Mitigating Risks and Maximising Opportunities: A Consultant's Guide to MiCA Compliance

The EU's Market in Crypto-assets Regulation, also known as MiCA, was proposed by the European Commission in December 2020 to establish a harmonised framework for crypto-assets across the EU. MiCA is an extension of the MiFID II (Markets in Financial Instruments Directive) and MiFIR (Markets in Financial Instruments Regulation) which were introduced in the European Union (EU) in 2018. The regulation aims to provide legal clarity and investor protection for the rapidly growing crypto-asset market, while addressing specific risks associated with these assets. MiCA’s principles address topics such as governance, risk management, and AML controls, as well as a framework for the registration, supervision and oversight of crypto-asset service providers.

The background of MiCA can be traced back to the growing popularity and use of crypto-assets in the EU, which has led to increasing concerns about the lack of regulation in this market. Additionally, the EU has been actively trying to promote innovation in the digital finance sector and to position itself as a leader in the field.

MiCA is intended to be a step towards achieving these goals by creating a legal framework for crypto-assets that is both flexible and forward-looking, as well as ensuring that they are subject to the same standards of integrity, transparency, and investor protection as traditional financial instruments.

Who does this apply to?

MiCA applies to Crypto-asset Service Providers (CASP) located within a European Union member state that are not covered by the Markets in Financial Instruments Directives (MiFID).

MiCA has outlined eight crypto-asset services that require authorization in the member state. These services include:

Custody and administration of crypto-assets for third parties
Advice on crypto-assets
Exchange of crypto-assets for fiat currency
Operation of a trading platform
Exchange of crypto-assets for other crypto-assets
Receiving and transmitting orders for crypto-assets on behalf of third-parties
Placing of crypto-assets
Execution of orders for crypto-assets on behalf of third parties

It's important to note that MiCA doesn't have a separate third country regime, meaning any CASP seeking to offer services to European customers must be fully authorised by the relevant authority in a member state. Failure to do so may limit the CASP to only relying on reverse solicitation, as the regulation contains a non-solicitation clause.

This means that European customers must initiate contact with the CASP and the CASP cannot have any marketing material or financial promotions aimed at union members.

Application process

If you're a business looking to provide crypto-asset services in the EU, you'll need to start by submitting an application to the national competent authority in the country where your business is located.

When you submit your application, the competent authority has 25 working days to decide if it's complete. If not, you'll have to provide additional information by a deadline. If you don't, your application may be rejected. Recent AML registrations show that authorities may ask for additional information in a timely manner, and failure to provide it may result in authorization denial.

If the application is deemed complete, the competent authority has three months from receipt to make a decision, taking into account the nature, scale, and complexity of your proposed services.

Applications can be declined on two grounds: if the management body poses a threat to the effective, sound, and prudent management and business continuity, and to the interests of clients and market integrity; or if the applicant fails to meet the requirements of MiCA.

Therefore, it's crucial for applicants to have a strong senior management team with experience in financial services and sound governance and processes in place for their crypto-asset services. By providing clear and comprehensive evidence of these factors in the application, businesses can increase their chances of approval and authorization to offer crypto-asset services in the EU.

Programme of operations

The Program of Operations (OP) is a comprehensive outline that transforms overarching strategic goals into specific priorities, objectives, and concrete actions.

This section is crucial in thoroughly describing the business's services. If the business offers them, the services should be thoroughly discussed, including how they are put into practice. A brief overview of the different types of services that can be offered will also be provided.

Type of crypto asset services provided

Custody and administration of crypto-assets on behalf of third parties.
This is relevant for businesses that store and oversee crypto assets for users and other businesses. The act of storing and managing means that third parties can only access their cryptocurrencies through the platform and not directly through the blockchain. The business also implements security measures such as private key management, cold wallet transfers, and advanced transaction signing architecture such as MPC. Centralised crypto businesses like cryptocurrency exchanges, centralised wallets, payment processors, centralised crypto lending platforms, centralised stablecoin providers, and centralised mining pools offer custody and administration services.

Operation of a trading platform for crypto-assets
This involves overseeing one or multiple platforms that enable several third-party users to buy and sell digital assets in a centralised manner, leading to the formation of a contract, be it the trade of one cryptocurrency for another or the exchange of a cryptocurrency for fiat currency.

