MiCA Regulatory Watch: What CASPs Must Monitor in 2025–2026

A comprehensive guide to MiCA compliance obligations for Crypto-Asset Service Providers in 2025–2026: market abuse detection, STOR reporting, ESMA guidelines, and on-chain surveillance requirements.

By Seqlense · 2026-03-11 09:25:30 · #MiCA #CASP #ESMA #regulatory compliance #market abuse #on-chain surveillance

The Markets in Crypto-Assets Regulation (MiCA) entered full application on December 30, 2024. For Crypto-Asset Service Providers (CASPs) operating across the European Union, this marks the beginning of a new compliance reality — one where regulatory obligations evolve continuously and monitoring requirements go far beyond a one-time licensing checklist.

This guide breaks down what your compliance team must actively track throughout 2025 and 2026 to stay ahead of ESMA, AMF, BaFin, and other National Competent Authorities (NCAs).

Why Continuous MiCA Watch Matters for CASPs
Market Abuse Obligations Under MiCA Title VI
ESMA Guidelines: July 2025 Update on Market Abuse Supervision
STOR Reporting: What CASPs Must Submit and When
On-Chain Surveillance Requirements
Key Regulatory Documents to Monitor in 2025–2026
Building a Regulatory Watch Process for MiCA
How Seqlense Helps CASPs Stay Compliant

1. Why Continuous MiCA Watch Matters for CASPs {#why-continuous-mica-watch}

MiCA is not a static regulation. The core regulation (EU 2023/1114) is accompanied by a dense layer of Level 2 and Level 3 measures — Regulatory Technical Standards (RTS), Implementing Technical Standards (ITS), and Guidelines — that have been published in waves across 2024 and 2025. More are expected in 2026.

As of early 2026, ESMA and EBA have published or consulted on:

3 consultation packages covering market abuse detection systems, suitability requirements, systems security protocols, and transfer services
Final RTS on STOR templates (Suspicious Transaction and Order Reports)
Final Guidelines on market abuse supervisory practices for NCAs (July 2025)
iXBRL white paper formatting requirements (December 2025)

Failing to track these publications means your compliance program may be based on outdated assumptions. NCAs are beginning enforcement reviews in 2025 — and they will assess whether your internal frameworks reflect current ESMA guidance.

Key takeaway: MiCA compliance is not a project with a finish line. It is an ongoing regulatory monitoring obligation.

2. Market Abuse Obligations Under MiCA Title VI {#market-abuse-obligations}

Title VI of MiCA (Articles 86–92) establishes a market abuse framework that closely mirrors the EU Market Abuse Regulation (MAR) — but adapted for the specific characteristics of crypto-asset markets.

Who Is Covered?

Article 92(1) applies to Persons Professionally Arranging or Executing Transactions (PPAETs). ESMA has interpreted this broadly to include:

CASPs operating a trading platform
CASPs executing orders on behalf of clients
CASPs receiving and transmitting orders
CASPs managing crypto-asset portfolios
Market makers and proprietary traders active on crypto venues

Core Obligations

Under Article 92 and the associated delegated regulations, CASPs must implement:

Effective arrangements and systems to:

Continuously monitor all orders received, transmitted, and executed for signs of market abuse
Detect abnormal patterns in distributed ledger technology (DLT) functioning — including consensus mechanism exploitation
Identify insider trading signals, market manipulation, and unlawful disclosure of inside information

Specific behaviors to detect include:

Wash trading (simultaneous buy/sell by related parties)
Spoofing and layering (placing then cancelling large orders)
Pump-and-dump schemes
Insider trading based on token listing information
MEV (Maximal Extractable Value) exploitation by validators
Cross-platform manipulation (coordinated activity across CEX and DEX venues)

What "Effective" Means in Practice

ESMA's delegated regulation specifies that detection systems must be risk-based and proportionate to the size and nature of the CASP's operations. However, even smaller CASPs cannot rely on manual processes alone — automated surveillance is effectively mandatory for any entity processing significant transaction volumes.

