Spaudos centras
Spaudos centras
The Markets in Crypto-Assets Regulation (MiCA) is the European Union’s first comprehensive legal framework for crypto-assets, and service providers. Aimed at enhancing investor protection, financial stability and market integrity, MiCA introduces licensing, disclosure, and capital requirements for crypto-asset service providers (CASPs) across the EU.
Although the regulation came into force in mid-2023, crypto companies in Lithuania have been granted until 1 January 2026 to become fully compliant – an extension that reflects both the complexity of implementation and the volume of firms now seeking authorisation.
Baltic Amadeus team recently spoke with management and finance experts Ignas Anicas and Julius Leonavicius from NOEWE, a professional financial planning, business consulting, accounting and wealth management service provider. Together we discussed how MiCA is already reshaping the industry, what compliance looks like in practice, and why financial transparency is becoming a defining standard for all crypto service providers.
Under MiCA, CASPs are now required to submit audited financial statements at the time of their licence application. This marks a dramatic shift for many crypto start-ups, particularly smaller businesses that have never undergone a formal financial audit.
‘Regardless of their size, companies now need to have audited financial statements,’ explains Ignas Anicas, Associate Partner at NOEWE. ‘For many smaller players, this is their first encounter with audits, which can be quite challenging both for the companies and the auditors’.
The regulation not only mandates IT audits but also requires companies to demonstrate capital adequacy, provide interim financial reports, and submit financial models based on actual past data. These models must logically reflect their projected business operations.
The Bank of Lithuania, which oversees MiCA licensing in the country, expects full traceability and integrity in financial documentation. A particular area of scrutiny is the origin of shareholder funds. Applicants must provide transaction records and supporting evidence that prove their capital comes from legitimate sources.
Auditors also expect firms to clearly separate business and client funds – an area where crypto companies historically lacked consistency. ‘A common issue has been the use of shared crypto wallets, where company and client assets are “blended” together’, says Ignas Anicas. ‘Although this was not explicitly prohibited in the past, auditors increasingly view such arrangements negatively, especially when transactions cannot be clearly traced. Firms that fully document and distinguish all flows can sometimes still pass audits, but from 2025 onward, strict wallet segregation will be mandatory’.
Another recurring issue is the lack of separation between shareholder and company funds. ‘Sometimes founders allow the company to use their personal crypto wallet, which can later raise questions during the audit’, adds Julius Leonavicius, Senior Business Analyst at NOEWE. ‘For example, when a shareholder loan is being documented, but there are no actual transactions to prove it – just informal permission to use the wallet – it becomes hard to validate the origin and legitimacy of those funds. This is especially problematic during the licensing process, when financial transparency and clear documentation are critical’.
Despite the deadline extension, many companies still struggle to meet MiCA’s expectations. As of 2 June 2025, only one out of 28 applied crypto-asset management companies in Lithuania has been granted a licence.
Initial rejections are often linked to missing audits, incomplete capital documentation, unrealistic financial projections, or a lack of internal financial controls. For example, some start-ups plan overly ambitious marketing spend or user acquisition targets that don’t hold up under scrutiny. Others underestimate the capital they need to reserve during the licensing phase.
In addition, a number of crypto firms – particularly smaller ones – lack dedicated internal IT teams, which makes it difficult for them to fully understand and address the technical aspects of compliance. From security architecture to operational resilience requirements under DORA, the technical component is no longer optional. ‘We often see cases where the founders handle everything themselves, including tech infrastructure. Without an in-house IT team or the right partners, it's easy to overlook critical controls like secure wallet management or incident response protocols’, notes Ignas Anicas.
Companies with complex ownership structures or international investors also face additional documentation burdens, such as proving the legitimacy of foreign shareholder contributions. Poorly documented shareholder loans or vague capital flow records can further complicate the process and lead to delays or outright rejections.
MiCA compliance is no longer solely a legal matter – it requires close coordination between legal, financial, and IT functions. Legal teams are responsible for preparing documentation, financial advisors must develop sound financial models, and IT partners play a critical role in ensuring secure infrastructure, particularly under related frameworks such as the Digital Operational Resilience Act (DORA).
The role of IT in the licensing process is becoming increasingly central. Regulators now expect firms to demonstrate robust cyber security practices – not only through comprehensive internal policies, but also via independent assessments. In many cases, companies are required to undergo IT audits, security risk assessments and for higher-risk business models, even penetration testing to confirm the resilience of their systems.
‘Firms that coordinate between legal advisors, financial consultants, and IT providers – including those offering dedicated IT security teams – tend to experience far smoother licensing processes’, states Ignas Anicas.
This integrated approach enables quicker issue resolution, improves audit readiness, and demonstrates a level of maturity that regulators value – ultimately helping firms progress through the licensing pipeline more efficiently.
While Lithuania continues to attract crypto firms due to its regulatory clarity and efficient processing, companies are also eyeing other EU jurisdictions – France, Austria, and Denmark – for complementary licences and strategic expansion.
‘Some businesses are even seeking dual licensing in multiple countries to cover broader service offerings or hedge regulatory risks. Others may be exploring whether they will need additional licences – such as electronic money or broker-dealer licences – if their services include fiat custody or derivatives trading’, explains Ignas Anicas.
Despite the growing complexity, Lithuania remains a strong choice due to its transparency, regulatory professionalism, and relatively short turnaround times.
Author: Silvija Vaidogaite