MiCA and Insider Risk: What Crypto Firms Need to Know

Written by Russ Griggs | Jun 8, 2026 6:00:00 AM

MiCA — the EU’s Markets in Crypto-Assets Regulation — was introduced under Regulation (EU) 2023/1114 and applies from 30 December 2024. It establishes a dedicated market abuse regime for crypto assets. Title VI (Articles 86–92) prohibits insider dealing, unlawful disclosure of inside information, and market manipulation in relation to crypto assets admitted to trading on regulated platforms.

Key Highlights

MiCA establishes the EU’s first dedicated market abuse regime for crypto-assets, introducing new requirements to prevent insider dealing, unlawful disclosure of inside information, and market manipulation.
Crypto firms must treat insider risk as a formal compliance obligation, requiring policies, controls, and oversight comparable to those used in traditional financial markets.
Inside information extends beyond trading activity and may include token listings, partnerships, protocol upgrades, treasury decisions, fundraising events, and other material non-public information.
Employee surveillance and monitoring programs play a critical role in detecting potential insider trading, conflicts of interest, suspicious communications, and other market abuse risks.
Firms need auditable compliance controls and recordkeeping processes to demonstrate effective supervision and regulatory compliance under MiCA.
Technology-enabled compliance programs can help firms identify, investigate, and manage insider risk at scale, supporting more efficient monitoring and defensible decision-making.

For issuers and crypto-asset service providers (CASPs), insider risk is a compliance obligation across governance, access controls, and surveillance. It applies to non-public information likely to affect crypto asset prices and extends beyond employees to contractors, advisers, and vendors. Firms are required to track access to inside information, disclose it without delay, and implement systems to detect, prevent, and report market abuse.

What Counts as Inside Information Under MiCA

Article 87 defines inside information as non-public, precise information about a crypto asset or its issuer that would likely move prices if made public. The definition mirrors the EU's Market Abuse Regulation (MAR) but is adapted for crypto markets.

In practice, this includes token listings, protocol changes, major partnership announcements, treasury actions, and security incidents — information that is not public and likely to affect price.

Read About Insider List and Information Management Under MAR

Insider Dealing and Unlawful Disclosure Under MiCA

Article 89 prohibits using inside information to trade, cancel or amend orders, or recommend that others do so. It also captures persons who ought to have known that information was inside information, not only those with actual knowledge. Article 90 prohibits the disclosure of inside information to third parties outside the normal course of duties.

The risk extends beyond employees. Contractors, advisers, and vendors involved in token issuance, due diligence, or platform integrations may also have access to inside information.

Market Manipulation in Crypto Markets

Article 91 prohibits spoofing, wash trading, spreading false information, and other conduct designed to distort prices or volumes. In crypto markets, social media and community channels can amplify these risks, increasing the need for monitoring and oversight.

Managing Insider Information is the Key to Managing Trading Risk

Where MiCA Insider Risk Arises: Key Exposure Points

Insider risk can arise at multiple points in the lifecycle of a crypto asset or platform. Examples of these include:

Token launches and white paper preparation — teams involved before public disclosure have access to price-sensitive information.
Exchange listings and due diligence — listing teams know about upcoming listings before announcement.
Roadmap and partnership announcements — significant deals or protocol changes not yet public qualify as inside information.
Treasury management and incident response — staff handling these functions may hold information that could materially affect price.

Read a white paper on taking an integrated approach to managing trading compliance.

What MiCA Requires of Issuers and CASPs

Article 88 requires issuers to disclose inside information publicly and without delay — requiring firms to track who has access to that information at all times.

Article 92 requires CASPs to maintain systems and procedures to prevent and detect market abuse and to report suspicious transactions or orders (STORs). The technical requirements for those systems are set out in Commission Delegated Regulation (EU) 2025/885, and ESMA's Final Report on Guidelines for the Prevention and Detection of Market Abuse under MiCA (April 2025) sets out how national competent authorities are expected to supervise compliance.

Who Is in Scope for MiCA Insider Risk

Anyone with access to non-public, price-sensitive information — and the ability to trade — is within scope.

MiCA insider risk is not limited to front-office or capital markets teams. Staff working on crypto issuance, white papers, listings, platform integrations, or tokenisation deals are in scope, as are technology and security teams aware of vulnerabilities or outages that could affect token prices.

MiCA Insider Risk: What Compliance Teams Should Do Now

With MiCA in force and national competent authorities empowered to investigate and sanction under Articles 93–94, compliance teams should prioritise:

Mapping insider risk across all staff with access to crypto-asset information
Extending personal trading controls to digital assets, including pre-clearance and restriction lists
Maintaining insider lists and access controls to support Article 88 disclosure obligations
Deploying trade surveillance and STOR reporting workflows that meet the requirements of Commission Delegated Regulation (EU) 2025/885
Training staff on market abuse obligations and documenting attestation

Download the 2026 Surveillance Benchmarking Survey & Report to see how your firm stacks up against key industry stats

How MCO Helps Firms Manage Insider Risk Under MiCA

MCO provides a unified compliance platform that enables firms to manage oversight of employee trading, insider risk, and compliance obligations in a single system.

Personal Trading Compliance and Crypto Digital Asset Trading Compliance enable firms to capture and monitor employee trading activity across digital assets and traditional securities, pre-clear activity, identify conflicts of interest, and maintain a complete audit record.

Insider and MNPI enables firms to track access to sensitive data, create and maintain insider lists, and monitor the sharing of insider information in advance of trading and investment deals.

Trade Surveillance enables firms to monitor trading activity for market abuse and identify suspicious activity linked to insider trading or manipulation.

Together, these capabilities provide firms with a centralized and integrated approach to managing insider risk and meeting regulatory obligations under MiCA.

Ready to learn more about how MCO can help your firm keep pace with MiCA obligations?

View full post