> For the complete documentation index, see [llms.txt](https://www.mica.wtf/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.mica.wtf/eu-level/guidelines/final-report-on-the-guidelines-specifying-certain-requirements-of-mica-on-investor-protection-thir.md). # ESMA35-1872330276-1936 — Investor Protection Requirements | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Authority** | ESMA | | **Reference** | ESMA35-1872330276-1936 | | **Legal basis** | [Articles 81(15)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) and [82(2) MiCA](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-82.md) | | **Status** | Final report only; adopted guidelines published separately under [ESMA35-1872330276-2031](/eu-level/guidelines/guidelines-suitability-periodic-statement-article-81.md) and [ESMA35-1872330276-2032](/eu-level/guidelines/guidelines-casp-transfer-services-article-82.md) | | **Applies from** | 27 April 2025 for transfer services; 25 May 2025 for suitability and periodic statement | | **Compliance deadline** | Two months after publication in all EU official languages for each adopted guideline | | **Provenance** | Text as adopted in Final Report ESMA35-1872330276-1936, Annexes III and IV; standalone adopted publications are available under ESMA35-1872330276-2031 and ESMA35-1872330276-2032. | | **Source** | [ESMA](https://www.esma.europa.eu/document/final-report-guidelines-specifying-certain-requirements-markets-crypto-assets-regulation) | | **Documents** | [Suitability guidelines PDF](https://www.esma.europa.eu/sites/default/files/2025-03/ESMA35-1872330276-2031_Guidelines_on_suitability_and_periodic_statement_MiCA.pdf); [transfer services guidelines PDF](https://www.esma.europa.eu/sites/default/files/2025-02/ESMA35-1872330276-2032_Guidelines_on_transfer_services_for_crypto-assets_under_MiCA.pdf); [suitability compliance table PDF](https://www.esma.europa.eu/sites/default/files/2025-07/ESMA35-24871704-2595_Compliance_table_on_MiCA_suitability_and_portfolio_periodic_statement_Guidelines.pdf); [transfer compliance table PDF](https://www.esma.europa.eu/sites/default/files/2025-07/ESMA35-24871704-2591_Compliance_table_on_MiCA_crypto-asset_transfer_Guidelines.pdf) | ### Guidelines on certain aspects of the suitability requirements and format of the periodic statement for portfolio management activities under MiCA #### 1 Scope **Who?** 1. These guidelines apply to competent authorities and [crypto-asset service](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/crypto-asset-service.md) providers, as defined in [Article 3(1)](/mica/title-i-subject-matter-scope-and-definitions-art.-1-3/article-3.md)(15) of MiCA, where they provide, as relevant, advice on crypto-assets or portfolio management of crypto-assets. **What?** 2. These guidelines apply in relation to:\ \&#xNAN;**(i)** the suitability requirements under [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), (7), (8), (10), (11) and (12) of MiCA; and\ \&#xNAN;**(ii)** the requirements applicable to the format of the periodic statement to be provided by CASPs [providing portfolio management of crypto-assets](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/providing-portfolio-management-of-crypto-assets.md), in accordance with [Article 81(14)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. **When?** 3. These guidelines apply 60 calendar days from the date of their publication on ESMA's website in all official EU languages. #### 2 Legislative references, abbreviations and definitions **2.1 Legislative references** **ESMA Regulation** Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC 23 . **MiCA** Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 24 . **2.2 Abbreviations** | | | | ---- | ----------------------------------------- | | ESFS | European System of Financial Supervision | | ESMA | European Securities and Markets Authority | | EU | European Union | **2.3 Definitions** **Suitability assessment** The whole process of collecting information about a [client](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/client.md) and the subsequent assessment by the [crypto-asset service provider](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/dora/crypto-asset-service-provider.md) that a given crypto-asset is suitable for him, based also on the crypto-asset service provider's solid understanding of the crypto-assets that it can recommend or invest into on behalf of the client. **Robo-advice** The provision of advice on crypto-assets or portfolio management of crypto-assets (in whole or in part) through an automated or semi-automated system used as a [client](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/client.md)-facing tool. #### 3 Purpose 4. These guidelines are based on [Article 81(15)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA and Article 16(1) of the ESMA Regulation. The objectives of these guidelines are to establish consistent, efficient and effective supervisory practices within the ESFS and to ensure the common, uniform and consistent application of the provisions in 81(1), (7), (8), (10), (11), (12) and (14) of MiCA, as relevant. 5. In particular, they aim to promote greater convergence in the application of, and supervisory approaches to, the MiCA suitability requirements and requirements applicable to the format of the periodic statement to be provided by [crypto-asset](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/crypto-asset.md) service providers [providing portfolio management of crypto-assets](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/providing-portfolio-management-of-crypto-assets.md). 