3. ESMA Guidelines: July 2025 Update on Market Abuse Supervision {#esma-guidelines-july-2025}

On July 9, 2025, ESMA published its final Guidelines on supervisory practices to prevent and detect market abuse under MiCA (reference: ESMA75-453128700-1039). While formally addressed to NCAs, these guidelines have direct practical implications for CASPs.

The 12 Guidelines at a Glance

ESMA structured the guidelines across two categories:

General Principles (Guidelines 1–7):

Guideline	Topic
1	Proportionality and risk-based supervision
2	Risk-based and forward-looking approach
3	Integration of existing MAR experience
4	Common supervisory culture across NCAs
5	Human resources and specialist training
6	Stakeholder dialogue (including with technology providers)
7	Market integrity education and awareness

Supervision and Compliance (Guidelines 8–12):

Guideline	Topic
8	Data-driven surveillance using on-chain and off-chain data + AI
9	Ongoing supervision of CASPs' market abuse detection systems
10	Handling and reacting to STORs
11	ESMA coordination between NCAs
12	Third-country obstacles to cross-border supervision

What This Means for Your Compliance Team

Guideline 9 is particularly significant: NCAs are explicitly instructed to assess whether CASPs have adequate detection systems in place, proportionate to their size and activity. Expect this to become a standard element of licensing reviews and supervisory inspections.

Guideline 8 signals that NCAs are expected to use AI and on-chain data analytics in their own surveillance. CASPs that use similar tooling will be better positioned to explain their methodology during regulatory interactions.

4. STOR Reporting: What CASPs Must Submit and When {#stor-reporting}

Suspicious Transaction and Order Reports (STORs) are a core output of your market abuse detection system. Under MiCA Article 92(3), CASPs must report to the competent authority of their home Member State whenever they have reasonable grounds to suspect market abuse.

ESMA's STOR Template

ESMA has published a standardized STOR template to ensure consistent reporting across EU jurisdictions. Key elements include:

Identity of the reporting entity (CASP name, LEI, license number)
Description of the suspicious transaction or order
Relevant crypto-asset(s) and blockchain(s) involved
Timestamps and transaction hashes where applicable
Explanation of why the activity is deemed suspicious
Internal case reference

Reporting Timeline

MiCA does not specify an exact deadline for STOR submission (unlike DORA's incident reporting timelines). However, ESMA guidance makes clear that reports should be submitted as soon as reasonably practicable after the suspicion is identified — meaning delays of weeks are not acceptable.

Practical Recommendations

Implement an internal STOR workflow with defined escalation paths from analyst → compliance officer → NCA submission
Maintain a log of all alerts reviewed and the rationale for decisions not to file — this audit trail is critical during supervisory inspections
Align your STOR process with your existing AML/CFT suspicious activity reporting to avoid duplicated effort

5. On-Chain Surveillance Requirements {#on-chain-surveillance}

This is where MiCA differs most significantly from traditional financial market abuse frameworks. Crypto markets operate across both centralized platforms (CEXs) and decentralized protocols (DEXs), with activity visible on public blockchains.

What Must Be Monitored On-Chain

ESMA's guidelines explicitly call for data-driven surveillance combining:

On-chain data: wallet activity, transaction patterns, DeFi interactions, bridge movements, MEV extraction
Off-chain data: order book data from CEX platforms, social media sentiment, news flow
Cross-chain activity: funds moving between blockchains to obscure origins or manipulate prices across venues

Specific On-Chain Behaviors That Trigger Review

Behavior	On-Chain Signal
Wash trading	Circular fund flows between related wallets
Pump & dump	Concentrated wallet accumulation before price spike
Layering/spoofing	High-frequency order placement patterns (CEX order book data)
Insider trading	Unusual wallet activity before token listings or major announcements
MEV exploitation	Validator or searcher transactions front-running user trades
Cross-platform manipulation	Coordinated activity visible across CEX + DEX + bridge data

The Challenge of DEX Surveillance

MiCA's market abuse framework focuses primarily on licensed CASPs, but ESMA acknowledges that manipulation increasingly originates from or passes through decentralized venues. CASPs must monitor for indirect exposure — for example, when customer withdrawals go to wallets that then interact with manipulation schemes on DEXs.

