AMLA ¦ Advisory Note: ML/TF Risks Resulting from the End of the MiCAR Transitional Period

AMLA ¦ Advisory Note: ML/TF Risks Resulting from the End of the MiCAR Transitional Period

A major shift in the EU crypto market

The end of the MiCAR transitional period on 1 July 2026 marks a turning point for the EU crypto-asset market. From that date, firms can no longer continue providing crypto-asset services in the EU unless they are authorised as MiCAR-compliant crypto-asset service providers, or CASPs.

This change is not only a licensing issue. It also creates a period of heightened money laundering and terrorist financing, or ML/TF, risk. The market will be reshaped as unauthorised virtual asset service providers, or VASPs, leave the market, customer relationships are moved or closed, and activity becomes more concentrated among a smaller number of authorised firms.

This transition needs close attention, strong controls, and coordinated supervision.

Why the end of the transitional period matters for financial crime risk

The advisory note highlights that the exit of unauthorised VASPs and the reconfiguration of the market will have a material effect on how the crypto-asset ecosystem operates. In practical terms, this means there may be rapid customer migrations, uneven compliance standards, and pressure on firms that receive large numbers of customers from departing providers.

These conditions can create opportunities for criminal abuse. When firms wind down too quickly, AML/CFT controls can weaken. When assets move at speed, transparency can drop. When customers are shifted in large numbers, screening and monitoring systems may struggle to keep up.

The result is a risk environment in which illicit flows may be hidden more easily, suspicious activity may be harder to detect, and sanctions evasion may become more difficult to spot.

Bastian Schwind-Wagner
Bastian Schwind-Wagner

"The end of the MiCAR transitional period on 1 July 2026 will reshape the EU crypto market and increase ML/TF risks if firms do not manage the shift carefully. Unauthorised VASPs must wind down in an orderly way, while authorised CASPs need to prepare for new customers, higher transaction volumes, and stronger monitoring demands.

The advisory note makes clear that no customer should be de-risked automatically just because they came from an unauthorised provider. Instead, firms, supervisors, and FIUs should apply a risk-based approach, maintain strong controls, and share information to prevent illicit flows from hiding in the transition."

Risks linked to unauthorised VASPs

One of the most immediate concerns is the risk of weakened AML/CFT controls during exit. Firms that are leaving the market may face compressed timelines, and that can strain governance, staffing, and compliance processes at exactly the point when they are still responsible for managing risk.

This is especially important for entities that already had AML/CFT deficiencies before the end of the transitional period. If wind-down plans are not properly structured and documented, there is a greater chance of poor oversight, incomplete records, and missed suspicious activity.

The note also points to the risk of illicit flow concealment during exit. Abrupt departures from the market can reduce visibility over asset movements and customer relationships. That creates space for rapid transfers of funds, attempts to hide beneficial ownership patterns, and activity that may be linked to sanctions evasion or other criminal conduct.

To reduce these risks, firms should maintain robust wind-down plans, keep adequate AML/CFT governance in place until all regulated activity has ceased, and continue to monitor customers and report suspicious activity. Up-to-date customer due diligence (CDD) information remains essential during the exit phase.

Risks for authorised CASPs receiving migrating customers

The end of the transitional period will not only affect firms that leave the market. It will also place pressure on authorised CASPs that receive customers from unauthorised providers.

A major issue is sudden changes in risk exposure. CASPs that take on new customer portfolios may find that their overall risk profile changes quickly, especially if a large share of incoming business comes from higher-risk segments. This can lead to concentration risk and a greater burden on compliance teams.

There is also pressure on transaction monitoring capacity. Systems, staffing, and procedures may need to scale fast to cope with higher volumes of transfers and onboarding activity. If they do not, suspicious transactions may pass through without proper review.

The advisory note is clear that incoming customers should not be subject to blanket de-risking simply because they came from an unauthorised VASP. Instead, CASPs should assess each customer individually under a risk-based approach (RBA). Where higher risk is identified, enhanced due diligence (EDD) should be applied.

This is an important point. A transition driven by regulation should not become a justification for automatic exclusion. The right response is careful assessment, not broad-brush assumptions.

The role of AML/CFT supervisors

Supervisors will also face a difficult period. The simultaneous wind-down of unauthorised VASPs and onboarding of customers by authorised CASPs may create blind spots, especially where customer transfers are large and fast-moving.

This can make it harder to see where risks are migrating, whether controls are being maintained, and whether compliance standards are being applied consistently across Member States. Inconsistent supervisory approaches can also create opportunities for regulatory arbitrage, where firms or customers exploit differences in national practices.

The note recommends a risk-based focus on wind-down processes where national legal frameworks allow it. Supervisors should prioritise oversight of exit planning and customer transfers from unauthorised VASPs to make sure AML/CFT controls remain effective and that market changes are transparent.

It also stresses the importance of coordination across jurisdictions. Close supervisory cooperation can help maintain visibility over entities leaving the market and those absorbing their customers. Where appropriate, information sharing and coordinated actions will be essential to understanding changing risk patterns and identifying material threats.

The role of FIUs in tracking new typologies

Financial intelligence units, or FIUs, will also need to adjust to the new environment. The advisory note warns that the mass transfer of customer bases may give rise to new or shifting typologies.

Criminals may exploit the movement of funds between multiple CASPs or across jurisdictions to obscure the origin and destination of illicit assets. In some cases, these flows may trigger a higher volume of suspicious transaction reports (STRs), which will require careful analysis and triage.

The response recommended for FIUs is enhanced cooperation and information exchange. Domestic and cross-border coordination will be important for maintaining visibility over flows linked to exiting VASPs and the CASPs receiving their customers. Timely dissemination of intelligence will help authorities spot patterns that might otherwise remain hidden.

What the crypto sector should do now

The end of the transitional period is not just a compliance deadline. It is a risk event. Firms that are exiting the market need orderly wind-down plans, strong AML/CFT controls, and proper customer record management until all regulated activity ends.

Authorised CASPs should prepare for possible surges in onboarding and transaction volume. That means reviewing transaction monitoring capacity, staffing, customer risk assessment processes, and the integration of external customer information. It also means rejecting any temptation to apply blanket measures to customers solely because of their former provider.

Supervisors and FIUs, meanwhile, need to stay closely aligned. The quality of the sector’s response will depend on whether market participants and public authorities can work together to track risk, share information, and respond quickly to emerging threats.

A transition that demands discipline

The MiCAR transitional period is ending, but the financial crime risks associated with that change will not disappear automatically. If anything, they may become more complex as the market consolidates and customer relationships move into new hands.

The core principle of the advisory note is relatively simple: the transition should be managed in a structured, risk-based and coordinated way. This applies to departing firms, authorised CASPs, supervisors and FIUs alike.

The EU crypto market is entering a new phase. The firms and authorities that respond with discipline and visibility will be better placed to protect the integrity of the financial system.

The information in this article is of a general nature and is provided for informational purposes only. If you need legal advice for your individual situation, you should seek the advice of a qualified lawyer.
Did you find any mistakes? Would you like to provide feedback? If so, please contact us!
Dive deeper
  • AMLA ¦ Advisory note on money laundering risks as the MiCAR transitional period ends ¦ Link
Bastian Schwind-Wagner
Bastian Schwind-Wagner Bastian is a recognized expert in anti-money laundering (AML), countering the financing of terrorism (CFT), compliance, data protection, risk management, and whistleblowing. He has worked for fund management companies for more than 24 years, where he has held senior positions in these areas.