6. By identifying a number of important issues as set out in the guidelines below and thereby helping to ensure that [crypto-asset service](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/crypto-asset-service.md) providers comply with regulatory standards, ESMA anticipates a corresponding strengthening of investor protection. #### 4 Compliance and reporting obligations **4.1 Status of the guidelines** 7. In accordance with Article 16(3) of the ESMA Regulation, competent authorities and financial market participants must make every effort to comply with these guidelines. 8. Competent authorities to which these guidelines apply should comply by incorporating them into their national legal and/or supervisory frameworks as appropriate, including where particular guidelines are directed primarily at financial market participants. In this case, competent authorities should ensure through their supervision that financial market participants comply with the guidelines. **4.2 Reporting requirements** 9. Within two months of the date of publication of the guidelines on ESMA's website in all EU official languages, competent authorities to which these guidelines apply must notify ESMA whether they (i) comply, (ii) do not comply, but intend to comply, or (iii) do not comply and do not intend to comply with the guidelines. 10. In case of non-compliance, competent authorities must also notify ESMA within two months of the date of publication of the guidelines on ESMA's website in all EU official languages of their reasons for not complying with the guidelines. 11. A template for notifications is available on ESMA's website. Once the template has been filled in, it shall be transmitted to ESMA. 12. Financial market participants are not required to report whether they comply with these guidelines. #### 5 Guidelines on certain aspects of the suitability requirements under MiCA **5.1 Information to clients about the purpose of the suitability assessment and its scope (Guideline 1)** Relevant legislation: [Articles 66(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-2/article-66.md) and (2) and 81(1), (8), (10) and (11) of MiCA. 13. [Crypto-asset](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/crypto-asset.md) service providers should inform their clients clearly and simply about the suitability assessment and its purpose which is to enable the [crypto-asset service provider](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/dora/crypto-asset-service-provider.md) to act in the client's best interest. This should include a clear explanation that it is the crypto-asset service provider's responsibility to conduct the assessment, so that clients understand (i) the reason why they are asked to provide certain information, (ii) the importance that such information is up-to-date, accurate and complete and (iii) that, without such information, the crypto-asset service provider will not recommend crypto-asset services or crypto-assets, nor begin the provision of portfolio management of crypto-assets. Such information may be provided in a standardised format. 14. Information about the suitability assessment should help clients understand the purpose of the requirements. It should encourage them to provide up-to-date, accurate and sufficient information about their knowledge, experience, investment objectives (including their risk tolerance) and financial situation (including their ability to bear losses). Crypto-asset service providers should highlight to their clients that it is important to gather complete and accurate information so that the crypto-asset service provider can recommend suitable crypto-assets or crypto-asset services to the client. Without this information, crypto-asset service providers cannot provide advice on crypto-assets or portfolio management of crypto-assets. 15. It is up to the crypto-asset service provider to decide how they will inform their clients about the suitability assessment. The format used should however enable controls to check if the information was provided. 16. Crypto-asset service providers should not create any ambiguity or confusion about their responsibilities in the process when assessing the suitability of crypto-asset services or crypto-assets. Notably, crypto-asset service provider should avoid stating, or giving the impression, that it is the client who decides on the suitability of the investment or the service, or that it is the client who establishes which crypto-assets or crypto-asset services fit his own risk profile. For example, crypto-asset service providers should avoid indicating to the client that a certain crypto-asset is the one that the client chose as being suitable, or requiring the client to confirm that a crypto-asset or crypto-asset service is suitable. 17. Any disclaimers (or other similar types of statements) aimed at limiting the crypto-asset service provider's responsibility for the suitability assessment would not in any way impact the characterisation of the crypto-asset service provided in practice to clients nor the assessment of the crypto-asset service provider's compliance to the corresponding requirements. For example, when collecting clients' information required to conduct a suitability assessment (such as their investment horizon/holding period or information related to risk tolerance), crypto-asset service providers should not claim that they do not assess the suitability. 