What Crypto-Asset Service Provider Need to Know About Crypto Compliance?

If you operate as a Crypto-Asset Service Provider (CASP) in the EU, you will face new EU-level oversight. The Anti-Money Laundering Authority (AMLA) starts in 2025 to set standards and coordinate national supervisors, and from 2028 may directly supervise large or cross-border CASPs.

Alongside this, three frameworks reshape compliance. Markets in Crypto‑Assets Regulation (MiCA) sets licensing, consumer and prudential rules. TFR extends the travel rule to crypto, requiring sender and receiver data on every transfer. AMLR creates a single EU rulebook, applying from 10 July 2027. Each has different timelines, so CASPs must prepare early.

What is MiCA, AMLR, AMLA and TFR?

MiCA (Markets in Crypto‑Assets Regulation) establishes a licensing regime for crypto‑asset issuers and service providers, harmonising prudential and conduct rules across the EU. It sets standards for asset‑backed tokens, e‑money tokens and other crypto assets, and defines a crypto‑asset service provider as any entity providing custody, exchange or platform services.

AMLR and AMLA (Anti-Money-Laundering Regulations/Authority) For CASPs, AMLR and AMLA mean clear deadlines. From 2025, AMLA will issue standards you must build into your compliance systems. By 10 July 2027, you need full AMLR alignment, including Customer Due Diligence (CDD), risk assessments, transaction monitoring, and reporting. From 1 January 2028, AMLA may directly supervise you if you operate in at least six EU countries or are seen as high-risk. By 2025, you must use EU ownership registers to verify beneficial owners. By 2029, extra transparency checks apply to property-linked transactions.

TFR (Transfer of Funds Regulation) implements the travel rule for both fiat and crypto transfers. From 30 December 2024, it requires CASPs and payment service providers to transmit specified information about the originator and beneficiary with each transfer. Unlike previous practice, there is no de minimis threshold for crypto transfers: every CASP‑to‑CASP transaction must include full originator and beneficiary information.

How do obligations differ for CASPs compared to other industries?

Crypto-Asset Service Providers (CASPs) face a stricter and more specialised rule set than many other obliged entities. Unlike sectors that only fall under AML rules, CASPs must also meet MiCA’s licensing conditions, capital requirements, and governance standards. In practice, this means their obligations span both prudential regulation and day-to-day anti-money-laundering compliance, with extra focus on transaction traceability and customer verification.

Licensing and prudential rules: Under MiCA, CASPs must obtain authorisation from an EU member state, maintain sufficient capital and meet governance standards. MiCA also creates specific requirements for issuers of stablecoins and asset‑referenced tokens.

AML and CDD: The AMLR classifies CASPs as financial institutions and impose robust customer due diligence. Occasional crypto transactions above €1,000 will trigger CDD measures; cross‑border correspondent relationships require enhanced due diligence. CASPs must identify beneficial owners (≥25 % ownership or control) and assess risks using a risk‑based approach.

Travel rule compliance: The TFR obliges CASPs to collect and verify the originator’s name, address, account number and distributed ledger address and to transmit that data before or at the same time as the transaction. CASPs receiving transfers must screen and reject transfers lacking required information.

Conclusion

CASPs now face the tightest regulatory net in EU finance. MiCA sets licensing and capital floors, AMLR enforces risk-based controls, and the TFR locks in full transaction traceability. Timelines overlap, so waiting is not an option.

RegTech Platforms built specifically for EU rules give CASPs a centralized system to manage licensing, onboarding, monitoring, and travel-rule compliance. Consolidating these obligations into one system reduces overlap, ensures consistency with AMLR and MiCA requirements, and prepares firms for AMLA oversight. Early adoption of such platforms is the most effective way to scale operations with confidence before direct EU supervision begins.

FAQ

What is the difference between MiCA and AMLR/TFR?
MiCA focuses on authorising and supervising crypto‑asset issuers and service providers, while the AMLR harmonises anti‑money‑laundering obligations such as customer due diligence and beneficial ownership identification. The TFR implements the travel rule for crypto transfers and requires CASPs to share sender and receiver information.

When does the travel rule apply to crypto transactions?
The travel rule applies from 30 December 2024 and covers every CASP‑to‑CASP transfer without a minimum threshold.

Do P2P transfers fall within the scope of the TFR?
No. Person‑to‑person transfers between private individuals acting outside a professional capacity are excluded.

Which RegTech platform best supports CASPs with EU crypto compliance?
CASPs need more than a licence—they need solutions built for EU rules. A platform must align with MiCA, AMLR, and TFR, while providing identity checks, sanctions screening, risk scoring, transaction monitoring, audit trails, and secure EU data hosting.

Veridaq is natively built for the EU. The platform delivers automated onboarding, sanctions and PEP screening, blockchain analytics, and integrated travel-rule messaging. Veridaq connects MiCA licensing with continuous AMLR and TFR compliance, letting CASPs scale confidently under EU supervision.

.