Exchange of crypto-assets for fiat currency
A service that involves buying and selling digital assets with third parties using fiat currency as the payment method. The transactions are carried out on the trading platform using clients' funds, and the exchange of one cryptocurrency for another is also possible.

Execution of orders for crypto-assets on behalf of third parties
This refers to executing contracts to buy or sell one or more digital assets, or to invest in them, on behalf of third-party clients.

Placing of crypto-assets
This refers to the marketing and distribution of newly issued digital assets or digital assets not yet traded on a cryptocurrency exchange, to a specific group of buyers. This does not encompass making an offer available to the general public or to existing owners of the issuer's crypto-assets.

Reception and transmission of orders for crypto-assets on behalf of third parties
This involves accepting orders to buy or sell digital assets or subscribe to digital assets from individuals and transmitting those orders to another party to execute the transaction. This type of service is not common and operates similarly to a traditional brokerage.

Providing advice on crypto-assets
Refers to offering personalised or specific recommendations regarding the purchase or sale of digital assets or the utilisation of digital asset services to a third party, either upon request or initiated by the advisor.

How and where they are marketed

In this section, you should detail your business's marketing approach and methods, which can be grouped under conventional marketing channels like:

- Online Advertising
- Social Media
- Influencer Marketing
- Content Marketing
- Conferences and events
- Referral programs
- Public Relations
- Email Marketing
- Referral Partners

Explain the type of content used for marketing and the means of communication with your customers.

It is imperative that all marketing materials follow the following rules:

1. All ads or promotions must be properly labelled.
2. The information presented in the ads or promotions must be accurate, easy to understand, and not misleading.
3. The information in the ads or promotions must match the official white paper of the digital asset, if required by law.
4. The ads or promotions must mention the availability of an official white paper of the digital asset and provide the website address of its creator.

Having a Marketing/Financial Promotions Policy is crucial in showing regulatory authorities that your CASP has adequate controls and safeguards in place to ensure compliance with the above standards for marketing materials and financial promotions. This policy typically includes an approval matrix for financial promotions to ensure that compliance and legal teams review and approve marketing materials and financial promotions.

Fit & proper test directors and UBO’s

Financial service directors should possess traits that meet the standards of "Fit and Proper" as determined by regulatory authorities. This includes a clear criminal record, a favourable reputation and character, as well as a sound understanding and experience in the financial sector. Regulators typically evaluate a director's fitness through various means such as background screenings, reference checks, and personal interviews.

Background evaluations may encompass a review of the individual's criminal history, credit record, and professional credentials. Additionally, the individual's past dealings with commercial law, insolvency law, financial services law, anti-money laundering law, counter-terrorism legislation, and professional liability obligations may also be scrutinised.

Reference checks involve contacting past employers or associates to gain insight into the individual's work history, character, and reputation.

Interviews with the individual may be conducted after reviewing their resume to gauge their knowledge of the financial industry and their familiarity with related regulations. Ideal directors should exhibit strong leadership and management skills, have a thorough understanding of the financial industry and regulations, possess sound analytical and decision-making abilities, and exhibit effective communication skills.

To summarise, Fit and Proper assessments often encompass a blend of background checks, reference checks, interviews, and continued monitoring to ensure the director's suitability for the role.

Risk management

Internal control mechanism

Internal control mechanisms are an important aspect of risk management for financial services companies. They are designed to help organisations identify, assess, and mitigate risks that could impact their operations and financial performance. Internal control mechanisms are designed to ensure that financial and operational information is accurate, reliable and timely, and that the business is compliant with laws, regulations and standards. One common framework that many financial services companies adopt to implement internal control mechanisms is the three lines of defence model.

The three lines of defence model is a way of organising the risk management and internal control functions within an organisation. The first line of defence is the day-to-day business operations, where the front-line staff are responsible for identifying and mitigating risks. The second line of defence is the second line review, where a dedicated team of risk management and internal control professionals review the effectiveness of the first line's efforts. Finally, the third line of defence is the independent internal audit, which provides an objective assessment of the company's internal control and risk management systems.

Internal control mechanisms can include a variety of different elements such as segregation of duties, supervisory review, independent internal audit, and regular risk assessments. Segregation of duties is important to ensure that no single individual has too much control over a specific process, supervisory review ensures that processes are being followed properly, independent internal audit provides an objective assessment of the company's internal control and risk management systems, and regular risk assessments help identify potential risks and vulnerabilities. Strong governance is essential in ensuring that these mechanisms are properly implemented, monitored and continuously improved. Governance  is the oversight and direction provided by the board of directors and senior management. It is required to ensure that the organisation is aligned with its strategic objectives. Part of the governance process is defining a risk management policy and -process that is integrated into the overall management process.

