AML/KYC Services for Crypto Companies

AML/KYC Services for Crypto Companies — MiCA & AMLD Compliance 2026

Every MiCA-authorized CASP must operate a robust AML/KYC compliance program that satisfies the requirements of the 6th Anti-Money Laundering Directive (AMLD6), MiCA Articles 83–92, and FATF Recommendations. Regulators across the EU — from BaFin to the Bank of Lithuania — treat AML/KYC deficiencies as grounds for license refusal or withdrawal. Our EU regulatory team delivers complete, regulator-ready AML/KYC packages: risk-based policies, CDD and EDD procedures, PEP/sanctions screening frameworks, transaction monitoring rules, FATF Travel Rule implementation, and ongoing MLRO support. Typical packages run 80–150 pages and are delivered in 4–8 weeks, priced from €5,000.

EU AML/KYC Legal Framework for Crypto CASPs

Crypto-asset service providers authorized under MiCA are obligated entities under EU AML law. The framework governing AML/KYC for CASPs combines three interlocking legal instruments:

MiCA Regulation (EU) 2023/1114, Articles 83–92: Sets out specific AML/KYC obligations for CASPs, including requirements for policies and procedures, customer due diligence, record-keeping, and cooperation with competent authorities.
6th Anti-Money Laundering Directive (AMLD6 / Directive (EU) 2018/1673): Extends criminal liability for money laundering, harmonizes predicate offenses across EU member states, and strengthens penalties. Transposed into national law in all 27 EU member states.
Transfer of Funds Regulation (TFR), recast (Regulation (EU) 2023/1113): Implements the FATF Travel Rule for the EU, requiring CASPs to collect and transmit originator and beneficiary data for crypto transfers above €1,000.

Additionally, ESMA and EBA publish joint guidelines on AML/KYC for crypto-asset businesses, which NCAs use as supervisory benchmarks. CASPs failing to meet these standards face license suspension, financial penalties, and reputational damage. Our AML/KYC packages are built to satisfy NCA expectations in all major EU licensing jurisdictions.

FATF Travel Rule: EU Implementation Since 2023

The recast Transfer of Funds Regulation (EU) 2023/1113 applies to all CASPs. For transfers of €1,000 or more, CASPs must collect full originator and beneficiary data and transmit it to the receiving CASP. For transfers to unhosted wallets, additional verification requirements apply. Non-compliance exposes CASPs to regulatory sanctions and NCA intervention.

AML/KYC Services for Crypto Companies

Our AML/KYC compliance packages are built specifically for MiCA CASPs — exchanges, custodians, portfolio managers, and token issuers. Each service component is designed to satisfy NCA expectations during authorization review and ongoing supervision.

AML/KYC Policy Drafting (Risk-Based Approach)

Full AML policy document aligned with MiCA Art. 83–92 and AMLD6. Covers governance framework, risk appetite, customer risk categorization (low/medium/high), product and service risk assessment, geographic risk, and channel risk. Typically 40–60 pages, tailored to your specific CASP service types and target markets.

Customer Due Diligence (CDD) Procedures

Step-by-step CDD procedures for onboarding individual and corporate clients: identity verification, document requirements, beneficial ownership identification (UBO registry checks), source of funds, ongoing monitoring triggers. Includes CDD checklists and decision trees for client-facing compliance teams.

Enhanced Due Diligence (EDD) for High-Risk Clients

EDD procedures for PEPs (Politically Exposed Persons), clients from FATF grey/black list countries, high-volume traders, and complex corporate structures. Includes senior management sign-off workflows, additional verification sources, and ongoing enhanced monitoring requirements.

PEP and Sanctions Screening Setup

Screening framework for politically exposed persons and sanctions lists (EU, OFAC, UN, UK). Covers onboarding screening, ongoing monitoring, match resolution procedures, and escalation workflows. Guidance on technology integration for automated screening.

Transaction Monitoring Rules

Transaction monitoring framework with threshold-based and pattern-based alert rules for crypto transactions. Includes alert classification matrix, investigation procedures, escalation paths, and documentation requirements. Aligned with ESMA and EBA typologies for crypto-asset transactions.

FATF Travel Rule Implementation

Complete Travel Rule compliance procedures under TFR Regulation (EU) 2023/1113: originator/beneficiary data collection, CASP-to-CASP transmission protocols, unhosted wallet verification procedures, and record-keeping. Includes guidance on Travel Rule technology solutions (IVMS101, TRISA, Sygna).

Suspicious Activity Report (SAR) Procedures

SAR filing framework: internal suspicion reporting, MLRO review and decision procedure, external SAR submission to the national FIU, tipping-off prohibition compliance, and record retention. Country-specific SAR submission guidance for your licensing jurisdiction.

AML Officer Training and Certification

MLRO and compliance team training on MiCA AML/KYC obligations, FATF Travel Rule, red flag indicators for crypto transactions, SAR filing obligations, and NCA expectations. Certificate of completion provided for regulatory documentation purposes.

