A brief discussion on the practice and risks of crypto asset management business from the perspective of MiCA licensed entities

Compliance enlightenment in the MiCA era

With the continuous influx of traditional financial funds into the crypto market, more and more investors are seeking stable and reliable crypto asset investment management services. This is especially true for those who are tired of constantly watching market trends and trying various new strategies. They are eager to plan their crypto asset portfolios through a more traditional investment management context.

The EU's Markets in Crypto-Assets Regulation (EU) 2023/1114 (MiCA), as the world's first unified regulatory framework for crypto assets, not only puts forward comprehensive requirements for exchanges, wallet service providers, etc., but also for the first time incorporates innovative businesses such as portfolio management, copy trading, and staking into the regulatory system.

Under the MiCA framework, several crypto asset service providers have obtained regulatory licenses and begun offering services such as portfolio management. Currently, ten licensed institutions in the EU help clients manage crypto asset portfolios, including major platforms such as eToro and Kraken. eToro's Smart Portfolios feature provides asset allocation recommendations and integrates social trading models to enable strategy replication, attracting a large number of users seeking automated and low-barrier investment. Kraken, on the other hand, has expanded beyond crypto asset trading to include staking services and is exploring compliant cross-border asset management models.

The promulgation of MiCA brings these innovative businesses under a unified regulatory framework for the first time. This change not only impacts the European market but also serves as a compliance benchmark for global crypto asset companies: going forward, all service providers involved in portfolio management, staking, or copy trading must proactively address regulatory challenges. For crypto asset platforms, fund managers, and even individual investors, this presents two real challenges:

1. How to continue to innovate while maintaining compliance?

2. How to deal with cross-border regulatory differences and ensure the sustainability of global business expansion?

Copy Trading and Quantitative Strategies

MiCA sets clear compliance requirements for portfolio management: Any CASP providing cryptoasset portfolio management must conduct a suitability assessment of a client's experience, knowledge, investment objectives, and ability to withstand losses before providing services. If the client fails to provide relevant information, or the assessment results indicate that the investment is unsuitable for the client, the service provider shall not provide portfolio management or related advice.

Furthermore, when providing investment advice, CASPs must issue a report containing a suitability assessment, explaining how the recommended crypto assets or services align with the client's preferences and goals. When providing portfolio management, CASPs must also regularly issue reports to clients summarizing portfolio performance and updating suitability assessments. This regulation directly raises the compliance threshold for portfolio management and strengthens investor protection.

In the cryptoasset investment sector, copy trading and quantitative strategies are becoming increasingly common portfolio management methods among MiCA-licensed CASPs. These two strategies leverage technology to improve investment efficiency and potential returns, attracting a large number of investors seeking to leverage technological advantages to increase asset value.

Copy trading, as the name suggests, allows investors to follow the investment strategies of experienced traders. Platforms provide transparent trading signals and historical performance, allowing users to select and replicate the strategies of professional traders. Its core feature is that it connects investors directly with experienced traders, allowing them to automatically replicate their every move through the platform, thus lowering the investment barrier. This type of service is particularly suitable for investors who lack professional knowledge but wish to share the experience of others.

Algorithmic trading utilizes mathematical models and statistical methods to analyze data and automatically execute trading decisions through algorithms. In the cryptoasset market, quantitative strategies often combine big data, machine learning, and artificial intelligence technologies to achieve high-frequency, automated investment operations. Compared to manual trading, quantitative strategies offer faster execution and greater discipline. They can react quickly and objectively to "unnatural" situations in rapidly changing market environments, reducing the potential for bias in human judgment. Consequently, they have become a key product type offered by MiCA-licensed CASPs to investors.

Notably, MiCA does not explicitly require that the underlying asset type for portfolio management must be crypto spot or derivatives. While in practice, many platforms may choose crypto spot as the underlying asset, particularly due to its transparency and easier risk management, the use of derivatives (such as futures and options) as the underlying asset is not clearly distinguished by MiCA regulatory requirements. When the underlying asset involves crypto derivatives, there may be competition between crypto regulation (such as MiCA) and traditional financial regulation (such as MiFID).

MiCA sets out compliance requirements for portfolio management and references MiFID standards in certain areas, particularly regarding suitability assessments and investor protection. However, MiFID's regulatory scope is not explicitly limited to fiat currency derivatives. Some crypto derivatives may also meet the definition of financial instruments under MiFID and therefore need to comply with the relevant requirements of both MiCA and MiFID. This dual regulation can pose compliance challenges, particularly due to potential overlaps or differences in product compliance assessments, capital requirements, and derivatives trading rules.

