KYC and AML in MiCA rules: how will cryptocurrency change in 2025?

All talks concern the EU cryptographic asset markets, i.e. MiCA, MiCA and once again MiCA. This regulatory package, not yet fully in force, is already causing a monumental movement in the blockchain and cryptocurrency space. When does it come into full effect, what exactly is regulated and, most importantly, how can you prepare for upcoming legislative changes and stay compliant in the brave new world of regulated cryptocurrencies?

First of all, when? In June 2024, the European Securities and Markets Authority, together with the European Banking Authority, will prepare draft delegated acts. At the same time, some of the MiCA provisions will become fully applicable. These parts of the package include asset-based tokens, which include all real-world asset tokenization tokens, as well as fiat-based stablecoins, since the assets they refer to are real currencies. When this happens, all entities conducting business using asset tokens will be required to implement a number of regulatory measures, such as KYC and AML protocols. The rest of the regulations will come into force in December 2024 or January 2025. Regulated entities will include:

• Crypto asset service providers (CASP). Any company that provides services such as exchange, portfolio management or custody services for crypto assets will be considered a CASP entity. They will be required to integrate KYC measures when onboarding new users, as well as AML programs that will report suspicious transactions. The catch we must mention is that many defi will also be considered CASPs. MiCA will not apply to so-called “fully decentralized defi”, which means that no person or organization is actually profiting from this enterprise like Bitcoin. However, “semi-centralized defi” will be considered CASPs.
• Tokens relating to resources issuers. These companies are already subject to MiCA regulations and must also implement KYC and AML measures.

The obvious answer is, of course, to introduce KYC and AML measures to remain compliant in the EU cryptocurrency market. However, this process has many barriers, especially for cryptocurrency companies.

Developing KYC and AML protocols on your own takes months, if not years, and will cost your company millions of dollars. The world’s largest banks spend up to $500 million annually on KYC alone, with an average of $50 million. Most crypto companies that already have KYC do so through various KYC providers. Like any other B2B company, a KYC provider does the entire process for you, so the customer saves resources rather than spending them on a completely new business process. The current market situation shows us that the best way to optimize is to use the services of a KYC provider. Even the biggest names in the industry, such as Binance, Bybit and Huobi, use the services of a KYC provider instead of managing it in-house.

Another barrier specific to the cryptocurrency market is data security. Many people flocked to the cryptocurrency market due to the built-in anonymity features and no need to undergo KYC. Not necessarily because they finance terrorism or launder money, but because they simply believe in data ownership and do not want to share sensitive information such as their home address or ID number with third-party companies. Explaining the benefits of MiCA policies and KYC/AML practices to this specific audience will not be easy, so this is a major challenge that crypto companies will need to overcome to retain users once the regulations come into full force.

But what are the actual benefits of MiCA rules? Why are they introduced? Is it just because the government wants to control us even more?

I strongly believe that the MiCA rules will have a very positive impact on the EU cryptocurrency market, allowing it to compete with other regions that are actively regulating cryptocurrencies, and enabling it to become a global cryptocurrency hub.

First of all, MiCA will replace the current regulations of various EU countries. Germany, Italy, Spain, France and other countries have different regulations, different travel rules, minimum transaction sizes without KYC and many other differences. This leads to companies spending additional resources to adapt their KYC and AML processes to each individual legislation. For example, Binance had to leave the Dutch market due to its inability to obtain the necessary license. With the new EU-wide MiCA rules, such cases will no longer occur as companies will have to follow a single standard, making it much easier and cheaper to operate in the EU cryptocurrency market.

Another important thing to note is that MiCA prohibits things that are clearly dangerous and economically unstable. One of the biggest changes that regulations will introduce will be a complete ban on the use of algorithmic stablecoins. In short, there are two types of stablecoins: currency-based and algorithmic. Currency-backed stablecoins ensure a stable price by locking funds in a 1:1 ratio. In other words, if there is 1,000,000 USDT in the market, Tether will have $1,000,000 locked up somewhere, promising to buy back all of that currency with the locked funds.

Algorithmic stablecoins, on the other hand, use supply and demand market principles to maintain a target price. If the issuer notices that the stablecoin is losing value, it buys out part of the supply with other tokens. Scale that high and the security tokens used to redeem the stablecoins from the market will also start to depreciate in value, or the company will burn the security tokens, which will ultimately lead to the company not being able to acquire enough stablecoins from the market, and both tokens will fail. This is what happened with UST and LUNA, with the latter’s price dropping by 99.99%. Algorithmic stablecoins do not work, and by completely banning them, MiCA regulations better protect investors’ funds.

Many people in the cryptocurrency space are less optimistic about upcoming regulations, and they have a point. The implementation of KYC and AML protocols will certainly increase the operating costs of crypto companies, and ultimately users will pay for it. Hiring a KYC provider, storing all the data, and many other additional processes will be expensive, forcing companies to either cut costs elsewhere or increase fees and commissions.

Another issue to mention is safety. If you don’t have user data, it won’t be hacked and leaked. Many users are concerned about their privacy, arguing that even traditional financial organizations that have been using KYC for several decades still fall victim to hackers.

I believe that these problems, while very serious, will be mitigated and resolved as the cryptocurrency market matures and processes are improved and tested. Fair and clear regulations are, of course, the future of the cryptocurrency market, and 2025 will be extremely demanding and interesting for all cryptocurrency users.