⚡ TL;DR — What Most Arbitrage Desks Get Wrong About MiCA
By 1 July 2026, every crypto-asset service provider (CASP) operating in the EU must hold a MiCA authorisation — but the licence itself is just Layer 1 of the operational stack. Arbitrage desks routinely miss the five layers above it: Travel Rule data exchange, segregated custody, multi-venue best execution, market-abuse surveillance, and DAC8/order-book reporting. This guide hands you the full operational checklist, a free Excel template, and a 1-page PDF reference.
1. Why MiCA Is Different for Arbitrage Desks
The EU’s Markets in Crypto-Assets Regulation (MiCA), Regulation (EU) 2023/1114, became fully applicable on 30 December 2024. It is the world’s first comprehensive crypto rulebook covering a single market of 450 million consumers, and it lands on arbitrage desks differently than on exchanges, custodians, or wallet providers.
Arbitrage is, by nature, a multi-venue, low-latency, cross-jurisdiction activity. A typical desk routes orders across five to fifteen venues, holds inventory in multiple stablecoins, and rebalances between centralised and decentralised infrastructure intraday. Every one of those touchpoints is a MiCA control surface: the venue must be authorised, the stablecoin must be authorised, the transfer must carry Travel Rule data, the custody arrangement must be segregated, and the order must satisfy a documented best-execution policy.
That is why most desks underestimate the workload. They focus on the headline — “get a CASP licence by July 2026” — and miss that the licence is the entry ticket, not the finish line. The European Securities and Markets Authority (ESMA) has published more than a dozen Level 2 and Level 3 standards in the last 18 months, and each one bolts a new operational requirement onto the stack.
“Speed is still king, but compliance is now the queen.” — NeuralArb, MiCA 2026 for Crypto Arbitrage
2. The MiCA Compliance Timeline (2024–2027)
The phased rollout is the single most-misunderstood feature of MiCA. Many desks assume “MiCA went live in December 2024” and stop there — but the EU built in up to 18 months of national grandfathering under Article 143(3), and the deadlines vary by Member State:
| Date | Milestone | Affects Arbitrage Desks? |
|---|---|---|
| 30 Jun 2024 | Stablecoin rules (ARTs/EMTs) apply | ✅ Yes — stablecoin venue routing |
| 30 Dec 2024 | Full MiCA application — CASP licensing & market abuse | ✅ Yes — full stack |
| 17 Jan 2025 | DORA cyber-resilience applies | ✅ Yes — ICT & sub-custodian DD |
| 3 Apr 2025 | Order-book RTS in force (ISO 20022 JSON) | ✅ Yes — trading platform reporting |
| 1 Jul 2025 | Netherlands transitional period ends | ⚠️ NL-based desks only |
| 30 Dec 2025 | Germany, Austria, Italy transitions end | ⚠️ Critical for DACH desks |
| 1 Jan 2026 | DAC8 tax-data reporting begins | ✅ Yes — all CASPs |
| 1 Jul 2026 | Final MiCA deadline — no further grandfathering | 🚨 EU-wide hard stop |
| 10 Jul 2027 | AMLR / AMLD6 replace AMLD5 & TFR | ✅ Yes — new AML regime |
For arbitrage desks the practical question is therefore not “when does MiCA start?” but “by which date must my home jurisdiction’s transitional period close, and how many controls must be in place before that?” If you are operating out of Germany, Austria, or Italy, you have already passed the local cliff edge. If you are running from France, Ireland, Spain, or the Netherlands, your runway is materially shorter than the headline July 2026 date suggests — see ESMA’s official list of grandfathering periods.
3. Layer 1 — Authorisation & Capital
The CASP authorisation is granted by your home National Competent Authority (NCA) — BaFin in Germany, AMF in France, the Central Bank of Ireland, CySEC in Cyprus, CONSOB in Italy, and so on. The licence comes in three commercial classes, defined by which services you provide and how much risk you carry on the book.
Which class does an arbitrage desk fall into?
- Class 1 (€50,000) — pure execution-as-an-agent or signal-only desks that transmit orders to a third-party CASP. Rare in practice.
- Class 2 (€125,000) — the default for most multi-strategy desks: you hold custody of working capital, exchange between assets, and execute orders on your own account.
- Class 3 (€150,000) — required only if you operate a trading platform or RFQ venue that matches third-party orders.
The “minimum” figure is, in fact, a floor. Article 67(3) overlays a “fixed-overheads requirement” — at least one quarter of your annual fixed expenses in own funds. A desk burning €1M a year in opex therefore needs €250k of capital, not the €125k headline. Many applicants discover this only mid-process and have to recapitalise late.
