On 16 October 2024, the European Securities and Markets Authority (ESMA) responded to the European Commission’s (EC) proposal to amend two RTS on the authorisations of crypto-asset service providers (CASPs) and on notifications by certain financial entities to provide crypto-asset services under Regulation 2023/1114 (MiCAR). In its Opinion, ESMA recommended that the EC consider requiring applicant CASPs and notifying entities to provide the results of an external cybersecurity audit, as well as including checks concerning the absence of penalties in areas other than, among others, anti-money laundering and counter terrorist financing (AML/CTF) in the assessment of the good repute of members of applicant CASPs’ management bodies.
The Opinion has been communicated to the EC, the European Parliament and the Council. The EC may adopt the two RTS with the amendments deemed relevant or reject them. The European Parliament and the Council may object to an RTS adopted by the EC within a period of three months.