Tackling the misuse of crypto-assets for ML-TF purposes


As a constantly evolving sector, the crypto-assets ecosystem presents continuous challenges, particularly in terms of money laundering and terrorist financing (ML-TF) risks.

To tackle the misuse of crypto-assets for ML-TF purposes, it is necessary to subject players active in this sector to anti-money laundering and counter terrorist financing (AML-CTF) supervision. Consequently, such players have been progressively included within the AML-CTF framework.

The framework initially covered professionals operating “virtual assets”. This scope has been amended to refer to professionals dealing with “crypto-assets”, following the adoption of Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets (MiCAR).

Thus, it is worth reminding players of the amendments made to the current AML-CTF regime (Section 1. below) before focusing on the applicable AML-CTF requirements under MiCAR (Section 2.).

1. Amendments to the current AML-CTF regime

  •  Overview of the current AML-CTF regime

Following the adoption of the amended Financial Action Task Force (FATF) Recommendation 15 and of Directive (EU) 2018/843 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, virtual asset service providers (VASPs) have been brought within the scope of AML-CTF obligations.

As set out under the FATF recommendations, a VASP is a natural or legal person providing certain services in relation to virtual assets, such as the exchange between virtual assets and fiat currencies (or between one or more forms of virtual assets) or the transfer of virtual assets.

Consequently, VASPs are currently subject to the obligation:

  1. to be supervised for AML-CTF purposes and hence subject to a licensing or registration procedure depending on applicable national laws; and
  2.  to comply with AML-CTF requirements.


  • Changes brought by MiCAR

The regime currently applicable to VASP is set to change following MiCAR’s upcoming entry into force, which marks a significant milestone for the crypto-assets’ sector.

MiCAR introduces a new category of professionals: crypto-asset service providers (CASPs), which are defined as legal persons that are duly authorised to engage in the provision of crypto-asset services on a professional basis. Among other obligations, CASPs are subject to specific AML-CTF obligations, which will need to be implemented by CASPs (see Section 2 below). 

Upon the date of applicability of MiCAR, CASPs will also be brought within the scope of AML-CTF obligations resulting from Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLD). This derives from an amendment introduced by Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets. CASPs are indeed included within the category of financial institutions falling within the scope of application of AMLD and hence subject to AML-CTF requirements. These changes will apply beginning 30 December 2024.

  • Changes brought on by the AML-CTF Package

Pursuing the ongoing objective of managing and mitigating ML-TF risks inherent to crypto-assets,  the proposal for a Regulation of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing (AML Regulation), which has been published as part of the European Commission’s AML-CTF Package, will include CASPs as obliged entities under the AML Regulation.

2.   AML requirements for CASPs under MiCAR

In the following section, we will analyse the specific AML-CTF related obligations that have been included for CASPs in MiCAR for:

     i.        programme of operations;

    ii.        honourability requirements; and

     iii.            policies and procedures.

  • Programme of operations

Entities wishing to apply for an authorisation as a CASP must provide the national competent authority (NCA) with a description of their internal control mechanisms, policies and procedures to identify, assess and manage risks, specifically ML-TF risks. These internal control arrangements must be adapted to the activities to be carried out, particularly to the crypto-asset services in their programme of operations.

There will be regulatory technical standards developing MiCAR, which will specify the information to be included in the application for CASP authorisation, and specifically in connection with AML-CTF topics.

In fact, before granting or refusing an authorisation as a CASP, NCAs may consult the local competent authorities for AML-CTF and financial intelligence units, to verify that the applicant CASP has not been the subject of any investigation relating to ML-TF.

In addition, NCAs must withdraw the relevant authorisation if the CASP does not have effective systems, procedures and arrangements in place to detect and prevent ML-TF.

  • Honourability

CASPs are required under MiCAR to employ personnel with the knowledge, skills and expertise to discharge the responsibilities allocated to them, taking into account the scale, nature and range of crypto-asset services provided.

In particular, the members of the management body and direct and indirect CASP shareholders and members that have qualifying holdings are subject to specific requirements in connection with AML-CTF to ensure their honourability. In addition to the general honourability conditions applicable to them, MiCAR also requires that they must not have been convicted of any offence in the field of ML-TF.

Consequently, NCAs will refuse authorisation as a CASP where there are objective and demonstrable evidence exposing the applicant CASP to serious risk of ML-TF.

  • Policies and procedures

CASPs must adopt the necessary policies and procedures effective in ensuring compliance with MiCAR. In particular, CASPs are required to define and implement an AML-CTF manual approved by the management body, which must be provided in the application for authorisation as CASP.

This manual typically encompasses comprehensive client due diligence, transaction monitoring, and reporting mechanisms, also in accordance with applicable European and local AML-CTF regulations.

Finally, MiCAR establishes the obligation for CASPs to carry out increased checks on financial transactions involving customers and financial institutions from third countries listed as high-risk third countries.


With MiCAR, CASPs are required to comply with a series of AML-CTF obligations.

Therefore, it is essential for entities contemplating a CASP authorisation to be aware of the AML-CTF obligations, which will be imposed on them and to prepare for their implementation. 

To receive advice on AML-CTF and crypto assets’ related matters, contact your usual CMS professional or the CMS experts who contributed to this article:  Aurélia Viémont, Ricardo Plasencia, Raquel Garcia Lobato and Mélanie Poirrier, or send an email to [email protected].

For other articles in the series “Legal experts on Markets in Crypto-Assets (MiCA) regulation”, click here: Legal experts on Markets in Crypto-Assets (MiCA) regulation (cms.law).

For more information on crypto regulation before the introduction of MiCAR, visit CMS Expert Guide to European Crypto Regulation. For tax perspectives, check out CMS Expert Guide on Taxation of Crypto-Assets (Crypto Tax).