The European Securities and Markets Authority (ESMA) has launched a custody review targeting EU cryptocurrency firms following the conclusion of the Markets in Crypto-Assets (MiCA) transition phase. Authorized crypto-asset service providers will be evaluated on their systems designed to protect client assets and manage operational risks.
Significance of the Custody Review
This review is crucial as it strengthens regulatory scrutiny over how crypto firms safeguard their clients' assets. With increasing numbers of exchanges and custodians entering the regulated market, there is a growing need for robust oversight to prevent potential custody failures.
- ESMA's review timeline extends to the first half of 2027.
- The assessment will cover governance, storage systems, and transaction controls.
- National regulators will select firms based on a risk-based framework.
Key Focus Areas for Supervisors
The initiative involves a detailed examination of the digital resilience frameworks employed by custody firms. Supervisors will assess the control measures around client asset access and transaction processes to ensure compliance with MiCA standards. It is imperative for firms to demonstrate effective risk controls, particularly in areas where external technology vendors are involved.
Regulators will also evaluate third-party dependencies and the risks associated with smart contracts, recognizing that reliance on outside service providers can have significant implications for client asset security.
Future Developments to Monitor
As ESMA continues its review process, potential outcomes may lead to enhanced compliance mandates for crypto firms operating within the EU. Stakeholders should remain vigilant regarding upcoming reports and updates, especially as the regulator prepares to offer consolidated findings that will assess custody risks more comprehensively.
This material is for informational purposes only and is not financial advice.