While both approaches differ in achieving their investment objectives, they both face compliance challenges and opportunities. The following sections explore the regulatory requirements for copy trading and quantitative strategies, taking two representative jurisdictions with strict compliance as examples.

1. European Union (MiCA)

In the EU, MiCA, as a unified regulatory framework, sets out detailed requirements for CASPs, with a particular focus on investor protection. For portfolio management service providers, the core requirements include:

Compatibility Assessment Obligation: Before providing advice or portfolio management, a compatibility assessment must be conducted on each client, covering knowledge and experience, investment objectives/risk tolerance, financial situation, and basic understanding of cryptoasset risks. Portfolio management may only begin if the client is deemed "competent." If the client does not provide information or the assessment indicates incompatibility, portfolio management may not commence. Clients must also be reassessed at least every two years.
Periodic reporting obligations: Issue regular portfolio management reports to clients at least quarterly (in electronic form; if the client has an "online system" and has access records for the quarter, this can be fulfilled according to the "online continuous availability + reminder" mechanism). The content must review the portfolio activities and performance in a "fair and balanced" manner and update the adaptability information.
Cost and fee transparency disclosure obligations: Evaluate the "cost and complexity of equivalent products" within the adaptability framework and clearly disclose all costs and third-party interests involved.
Market fairness: MiCA requires that platforms must not use algorithms or copying mechanisms to manipulate market prices and must maintain fairness and transparency.

2. United States (SEC and CFTC)

In the United States, the regulation of copy trading and quantitative strategies is jointly undertaken by the SEC and the CFTC, mainly reflected in:

Registration and Compliance: Copy/mirroring or model-driven strategies that constitute providing securities advice or making discretionary decisions on behalf of clients generally fall under the Investment Advisers Act of 1940, requiring compliance with registration, fiduciary duties, and disclosure obligations. Quantitative/algorithmic trading involving commodity derivatives falls under the regulatory frameworks of the CEA and CFTC, and whether CTA/CTP/FCM status is triggered depends on the specific business.
Risk and suitability disclosure: The SEC emphasizes sufficient and non-misleading disclosure (model assumptions, data and limitations, backtesting and performance presentation, risks of deviation from client goals, etc.) and the fulfillment of fiduciary obligations for "algorithmic/robo-advisors", and focuses on them in inspections.
Anti-market manipulation: Both the SEC and the CFTC prohibit the use of copy or algorithmic trading to manipulate the market or engage in insider trading. The CFTC prohibits manipulation and deceptive devices based on CEA §6(c)(1) and 17 CFR 180.1/180.2; the SEC has proposed anti-manipulation/anti-insider frameworks such as Exchange Act §10(b)/Rule 10b-5 and §9(a)(2).

Legal risks under technological innovation

As the cryptoasset market continues to mature, staking, as a crucial component of blockchain network validation mechanisms, has become a core service offered by mainstream cryptoasset platforms. Staking essentially involves cryptocurrency holders locking their assets on the blockchain to support the network's operations and earning rewards in the process.

Many mainstream crypto asset service platforms, such as Kraken, Binance, and Coinbase, offer staking services, allowing users to stake crypto assets on the network in exchange for staking rewards. Staking has significant financial characteristics, and therefore has become an important focus of compliance in various jurisdictions. For example, after Kraken was ordered by the U.S. SEC to cease staking services in 2023, it underwent large-scale rectification of its staking business, adding user authorization processes, independent custody of user assets, and standardized reward disclosure methods to ensure that its staking services meet regulatory requirements. The regulatory status of staking varies significantly across different jurisdictions:

1. Differences in the legal recognition of pledge

Different jurisdictions have significant differences in how pledge business is defined:

EU: MiCA defines staking services as ancillary services to custody services. Cryptoasset staking service providers must be authorized to provide custody and management services for cryptoassets on behalf of clients and be liable for any losses of cryptoassets arising from the provision of staking services to clients or from the staking activities themselves.
US: The SEC uses the Howey Test as a benchmark to conduct case-by-case assessments of pledge businesses. It focuses on factors such as whether the pledge business involves intermediary packaging, return promises, and consideration expectations. The SEC tends to consider pledges as "investment contracts," requiring the registration of related services.
Singapore: Public staking services generally fall under the DPT (Digital Payment Token) Service Provider Framework (PSA/FSMA). Regardless of whether clients are located offshore, service providers must be licensed and adhere to strict AML/CFT, client asset custody, and disclosure requirements. There is no transition period, and unlicensed providers must cease operations.
Hong Kong: Staking services are explicitly included in the regulatory system. Licensed virtual asset trading platforms (VATPs) are allowed to provide staking services to customers after prior approval, but they must comply with a set of terms and conditions (Staking T&Cs), covering custody and control, customer authorization and disclosure, risk control and operational requirements, etc.