18. In order to address potential gaps in clients' understanding of the crypto-asset services provided through robo-advice, crypto-asset service providers should inform clients, in addition to other required information, on the following: * a very clear explanation of the exact degree and extent of human involvement and if and how the client can ask for human interaction; * an explanation that the answers clients provide will have a direct impact in determining the suitability of the investment decisions recommended or undertaken on their behalf; * a description of the sources of information used to generate an investment advice or to provide the portfolio management service (e.g., if an online questionnaire is used, crypto-asset service providers should explain that the responses to the questionnaire may be the sole basis for the robo-advice or whether the crypto-asset service provider has access to other client information or accounts); * an explanation of how and when the client's information will be updated with regard to his/her situation, personal circumstances, etc. 19. Crypto-asset service providers should also carefully consider whether their disclosures are designed to be effective (e.g., the disclosures are made available directly to clients and are not hidden or incomprehensible). For crypto-asset service providers providing robo-advice this may in particular include: * emphasising the relevant information (e.g., through the use of design features such as pop-up boxes); * considering whether some information should be accompanied by interactive text (e.g., through the use of design features such as tooltips) or other means to provide additional details to clients who are seeking further information (e.g., through F.A.Q. section). **5.2 Arrangements necessary to understand clients (Guideline 2)** Relevant legislation: [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), (8) and (10) of MiCA. 20. Where collecting the information necessary to conduct a suitability assessment for each client, crypto-asset service providers should ensure that the questions they ask their clients are specific enough, are likely to be understood correctly, take into account the elements developed in guideline 3 and that any method used to collect information is designed to get the information required for a suitability assessment. 21. Crypto-asset service providers should ensure that the assessment of information collected about their clients is done in a consistent way irrespective of the means used to collect such information. 22. For example, crypto-asset service providers could use questionnaires (notably in a digital format) completed by their clients, information collected during discussions with them or other information already gathered through the crypto-asset service provider's existing relationship with the client. For instance, a payment default on other obligations may indicate a difficult financial situation. 23. When designing the questionnaires aiming at collecting information about their clients for the purpose of a suitability assessment, crypto-asset service providers should be aware and consider the most common reasons why clients could fail to answer questionnaires correctly. In particular: * attention should be given to the clarity, exhaustiveness and comprehensibility of the questionnaire, avoiding misleading, confusing, imprecise and excessively technical language; * the layout should be carefully elaborated and should avoid orienting clients' choices (font, line spacing); * presenting questions in batteries (collecting information on a series of items through a single question, particularly when assessing knowledge and experience and the risk tolerance) should be avoided; * crypto-asset service providers should carefully consider the order in which they ask questions in order to collect information in an effective manner. * in order to be able to ensure necessary information is collected, the possibility not to reply should generally not be available in questionnaires (particularly when collecting information on the client's financial situation). 24. Crypto-asset service providers should also take reasonable steps to assess the client's understanding of investment risk as well as the relationship between risk and return on investments, as this is key to enable crypto-asset service providers to act in accordance with the client's best interest when conducting the suitability assessment. When presenting questions in this regard, crypto-asset service providers should explain clearly and simply that the purpose of answering them is to help assess clients' attitude to risk (risk profile), and therefore whether crypto-assets services or the crypto-assets are suitable for them (and, if suitable, which types and risks are attached to them). 25. Information necessary to conduct a suitability assessment includes different elements that may affect, for example, the analysis of the client's financial situation (including his ability to bear losses) or investment objectives (including his risk tolerance). Examples of such elements are the client's: * marital status (especially the client's legal capacity to commit assets that may belong also to his partner); * family situation (changes in the family situation of a client may impact his financial situation e.g. a new child or a child of an age to start university); * age (which is mostly important to ensure a correct assessment of the investment objectives, and in particular the level of financial risk that the client is willing to take, as well as the holding period/investment horizon, which indicates the willingness to hold an investment for a certain period of time); * employment situation (the degree of job security or the fact that the client is close to retirement may impact his financial situation or his investment objectives); * need for liquidity in certain relevant investments or need to fund a future financial commitment (e.g. property purchase, education fees). 26. When determining what information is necessary, crypto-asset service providers should keep in mind the impact that any significant change regarding that information could have concerning the suitability assessment. 