CASP governance · Conflicts of interest
Conflicts of Interest for CASPs: What the ESMA RTS Requires
Conflicts-of-interest documentation is the section CASP applicants most commonly under-deliver on. ESMA's RTS on CoI sets concrete requirements — proportionate to the firm's scale and the range of services it offers. The expected file looks more like a regulated investment-firm CoI register than a tech-company governance document.
MiCA's conflicts-of-interest rule is the rule in Regulation (EU) 2023/1114 requiring crypto-asset service providers to identify, prevent, manage, and disclose conflicts of interest, with detailed operational requirements set out in the ESMA Final Report on Regulatory Technical Standards specifying the framework (ESMA35-1872330276-1670, May 2024) and the related ESMA Opinion on amendments (January 2025).
Quick facts
| Parameter | Value |
|---|---|
| Legal basis | MiCA's conflicts-of-interest rule — identification, prevention, management, and disclosure of conflicts of interest |
| RTS source | ESMA Final Report on RTS on Conflicts of Interest (ESMA35-1872330276-1670), published May 2024; ESMA Opinion on amendments (January 2025) |
| Mandatory components | Identification methodology, prevention measures, management measures, disclosure procedures, organisational structure with reporting lines, segregation of client and proprietary holdings |
| Proportionality | Requirements scale to the nature, scale, and range of services — Class 3 trading-platform operators face heavier expectations than Class 1 advisers |
| Disclosure language | CoI disclosures must be in the languages used by the CASP to market its services or communicate with clients — not just home-state language |
| Required policy categories | Identification of CoI types, prevention controls, management mitigations, escalation triggers, periodic review cadence, employee personal-trading rules |
| Disclosure trigger | Where CoI cannot be prevented or managed sufficiently, the residual conflict must be disclosed to clients before the service is provided |
Why CoI is the most under-prepared section of CASP files
Conflicts of interest sit in an awkward place in the MiCA framework. The substantive obligation is short — The conflicts-of-interest rule fits on a single regulation page. The operational expectation, set by ESMA’s RTS, is materially heavier than the article text suggests.
The most common pattern in 2025-2026 supervisory feedback: the CoI section of the application is the most generic part of the file. Big-Four-template policies adapted from MiFID II practice, with crypto-asset labelling but limited substantive engagement with the specific conflicts a CASP business model creates. ESMA’s RTS — and the supervisors who apply it — read these as inadequate.
What the conflicts-of-interest rules require
The conflicts-of-interest rule imposes four sequential obligations on every CASP:
-
Identify all reasonably foreseeable conflicts of interest between the CASP and its clients, between clients and other clients, and between persons acting for the CASP (employees, directors, tied agents).
-
Prevent conflicts where prevention is operationally feasible — through organisational structure, information barriers, separation of functions.
-
Manage conflicts that cannot be prevented — through controls, monitoring, and mitigations sufficient to ensure client interests are not damaged.
-
Disclose any residual conflict that prevention and management cannot fully address — to clients, clearly and prominently, before the service is provided.
The hierarchy matters. Disclosure is the fallback, not the primary control. A CoI framework that defaults to client-facing disclosure for material conflicts is read by supervisors as control-failure-dressed-as-transparency.
What the ESMA RTS adds
The ESMA Final Report on RTS specifying CoI requirements (ESMA35-1872330276-1670, May 2024) and the follow-up Opinion on amendments (January 2025) expand the operational expectations. The RTS focuses on:
| Domain | RTS expectation |
|---|---|
| Policies and procedures content | Identification methodology, prevention controls, management mitigations, escalation triggers, review cadence |
| Disclosure methodology | Format, prominence, timing — clients must understand the conflict before the service is provided |
| Disclosure content | Specific nature of the conflict, parties involved, mitigations applied, residual risk |
| Proportionality | Scaled to firm’s nature, scale, and range of services — Class 3 trading platforms heavier than Class 1 advisers |
| Disclosure languages | All languages used to market services or communicate with clients |
| Periodic review | Regular review cycle to keep the policy current as services and structure evolve |
The RTS is binding through Commission delegated regulation; the language is more prescriptive than the underlying the conflicts-of-interest rule.
Conflict types the RTS expects to see addressed
A typical CASP CoI register addresses the following conflict types (non-exhaustive):
Proprietary-vs-client conflicts:
- Proprietary trading by the CASP against client orders
- Market-making activities that benefit from client order flow visibility
- Allocation of scarce or new tokens between proprietary and client books
Custody-related conflicts:
- Use of client crypto-assets for the CASP’s own funding
- Rehypothecation arrangements
- Lending of client assets without client consent
- Mixed proprietary and client wallets
Trading-platform conflicts (Class 3):
- Listing decisions where the CASP holds an interest in the listed asset
- Order-routing decisions where the CASP captures spread
- Market-making by the CASP or affiliated entities on the platform
Employee-related conflicts:
- Personal account dealing by employees with information advantages
- Outside-business relationships
- Gifts and inducements
Affiliate-group conflicts:
- Cross-selling between CASP, affiliated issuers, and affiliated platforms
- Group-level compensation arrangements that incentivise CASP-affiliate flow
- Affiliate-issued stablecoins promoted preferentially
Regulatory-arbitrage conflicts:
- Routing client business between EU and non-EU group entities to optimise group-level outcomes
- Decisions about which authorisation hosts which client relationship
A 2026 supervisory file is expected to address each of these categories — at least to the extent the firm’s service mix creates the conflict. Generic policies that do not work through the firm’s specific business model are returned for revision.
