ESMA turns spotlight on crypto custody risks after MiCA transition

The EU securities regulator will assess custody providers’ key management, incident response and reliance on third-party technology providers.
The European Securities and Markets Authority (ESMA), a key EU regulator supporting the implementation of the Markets in Crypto-Assets (MiCA) framework, is launching a dedicated process for reviewing crypto custody providers.
ESMA plans to conduct a common supervisory action (CSA) focused on the operational resilience of crypto-asset service providers (CASPs), with a specific emphasis on custody services, according to an official announcement on Wednesday.
“The CSA will assess the maturity of CASPs’ digital operational resilience frameworks in relation to custody activities,” ESMA said, adding that the reviews will focus on areas including key and storage management, alongside other operational risks.