27. ESMA considers it would be a good practice for crypto-asset service providers to consider non-financial elements when gathering information on the client's investment objectives, and - beyond the elements listed in paragraph 25 - collect information on the client's preferences on environmental, social and governance factors in order to take them into account into the suitability assessment. 28. Crypto-asset service providers should take all reasonable steps to sufficiently assess the understanding by their clients of the main characteristics and the risks related to the product types in the offer of the crypto-asset service provider. The adoption by crypto-asset service providers of mechanisms to avoid unduly relying on client's self-assessment and ensure the consistency of the answers provided by the client 25 is 25 See guideline 4. particularly important for the correct assessment of the client's knowledge and experience. Information collected by crypto-asset service providers about a client's knowledge and experience should be considered altogether for the overall appraisal of his understanding of the products and services and of the risks involved in the transactions recommended or in the management of his portfolio. 29. It is also important that crypto-asset service providers appraise the client's understanding of basic financial notions such as investment risk (including concentration risk) and risk-return trade off. To this end, crypto-asset service providers should consider using indicative, comprehensible examples of the levels of loss/return that may arise depending on the level of risk taken and should assess the client's response to such scenarios. 30. As part of the assessment of a client's knowledge and experience, crypto-asset service providers should ensure that the client understands crypto-assets specifically and, in particular, the risks inherent to the use of [distributed ledger technology](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/distributed-ledger-technology.md) (for instance, cybertheft, hacks, loss or destruction of private keys), on which crypto-assets are based. 31. Crypto-asset service providers should design their questionnaires so that they are able to gather the necessary information about their client. This is particularly relevant for crypto-asset service providers providing robo-advice services given the limited human interaction. In order to ensure their compliance with the requirements concerning that assessment, crypto-asset service providers should take into account factors such as: * whether the information collected through the online questionnaire allows the crypto-asset service provider to conclude that the advice provided is suitable for their clients on the basis of their knowledge and experience, their financial situation and their investment objectives and needs; * whether the questions in the questionnaire are sufficiently clear and/or whether the questionnaire is designed to provide additional clarification or examples to clients when necessary (e.g., through the use of design features, such as tool-tips or pop-up boxes); * whether some human interaction (including remote interaction via emails or mobile phones) is available to clients when responding to the online questionnaire; * whether steps have been taken to address inconsistent client responses (such as incorporating in the questionnaire design features to alert clients when their responses appear internally inconsistent and suggest them to reconsider such responses; or implementing systems to automatically flag apparently inconsistent information provided by a client for review or follow-up by the crypto-asset service provider). **5.3 Extent of information to be collected from clients (proportionality) (Guideline 3)** Relevant legislation: [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), (8) and (10) of MiCA 32. Before [providing advice on crypto-assets](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/providing-advice-on-crypto-assets.md) or portfolio management of crypto-assets, crypto-asset service providers need to collect all 'necessary information' 26 about the client's knowledge and experience, financial situation, investment objectives and their basic understanding of the risks involved in purchasing crypto-assets, giving due consideration to the nature and extent of the service provided. The extent of 'necessary' information may vary and crypto-asset service providers should determine the extent of the information to be collected from clients in light of all the features of the advice on crypto-assets or portfolio management of crypto-assets to be provided to those clients. Notably, crypto-asset service providers should take into account the features of the advice on crypto-assets or portfolio management of crypto-assets to be provided, the type and characteristics of the crypto-assets to be considered and the characteristics of the clients. 33. In determining what information is 'necessary', crypto-asset service providers should consider, in relation to a client's knowledge and experience, financial situation, investment objectives and their basic understanding of the risks involved in purchasing crypto-assets: * the type of crypto-assets or transactions or services that the crypto-asset service provider may recommend or enter into (including the complexity and level of risk); * the nature and extent of the service that the crypto-asset service provider may provide; * the needs and circumstances of the client; * the features of the client (e.g., their level of sophistication, knowledge of investing (including in relation to crypto-assets), financial situation). 