What supervisors specifically look for
National supervisor practice in 2025-2026 has consolidated around several specific tests:
The mapping test. Does the CoI register map cleanly to the firm’s organisational chart and service offering? Supervisors cross-check the CoI register against the firm’s other governance documents (org chart, business plan, three-lines-of-defence framework) and flag mismatches.
The mitigation specificity test. For each identified conflict, are the mitigations specific (named control, named owner, named escalation path) or generic (compliance reviews, periodic monitoring)? Specific mitigations pass; generic ones do not.
The personal-trading test. Does the firm have a documented personal account dealing policy, with monitoring arrangements that could detect violations? This is the section most often missing or underdeveloped in 2026 files.
The disclosure language test. Are CoI disclosures available in the languages the firm uses for marketing and client communication? A passporting CASP serving five member states needs five language versions if it markets in five languages.
The review cadence test. Is there a documented periodic review cycle — typically annual at minimum? A static register filed at authorisation and never updated is a supervisory finding waiting to happen.
Disclosure: when and how
Disclosure is the fallback control under the conflicts-of-interest rule. The RTS specifies that disclosure must happen before the service is provided, in a durable medium, with sufficient detail that a client can understand:
- The specific nature and sources of the conflict
- The parties involved and their relationships
- The mitigations applied
- The residual risk that remains after mitigation
Generic disclosures (“our employees may have personal interests in some of the assets we offer”) fail the specificity test. Effective disclosures name the conflict, the parties, and the residual risk in concrete terms.
Working with counsel on a CoI file
The diagnostic for counsel: ask how the firm’s specific business model maps to each of the conflict categories, and whether the mitigation framework is documented at named-control level. Counsel that gives a generic answer about “the conflicts-of-interest rule compliance” has not engaged with the substance.
The firms in our index with relevant CASP CoI experience are listed below.
Pitfalls and nuances
1 Submitting a generic CoI policy templated from MiFID II
MiFID II CoI rules are similar in principle but different in scope. CASPs that file a lifted-from-MiFID II policy without adapting to MiCA-specific conflicts (custody/proprietary-trading interaction, market-making conflicts on hosted trading venues, affiliated stablecoin issuance) miss the operational substance ESMA's RTS expects.
2 Failing to address employee personal trading
ESMA's RTS expects controls on employees' personal crypto-asset trading — particularly where employees can access non-public information about token launches, listings, or technical changes. Firms operating without a documented personal-trading policy attract supervisory questions.
3 Treating disclosure as the primary control
the conflicts-of-interest rule expects identification → prevention → management → disclosure in order. Filing a CoI framework that defaults to client-facing disclosure for material conflicts (e.g. proprietary trading against client orders) is read by supervisors as a control failure dressed as transparency. The supervisor wants to see structural prevention before fallback disclosure.
4 Forgetting the language scope of disclosures
The RTS requires CoI disclosures in the languages the CASP uses for marketing or client communication. A multi-jurisdiction CASP serving Polish, Spanish, and Italian clients via a single English website cannot rely on English-only CoI disclosures if any client communication or marketing happens in the local languages.
5 Static CoI register without periodic review
ESMA's RTS expects periodic review — typically annual at minimum, more frequent for firms with rapidly-evolving service mixes. A CoI register filed at authorisation and never updated is a supervisory finding-in-waiting; the first thematic review picks it up.
Frequently asked questions
What does the conflicts-of-interest rule actually require beyond a CoI policy document?
Identification methodology, prevention controls, management mitigations, an organisational structure with clear reporting lines, segregation of client from proprietary holdings, and disclosure of residual conflicts to clients before service is provided.
What is the role of the ESMA RTS on CoI?
The RTS specifies the operational requirements — what the policy must contain, the methodology and content of disclosures, the proportionality calibration based on the firm's scale, nature, and range of services.
When must a CoI be disclosed to clients?
When the conflict cannot be prevented or managed by organisational and administrative arrangements sufficient to ensure the client's interests are not damaged. Disclosure is the fallback, not the primary control.
Does the disclosure language requirement matter for cross-border CASPs?
Yes. CoI disclosures must be in the languages the CASP uses to market or communicate. A passporting CASP serving multiple member states must produce disclosures in each marketing language — not just the home state's.
Get matched
Working through a crypto-licensing decision?
Get an editorial shortlist of firms matched to your business — customer market, model, jurisdiction, and stage. Free, and not influenced by sponsorship.
Get a firm shortlist →Sources cited
- Regulation (EU) 2023/1114 (MiCA), Article 72 — regulation
- ESMA Final Report on RTS on Conflicts of Interest of CASPs under MiCA (May 2024) — official document
- ESMA Opinion on amendments to RTS on CoI (January 2025) — official document
- Chambers and Partners — Conflicts of Interest for CASPs under MiCA — industry publication