Publication of Delegated Regulation regarding market abuse monitoring and reporting obligations under MiCA

Introduction: Regulatory Technical Standards

The much anticipated Commission Delegated Regulation 2025/885 setting out the regulatory technical standards (“MiCA RTS”) for the arrangements, systems and procedures which persons professionally arranging or executing transactions in crypto-assets (“PPAETs”) are required to have in place to prevent, detect and if necessary report market abuse have been published in the Official Journal of the European Union.

As confirmed by the European Securities and Markets Authority (“ESMA”) in paragraph 14 of its Final Report setting out draft technical standards specifying certain requirements in relation to the detection and prevention of market abuse under MiCA (“Final Report”), the MiCA RTS are modelled on the regulatory technical standards applicable to persons professionally arranging or executing transactions in traditional financial instruments under the Market Abuse Regulation (“MAR RTS”).

General requirements

The MiCA RTS serve to flesh out PPAETs’ obligation to prevent and detect market abuse under article 92 of MiCA. In summary, PPAETs are required to have appropriate arrangements, systems and procedures which enable them to effectively:

1. monitor (i) all their orders and transactions, and (ii) aspects of the functioning of the distributed ledger technology (“DLT”), including the consensus mechanism, in order to identify whether circumstances might exist indicating that market abuse has been, is being or likely to be committed; and
2. reporting any suspicious behaviour to the competent authority (being the Malta Financial Services Authority in Malta).

These arrangements, systems and procedures must naturally be documented in writing (including changes or updates) and must be regularly assessed, at least through an annual audit and internal review.

The MiCA RTS do not set specify the detail of the “arrangements, systems and procedures” which PPAETs are required to have. The MiCA RTS do, however, apply the principle of proportionality given that they require the arrangements, systems and procedures to be appropriate and proportionate in relation to the scale, size and nature of the PPAET’s business activity  – whether regulators will apply this level of proportionality in the course of their oversight of PPAETs’ market abuse procedures is, of course, yet to be seen, although our experience with regulatory oversight of firms’ monitoring obligations under the Market Abuse Regulation (“MAR”) might suggest otherwise.

Risk assessments

Although not strictly required under the MiCA RTS, PPAETs would do well to undertake a thorough assessment of the market abuse risks which they face (both internal and external) prior to devising any procedures under the MiCA RTS in order to ensure that their monitoring processes and procedures adequately addresses their most material risks. Our experience in advising and assisting clients adhere to their obligations under the MAR RTS shows that such risk assessments are fundamental and are, more often than not, almost expected by regulators.

Nature and scope of obligations

Notwithstanding the aforementioned principle of proportionality which should give PPAETs –  especially smaller players – some perspective on the expected level of sophistication of their procedures, PPAETs should still note that their monitoring and reporting obligations apply irrespective of (a) the capacity in which the order is placed or the transaction is executed; (b) the types of clients concerned; and (c) whether the orders are placed or transactions executed on-chain or off-chain.

Moreover, PPAETs are reminded that their arrangements, systems and procedures must cover their full range of trading activities.  In this respect, the RTS require PPAETs to “employ ICT systems” to assist them in their monitoring obligations, albeit such ICT systems are required insofar as they are “appropriate for, and proportionate in relation to, the scale, size, and nature” of the PPAET’s business activity. Also note that the RTS require PPAETs to ensure an appropriate level of human analysis throughout the monitoring journey.

Reporting

Upon forming a reasonable suspicion that market abuse has been, is being or likely to be committed, PPAETs will need to report that behaviour to the competent authority by submitting a suspicious transaction or order report (“STOR”). A template STOR is annexed to the RTS, and the RTS also give detailed requirements about the submission of STORs.

Training

Sensibly, the RTS mandate PPAETs to organise regular and comprehensive market abuse training for staff, including front-liners. In our experience regulators tend to place significant weight on the adequacy and frequency of training provided, so PPAETs would do well to devise properly structured training programmes and ensure that the training materials are in line with regulatory expectations.

Record keeping

The RTS also impose strict record keeping requirements. Most notably, PPAETs are required to keep adequate records of the analysis carried out with regard to orders, transactions and aspects of the functioning of DLT that could constitute market abuse for a period of 5 years, including the analysis made and the reasons for submitting or not submitting a STOR. That information must be provided to the competent authority upon request.

Divergence from technical standards in Final Report

The MiCA RTS differ quite significantly from the draft regulatory technical standards which ESMA had proposed in the Final Report. Accordingly, firms that – in the course of a MiCA license application – have already started devising and developing their MiCA-specific market abuse procedures on the basis of the draft technical standards set out in the Final Report would do well to carry out a gap analysis with a view to determining whether their existing procedures align with the MiCA RTS.

For this reason, we prepared a mark-up of the MiCA RTS, showing changes as against the draft regulatory technical standards in the Final Report. The mark-up can be accessed here.

Shortcomings

Like the rest of the market abuse provisions in Title VI of MiCA, the RTS unfortunately raise certain doubts and questions which ought to be addressed sooner rather than later. In particular, we believe that further clarification is required on the following matters, amongst others:

1. The definition of PPAETs. The term ‘persons professionally arranging or executing transactions’ is obviously quite broad and can capture various categories of people, including crypto-asset services providers (CASPs) and persons dealing on own account. The breadth of the definition could also lead to uncertainty and ambiguity. Accordingly, a clarification, similar to that provided by ESMA in its MAR Q&A, would be welcome and necessary.
2. Types of market abuse being monitored. Save for one specific reference to insider dealing and market manipulation in recital (2), the MiCA RTS seem to require PPAETs to monitor for all types of “market abuse”. Under MiCA (as in MAR), the concept of “market abuse” encompasses three separate behaviours, namely (i) insider dealing, (ii) unlawful disclosure of inside information and (iii) market manipulation. The MAR RTS, logically, limit monitoring obligations to insider dealing and market manipulation (or attempts thereof), and do not require monitoring of unlawful disclosures of inside information. Given that the MiCA RTS are modelled on the MAR RTS, it may be argued that the PPAETs’ obligations under the MiCA RTS should be limited to insider dealing and market manipulation but, absent any specific regulatory / legislative clarification to this effect, taking such a position may entail certain risks.
3. Other functioning of DLT. PPAETs are required to monitor (on an ongoing basis!) aspects of the functioning of the DLT, including the consensus mechanism, in order to identify whether circumstances might exist indicating that market abuse has been, is being or likely to be committed. The scope of this monitoring obligation is ambiguous at best, and while ESMA clarified in its Final Report that “the regulatory expectation is not an ongoing monitoring of the functioning of the consensus mechanism as a whole but only in relation to those transactions that reach the PPAET” (para. 63), we believe that further clarification on regulatory expectations on this front would be merited.

Entry into force

The MiCA RTS will enter into force on 9 September 2025.