Firms are expected to demonstrate substance and autonomy in Ireland and be led by a local crypto-competent Executive and Board with a strong grasp of the local regulatory environment. Firms must maintain robust local governance and risk management
arrangements.
In practical terms, this means:
- The local Board and the Executive have full oversight and understanding of all of the firm’s activities and its risks, has independent decision-making, and is of sufficient size and expertise to achieve that outcome.
- Regardless of any outsourcing arrangements, and in line with our existing Cross-Industry Guidance on Outsourcing,
the local Board and the Executive have full responsibility for risks stemming from outsourcing and outsourcing risk must be effectively managed locally.
- We expect the Irish authorised CASP firm to be in a position to robustly discuss any aspect of its business model and strategy, how it operates on a daily basis, and most importantly that the Irish authorised CASP firm can give a full assessment of
its risk profile at any time.
- Where we have concerns that a firm will not operate in this manner and it would ultimately impact on our ability to supervise the firm, it will not be authorised.
[1] Consider Section 4.2 of ESMA’s Supervisory Briefing - Authorisation of CASPs under MiCA,
31/01/25