A brief discussion on the practice and risks of crypto asset management business from the perspective of MiCA licensed entities

Compliance Lessons in the MiCA Era: With traditional financial funds continuously flowing into the crypto market, more and more investors are seeking stable and reliable crypto asset investment management services. This is especially true for those tired of constantly following market trends and experimenting with new strategies. They are eager to plan their crypto portfolios within a more traditional investment management context. The EU's Markets in Crypto-Assets Regulation (EU) 2023/1114 (MiCA), the world's first unified regulatory framework for crypto assets, not only imposes comprehensive requirements on exchanges and wallet providers but also, for the first time, incorporates innovative services such as portfolio management, copy trading, and staking into its regulatory framework. Under the MiCA framework, several crypto asset service providers have obtained regulatory licenses and begun offering clients services such as portfolio management. As of now, ten licensed institutions in the EU help clients manage cryptoasset portfolios, including major platforms like eToro and Kraken. eToro's Smart Portfolios feature offers asset allocation recommendations and integrates social trading to enable strategy copying, attracting a large number of users seeking automated and low-barrier-to-entry investment. Kraken, on the other hand, has expanded beyond cryptoasset trading to include staking services and is exploring compliant cross-border asset management models. The enactment of MiCA brings these innovative businesses under a unified regulatory framework for the first time. This change not only impacts the European market but also serves as a compliance benchmark for global cryptoasset companies: going forward, all service providers involved in portfolio management, staking, or copy trading will be required to address regulatory challenges head-on. For cryptoasset platforms, fund managers, and even individual investors, this presents two pressing questions: 1. How can they continue to innovate while maintaining compliance? 2. How to address cross-border regulatory differences and ensure the sustainability of global business expansion? Copy Trading and Quantitative Strategies MiCA sets clear compliance definitions and requirements for portfolio management: CASPs offering cryptoasset portfolio management must conduct a suitability assessment of their clients' experience, knowledge, investment objectives, and ability to tolerate losses before providing services. If a client fails to provide relevant information, or the assessment indicates that the investment is unsuitable for the client, the service provider may not provide portfolio management or related advice. Furthermore, when providing investment advice, CASPs must issue a report containing a suitability assessment, explaining how the recommended cryptoasset or service aligns with the client's preferences and goals. When providing portfolio management, CASPs must also regularly provide reports to clients summarizing portfolio performance and updating the suitability assessment. This regulation directly raises the compliance threshold for portfolio management and strengthens investor protection. In the cryptoasset investment sector, copy trading and quantitative strategies are increasingly becoming common portfolio management methods among MiCA-licensed CASPs. These two strategies leverage technology to improve investment efficiency and potential returns, attracting a large number of investors seeking to capitalize on technological advancements to increase their assets. Copy trading, as the name suggests, allows investors to follow the investment strategies of experienced traders. Platforms provide transparent trading signals and historical performance, allowing users to select and replicate the strategies of professional traders. Its core feature is that it connects investors directly with experienced traders, allowing them to automatically replicate their every move through the platform, thus lowering the investment barrier. This service is particularly suitable for investors who lack professional expertise but wish to share the experience of others. Quantitative trading (Algorithmic Trading) utilizes mathematical models and statistical methods to analyze data and automatically execute trading decisions through algorithms. In the cryptoasset market, quantitative strategies often combine big data, machine learning, and artificial intelligence technologies to achieve high-frequency, automated investment operations. Compared to manual trading, quantitative strategies offer faster execution and greater discipline. They can react quickly and objectively to rapidly changing market conditions, mitigating biases in human judgment. Therefore, they are becoming a key product type offered to investors by MiCA-licensed CASPs. It is worth noting that MiCA does not explicitly require that the underlying asset type for portfolio management must be spot crypto or derivatives. While in practice, many platforms may choose spot crypto as the underlying asset, particularly due to its transparency and easier risk management, the use of derivatives (such as futures and options) as the underlying asset is not clearly distinguished by MiCA regulatory requirements. When the underlying asset involves crypto derivatives, there may be conflicts between crypto regulation (such as MiCA) and traditional financial regulation (such as MiFID).

MiCA sets out the compliance requirements for Portfolio Management and refers to the standards of MiFID in some aspects, especially in terms of suitability assessment and investor protection. However, the regulatory scope of MiFID is not explicitly limited to fiat currency derivatives. Some crypto derivatives may also meet the definition of financial instruments in MiFID, and therefore need to comply with the relevant requirements of MiCA and MiFID at the same time. This dual supervision may bring compliance challenges, especially in terms of product compliance assessment, capital requirements and derivatives trading rules.

