MiCA-Compliant AML Governance: From Policy to Practice
As the Markets in Crypto-Assets Regulation (MiCA) enters into force, crypto-asset service providers (CASPs) must move beyond checkbox compliance. European regulators now demand that AML/CFT systems reflect operational reality — not just policy templates. In the Czech Republic, where CASPs were previously governed under Act No. 253/2008 Coll., the shift to MiCA introduces stricter expectations around governance, independence, and internal control.
AML Governance Under MiCA: Structural Expectations
MiCA requires that firms implement robust internal governance and control mechanisms (Article 63), including:
A clear three-lines-of-defense model
An independent Money Laundering Reporting Officer (MLRO)
A Board-level oversight function
A dedicated compliance function with the authority to act
A licensing and regulatory liaison process to ensure ongoing conformity with MiCA and TFR.
At Artlex Consult, we have designed a MiCA-aligned AML structure that translates these expectations into practical internal architecture.
From Theory to Structure: Key Components
At the top sits the Board of Directors, which delegates regulatory oversight to the Board Compliance Committee (BCC). This committee supervises compliance implementation and is supported by an Internal Audit Function — the third line of defense that independently evaluates risk management and control effectiveness.
The Central Compliance Committee (CCC), composed of senior management and compliance leadership, serves as the primary coordinating body. It ensures that feedback flows from compliance into operational functions.
The Chief Compliance Officer (CCO) sits within the second line of defense and manages the organization’s overall compliance framework. The Money Laundering Reporting Officer (MLRO), while also part of the second line, is given specific responsibility for AML/CFT and must be structurally and functionally independent from business operations.
At the first line of defense, business and operations managers remain responsible for day-to-day risk ownership, including client onboarding and transaction execution. However, under MiCA, these activities must now be tightly integrated with compliance via centralized monitoring systems, automated alerts, and predefined escalation paths.
Finally, a MiCA Licensing & Regulatory Liaison function ensures active and ongoing engagement with the Czech National Bank (ČNB), ESMA, and any other competent authorities. This team must maintain documentary readiness, communicate changes in risk exposure, and ensure timely updates to authorization terms.
Why This Structure Matters
This model is not theoretical — it addresses concrete supervisory risks:
Preventing conflicts of interest between revenue and compliance
Ensuring timely SAR reporting by empowering the MLRO
Protecting executives from personal liability due to AML failures
Demonstrating ongoing fitness for MiCA licensing during audits and renewals
Allowing ČNB or FAÚ to clearly trace roles, responsibilities, and decisions
It also aligns with EU-level expectations outlined by EBA, ESMA, and AMLD6.
Final Thoughts: Build Governance Before You Need It
As regulators shift from registration to authorization, internal structure is no longer optional. MiCA compliance begins with governance: who controls what, who escalates what, and who reports to whom.
If you are applying for or maintaining a MiCA license, now is the time to align your internal AML framework with supervisory expectations. Artlex Consult helps CASPs fully compliant AML governance — from Board committees to MLRO protocols and regulatory liaison.