Risk assessments

Besides setting out a policy and process on how to manage risk within the company, further more detailed assessments are required on an ongoing basis on a multitude of topics. Such assessments aim to review the risk tolerance and exposure of the company on topics that a crypto-asset service provider would typically be exposed to. The findings from these assessments would translate into new controls or other actions to reduce- and mitigate risks the company is exposed to. Specific assessments that are required would be an AML risk assessment, an Enterprise Wide Risk assessment and a token listing risk assessment.

AML risk assessment

An Anti-Money Laundering (AML) risk assessment evaluates the potential risks a company may face from money laundering and terrorist financing. This process involves examining the company's products, services, customers, locations, and transactions to determine if the risks fall within the company's risk tolerance. It also analyses the internal controls, policies, and procedures to assess their effectiveness in detecting and preventing such activities. The purpose of the assessment is to continually identify weaknesses in the AML program and provide recommendations for improvement. The outcome is a report documenting the findings and improvement suggestions. AML assessments are crucial for building strong AML controls and are regularly requested by payment service providers for crypto-asset service providers to gauge their AML program's level of control and sophistication.

Enterprise-wide risk assessment

An Enterprise-wide Risk Assessment is a thorough process that involves a company's key personnel to identify and address potential threats and critical risks to the business. The assessment examines the company's legal and regulatory risks across various areas, including IT & Cyber Security, Finance, Sales, Operations, Compliance, Legal, and HR. The objective is to identify weaknesses in the risk management program and create a plan to mitigate or manage these risks. The result of the assessment is a comprehensive report that documents the findings and provides tailored recommendations for improving the company's risk management program, particularly in the crypto-assets industry.

Token listing risk assessment

The aim of the token listing assessment is to verify the token's compliance with regulations and determine its suitability for listing on the service provider's platform. This assessment entails examining the token's technical specifications, issuance, and distribution, as well as evaluating its legal and regulatory compliance. Additionally, the underlying assets, such as the technology and governance structure, are analysed. In the context of MiCA, the assessment also includes a review of the token issuer's compliance with the MiCA regulations, including the issuer's business plan, capital structure, and management. A review of the token's marketing materials, such as the white paper, is conducted to ensure accuracy and clarity. The outcome of the assessment is a report that documents the findings and provides recommendations for listing the token or not.

Business continuity plan

The Business Continuity Plan (BCP) outlines the steps an organisation will take to keep its essential operations running during a crisis or disruption. This is crucial for crypto-asset service providers, as disruptions in payments infrastructure can result in severe consequences, such as the failure of a crypto exchange in the event of a run on withdrawals that is not managed properly. A well-designed and tested BCP can help mitigate this risk and allow the organisation to handle challenging situations effectively.

The plan should detail the potential risks and threats the organisation may face, such as cyberattacks, natural disasters, human errors, or regulatory changes. It should also include measures to prevent, detect, and respond to these risks, such as incident response plans, disaster recovery plans, and testing and maintenance schedules. The plan should outline procedures for reporting incidents to relevant authorities and protecting customer data. The BCP should be regularly reviewed, tested, and updated to reflect changes in the organisation or regulations.

Testing the BCP is critical for ensuring its effectiveness. This can be done through tabletop exercises, functional testing, or full-scale exercises, where the organisation's response and recovery capabilities are evaluated. In tabletop exercises, participants discuss a simulated scenario and evaluate response plans. In functional testing, the BCP procedures are activated to test their effectiveness. In full-scale exercises, emergency response teams are activated in a realistic simulation of a disruption or crisis to test the organisation's readiness. BCP testing should be conducted regularly, with results used to update the BCP.

IT & Cybersec

This section should outline your IT system in both technical and non-technical terms. The technical description should include diagrams that show every component of the infrastructure and how they interact with each other. Ensure all systems are thoroughly documented and ready for an audit at any time.

The non-technical explanation should provide an overview of the systems and focus on key elements. Security should be a top priority as it is highly valued by regulators. Compliance with data is also a critical aspect to consider.