Although the two have differences in the way they achieve investment goals, they both face compliance challenges and opportunities. The following will take two representative jurisdictions with strict compliance as examples to explore their regulatory requirements for copy trading and quantitative strategies.

1. European Union (MiCA)

In the EU, MiCA, as a unified regulatory framework, sets out detailed requirements for CASPs, with a particular emphasis on investor protection. For portfolio management service providers, the core requirements include:

• Suitability Assessment Obligation: Before providing advice or portfolio management, a suitability assessment must be conducted on each client, covering knowledge and experience, investment objectives/risk tolerance, financial situation, and basic understanding of cryptoasset risks. Portfolio management may only begin if the client is deemed "suitable." If the client does not provide information or the assessment indicates incompatibility, portfolio management may not be initiated. Clients must also be reassessed at least every two years.

• Regular reporting obligations:Provide clients with regular portfolio management reports at least quarterly (in electronic form; if the client has an "online system" and has access records for the quarter, this can be fulfilled through the "online continuous availability + reminder" mechanism). The content must review portfolio activities and performance in a "fair and balanced" manner and update suitability information.

• Transparent disclosure obligations for costs and charges:Evaluate the "cost and complexity of equivalent products" within the suitability framework and clearly disclose all costs and third-party interests involved.

• Market fairness:MiCA requires platforms not to manipulate market prices using algorithms or copying mechanisms and must maintain fairness and transparency. 2. United States (SEC and CFTC) In the United States, copy trading and quantitative strategies are jointly regulated by the SEC and CFTC, primarily in the following areas: Registration and Compliance: Copy trading, mirroring, or model-driven strategies that constitute providing securities advice or making discretionary decisions on behalf of clients generally fall under the scope of investment advisors under the Investment Advisers Act of 1940 and are subject to registration, fiduciary duties, disclosure, and other compliance obligations. Quantitative/algorithmic trading involving commodity derivatives falls under the regulatory frameworks of the CEA and CFTC, and whether CTA/CTP/FCM status is triggered depends on the specific business.

• Risk and Appropriateness Disclosure: The SEC emphasizes full and non-misleading disclosure (model assumptions, data and limitations, backtesting and performance presentation, risks of deviation from client objectives, etc.) and the fulfillment of fiduciary duties for "algorithmic/robo-advisors", and makes them key focuses during inspections.

