The ESMA recommended increased efforts around cybersecurity and background check processes for CASPs wanting to operate in the EU.
The European Securities and Markets Authority (ESMA), a financial watchdog in the European Union (EU), has requested amendments to the block’s Markets in Crypto Assets (MiCA) regulations. The watchdog sent its suggestions to the European Commission, European Parliament, and European Council.
“The European Securities and Markets Authority (ESMA), the EU’s financial markets regulator and supervisor, has responded to the European Commission proposal to amend the Markets in crypto-assets Regulation (MiCA) Regulatory Technical Standards (RTS),” the ESMA mentioned in a release. “ESMA acknowledges the legal limitations raised by the Commission but emphasises the importance of the policy objectives behind the initial proposal.”
What the ESMA Recommended
The ESMA mentioned it made due notice of these amendments to the MiCA’s RTS but insists they go further. For starters, it wants crypto asset service providers to undergo external cybersecurity audits to ensure their software is resilient against vulnerabilities that cybercriminals could exploit.
As 2024 unfolds, the catastrophe caused by cyberattacks on the crypto market is acutely felt. Indian exchange WazirX took the biggest blow as North Korean hackers ransacked its asset storage systems to walk away with over $230 million. A TRM Labs report revealed that almost $1.4 billion worth of crypto was lost to cybercriminals in just the first half of 2024. That number will go up significantly when year-end crypto hack reports roll in from security firms operating in the blockchain space.
The ESMA also wants thorough assessments of individuals operating CASPs. That would include checks on the reputation of CASPs’ decision-makers. It would also involve “checks regarding the absence of penalties also in areas other than commercial law, insolvency law, financial services law, anti-money laundering and counter terrorist financing, fraud or professional liability.”
The ESMA further mentioned the ball is in the European Council’s court and that it could either adopt the recommendations it wants into the amendments or reject them altogether. “The EC may adopt the two RTS with the amendments it considers relevant or reject it,” the release read, adding, “The European Parliament and the Council may object to an RTS adopted by the EC within a period of three months.”
MiCA is set to take full effect on December 30. While some have proactively taken steps to register in any of the bloc’s member states to operate throughout it, like Circle in July, others have failed to take any action, like Tether.