Application file: what NCAs actually want to see
- Programme of operations (services, target markets, target volumes)
- 3-year business plan with conservative and stress-case projections
- Fit-and-proper documentation for all senior managers and qualifying shareholders (CVs, criminal records, financial-history declarations)
- ICT and business-continuity plans (DORA-aligned)
- AML/KYC manual with risk assessment
- Custody arrangement description and proof of segregation
- Conflict-of-interest policy and inducements register
- Complaints-handling procedure
Once authorised, your home NCA can passport the licence into any other EU Member State via Article 65 — file a short notification and you have 28 days before you can begin services in the host state. This is, frankly, the most under-priced advantage of MiCA: a single licence in Ireland, France, or Germany unlocks 27 markets and ~450 million consumers.
4. Layer 2 — Travel Rule, AML & KYC
MiCA itself does not introduce AML obligations — those flow from the EU Transfer of Funds Regulation (TFR)and AMLD5 (to be replaced by AMLD6 + the AML Regulation in July 2027). However, the TFR was sequenced with MiCA on purpose, and you cannot operate a CASP without a TFR-compliant Travel Rule pipeline.
Five things that catch arbitrage desks off-guard
- No de minimis threshold. Unlike traditional bank wires, the EU Travel Rule applies to every crypto transfer between CASPs, regardless of amount. A €5 maker-rebate sweep needs originator and beneficiary data.
- Self-hosted wallet checks. Transfers to or from unhosted wallets above €1,000 require ownership verification — typically a signed message or Satoshi test. Most arbitrage desks moving inventory between hot and cold wallets above this threshold need a documented verification flow.
- Real-time sanctions screening. EU, UN, and OFAC lists update almost daily. The TFR expects screening at originator level, beneficiary level, and at the wallet-address level (a high bar that requires a blockchain-analytics integration).
- Data retention. Travel Rule data must be kept for at least 5 years (Art. 23 TFR), MiCA records for 7 years (Art. 68(8)) — your data warehouse must handle the longer of the two.
- Counterparty diligence. Every CASP you transfer with becomes a counterparty you must due-diligence. Maintain a “approved CASP register” with their authorisation evidence, jurisdiction, and review date.
5. Layer 3 — Custody & Asset Segregation
MiCA Article 75 turned the FTX-era trauma into hard law: client crypto-assets must be legally segregated from the CASP’s own assets. For arbitrage desks the boundary is not always obvious — when you accept third-party capital, run a sub-fund structure, or stake balances on behalf of related entities, you are providing custody.
Operational must-haves
- Written custody agreement with every client (Art. 75(1))
- Per-client ledger of positions (Art. 75(3)) — omnibus wallets are allowed but only with internal allocation
- Daily key reconciliation of held assets against the ledger
- Sub-custodian due diligence — and DORA’s ICT-third-party register applies to every wallet, key-management, and node provider
- Insurance / loss-allocation clauses spelling out the CASP’s liability
The most common gap we see: a desk routes inventory through a “treasury” wallet that mingles working capital with deposits from related funds or partners. Under MiCA, that single wallet structure can trigger a Custody/Segregation breach — fines up to €5M or 5% of turnover, and almost always followed by enhanced supervision.
6. Layer 4 — Best Execution & Order Handling
MiCA Article 78 imports the MiFID II best-execution doctrine into crypto. CASPs must take “all sufficient steps to obtain the best possible result for clients” across five factors: price, costs, speed, likelihood of execution, and size of the order. For arbitrage desks, this turns a familiar TradFi tool — transaction-cost analysis (TCA) — from a nice-to-have into a regulatory artefact.
What the ESMA Q&A actually requires
- A written best-execution policy, segmented by client class (professional vs retail vs eligible counterparty)
- Evidence that you considered multiple venues — single-venue routing is allowed only if you can show it consistently beats alternatives
- A Smart Order Router (SOR) whose logic is documented, tested, and back-testable
- Pre-trade, intra-trade, and post-trade TCA, with at least quarterly board-level review
- Annual venue scoring and execution-quality report
Talos’s institutional best-execution guide sets the practical bar: connectivity to a normalised aggregated order book, an SOR that adjusts in real time to depth, latency, and pre-funding constraints, and a post-trade analytics layer that benchmarks every fill.
7. Layer 5 — Market Abuse Surveillance
Titles VI of MiCA (Articles 86–92) imports the EU Market Abuse Regulation framework wholesale into crypto. It prohibits insider dealing, unlawful disclosure of inside information, and market manipulation — and crucially, it makes CASPs (including arbitrage desks) responsible for preventing, detecting, and reporting abuse on their own activity.