6. Key Regulatory Documents to Monitor in 2025–2026 {#key-documents}

Your regulatory watch process should cover the following publication streams:

ESMA Publications to Track

Source	What to Watch
ESMA MiCA webpage	Level 2/3 measures, Q&A updates, register updates
ESMA Consultations	New RTS/ITS/Guidelines under consultation
ESMA Final Reports	Adopted technical standards and guidelines
ESMA Register	Authorized CASPs, non-compliant entities

EBA Publications to Track

Source	What to Watch
EBA MiCA section	Standards on ARTs (asset-referenced tokens) and EMTs
EBA AML/CFT guidance	Intersection with crypto AML obligations

National Competent Authorities

Depending on your licensing jurisdiction, monitor:

AMF (France): Publications, Q&A, enforcement decisions on crypto
BaFin (Germany): MiCA implementation guidance
AFM (Netherlands): CASP supervision communications
CySEC (Cyprus): Frequently updated MiCA FAQs for CASPs

Expected 2026 Publications

Based on ESMA's work programme, watch for:

Final RTS on reverse solicitation under MiCA
Updated guidance on DeFi and MiCA scope boundaries
First ESMA enforcement convergence reports on MiCA application

7. Building a Regulatory Watch Process for MiCA {#regulatory-watch-process}

An effective regulatory watch program for MiCA should combine automated monitoring with human analysis. Here is a practical framework:

Step 1: Define Your Coverage Universe

Map all regulatory sources relevant to your CASP:

Your home NCA (primary)
ESMA and EBA (EU-level)
NCAs in Member States where you passport (secondary)
FATF for AML convergence signals

Step 2: Automate Alert Collection

Do not rely on manually checking regulator websites. Implement:

RSS feeds or API-based monitoring of official publications
Keyword alerts for: "MiCA", "CASP", "market abuse", "STOR", "crypto-asset surveillance"
Email subscriptions to ESMA, EBA, and your NCA mailing lists

Step 3: Triage and Impact Assessment

For each new publication:

Is it final or consultative? Consultative papers require a response window; finals require implementation planning.
What is the application date? Calculate the gap between publication and your deadline.
Which internal processes are affected? Map to your compliance framework (surveillance systems, STOR workflows, governance policies).

Step 4: Update Internal Documentation

Maintain a regulatory change log tracking:

Publication date and reference
Summary of change
Internal owner
Implementation deadline
Status (pending / in progress / complete)

Step 5: Test and Evidence

Regulators expect to see evidence that your detection systems are effective. Run:

Periodic backtests of your surveillance models against known manipulation patterns
Scenario simulations to validate STOR escalation paths
Documentation audits to verify your change log reflects the current regulatory state

8. How Seqlense Helps CASPs Stay Compliant {#seqlense-solution}

Seqlense is purpose-built for the European regulatory landscape. Our platform combines two capabilities that CASPs need in 2025–2026:

Seqlense DOC — Regulatory Watch Automated monitoring of ESMA, EBA, AMF, FCA, and 20+ regulatory sources. Every publication is tagged, summarized, and mapped to its impact on your compliance framework. Never miss a Level 3 update again.

Seqlense MABU — On-Chain Market Abuse Detection Real-time on-chain scanning of wallets interacting with your platform. Detects wash trading, pump & dump patterns, insider trading signals, and layering — aligned with ESMA's MiCA Article 92 requirements. STOR-ready alert exports included.

Key Takeaways

MiCA market abuse obligations under Title VI apply to all CASPs operating trading, order execution, or portfolio management services
ESMA's July 2025 guidelines signal that NCAs will actively assess your detection systems — not just your policies
STOR reporting requires a documented, auditable internal workflow — not just a submission form
On-chain surveillance is expected by regulators and must cover both on-chain and off-chain signals
Regulatory watch for MiCA is a continuous process — expect significant new publications from ESMA and EBA throughout 2026

Last updated: March 2026. This article reflects ESMA and EBA publications available as of that date. Regulatory requirements evolve — use Seqlense DOC to stay current.