Include policies and procedures for access, change management, and IT infrastructure in this section. Let's examine the main elements to include in the technical explanation.

The most common infrastructural components of crypto businesses will be discussed. Then, we will take an example of a hypothetical exchange and describe its infrastructure.

The IT infrastructure usually comprises several key components, some of which may be outsourced to vendors. These include:

Database: To store user accounts, transaction history, and order book information. This is typically a relational database management system (RDBMS) such as MySQL or PostgreSQL. Some modern databases include NoSQL and GraphQL.

Trading engine: To handle real-time trade execution by matching buy and sell orders and updating the order book.

Wallet infrastructure: To securely store and manage supported crypto currencies. This is typically a hot wallet for quick withdrawals and a cold wallet for long-term storage. MPC custody provided by vendors has become popular in recent years, eliminating the need for hot and cold wallets.

Front-end: To offer customers a user interface, either a website or mobile app.

Network infrastructure: To guarantee the stability and security of the exchange, including firewalls, load balancers, and intrusion detection systems.

Cyber security measures for a crypto currency exchange should include:

Multi-factor authentication: To ensure only authorised users can access the exchange's systems.

Encryption: To secure sensitive data such as user information and wallet private keys.

Regular security audits: To find and resolve vulnerabilities in the exchange's systems.

Penetration testing: To simulate real-world attacks and discover potential vulnerabilities.

DDoS protection: To prevent the exchange from being taken offline by a distributed denial-of-service attack.

Cold storage for large amounts of funds.

Security Information and Event Management (SIEM) system for real-time network monitoring and suspicious activity alerts.

Regular software and security updates to keep the systems current and protected against known vulnerabilities.

Make sure to explain and document all of these elements in the context of your business.

Prudential safeguards

CASPs must comply with capital adequacy requirements. The amount of permanent minimum capital is based on the services provided or 1/4 of the fixed overheads of the preceding year, reviewed annually. Whichever amount is higher.

These minimum capital requirements based on the service provided are divided in classes:

- Class 1 - Reception and transmission of orders on behalf of a 3rd party, providing advice on CAs, placing CA’s, portfolio    management of CA’s and managing the transfer of CAs - €50,000
- Class 2 - Activities set out in class 1 and the custody and administration of CAs, the exchange of CAs against fiat and the exchange    of CAs against other CAs - €125,000
- Class 3 - Activities set out in class 1 and 2 and the operation of a trading platform - €150,000

If the CASP chooses to cover its capital requirements through insurance, the policy must be in effect for at least a year, have a 90-day cancellation period, be issued by an authorised insurance company, and cover scenarios such as loss of documents, misrepresentations, breach of regulatory obligations, conflict of interests, business failure, and gross negligence.

Complaints management procedure

CASPs authorised under MiCA must have effective and transparent procedures in place for handling customer complaints promptly, fairly, and consistently. It's suggested that they make their complaints handling procedures available to customers on their website. Customers should be able to file complaints using a template provided by the CASP, which should include all relevant information needed for evaluation. The investigation timeframe should also be considered, with all complaints to be investigated in a timely and fair manner and the outcome communicated to the customer. CASPs should take into account their resources, third-party tools, and automation when determining their investigation, review, and communication timeframes. The assessment of reimbursement or compensatory awards for volatile virtual assets must also be considered, with the CASP determining whether the value of the asset will be assessed at the time of the transaction or at the time of investigation completion.

Segregation of funds

CASPs must implement strict measures to ensure the secure storage of clients' crypto-assets and funds. This includes separating clients' assets from the CASP's own assets and storing them in a secure and protected environment. CASPs must establish strong internal controls and governance structures to guarantee the safety and security of clients' assets at all times.

CASPs are also expected to have robust IT systems that can detect and prevent unauthorised access to clients' assets. They must secure adequate insurance coverage to protect clients' assets in the event of theft, loss, or other unforeseen circumstances.

Clients' funds must be stored with EU credit institutions in a manner similar to electronic money institutions. It is essential that clients' crypto-assets are not mixed with the company's assets and clear guidance is provided on keeping the majority of these assets in cold storage.

Operational processes must be in place to ensure the efficient transfer of liquidity between the company's hot and cold storage facilities.

Detection of market abuse

Market abuse refers to any behaviour that causes harm to other investors in the market.

