MiCA is not primarily a legal problem — it is a finance and controls problem that arrives on the CFO's desk regardless of how the legal team handles it.
The Markets in Crypto-Assets Regulation came into full effect across the EU at the end of 2024. It is the most comprehensive crypto-specific regulatory framework any major jurisdiction has produced. The typical response from companies in the space has been to treat it as a legal and compliance problem: get a classification opinion, apply for the relevant licence, move on. That response is incomplete. MiCA is a finance and controls problem as much as a legal one, and the CFO's office is where much of the operational weight of compliance lands.
Section IWhat MiCA actually does
MiCA creates three regulated categories of crypto-assets. Asset-referenced tokens (ARTs) maintain stable value by referencing multiple currencies, commodities, or other assets. E-money tokens (EMTs) maintain stable value by referencing a single official currency. Everything else — "other crypto-assets," including most utility tokens — falls under a lighter-touch disclosure and white paper regime rather than a full authorisation requirement.
The distinction matters for the CFO because the obligations attached to each category differ fundamentally in kind.
ARTs and EMTs — the stablecoin categories — carry the most demanding requirements: reserve asset management obligations specifying what the issuer must hold and in what form; segregation requirements separating reserve assets from the issuer's operational funds; redemption rights at par for holders on request; liquidity stress tests; and capital requirements expressed as a percentage of average tokens outstanding. These are, in substance, quasi-banking obligations. An issuer of a significant ART or EMT is running something that looks structurally similar to a money market fund, with the associated balance sheet implications.
The practical line between a "utility token" and an "asset-referenced token" is not always obvious. A token classified as an ART by the regulator when the issuer assumed it was a utility token triggers obligations the issuer may not be positioned to meet. The classification determination is not a one-time judgment — it is a live risk that must be monitored as the token's use and economic characteristics evolve.
Section IIThe CFO's specific obligations
Assuming correct classification and the appropriate Crypto-Asset Service Provider (CASP) licence, the ongoing obligations falling to the finance function are substantial.
Own-funds requirements. CASPs must maintain minimum own funds calculated as the higher of a fixed minimum (ranging from €50,000 to €150,000 by licence class) or one quarter of the preceding year's fixed overheads. The fixed-overhead calculation is a specific regulatory computation — not simply operating expenses, but a defined subset — that must be computed quarterly and reported to the regulator. The finance team owns this calculation and the data lineage that feeds it.
Reserve asset management for ART/EMT issuers. Reserve assets must be invested only in instruments specified by the regulation — broadly, cash and highly liquid, low-risk assets — and must be legally segregated from the issuer's operating assets. The CFO must establish a separate treasury function for the reserve: a custodian arrangement, a valuation process, a reconciliation between tokens outstanding and reserve assets held, and a stress test against redemption scenarios. These are live, recurring deliverables.
Periodic reporting. CASPs file periodic reports with their national competent authority covering own funds, transaction volumes and values, material operational incidents, and significant business changes. Preparing these reports is a finance-function task: the data sources are accounting systems, transaction ledgers, and operational logs, and the reports must be accurate and timely.
Significant token designation. If a token is designated "significant" by the European Banking Authority — a designation triggered by threshold tests on user numbers, transaction volume, and market capitalisation — obligations escalate further: enhanced capital requirements, mandatory stress testing at higher frequency, supervisory oversight transferred to EBA, and mandatory interoperability requirements for payment tokens. The designation can arrive without warning when thresholds are crossed. The finance function needs to monitor the relevant metrics continuously and model the financial impact of a significant designation before it happens.
Section IIIThe audit and assurance dimension
MiCA creates new assurance obligations that sit between the finance function and the external auditor. For ART and EMT issuers, reserve assets must be audited at least annually, with the report published. The audit must cover both the existence of the assets and their compliance with the regulation's investment restrictions.
The "other crypto-assets" regime requires that the white paper contain accurate financial statements where the issuer is large enough to require them, and that material changes be disclosed promptly. The CFO is responsible for the financial information in the white paper and for its ongoing accuracy — a continuing disclosure obligation, not a point-in-time one.
The audit conversation around crypto-assets is still developing. Specific procedures for on-chain transaction verification, wallet control testing, and reserve asset confirmation are newer disciplines than the standard financial statement audit. The finance function's role is to prepare the documentation — wallet address registers, on-chain transaction ledger reconciliations, custody agreements — rather than expecting auditors to construct it from scratch.
Section IVWhat MiCA does not change
MiCA does not change the underlying economics of a token or the strategic case for issuing one. A token that creates genuine platform utility — enabling on-chain settlement, giving holders access to services, functioning as a mechanism for retiring carbon credits on behalf of customers — has value because of what it does, not because of what the regulation says. MiCA provides a clearer regulatory perimeter within which that value can be expressed. On balance, that is a good thing for the market.
What it does change is the operational cost of running a compliant token business within the EU. The licence fees, own-funds requirements, reserve management infrastructure, and audit obligations are real costs that must be quantified, budgeted, and accounted for. They also create a barrier to entry. Companies that have built the compliance infrastructure are better positioned than those that have not, and that gap will widen as enforcement develops.
MiCA is not a legal problem to be resolved once and forgotten. It is an ongoing operational discipline — a set of metrics to monitor, reports to file, and capital levels to maintain. The CFO who treats it as such has understood what the regulation actually demands.
Lorna Mason is CFO of IMPT, Dublin. Contact: lorna@impt.io