authorised firm cannot passport into the EU and vice versa. The two regimes are parallel, not interoperable.

"The absence of equivalence between MiCA and the UK regime is not a temporary technical gap. It reflects a deliberate policy divergence, and firms that assumed convergence would happen are discovering that running two regulatory entities is a permanent structural cost, not a transitional one."

The MiCA CASP Authorisation Process: What It Took

Firms that went through MiCA CASP authorisation in 2025 report that the process was more demanding than anticipated, with a typical timeline of six to twelve months from initial application to grant of authorisation. The key friction points were: the quality and completeness of the organisational documentation, the adequacy of the compliance function (most NCAs expected a dedicated chief compliance officer, not a shared resource), and the IT and security assessment.

NCAs varied significantly in their review timelines and information requests. The German BaFin and the Dutch AFM developed reputations for thorough but relatively efficient processes. Some southern European NCAs experienced significant backlogs in 2025 as application volumes exceeded anticipated capacity. By the time the gateway was fully open in December 2024, ESMA had published its guidelines on MiCA authorisation requirements, which helped standardise the process across member states, but national implementation differences persisted.

For UK firms, the practical lesson is to treat the FCA's September 2026 gateway with the same level of preparation seriousness. The FCA has been explicit that it will not operate a light-touch entry process: applications must be complete and demonstrate genuine compliance readiness from day one. The MiCA experience suggests that underprepared applications waste significant time and regulatory goodwill.

CFO Implications of Dual-Framework Operation

Running two regulated entities across two jurisdictions creates a set of specific CFO challenges that are worth enumerating clearly, because they affect your funding requirements, your reporting processes, and your team structure.

Capital allocation: Each entity must independently satisfy its capital requirements. Capital held in your EU subsidiary cannot be counted toward your UK entity's requirements, and vice versa. Your group financing structure must account for this. For a firm with a £150k UK PMR and a €150k EU capital floor, you need at least £300k+ deployed across the two entities on a permanent basis before you count FOR, K-factors, or any ILAR.
Regulatory reporting: MiCA requires regular reporting to the relevant NCA, including financial statements, capital adequacy reports, and incident notifications. The UK regime will require its own reporting. These are not the same formats. You need reporting capability in both frameworks, which typically means either a compliance tool that supports both or a split compliance team.
Audit: Both entities require annual statutory audits. Regulatory reporting may require additional agreed-upon procedures or assurance work. Budget for two audit engagements, with the complexity premium for regulatory audits.
Transfer pricing: If you have a group structure with shared services (technology, risk, compliance), you need a defensible transfer pricing methodology. Both HMRC and EU tax authorities will scrutinise this, particularly if the entity receiving services is the regulated entity that holds authorisation.
FX exposure: Your EU entity holds capital and liquidity in euros; your UK entity holds sterling. If your group operates on a consolidated basis, you have a structural FX exposure between entities that needs to be managed and disclosed.

Cost benchmark: Based on firms we have worked with and publicly available information from MiCA applicants, the total incremental cost of maintaining a dual UK/EU regulated structure in the crypto sector runs to approximately £600,000 to £1.4 million per annum for a firm of 30 to 100 employees. The largest cost drivers are compliance personnel, dual audit fees, legal retainers, and regulatory technology. Capital costs (i.e., the opportunity cost of capital locked in regulatory buffers) add further to this figure depending on the firm's cost of capital.

ESMA Guidelines and What They Clarified

ESMA has been active in publishing guidance under MiCA to address the many practical questions that the regulation left open. Of particular relevance to CFOs are the guidelines on reserve management for ART and EMT issuers, published in mid-2025, which clarified the eligible asset categories and concentration limits for backing pools. These guidelines confirmed that money market funds must maintain a constant or accumulating net asset value and must not expose the issuer to significant duration or credit risk.

ESMA also published guidance on the treatment of staking by CASPs, clarifying that offering staking as a service requires CASP authorisation and that the associated risks must be clearly disclosed to clients. For UK firms, ESMA's guidance is directly relevant because the FCA has indicated it will take a broadly compatible approach to staking regulation under the UK regime, drawing on MiCA precedent where appropriate.

The most practically useful ESMA output has been the Q&A on MiCA application, updated regularly since December 2024. Firms preparing UK FCA applications should read this carefully: it contains detailed answers to questions about the scope of activity categories, the treatment of on-chain versus off-chain activities, and the circumstances in which a firm can rely on an existing e-money licence rather than seeking CASP authorisation. Many of those answers are relevant to how the FCA is likely to interpret analogous questions in the UK context.

Key Takeaways

MiCA CASP authorisation took longer than firms expected in 2025. Plan for six to twelve months from initial application to authorisation; do not assume the FCA gateway will be faster.
There is no UK-EU equivalence decision and none is imminent. If you serve EU clients, you need an EU-authorised entity. This is a permanent structural cost, not a transitional one.
The UK regime's ILAR requirement has no direct MiCA equivalent. If your EU entity is fully MiCA-compliant, it will still require additional own-balance-sheet capital under the UK framework.
Map your group structure now: capital allocation, transfer pricing, FX exposure, and dual audit requirements all need to be addressed before you apply for UK authorisation.
ESMA's Q&A and guidelines are required reading for anyone preparing a UK FCA application. The interpretive precedents set under MiCA will influence FCA thinking on analogous questions.
Budget for £600,000 to £1.4 million per annum in incremental dual-structure overhead if you are running regulated entities in both jurisdictions. Build this into your runway and funding models.
White paper and disclosure document liability is real. Ensure your CFO is actively involved in the financial sections of any required disclosure document, not just the compliance team.