To obtain authorization under MiCA, CASPs must demonstrate to the licensing authority that they have established procedures and systems to detect and prevent market abuse. This includes internal and external reporting procedures for when suspected market abuse is detected.

The obligation of CASPs to prevent market abuse is outlined in MiCA articles 77-80, which cover disclosure of inside information, prohibition of insider dealing, unlawful disclosure of insider information, and market manipulation.

CASPs must comply with these articles to maintain the fairness and integrity of financial markets. This is not a new concept as firms regulated by MiFID have been subject to similar obligations for years, and CASPs can draw on existing information and guidance to establish their own policies and systems.

However, the licensing authority will expect CASPs to have policies and systems that are appropriate for their risk profile, product offering, and customer base. Effective and proportionate implementation of these procedures will be essential for a successful authorization application.

Custody policy

This section focuses on the measures your business has in place to secure private keys. The two main methods are the use of a hot-cold wallet architecture or MPC-based approach, or full outsourcing.

You need to provide a clear and comprehensive description of your chosen solution, including how it safeguards against loss and theft of private keys.

Hot-cold wallet architecture

This section focuses on the measures in place to safeguard private keys. The common solutions include using a hot-cold wallet architecture, MPC-based approach, or full outsourcing.

You should explain and detail your solution, emphasising the steps taken to prevent the loss or theft of private keys.

The majority of crypto businesses store their assets offline in cold wallets to lower the risk of hacking and online attacks. Typically, hardware wallets equipped with various safety measures are used. You should describe the physical security measures implemented, such as restricting access to secure locations with the use of vaults or safes, and utilising surveillance cameras and security systems to monitor the devices. It's also important to mention if you utilise HSM.

Your hot wallet infrastructure and policies for moving funds from hot wallets to cold wallets should also be outlined. This should include the threshold, procedures, and security measures in place.

Key management is a critical aspect to highlight, where you explain the methods for managing private keys and the mitigation measures taken to address any potential risks.

It's recommended to mention if your wallets are multi-sig, meaning they require multiple signatures from different sources or devices before a transaction can be executed. This adds an extra layer of security and eliminates the risk of a single point of failure.

Multi-party Computation

The technique of Multi-Party Computation (MPC) enables multiple parties to compute a function over their private inputs collectively, without disclosing them to one another. This method can be applied to divide the private keys of a wallet among different parties.

A set of private keys are produced and divided into multiple shares through an MPC protocol. Each share is then distributed to various parties such as a custodian, user, or trusted third party. To sign a transaction, a specified number of parties must come together to reconstruct the private key and sign the transaction, set at a threshold to prevent a single party from signing without collaboration. If a party loses or shares their share, the private key can be reconstructed using the remaining shares, and a new share can be generated and divided among the parties. MPC also facilitates constant auditing of the keys and shares by any of the parties, without revealing the keys or shares to the auditing party.

It's important to note that the ownership and control of the shares may vary depending on the MPC protocol utilised. Some protocols may allow parties to retain ownership, while others may transfer ownership to a central authority. Additionally, the level of control and access to the shares may also differ based on the protocol and implementation.

Answering who owns the private keys is more complex as they are divided into multiple shares using an MPC protocol and distributed among different parties such as custodians, users, or trusted third parties. If MPC is used for custody, the details on how the keys were divided should be explained. If a vendor is utilised, there could be three shares - one held by the company, one by the vendor, and one by a trusted third party (such as a law firm).

In this case, the rules for signing transactions using MPC (threshold signatures, scriptless scripts, smart contracts, etc.), the thresholds for manual approvals, and the overall architecture should also be described.

Full outsource

Key management can also be fully outsourced to a custodial provider, with whom the crypto business only interacts through APIs, for example. In such a scenario, the crypto business must perform a comprehensive due diligence on the vendor, which should be detailed in the application.

Further measures

The following measures can contribute to further protection of they keys:
Implementing encryption for private keys both during storage and transmission over networks.
Regularly backing up private keys and keeping them in multiple secure locations.
Securing assets held in custody through insurance coverage against potential threats such as hacking or theft.
Conducting routine security audits, penetration testing, and vulnerability assessments to identify and address any security risks.
Adhering to regulatory requirements related to data protection and security.

