The European Banking Authority (EBA) has warned that crypto firms may exploit regulatory gaps during the Markets in Crypto-Assets (MiCA) regulation’s transitional phase, posing a “significant threat” to the EU’s financial system.
In its recent supervisory report, the EBA said certain crypto service providers authorized before MiCA’s full implementation in December 2025 could engage in “jurisdiction shopping.”
This involves registering in EU member states with weaker oversight and using passporting rights to operate across the bloc.
The law came fully into effect in late 2024, giving the 27-country economic bloc a unified set of rules governing crypto-asset providers for the first time.
EBA Flags Weak Supervision Risks During MiCA Transition Period
According to the EBA, such actions could allow firms to evade stricter supervision, leading to opaque governance, inadequate risk management, and potential misuse of customer funds.
The EBA cautioned that this behavior may result in “uneven regulatory standards” and create systemic vulnerabilities.
It urged national authorities to apply consistent supervision and ensure that firms authorized during the transitional period meet equivalent prudential and governance requirements to those that will apply once MiCA is fully enforced.
The report emphasized the importance of cooperation between EU financial regulators, warning that inadequate coordination could facilitate the exploitation of inconsistencies between jurisdictions by high-risk entities.
The EBA called on member states to share information about license approvals and revocations to help prevent regulatory arbitrage.
The authority also noted that money laundering and terrorist financing (ML/TF) risks remain high in the crypto sector.
Additionally, it emphasized that inadequate due diligence and insufficient oversight of cross-border activities could allow illicit flows to go undetected, thereby undermining MiCA’s objective of establishing a transparent and secure digital asset market.
Under MiCA, crypto firms must obtain authorization and comply with strict operational, reserve, and disclosure requirements.
However, firms registered before June 2024 under national regimes may continue operating until the end of 2025 without meeting the new EU-wide standards, a period the EBA says could be “exploited by opportunistic actors.”
The EBA urged regulators to intensify their supervision during this window, recommending enhanced scrutiny of governance structures, capital adequacy, and transaction monitoring systems.
Additionally, it encouraged firms to begin aligning with MiCA’s risk management and consumer protection requirements ahead of time to avoid disruptions once the transition period ends.
The warning comes as the EU prepares for full MiCA enforcement, which seeks to harmonize digital asset regulation across all 27 member states and establish clear rules for stablecoins, crypto custody, and service providers.
EBA Advances MiCA Implementation With Draft Standards for Bank Crypto Exposure
The EBA continues to play a central role in shaping Europe’s crypto regulation following the implementation of the MiCA.
In January, the European Securities and Markets Authority (ESMA) directed crypto-asset service providers to delist stablecoins that do not meet MiCA’s requirements, reinforcing earlier warnings from the EBA.
MiCA compliance required: Crypto-asset service providers must delist non-compliant stablecoins.#MiCA #ESMA $USDT #Stablecoinhttps://t.co/LNE1u6WlSq
— Cryptonews.com (@cryptonews) January 20, 2025
The regulator had already urged firms to assess their compliance status and stop offering non-conforming tokens, indicating a coordinated effort among EU agencies to tighten oversight.
To support this framework, the EBA released draft Regulatory Technical Standards in August, outlining how banks and institutions must manage crypto exposures under the Capital Requirements Regulation.
The proposed rules establish capital treatment methods for various categories of crypto assets, ranging from unbacked tokens like Bitcoin to asset-referenced and e-money tokens, and align closely with the Basel Committee guidelines.
The EBA also removed its earlier “prudent valuation” requirement, simplifying fair-value assessments while introducing new aggregation methods for long and short positions.
These measures seek to strike a balance between innovation and financial stability as European institutions expand into digital assets. Transitional rules will allow banks to maintain limited exposure while the EU develops a permanent framework.
Over 50 firms have already been licensed under MiCA. Some say it’s a breakthrough, others fear it could handcuff Europe’s crypto future. This op-ed breaks down what’s working and what’s not.#MiCA #CryptoRegulationhttps://t.co/OsUt0mKiXl
— Cryptonews.com (@cryptonews) September 17, 2025
By September, over 50 firms, including Coinbase, Kraken, and OKX, had secured MiCA licenses, gaining access to all 27 EU markets under a unified rulebook.
Yet, compliance has proven to be demanding, with lengthy application processes and phased rollouts creating operational uncertainty.
The post EBA Sounds Alarm: Crypto Firms Exploiting MiCA Loopholes Pose ‘Significant’ Threat to EU appeared first on Cryptonews.