Surveillance controls every desk needs
- Wash-trade detection — same-account or related-account self-matching
- Spoofing / layering alerts — order placement and cancellation patterns above configured thresholds
- Insider-dealing controls — staff trading windows, pre-clearance for personal accounts, and “inside-information lists” for any non-public material the desk handles (listing announcements, token unlock schedules, partnership news)
- STORs (Suspicious Transaction & Order Reports) — when surveillance flags a credible suspicion, the CASP must file with the home NCA per ESMA’s RTS on STORs
Bot logging is the area where desks underestimate the lift. Article 92’s RTS expects you to attribute every order to a specific algorithm version, kill-switch state, and operator. “We ran 17 strategies last quarter” is not auditable. “Algorithm arb-eu-spot-v3.4.2 ran from 09:00 to 17:00 on 14 venues, with these parameters and these performance metrics” is.
8. Layer 6 — Reporting, DORA & Governance
The top of the stack is where regulators verify everything below it is real. Three reporting regimes converge on arbitrage desks in 2025–2026:
Order-book RTS (ESMA, in force 3 April 2025)
CASPs operating a trading platform must record and publish order-book data in ISO 20022 JSON schema. ESMA’s 28 November 2025 statement on data standards clarified the implementation timelines and the JSON elements required.
DAC8 (live 1 January 2026)
The Eighth Directive on Administrative Cooperation extends automatic tax-data exchange to crypto. Every CASP must report customer transactions to its national tax authority, which then exchanges across EU and OECD jurisdictions. The information set mirrors the OECD CARF.
DORA (live 17 January 2025)
The Digital Operational Resilience Act layers cybersecurity obligations on top of MiCA: an ICT risk-management framework, major-incident reporting within 4 / 24 hours / 1 month, threat-led penetration testing every 3 years, and a register of all third-party ICT providers (cloud, blockchain analytics, custody, market data).
9. The MiCA-Compliant Arbitrage Lifecycle
Most desks describe their workflow as Signal → Execute → Settle. MiCA forces an 8-step model:
- Signal — AI/ML detects a price dislocation across venues.
- Pre-trade checks — venue MiCA status, stablecoin authorisation, sanctions screening, KYC freshness.
- Smart order routing — best-execution logic across licensed venues.
- Execution — atomic legs with pre-funded balances.
- Settlement & custody — segregated wallets, daily reconciliation, Travel Rule data captured.
- Surveillance — spoofing, wash-trade, and inside-info checks on the trade.
- Post-trade TCA — benchmark vs best-execution policy, venue scoring.
- Regulatory reporting — STORs, DAC8, order-book RTS.
The feedback loop from step 8 back to step 1 is where good desks compound: post-trade analytics inform the next pre-trade check, and venue-scoring data flows back into the SOR’s routing weights. Compliance becomes alpha when surveillance signals are reused as risk inputs.
10. Penalty Matrix & Enforcement
Penalties were calibrated to be credible at institutional scale. The “higher of” rule (fixed amount or % of turnover) makes them genuinely material for any desk with €100M+ in annual notional. As of February 2025, more than 50 crypto firms had already had licences revoked under MiCA-related enforcement, per Cyfrin’s enforcement tracker.
Three patterns dominate enforcement to date:
- Operating without authorisation past the transitional deadline — the single biggest source of cease-and-desist orders
- Travel Rule data omissions — particularly self-hosted-wallet checks
- Inadequate segregation — typically discovered during the first NCA inspection after authorisation
11. The 10 Things Arbitrage Desks Miss
From our work with EU desks preparing for the 2026 deadline, these are the controls that fail most consistently during NCA mock inspections:
- Venue authorisation tracking. Desks rely on “the exchange is big” rather than verifying current CASP status with the home NCA. Build a daily-refreshed register of authorised venues.
- Stablecoin status checks. Routing USDT inventory through a regulated EU CASP after the issuer lost authorisation. Maintain a real-time list of MiCA-authorised ARTs/EMTs.
- Fixed-overheads buffer. Capitalising at the headline €125k without applying the Art. 67(3) 1/4-overheads test.
- Self-hosted wallet flows. Treasury movements above €1,000 to “own” cold storage without documented ownership verification.
- Bot attribution. Logs that say “trading bot” but not the algorithm version, parameter set, or operator account.
- Conflict-of-interest register. Especially when the desk is part of a wider group with market-making, research, or token-treasury arms.
- Best-execution evidence. A policy document, but no quarterly TCA review and no venue-scoring board pack.
- Order-book RTS feeds. Operators of trading platforms underestimating the ISO 20022 JSON schema work.
- DAC8 readiness. Customer-data fields (TIN, residency, controlling-person data for entities) not collected at onboarding.
- DORA register completeness. Cloud-VPS, RPC endpoints, and analytics vendors omitted from the ICT third-party register.
12. Free Downloads & Checklists
📊 Operational Checklist (Excel)
40+ control items across all 6 layers, with MiCA article references, deadlines, and priority colour-coding. Includes a capital calculator and penalty reference.
📄 1-Page Quick Reference (PDF)
The 6-layer stack, headline KPIs, and a 10-point pre-trade compliance check — printable and ready to pin on the desk.