34. Crypto-asset service providers should ensure that the information regarding a client's or potential client's knowledge and experience in investing, including in the crypto -asset field, includes the following, to the extent appropriate to the nature of the client, the nature and extent of the service to be provided and the type of crypto-asset or transaction envisaged, including their complexity and the risks involved: 26 'Necessary information' should be understood as meaning the information that crypto-asset service providers must collect to comply with the suitability requirements under MiCA. * the types of service, transaction and financial products with which the client is familiar; * whether the client understands [distributed ledger](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/distributed-ledger.md) technology, on which crypto-assets are based, and the risks inherent to it such as the risk to transfer crypto-assets to the wrong wallet or address or the risks of hacking; * the nature, volume, and frequency of the client's transactions, including in crypto-assets, and the period over which they have been carried out; * the level of education, and profession or relevant former profession of the client or potential client. 35. When assessing a client's knowledge of crypto-assets or a particular type of crypto-assets, crypto-asset service providers should not solely rely on such client's transaction history but should ensure the client's understanding of the product. 36. While the extent of the information to be collected may vary, the standard for ensuring that a recommendation or an investment made on the client's behalf is suitable for the client will always remain the same. MiCA allows crypto-asset service providers to collect the level of information that is adequate for and proportionate to the products and services they offer, or on which the client requests specific advice on crypto-assets or portfolio management of crypto-assets. It does not allow crypto-asset service providers to lower the level of protection due to clients. 37. The information regarding the investment objectives of the client or potential client should include, where relevant, information on the length of time for which the client wishes to hold the investment, his or her preferences regarding risk taking, his or her risk profile, and the purposes of the investment. 38. When providing access to more complex or risky crypto-assets, crypto-asset service providers should collect more in-depth information about the client than they would collect when less complex or risky products are at stake. This is so that crypto-asset service providers can assess the client's capacity to understand, and financially bear, the risks associated with crypto-assets. 27 ESMA expects crypto-asset service providers to carry out a robust assessment amongst others of the client's knowledge and experience, including, for example, the ability to understand the mechanisms which make the crypto-asset recommended or traded 'risky' and, possibly, 'complex', whether the client has already traded in crypto-assets and the specific type of crypto-assets (for 27 To ensure clients understand the investment risk and potential losses they may bear, the crypto-asset service provider should, as far as possible, present these risks in a clear and understandable way, potentially using illustrative examples of the extent of losses in the event of a crypto-asset performing poorly, and with due consideration of [Article 81(9)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. example, a stablecoin or a [utility token](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/utility-token.md)), the length of time he has been trading them for, etc. 39. For illiquid crypto-assets 28 , the 'necessary information' to be gathered should include information on the length of time for which the client is prepared to hold the investment. 40. As information about a client's financial situation will always need to be collected, the extent of information to be collected may depend on the type of crypto-assets and services to be recommended or entered into. For example, as many crypto-assets are highly speculative investments, 'necessary information' to be collected may include all of the following elements as necessary to ensure whether the client's financial situation allows him to invest or be invested in such crypto-assets: * the extent of the client's regular income and total income, whether the income is earned on a permanent or temporary basis, and the source of this income (for example, from employment, retirement income, investment income, rental yields, etc.); * the client's assets, including liquid assets, investments and real property, which would include what financial investments, personal and investment property, pension [funds](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/funds.md) and any cash deposits, etc. the client may have. The crypto-asset service provider should, where relevant, also gather information about conditions, terms, access, loans, guarantees and other restrictions, if applicable, to the above assets that may exist. * the client's regular financial commitments, which would include what financial commitments the client has made or is planning to make (client's debits, total amount of indebtedness and other periodic commitments, etc.). 