MiCA licensing only the beginning as crypto custodians face scrutiny
ESMA has launched a Common Supervisory Action to examine the operational resilience of MiCA-authorized crypto asset service providers, with custody services as a key focus. The review marks a shift in EU crypto oversight from licensing to proving real-world resilience. It will assess controls around key and storage management, transaction controls, incident response, and third-party dependencies. Industry leaders say custodians must now demonstrate—not just claim—security, continuity, and accountability. Institutional clients are already pressing for clearer evidence on asset segregation, access controls, and business continuity. The review also highlights the combined impact of MiCA and DORA, especially because custody systems rely on concentrated third-party vendors. Results could shape future EU supervision standards and support debate over moving crypto oversight from national regulators to ESMA.