This difference means that cross-border pledge business must be designed to follow the "strictest standards first", otherwise it may be deemed as a violation in some countries.

2. Core Elements of Pledge Compliance

To reduce compliance risks, staking platforms should focus on the following three aspects:

Independent custody of customer assets: prevents the platform from mixing customer pledged assets with its own funds; ensures that customer assets can be fully returned in the event of bankruptcy or liquidation.
Transparent reward distribution mechanism: Disclose the reward calculation method, distribution frequency, potential income fluctuations, and establish a verifiable data record on the chain.
Risk Warning and User Education: Clarify the risks that may arise during the staking process, such as cyber attacks, contract loopholes, and policy changes, and provide retail users with risk questionnaires and educational materials.

However, due to the strict regulatory stance towards staking services, licensed cryptoasset platforms are generally cautious when offering them. Many platforms choose to avoid or strictly limit the scope of staking services to meet the compliance requirements of different markets.

Case Study: Kraken’s Staking Rectification

After facing SEC enforcement action in 2023, Kraken overhauled its staking business: adding a new user authorization process to ensure users understand staking rules; transferring pledged assets to a separate trust account; and standardizing reward disclosures, providing a real-time yield calculation model. In January 2025, Kraken announced the relaunch of its staking business in 37 US states and two territories. This case demonstrates that staking compliance is more than just filing; it involves restructuring business structures, upgrading risk management systems, and engaging with regulators.

The core idea of the compliance path

Faced with an ever-changing global regulatory landscape, cryptoasset companies need to strike a balance across diverse markets when developing their compliance strategies. The following three principles can help companies navigate the complexities of the compliance landscape.

1. The strictest jurisdictions first: starting with the US and EU

Companies should first consider the most stringent global regulatory standards, such as those in the US and EU. This is particularly evident in Kraken's strategy. As a globally renowned digital asset exchange, Kraken has implemented compliance measures based on EU and US regulatory requirements, gradually expanding them as it enters other markets. This not only helps Kraken avoid potential legal risks arising from "regulatory arbitrage" but also ensures legal operations across multiple markets.

Through rigorous compliance measures, Kraken provides investors with a transparent and secure trading environment while avoiding the risks of regulatory penalties or market closures faced by other platforms, such as Binance, due to ignoring regulatory requirements. This strategy enables Kraken to operate smoothly in multiple jurisdictions and gradually expand its global market share.

2. Modular compliance architecture: Designing compliance measures for each business

Crypto-asset companies modularize their operations to address complex regulatory requirements. For example, Kraken separates its staking, trading, and lending businesses into distinct compliance measures. For example, when providing staking services, Kraken has established interest rate disclosure and risk warning mechanisms that comply with EU and US regulations, ensuring that clients understand the associated risks while enjoying returns.

In addition, platforms like OKX have similarly broken down the compliance requirements of each business line, ensuring that each module has its own independent regulatory framework. This approach not only improves compliance efficiency but also allows crypto-asset companies to flexibly navigate a complex regulatory environment.

3. Continuous compliance and dynamic adjustments: Real-time updates to the compliance manual

Compliance management isn't a one-time fix. As the global regulatory landscape evolves, companies need to regularly update their compliance manuals to ensure their operations are in compliance with the latest regulations. Kraken's practices in this area are worth learning from. The platform has established a compliance committee that regularly reviews global regulations, ensuring that every aspect of its operations is aligned with local regulations.

In contrast, cases like FTX serve as a reminder that a lack of dynamic compliance updates can leave companies unprepared for regulatory changes, leading to severe legal and financial consequences.

How to pave the way to compliance?

As traditional financial capital gradually flows into the crypto market, many investors are no longer content to simply follow market trends, but are seeking more stable and secure investment methods. Compliance has become even more crucial, especially amidst the increasing regulatory scrutiny. Companies seeking to establish a foothold in this emerging market must first ensure compliance with local regulations and select appropriate investment management models based on these requirements.

The next key for businesses is to find the right service providers and partners to ensure compliance while maximizing returns on investment. If your business is interested in entering the crypto asset space, understanding the different regulatory frameworks and compliance requirements will help you achieve sustainable development in this complex market environment.