• Anti-Market Manipulation: Both the SEC and the CFTC prohibit the use of copy or algorithmic trading to manipulate the market or engage in insider trading. The CFTC prohibits manipulation and fraudulent devices based on CEA §6(c)(1) and 17 CFR 180.1/180.2; the SEC has proposed anti-manipulation/anti-insider frameworks such as Exchange Act §10(b)/Rule 10b-5 and §9(a)(2). Legal Risks of Technological Innovation As the cryptoasset market continues to mature, staking, as a crucial component of blockchain network validation mechanisms, has become a core service offered by mainstream cryptoasset platforms. Staking essentially involves cryptocurrency holders locking their assets on the blockchain to support network operations and earn rewards in the process. Many mainstream cryptoasset platforms, such as Kraken, Binance, and Coinbase, offer staking services, allowing users to stake their cryptoassets on the network to earn staking rewards. Staking, with its distinct financial characteristics, has become a key compliance focus in various jurisdictions. For example, after being ordered by the US SEC to cease staking services in 2023, Kraken underwent a major overhaul of its staking operations, including adding a user authorization process, independent custody of user assets, and standardized reward disclosure methods to ensure its staking services comply with regulatory requirements. The regulatory status of pledging varies significantly across jurisdictions: 1. Differences in the Legal Recognition of Pledges Different jurisdictions have significant variations in their definition of pledging: EU: MiCA defines pledging services as ancillary to custody services. Cryptoasset pledging service providers must be authorized to provide custody and management services for cryptoassets on behalf of clients and are liable for losses of cryptoassets arising from pledging services or from the pledging activities themselves. US: The SEC assesses pledging services on a case-by-case basis using the Howey Test. It focuses on whether the pledging business involves intermediary packaging, promises of returns, or expectations of consideration. It tends to consider pledging as an "investment contract," requiring the relevant services to be registered. Singapore: Public staking services typically fall under the DPT (Digital Payment Token) Service Provider Framework (PSA/FSMA). Regardless of whether clients are located overseas, service providers must be licensed and comply with strict AML/CFT, client asset custody, and disclosure requirements. There is no transition period; unlicensed providers must cease operations. Hong Kong: Staking services are explicitly brought under the regulatory framework. Licensed virtual asset trading platforms (VATPs) are permitted to provide staking services to clients with prior approval, but must adhere to a comprehensive set of terms and conditions (Staking T&Cs) covering custody and control, client authorization and disclosure, risk management, and operational requirements. This difference means that cross-border staking services must be designed to adhere to the strictest standards first; otherwise, they may be deemed illegal in some countries. 2. Core Elements of Pledge Compliance To mitigate compliance risks, staking platforms should focus on the following three aspects: Independent Custody of Customer Assets: Prevent platforms from commingling customer pledged assets with their own funds; and ensure the complete return of customer assets in the event of bankruptcy or liquidation. Transparent Reward Distribution Mechanism: Disclose the reward calculation method, distribution frequency, potential return fluctuations, and establish a verifiable on-chain data record. Risk Warnings and User Education: Clarify the risks that may arise during the staking process, such as cyberattacks, contract vulnerabilities, and policy changes, and provide retail users with risk questionnaires and educational materials. However, due to regulators' strict approach to staking services, licensed cryptoasset platforms are generally cautious about offering them. Many platforms choose to avoid or strictly limit the scope of staking services to meet the compliance requirements of different markets. Case Study: Kraken's Staking Rectification Following SEC enforcement action in 2023, Kraken overhauled its staking business: adding a new user authorization process to ensure users understand the staking rules; transferring pledged assets to a separate trust account; and standardizing reward disclosures, providing a real-time yield calculation model. In January 2025, Kraken announced the relaunch of its staking business in 37 US states and two territories. This case demonstrates that staking compliance is more than just filing; it involves restructuring business structures, upgrading risk management systems, and engaging with regulators. The Core Concept of a Compliance Path Faced with an ever-changing global regulatory landscape, cryptoasset companies need to strike a balance across different markets when developing their compliance strategies. The following three principles can help companies navigate the complex compliance landscape. 1. Prioritize the Strictest Jurisdictions: Starting with the US and EU Companies should first consider the strictest global regulatory standards, such as those in the US and EU. This is particularly evident in Kraken's strategy. As a globally renowned digital asset exchange, Kraken has implemented compliance measures based on EU and US regulatory requirements, gradually expanding them as it enters other markets. This not only helps Kraken avoid potential legal risks arising from "regulatory arbitrage" but also ensures legal operations across multiple markets. Through rigorous compliance measures, Kraken provides investors with a transparent and secure trading environment while avoiding the risks of regulatory penalties or market bans faced by other platforms (such as Binance) due to ignoring regulatory requirements. This strategy enables Kraken to operate smoothly in multiple jurisdictions and gradually expand its global market share. 2. Modular Compliance Architecture: Designing Compliance Measures by Business Modularizing business operations is a key approach for crypto-asset companies to address complex regulatory requirements. For example, Kraken separates its staking, trading, and lending businesses into distinct compliance measures. For example, when providing staking services, Kraken has established interest rate disclosure and risk warning mechanisms that comply with EU and US regulations, ensuring that clients understand the associated risks while enjoying returns.

  Furthermore, platforms like OKX have similarly broken down the compliance requirements of each business line, ensuring that each module has its own independent regulatory framework. This approach not only improves compliance efficiency but also enables crypto-asset companies to flexibly navigate a complex regulatory environment.

  3. Continuous Compliance and Dynamic Adjustment: Real-Time Updates to the Compliance Manual

  Compliance management isn't a one-time fix. As the global regulatory landscape evolves, companies need to regularly update their compliance manuals to ensure that all operations comply with the latest regulations. Kraken's practice in this regard is worth learning from. The platform has established a compliance committee to regularly review global regulations to ensure that every aspect of its operations is aligned with local regulations.

  In contrast, cases like FTX remind us that a lack of dynamic compliance updates can leave companies unprepared for regulatory changes, leading to serious legal and financial consequences.

  How can we forge a path to compliance?

  As traditional financial funds gradually flow into the crypto market, many investors are no longer satisfied with simply following market trends, but are seeking more stable and secure investment methods. Especially in the context of gradually strengthening supervision, compliance paths have become more important. If companies want to gain a foothold in this emerging market, they must first ensure that they comply with the regulatory requirements of their region and choose an appropriate investment management model based on these requirements.

  For companies, the next key is to find the right service providers and partners to ensure compliance while maximizing investment returns. If your company is interested in entering the field of crypto assets, understanding the different regulatory frameworks and compliance requirements will help it achieve sustainable development in a complex market environment.