MiCA Regulation, CASPs and Traceability: Criminal Risks
Criminal advice to CASP companies under the MiCA Regulation (EU 2023/1114): KYC, traceability, reporting and criminal exposure of directors.
Last updated:
The MiCA Regulation (Markets in Crypto-Assets), fully applicable since 30 December 2024, has created in the EU a harmonized authorization and supervision regime for Crypto-Asset Service Providers (CASP). Spanish transposition has integrated MiCA into the CNMV supervisory framework and has established relevant criminal obligations for directors of companies operating with crypto without authorization or without complying with KYC and traceability.
TFR Traceability Obligations
EU Regulation 2023/1113 (crypto Travel Rule) requires CASPs to transmit, with each transfer, the identification data of the originator (name, address, account number or equivalent) and the beneficiary. The transmission must be simultaneous or immediate to the operation, and must be retained for 5 years. Non-compliance generates serious administrative liability and, when systematic, may trigger criminal imputation for cooperation with money laundering (Art. 301.3 CP, negligent modality).
Criminal Risks of Unauthorized CASP
Operating as a CASP in Spain without CNMV authorization may give rise to: (1) Professional intrusion (Art. 403 CP) in relation to the reserved activity; (2) Misappropriation if the company holds client funds without license and without adequate segregation; (3) Fraud if advertising services it cannot legally provide; (4) Negligent money laundering due to systematic omission of KYC and traceability; and (5) Corporate offense of the directors who approved the operation.
CASP Compliance Program
A defensible MiCA compliance program rests on five pillars: (1) Enhanced KYC/KYB with identity verification and source of funds; (2) transaction monitoring and suspicious-activity reporting to SEPBLAC; (3) technical implementation of the Travel Rule (TFR) with interoperable messaging protocols; (4) segregation and custody of client assets; and (5) documented governance with a responsible body, training and periodic audit. Its prior and effective existence is the best defense against the imputation of the director (Arts. 31 and 31 bis CP).
Transitional Regime and European Passport
MiCA provides a transitional regime for entities already operating before its full application, with adaptation deadlines that each Member State sets. CASP authorization also enables the European passport, allowing services to be provided across the EU by notifying the host supervisor. Operating by invoking a non-existent passport or outside the authorized scope reintroduces the risk of professional intrusion (Art. 403 CP) and misleading advertising.
Penalty Chart
| Type / Scenario | Criminal Penalty |
|---|---|
| Professional intrusion (Art. 403 CP) | Imprisonment 6 months to 2 years + fine, if reserved activity (financial services) is exercised without authorization. |
| Negligent money laundering (Art. 301.3 CP) | Imprisonment 6 months to 2 years + fine, for serious non-compliance with KYC and traceability obligations. |
| CNMV/SEPBLAC administrative sanction | Fines up to €5 million or 5% of annual business volume. Disqualification to direct entities. |
* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.
Our Defense Strategy
Voluntary Pre-Imputation Regularization
Application for CNMV authorization and KYC remedy before criminal proceedings opening: highly qualified mitigation.
Forensic MiCA Compliance
Rapid implementation of a MiCA-specific compliance program documented with independent technical expert report.
Compliance Officer Defense
Isolate CO liability by proving autonomy, documented warnings to the board and, where appropriate, timely resignation.
Crypto Fraud Defence: Scams, On-Chain Tracing, MiCA & Asset Seizure
Crypto-related criminal cases combine classical offences — fraud (Arts. 248-250 CP), money laundering (Art. 301 CP), tax fraud (Art. 305 CP) and criminal organisation (Art. 570 bis CP) — with the technical reality of blockchain: pseudonymous wallets, mixers, cross-chain bridges, stablecoins and DeFi protocols. There is no autonomous "crypto offence": prosecutors must fit the facts into an existing criminal type and prove the on-chain flow with admissible expert evidence. Defence therefore demands both criminal-law expertise and independent blockchain forensics.
Penalty Table: Crypto-Asset Offences
| Offence | Article | Description | Penalty |
|---|---|---|---|
| Basic crypto fraud | Arts. 248-249 | Deception inducing the transfer of crypto-assets (fake broker, fake platform) | 6 months – 3 years |
| Aggravated fraud | Art. 250 | Special gravity, multiplicity of victims or high amount | 1 – 6 years |
| Money laundering with crypto | Art. 301 | Concealing illicit origin via mixers, bridges or exchanges | 6 months – 6 years + fine |
| Crypto tax fraud | Art. 305 | Evaded quota over €120,000 per fiscal year (Form 721) | 1 – 5 years + fine |
| Computer damage / DeFi exploit | Art. 264 | Exploit damaging systems or data (smart-contract attack) | 6 months – 3 years |
| Criminal organisation | Art. 570 bis | Structured group running crypto fraud at scale | 2 – 8 years |
Key Defence Strategies
Independent Blockchain Counter-Expert
Chainalysis, Elliptic or TRM tracing graphs are interpretations, not certainties. An accredited own expert can challenge address clustering heuristics, mixer assumptions and the attribution of a wallet to a specific person.
Market Contingency vs. Deception
A loss is not a crime. Many crypto disputes are investment risk, protocol failure or contractual breach — civilly reproachable but criminally atypical. The defence isolates genuine deception (Art. 248) from ordinary market loss.
Good Faith & KYC Diligence
Documented KYC, lawful source of funds, Form 721 reporting and declared capital gains rebut the knowledge element of laundering and fraud. Willful blindness must be proven, not presumed.
Criminal-Tax Bifurcation
Voluntary tax regularisation can activate the Art. 305.4 CP exemption, while the administrative track (CNMV/SEPBLAC) is handled separately from the criminal process, where defences may diverge.
Key Case Law
The Supreme Court accepts that the appearance of a legitimate trading platform or broker can constitute the 'sufficient deception' of Art. 248: the victim's error is measured against the credibility of the staged operation, not against the abstract diligence of an expert investor.
On-chain tracing is valid evidence but subject to expert contradiction. Traceability of a flow to a wallet does not, by itself, prove the intent (dolo) of its holder; the prosecution must still establish knowledge and control.
Using undeclared crypto gains to make further investments may integrate self-laundering (Art. 301.1) in concurrence with tax fraud (Art. 305), creating double criminal exposure that the defence must dismantle element by element.
Why Choose Us?
Need a criminal defense lawyer for this type of offense? Here's how we work:
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.