🤖 Want to See MiCA-Aware Routing in Action?
NeuralArB’s AI engine continuously verifies CASP authorisation, stablecoin status, and Travel Rule readiness before it routes capital — turning compliance into alpha rather than friction.
13. 💬 Frequently Asked Questions (FAQ)
Does MiCA apply to a proprietary arbitrage desk that trades only with its own capital?
Possibly. MiCA’s CASP regime targets entities providing services to third parties. A pure proprietary desk trading only its own capital, with no external clients, generally falls outside CASP authorisation. However, the moment the desk runs liquidity for affiliates, accepts external capital, manages portfolios for related entities, or operates a venue/RFQ, it becomes a CASP. Most multi-strategy arbitrage funds will trigger at least Class 1 or Class 2 services.
What is the minimum capital requirement under MiCA for a crypto arbitrage firm?
MiCA Article 67 sets three capital classes: Class 1 (€50,000) for advice, placement, reception/transmission, and portfolio management; Class 2 (€125,000) for custody, exchange, execution, and transfer services; and Class 3 (€150,000) for the operation of a trading platform. CASPs must also hold at least one quarter of the prior year’s fixed overheads, whichever is higher.
Are stablecoins like USDT still legal for EU arbitrage after MiCA?
Only stablecoins issued by a MiCA-authorised E-Money Token (EMT) or Asset-Referenced Token (ART) issuer can be offered to EU users by a CASP. USDC and EURC (via Circle’s EU entity) are MiCA-authorised; USDT has not received MiCA authorisation, leading major exchanges to delist or restrict it for EU clients. Arbitrage desks should treat non-authorised stablecoins as a venue-availability and liquidity risk, not a strategy assumption.
What is the MiCA Travel Rule threshold for crypto transfers?
The EU Transfer of Funds Regulation (TFR), which complements MiCA, applies to all crypto-asset transfers between CASPs regardless of amount — there is no de minimis threshold. CASPs must collect, verify, and transmit originator and beneficiary information on every transfer. For transfers to or from self-hosted (unhosted) wallets above €1,000, the CASP must additionally verify wallet ownership.
Can a CASP licence from one EU country be used across the EU?
Yes. MiCA’s passporting regime (Article 65) allows a CASP licensed in one Member State to provide services across all 27 Member States via notification to the home NCA and host NCAs. This is one of MiCA’s most strategic features for arbitrage desks — a single licence in jurisdictions like Ireland, France, Germany, or Malta unlocks the entire EU market.
What is the final MiCA deadline and what happens if a firm misses it?
1 July 2026 is the absolute final deadline for EU national grandfathering periods. After this date, any CASP without valid MiCA authorisation must stop providing regulated services in the EU. Continuing without authorisation triggers administrative fines up to €5M or 12.5% of annual turnover, personal fines up to €700,000, and potential criminal liability.
How does MiCA's best execution requirement affect arbitrage strategies?
MiCA Article 78 requires CASPs to take all sufficient steps to obtain the best possible result for clients across price, costs, speed, likelihood of execution, and size. For arbitrage desks acting as agents or for affiliated clients, this means connecting to multiple licensed venues, deploying a documented smart order router (SOR), and producing pre-trade, intra-trade, and post-trade TCA. Single-venue routing is permitted only if the desk can demonstrate it consistently delivers the best total outcome.
Is algorithmic and bot trading allowed under MiCA?
Yes, but with strict logging and surveillance obligations. CASPs operating algorithmic strategies must maintain a complete audit trail of bot activity (algorithm ID, parameters, kill switches), apply market-abuse surveillance to every algo decision, and submit STORs when relevant. ESMA’s market-abuse RTS (Article 92) extends this regime to bots, market makers, and HFT-style arbitrage equally.
14. Final Word
MiCA is not the end of crypto arbitrage in Europe — it is the institutionalisation of it. The desks that treat the 1 July 2026 deadline as a starting line, not a finish line, will inherit a market with deeper liquidity, fewer exchange-failure tail events, and a single passport to 27 jurisdictions. The desks that race to license and skip the operational stack underneath will pay for the gap one mock inspection at a time.
The 6-layer model in this guide — authorisation, AML/Travel Rule, custody, best execution, surveillance, and reporting — is how every NCA we have observed actually examines a desk. Build them in that order, document everything, and reuse the data as alpha.
Disclaimer: These materials are for general information purposes only and are not investment advice or a recommendation or solicitation to buy, sell or hold any cryptoasset or to engage in any specific trading strategy. Some crypto products and markets are unregulated, and you may not be protected by government compensation and/or regulatory protection schemes. The unpredictable nature of the cryptoasset markets can lead to loss of funds. Tax may be payable on any return and/or on any increase in the value of your cryptoassets and you should seek independent advice on your taxation position.