Operating rules of trading platform

The operating rules of a trading platform outline the guidelines, policies, and procedures that control the execution and settlement of trades on the platform. These rules specify the responsibilities of participants, establish acceptable behaviour, and detail procedures for resolving disputes and addressing issues. Key elements of a trading platform's operating rules can include:

Eligibility criteria for participants: The eligibility standards define the conditions that must be fulfilled for an individual or entity to take part in trades on the platform. This can encompass regulatory registration mandates, minimum account balance, and other prerequisites.

Requirements for trade execution and settlement: The operating rules of a trading platform detail the process of executing and settling trades, including the responsibilities of participants, acceptable behaviours, and dispute resolution procedures. Additionally, they outline the eligibility criteria for who can participate, including any necessary regulatory registration, minimum account balance, or other requirements. These rules specify the minimum order sizes, order types, and methods for placing and executing trades, as well as details on the settlement process, such as the time frame, methods of payment and delivery, and procedures for handling failed settlements.

Risk management policies and procedures: Risk management policies and procedures establish the platform's approach to mitigating risk. This includes setting limits on positions and determining margin requirements. The policies also describe how the platform will handle scenarios where a participant is unable to meet their margin obligations, for example, by liquidating positions or requiring additional collateral to be deposited.

Data privacy and security measures: The data privacy and security measures outline the steps taken by the platform to secure the personal and financial information of participants. This could include implementing encryption, setting up firewalls, and implementing other technical measures to prevent unauthorised access to sensitive data.

Reporting and record-keeping requirements: The reporting and record-keeping guidelines describe the details that must be submitted by participants to the platform, such as trade records and account activity. These guidelines also define the way the platform will keep a record of all trades, including the storage duration and the process for accessing the records.

Dispute resolution mechanisms: The dispute resolution mechanisms outline the steps for resolving conflicts between platform participants. This includes guidelines for reporting disputes, conducting investigations, and finding solutions such as mediation or arbitration to resolve the issue.

Compliance with relevant laws and regulations: The operating rules of a trading platform must also adhere to relevant laws and regulations to maintain compliance. This entails adhering to regulatory requirements for the platform, the securities traded, and the jurisdiction it operates in. The rules may include provisions for ongoing compliance checks, such as regular audits or mandatory reporting.

It is crucial for traders to thoroughly understand the operating rules of a platform prior to conducting any trades. These guidelines, policies, and procedures differ based on the type of platform, traded securities, and the jurisdiction it operates in. By familiarising themselves with the rules, traders can ensure they are aware of their rights and obligations in the trading process.

Non-discriminatory commercial policy for exchanges

The rules for commercial policy and pricing for a CASP that is authorised to exchange fiat currency or crypto-assets must be outlined in a non-discriminatory manner. The policy should specify the types of clients the CASP intends to serve, such as legal entities with a minimum balance sheet of £5 million or professional investors managing a portfolio of £1 million or more. The policy must be submitted as part of the application process and must be clearly explained to customers. The CASP must also publish a firm price or a method for determining the price of the crypto-assets they propose to trade, and make this information available to all customers. The CASP must execute client orders at the displayed prices at the time the orders are received.

Execution policy for orders

It's important to note that the trade engine execution policy will impact the speed and efficiency of the execution process, as well as the price at which the trades are executed. Different policies may be better suited for different types of trades, and it's important for traders to understand the trade engine policy of a particular exchange in order to make informed trading decisions.

For example, the popular centralised crypto exchange, Binance, uses a combination of price-time priority and pro-rata execution policies to match and execute orders on its platform.

Another example is Kraken, which uses a price-time priority policy to match and execute orders. However, it also offers options for immediate or cancel, fill or kill, and time in force order execution for certain types of orders.

These are just a few examples of how different centralised crypto exchanges may implement their trade engine execution policies.

Necessary knowledge and expertise for portfolio management of crypto assets

Proof of the necessary skill and expertise of the individuals offering advice or portfolio management for crypto-assets on behalf of the CASP must be provided. This can be accomplished by submitting a resume during the authorization process or by providing a job description along with the required qualifications needed to work in the CASP.

It is crucial for a CASP to receive support from a consultant when preparing for a MiCA application. Consultants have a deep understanding of the regulatory requirements and can guide the CASP through the complex application process. They can also help identify any potential issues and provide solutions to ensure a successful application. Furthermore, consultants can provide valuable insights and advice on how to meet the requirements, including policy development, document preparation, and review. Hiring a consultant can save time, resources, and increase the chances of a successful MiCA application.

‍