MiCA-Compliant AML Governance: From Policy to Practice


As the Markets in Crypto-Assets Regulation (MiCA) enters into force, crypto-asset service providers (CASPs) must move beyond checkbox compliance. European regulators now demand that AML/CFT systems reflect operational reality — not just policy templates. In particular, in the Czech Republic, where CASPs were previously governed under Act №253/2008 Coll., the shift to MiCA introduces stricter expectations around governance, independence, and internal control. 

AML Governance Under MiCA: Structural Expectations:

MiCA requires that firms implement robust internal governance and control mechanisms (Article 63), including: 

  • A clear three-lines-of-defense model; 
  • An independent Money Laundering Reporting Officer (MLRO);
  • A Board-level oversight function; 
  • A dedicated compliance function with the authority to act licensing and regulatory liaison process to ensure ongoing conformity with MiCA and TFR. 
At Artlex Consult, we have designed a MiCA-aligned AML structure that translates these expectations into practical internal architecture. 

From Theory to Structure: Key Components:

At the top sits the Board of Directors, which delegates regulatory oversight to the Board Compliance Committee (BCC). This committee supervises compliance implementation and is supported by an Internal Audit Function — the third line of defense that independently evaluates risk management and control effectiveness. 

The Central Compliance Committee (CCC), composed of senior management and compliance leadership, serves as the primary coordinating body. It ensures that feedback flows from compliance into operational functions. 

The Chief Compliance Officer (CCO) sits within the second line of defense and manages the organization’s overall compliance framework. 

The Money Laundering Reporting Officer (MLRO), while also part of the second line, is given specific responsibility for AML/CFT and must be structurally and functionally independent from business operations. 

At the first line of defense, business and operations managers remain responsible for day-to-day risk ownership, including client onboarding and transaction execution. However, under MiCA, these activities must now be tightly integrated with compliance via centralized monitoring systems, automated alerts, and predefined escalation paths. 

Finally, a MiCA Licensing & Regulatory Liaison function ensures active and ongoing engagement with the Czech National Bank (ČNB), ESMA, and any other competent & regulatory authorities. This team must maintain documentary readiness, communicate changes in risk exposure, and ensure timely updates to authorization terms. 

Why The Above Structure Matters

This model is not theoretical — it addresses concrete supervisory risks: 

  • Preventing conflicts of interest between revenue and compliance; 
  • Ensuring timely SAR reporting by empowering the MLRO; 
  • Protecting executives from personal liability due to AML failures; 
  • Demonstrating ongoing fitness for MiCA licensing during audits and renewals; 
  • Allowing ČNB or FAÚ to clearly trace roles, responsibilities, and decisions. It also aligns with EU-level expectations outlined by EBA, ESMA, and AMLD6. 
Final Thoughts: Build Governance Before You Need It 

As regulators shift from registration to authorization, internal structure is no longer optional. MiCA compliance begins with governance: who controls what, who escalates what, and who reports to whom. If you are applying for or maintaining a MiCA license, now is the time to align your internal AML framework with supervisory expectations. 

Artlex Consult helps CASPs fully compliant AML governance — from Board committees to MLRO protocols and regulatory liaison. 

How We Can Help 

At Artlex Consult s.r.o., we make it simple for crypto businesses to follow the new MiCA rules. We turn complicated compliance requirements into practical, easy-to-use systems that actually work in your day-to-day operations. 

Here’s what we do for you: 

  • Set Up Your AML Governance: We create a clear structure showing who is responsible for compliance, reporting, and risk management — so everyone knows their role;
  • Support Your MLRO & Compliance Teams: We make sure your Chief Compliance Officer & compliance staff have the independence and authority they need to do their job properly;
  • Build Simple, Effective Controls: We design easy-to-follow processes for AML risk assessment & management;
  • Help with Licensing & Regulator Communication: We guide you through MiCA licensing, maintain contact with regulators like the Czech National Bank, as well as keep your documentation ready for audits; 
  • Integrate Compliance into Daily Operations: We link compliance rules directly to business activities, so your team can work efficiently without breaking the rules. 
  • Prepare for Audits & Checks: We make sure your records, processes, and responsibilities are easy to track, so regulators can see everything is done correctly.
Get in Touch

If you are applying for or maintaining a MiCA license, now is the time to ensure your AML governance is not just compliant — but effective. 

