As the Markets in Crypto-Assets Regulation (MiCA) enters its first full years of application, a growing number of MiFID investment firms are reassessing how their existing business models intersect with crypto-asset activities.

For many firms, the key challenge in 2025–2026 is not choosing between MiCA and MiFID, but designing an operating model that clearly reflects how the two frameworks interact, where regulatory boundaries sit, and how responsibilities are allocated in practice.

This is particularly relevant for investment firms that:

• offer crypto-related instruments or services alongside traditional financial instruments,
• distribute products referencing crypto-assets,
• provide execution, brokerage, custody-adjacent or technology-enabled services involving crypto,
• or operate group structures that include both MiFID entities and Crypto-Asset Service Providers (CASPs).

MiCA and MiFID: Different Regimes, Shared Operating Logic

MiCA and MiFID serve different regulatory purposes:

• MiFID II / MiFIR governs financial instruments, investment services, conduct of business and market structure.
• MiCA regulates crypto-assets that do not qualify as financial instruments, as well as the authorisation and operation of CASPs.

In practice, however, firms are increasingly assessed — by stakeholders, counterparties and supervisors alike — through a holistic operating lens, with emphasis on:

• governance and accountability,
• client protection outcomes,
• outsourcing and technology dependencies,
• operational resilience and reporting capability.

Well-structured firms therefore do not treat MiCA and MiFID as isolated compliance silos, but as interconnected components of a single governance and risk framework.

Key Boundary Questions Firms Should Be Able to Answer with Confidence

A robust operating model starts with clarity. Firms should be able to clearly articulate:

• Which activities fall under MiFID, and which fall under MiCA
• Whether crypto-related products are structured as financial instruments or crypto-assets
• Which legal entity within the group performs each regulated service
• How clients are informed about the applicable regulatory perimeter and protections

In practice, firms that cannot clearly define these boundaries often face licensing, conduct and consumer-protection risks, even where the underlying activity is otherwise permissible.

Conduct of Business: Consistency Across Regimes

For MiFID firms offering crypto-related products, conduct risk remains a central consideration, irrespective of whether MiFID or MiCA formally applies to a specific service.

Well-run firms typically ensure that:

• client disclosures clearly explain product risks, regulatory status and applicable protections,
• marketing and digital customer journeys are clear, fair and not misleading,
• conflicts of interest are properly identified, documented and mitigated,
• inducements, pricing and remuneration structures do not distort product distribution.

Where crypto-related products are offered to retail clients, applying MiFID-equivalent discipline — even where MiCA applies — is increasingly viewed as a sound governance practice rather than a regulatory burden.

Governance and Group Structures: “One Firm, One Risk Profile”

For groups operating both MiFID firms and CASPs, effective governance requires:

• clear separation of roles and responsibilities,
• transparent and well-documented intra-group arrangements,
• independent control functions where risk profiles differ materially,
• effective oversight at both entity and group level.

Inconsistent governance, blurred reporting lines or informal reliance on group resources can undermine the integrity of the operating model and weaken overall risk control.

Outsourcing, Technology and Operational Resilience

Crypto-related activities are typically highly dependent on:

• cloud infrastructure,
• trading venues and liquidity providers,
• custody or wallet technology,
• data, analytics and pricing providers.

A resilient operating model therefore includes:

• outsourcing arrangements that preserve auditability and oversight,
• active management of concentration and dependency risks,
• realistic exit and substitution planning,
• alignment of operational resilience controls with broader DORA-style expectations.

This is particularly important where MiFID firms rely on CASPs (or vice versa) for critical technology or operational services.

Reporting, Monitoring and Management Information

Firms operating across MiFID and MiCA benefit from integrated reporting and oversight, including:

• reliable internal reporting and management information,
• consistency across regulatory submissions and internal metrics,
• clear escalation of incidents, complaints and breaches,
• readiness for engagement across multiple regulatory frameworks.

In practice, fragmented reporting or weak internal monitoring in one area often exposes vulnerabilities across the wider operating model.

Common Pitfalls Observed in Practice

Across the market, recurring challenges include:

• unclear regulatory perimeter between MiFID and MiCA activities,
• inconsistent client disclosures across products and distribution channels,
• over-reliance on third parties without effective oversight,
• governance frameworks that do not reflect actual decision-making,
• underestimating the business impact of operational and technology risk.

Addressing these issues typically requires structural and governance enhancements, rather than incremental policy updates.

Conclusion

For investment firms offering crypto-related products, MiCA and MiFID must be designed and implemented as part of a single, coherent operating model, not as parallel compliance exercises.

Firms that proactively define regulatory boundaries, align governance structures, embed consistent conduct standards and strengthen operational resilience are better positioned to manage complexity, support sustainable growth and maintain credibility with clients, partners and supervisory stakeholders.

In an increasingly digital and crypto-enabled financial landscape, clarity of structure, accountability and execution is a competitive advantage.

DKA Financial Consultants advises investment firms and fintech groups on MiFID–MiCA boundary analysis, governance and operating model design, outsourcing and operational resilience frameworks, and end-to-end regulatory readiness across the

The content of this article is intended solely for general information purposes and does not constitute, and should not be construed as, professional advice or a formal opinion.

© 2026 DKA FINANCIAL CONSULTANTS LTD. All rights reserved.