What You Receive — AML/KYC Deliverables

A complete AML/KYC package for a MiCA CASP typically includes:

AML/KYC Master Policy — 40–60 pages covering governance, risk assessment, customer risk categories, and regulatory obligations
CDD/EDD Procedures Manual — step-by-step onboarding procedures for individuals and legal entities, including UBO identification
Risk Assessment Matrix — scored risk matrix covering customer, product, geographic, and channel risk factors
Transaction Monitoring Rules Document — alert thresholds, red flag typologies, and investigation procedures
FATF Travel Rule Procedures — operational procedures for TFR compliance, including unhosted wallet verification
SAR Filing Procedure — internal reporting, MLRO decision flowchart, and FIU submission guide
PEP/Sanctions Screening Policy — screening triggers, match resolution, and escalation procedures
MLRO Job Description and Appointment Letter Template
AML Training Record Templates
Record-Keeping Policy — 5-year retention schedule per AMLD6

Timeline: 4–8 weeks from engagement to delivery of the complete package. Pricing: €5,000–€25,000 depending on CASP complexity, number of service types, and jurisdictions covered. See also: MiCA Compliance Consulting for post-authorization ongoing support, and DORA Compliance for ICT resilience requirements.

AML/KYC for Crypto Companies — FAQ

What AML/KYC requirements do MiCA CASPs have?

MiCA CASPs are subject to AML/KYC obligations under MiCA Articles 83–92 and the 6th Anti-Money Laundering Directive (AMLD6). Requirements include a risk-based AML program, Customer Due Diligence (CDD) for all clients, Enhanced Due Diligence (EDD) for high-risk clients including PEPs, transaction monitoring, SAR filing with the national FIU, MLRO appointment, and FATF Travel Rule compliance for crypto transfers above €1,000.

What is the FATF Travel Rule for crypto?

The FATF Travel Rule requires CASPs to collect and transmit originator and beneficiary information for crypto transfers above a threshold. In the EU, the Transfer of Funds Regulation (EU) 2023/1113 implements this requirement: for transfers of €1,000 or more between CASPs, full originator and beneficiary data must be transmitted alongside the transfer. For transfers to unhosted wallets, CASPs must collect and verify the identity of the wallet owner. Non-compliance exposes CASPs to NCA sanctions.

How does CDD differ from EDD for crypto businesses?

Customer Due Diligence (CDD) is the standard identity verification process applied to all clients: name, address, date of birth, and document verification. Enhanced Due Diligence (EDD) applies to higher-risk clients — PEPs, clients from FATF high-risk jurisdictions, complex ownership structures, or unusual transaction patterns — and requires additional verification steps, senior management approval, and enhanced ongoing monitoring.

What should an AML policy for a crypto company include?

A MiCA-compliant AML policy should include: risk assessment framework (customer, product, geographic, channel risk); CDD and EDD procedures; beneficial ownership identification; PEP and sanctions screening; transaction monitoring rules; SAR filing procedures; FATF Travel Rule compliance; MLRO role and responsibilities; staff training requirements; 5-year record-keeping obligations; and a policy review schedule. Typical policies for CASPs run 80–150 pages.

Do I need a dedicated MLRO for my CASP?

Yes. MiCA and AMLD6 require CASPs to appoint a Money Laundering Reporting Officer (MLRO) with sufficient seniority, independence, and resources. The MLRO oversees the AML/KYC program, receives internal SAR reports, decides on FIU filings, and liaises with regulators. NCAs assess the MLRO's qualifications during CASP authorization. For small CASPs, the role may be combined with other functions, but the designation must be formal and documented.

How often should AML policies be updated?

AML policies should be reviewed at minimum annually, or whenever there is a material change: new product or service, new market entry, regulatory update, suspicious activity spike, or NCA inspection finding. MiCA CASPs should also track ESMA and EBA guidance updates. Under AMLD6, failure to maintain an up-to-date AML policy can result in regulatory sanctions and license consequences.

Complete Compliance Coverage for MiCA CASPs

AML/KYC is one component of the broader compliance framework required for MiCA CASP authorization and ongoing operation. Our compliance team covers the full spectrum of regulatory requirements:

MiCA Compliance Consulting — Gap analysis, authorization support, and ongoing compliance monitoring for CASPs at every stage of the MiCA lifecycle.
DORA Compliance — ICT risk management framework, incident reporting procedures, and third-party risk management for the Digital Operational Resilience Act (in force January 2025).
Legal Opinions — Token classification, CASP status determination, white paper review, and regulatory conflict opinions for crypto-asset businesses.
MiCA CASP License Overview — Full guide to MiCA authorization requirements, timelines, and EU passporting for all service types.

Our team has assisted 140+ crypto businesses with EU compliance since 2019. We maintain active knowledge of NCA expectations across all 27 EU member states and monitor ESMA and EBA guidance as it develops. Contact us to discuss your AML/KYC needs.