Visit our website: https://artlexconsult.com/

Contact us: info@artlexconsult.com 

We help you build AML governance that stands up to scrutiny — today and as regulation evolves.


About the Authors: 

Mgr. Hovsep Kocharyan, Ph.D. is the Head of Legal at Artlex Consult s.r.o., who specializes in legal and regulatory compliance for crypto-asset service providers, ensuring AML frameworks meet MiCA and applicable law requirements. 

Mgr. Lusine Vardanyan, Ph.D. is the Director (CEO) at Artlex Consult s.r.o., who focuses on operations and compliance strategy, translating complex rules into practical processes that work for businesses every day. Together, we bring deep expertise in MiCA compliance, AML governance, and operational implementation.

Comments

Post a Comment

Popular posts from this blog

Why Every Obliged Entity Needs an Experienced MLRO and MLCO: The Czech AML/CFT Law Perspective

Image
  Mgr. Hovsep Kocharyan, Ph.D. Mgr. Lusine Vardanyan, Ph.D. 1. Introduction Currently, in the context of a dynamically developing regulatory framework, compliance with all applicable AML/CFT standards, guidelines and requirements is a strategic necessity. In accordance with the Czech Anti-Money Laundering Act No. 253/2008 Coll. (referred to as the “Czech AML Act”), every obliged entity must implement comprehensive, detailed, proportionate and effective AML/CFT (anti-money laundering and terrorist financing) policies, procedures, measures, and controls.  The Czech AML landscape is changing fast. MiCA, DORA, AMLA Regulations  — all raise the stakes for fintech and crypto firms. This article explores why, in light of evolving EU regulations, it is now more critical than ever for obliged entities, including primarily for CASPs, Payment Service Providers (PSPs), Banks, Investment Firms, and Electronic Money Institutions (EMIs) to have a dedicated and experienced AML/CFT C...
Read more

SDD, CDD, and EDD under Czech AML Law: How to Conduct Proper Client Due Diligence and Avoid Costly Mistakes

Image
Since January 1, 2021, the Czech Republic has implemented the provisions of the 5th Anti-Money Laundering Directive (AMLD5) into national legislation. Act No. 253/2008 Coll., on Certain Measures Against the Legalization of Proceeds of Crime (commonly referred to as the AML Act), governs the obligations of obliged entities with respect to customer identification and the prevention of money laundering.  At the heart of this framework is a risk-based approach to customer, which includes three escalating levels:  SDD – Zjednodušená kontrola (Simplified Due Diligence); CDD – Standardní kontrola (Standard Due Diligence); EDD – Zesílená kontrola (Enhanced Due Diligence). The correct application of each level is essential not only for regulatory compliance, but also to protect businesses from reputational, financial, and supervisory risks.  1. Simplified Due Diligence (SDD) According to §13 of the AML Act, simplified due diligence (SDD) may only be applied when:  The risk of...
Read more

EMT, PSD2, and MiCA: How to Avoid Double Regulation? A New Perspective from the EBA

Image
As the MiCA regulation enters into force and the 2026 compliance deadline approaches, the legal landscape for crypto-asset service providers (CASPs) is becoming increasingly complex. A recent clarification from the European Banking Authority (EBA) sheds light on a crucial regulatory dilemma: Do transactions involving electronic money tokens (EMTs) fall under PSD2—and if so, when?  At Artlex Consult, we have reviewed the EBA’s position and prepared a concise guide for businesses operating with fiat-backed stablecoins.  EBA: EMTs Are Both Crypto Assets and Electronic Money   According to the EBA, EMTs (such as USDC) fall under a dual classification: a) as crypto-assets under MiCA , and b) as electronic money under PSD2 . This dual status means that CASPs engaging in certain types of EMT-related activity may be deemed to provide payment services—triggering the application of PSD2 and its licensing requirements.  When Does PSD2 Apply   The EBA emphasizes that not al...
Read more