Skip to content

Home / CFO Blog / Blockchain

Blockchain · CFO Blog

MiCA for the CFO: a working checklist

The licensing question is not the legal team's question alone. The capital, reserve, and disclosure obligations sit in finance.

Filed under
Blockchain
Reading time
6 min
Published
2026-05-23
Author
Lorna Mason

Filed under

Pillar I — The CFO in Blockchain

Keyword

MiCA CFO compliance

The Markets in Crypto-Assets Regulation entered into force across the European Union in stages through 2024. For the CFO of any company that issues a token, holds tokens on behalf of customers, or distributes them in the EU, MiCA is not a legal compliance project that visits finance occasionally. It sits in finance from start to finish. The capital, the reserves, the disclosure, the audit, the ongoing reporting — all of it.

The checklist below is the working sequence a senior finance leader uses to bring a MiCA-affected business inside the regime without being surprised by the bill.

What MiCA actually regulates

MiCA distinguishes three categories of crypto-asset and a separate population of crypto-asset service providers.

  • Asset-referenced tokens (ARTs). Tokens that aim to maintain a stable value by referencing a basket of currencies, commodities, or other assets. Heavily regulated, with capital and reserve requirements that mirror banking regulation in structure.
  • E-money tokens (EMTs). Tokens that aim to maintain a stable value by referencing a single fiat currency. Subject to e-money regulation as well as MiCA, with similarly strict reserve and redemption requirements.
  • Other crypto-assets — primarily utility tokens. Tokens that provide access to a service or product and do not qualify as financial instruments under MiFID II. Lighter regime, but still requires a white paper that complies with prescribed content, notification to a national competent authority, and ongoing accuracy of the disclosure.
  • Crypto-asset service providers (CASPs). Entities providing custody, exchange, transfer, advice, or other services for crypto-assets to third parties. Subject to authorisation, capital requirements, conduct rules, and ongoing supervision.

NFTs are largely outside MiCA in their current form, as are decentralised finance protocols without an identifiable issuer or service provider — though the perimeter on both is being tested.

Step one: identify the perimeter

The first error in MiCA work is assuming the entity is outside the perimeter because the token activity is incidental to the core business. National competent authorities have shown a willingness to take a broad view of what constitutes a crypto-asset service. "We just accept the token as payment" is rarely, by itself, sufficient to stay outside the CASP regime if the entity holds tokens for customers, exchanges them, or transfers them on instruction.

The CFO's first deliverable is a written perimeter analysis prepared with qualified counsel. It maps the entity's activities to the MiCA definitions, identifies the activities that require authorisation, and documents the reasoning where an activity is judged outside the perimeter. This document is the foundation of every subsequent finance and audit conversation.

Step two: classify the token, with documentation

If the entity issues or has issued a token, the second deliverable is a token classification memo. Is the token an ART, an EMT, a utility token, or — possibly — a financial instrument under MiFID II that sits outside MiCA but inside a heavier regime?

The classification is not made by analogy to what other issuers report. It is made by analysing the token's rights, redemption mechanics, peg arrangements, and stated purpose against the regulatory definitions. The memo records the reasoning. It will be reviewed in due diligence, in audit, in regulatory examination, and in any future capital event.

Step three: build the reserve and disclosure capability

For an ART or EMT issuer, the reserve requirements are the single largest finance project the regime imposes. MiCA prescribes that reserves must be segregated from the issuer's own assets, held with credit institutions or qualified custodians, and composed of eligible instruments — with concentration and liquidity rules that constrain the investment policy.

The finance build-out is substantial:

  • A daily reconciliation between tokens in circulation and reserve assets, with a defensible methodology for the gap analysis.
  • A reserve composition disclosure published at a prescribed cadence, with the level of detail MiCA requires — not the level of detail the marketing team would prefer.
  • An audit relationship that includes reserve attestation alongside the financial audit, with both teams aligned on scope.
  • A custody arrangement that meets segregation requirements and survives the failure of any single counterparty in the reserve.

For utility token issuers, the disclosure obligation is the white paper, but the discipline of accuracy is the same. The financial information in the white paper is, in substance, a public disclosure. It must be reviewed with the rigour applied to any other public financial statement.

Step four: integrate with VAT, OSS, and DAC7

MiCA does not stand alone. A token-issuing or token-handling business operating in the EU sits inside a tax architecture that includes VAT treatment of crypto transactions, the One-Stop-Shop scheme for B2C digital services, and DAC7 reporting for digital platforms that facilitate the sale of goods, services, or property by third parties.

The finance function must integrate these regimes rather than running them in parallel. A transaction that triggers MiCA disclosure may also be a VAT event, may also be within scope of DAC7, and may also produce a withholding obligation in the customer's jurisdiction. Building the data architecture once, with all four regimes in mind, is materially cheaper than building it four times.

The four mistakes finance teams make before authorisation

From observation of how these programmes go wrong:

  • Underestimating the legal-finance interface. Treating MiCA as a legal project that finance will support is a structure that fails on day one of regulatory examination. Finance owns the reserve, the disclosure, and the ongoing reporting.
  • Building the white paper as a marketing document. The white paper is a regulated disclosure. Inaccuracy is enforceable. Treat it as a prospectus, not as a website.
  • Underfunding the reserve build-out. The systems, the custody, the audit, and the ongoing reporting are not a small line in the budget. Build the business case with the full cost.
  • Assuming reciprocity with other jurisdictions. MiCA authorisation does not, of itself, satisfy obligations in the United Kingdom, the United States, or any other non-EU jurisdiction where the entity operates. Each perimeter is its own project.

This piece sits inside the CFO in blockchain framework. For adjacent questions, see stablecoin treasury management and multi-jurisdiction crypto tax. Lorna is CFO of IMPT, in Dublin, a MiCA-jurisdiction company. The verified page records what is and isn't published on this site.

Lorna Mason is CFO of IMPT, Dublin. The verified public record is on the Verified page. Contact: lorna@impt.io

Continue

Related from the CFO Blog.

Blockchain · CFO Blog · 6 min

Stablecoin treasury management: when, why, how much

When stablecoins belong in a corporate treasury, why the working-capital case is real, and how much exposure the policy should permit before

Blockchain · CFO Blog · 7 min

Multi-jurisdiction crypto tax for global platforms

Multi-jurisdiction crypto tax for a global platform — VAT, OSS, DAC7, withholding, and the architecture that lets a CFO meet obligations wit

Blockchain · CFO Blog · 7 min

On-chain treasury: a CFO's framework

A CFO's framework for an on-chain treasury — classification before policy, custody as control, liquidity as discipline, and the four questio