41. In determining the information to be collected, crypto-asset service providers should also take into account the nature of the service to be provided. Practically, this means that: * when advice on crypto-assets is to be provided, crypto-asset service providers should collect sufficient information in order to be able to assess the ability of the client to understand the risks and nature of each of the crypto-assets and services that the crypto-asset service provider envisages recommending to that client; * when portfolio management of crypto-assets is to be provided, as investment decisions are to be made by the crypto-asset service provider on behalf of the client, the level of knowledge and experience needed by the client with regard to 28 It is up to each crypto-asset service provider to define a priori which of the crypto-assets included in its offer to investors it considers as being illiquid. all the crypto-assets that can potentially make up the portfolio may be less detailed than the level that the client should have when an advice on crypto-assets service is to be provided. Nevertheless, even in such situations, the client should at least understand the overall risks of the portfolio (including the risks inherent to [distributed ledger technology](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/distributed-ledger-technology.md)) and possess a general understanding of the risks linked to each type of crypto-assets that can be included in the portfolio. Crypto-asset service providers should gain a very clear understanding and knowledge of the degree of understanding of crypto-assets and of the investment profile of the client. 42. Similarly, the extent of the service requested by the client may also impact the level of detail of information collected about the client. For example, crypto-asset service providers should collect more information about clients asking for advice covering their entire financial portfolio than about clients asking for specific advice on how to invest a given amount of money that represents a relatively small part of their overall portfolio. 43. Crypto-asset service providers should also take into account the nature of the client when determining the information to be collected. For example, more in-depth information would usually need to be collected for potentially vulnerable clients (such as older clients could be) or inexperienced ones asking for advice on crypto-assets or portfolio management of crypto-asset services for the first time. 44. Information to be collected will also depend on the needs and circumstances of the client. For example, a crypto-asset service provider is likely to need more detailed information about the client's financial situation where the client's investment objectives are multiple and/or long-term, than when the client seeks a short-term investment. 45. Information about a client's financial situation includes information regarding his or her investments (in crypto-assets and other products). This implies that crypto-asset service providers are expected to possess information about the client's financial investments he holds with the crypto-asset service provider on a crypto-asset by crypto-asset basis. Depending on the scope of advice provided, crypto-asset service providers should also encourage clients to disclose details on investments they hold with other crypto-asset service providers or financial investments they hold with financial institutions, if possible also on a product-by-product basis. **5.4 Reliability of client information (Guideline 4)** Relevant legislation: [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) and (10) of MiCA. 46. Clients are expected to provide correct, up-to-date and complete information necessary for the suitability assessment. However, crypto-asset service providers should take all reasonable steps and have appropriate tools to ensure that the information collected about their clients is reliable, accurate and consistent, without unduly relying on clients' self-assessment. This should include, without limitation: * ensuring clients are aware of the importance of providing accurate and up-to-date information; * ensuring all tools, such as risk assessment profiling tools or tools to assess a client's knowledge and experience, employed in the suitability assessment process are fit-for-purpose and are appropriately designed for use with their clients, with any limitations identified and actively mitigated through the suitability assessment process; * ensuring questions used in the process are likely to be understood by clients, capture an accurate reflection of the client's objectives and needs, and the information necessary to understand the suitability assessment; and * taking steps, as appropriate, to ensure the consistency of client information, such as by considering whether there are obvious inaccuracies in the information provided by clients. 47. Crypto-asset service providers remain responsible for ensuring they have the necessary information to conduct a suitability assessment. In this respect, any agreement signed by the client, or disclosure made by the crypto-asset service provider, that would aim at limiting the responsibility of the crypto-asset service provider with regard to the suitability assessment, would not be considered compliant with the relevant requirements in MiCA. 48. To avoid unduly relying on client's self-assessment, any auto-evaluation should be counterbalanced by factual information gathered on the basis of objective criteria. For example: * instead of asking whether a client understands the notions of risk-return trade-off and risk diversification, the crypto-asset service provider should present some practical examples of situations that may occur in practice, for example by means of graphs or through positive and negative scenarios which are based on reasonable assumptions; * instead of asking whether a client has sufficient knowledge about the main characteristics and risks of specific types of crypto-assets, the crypto-asset service provider should for instance ask questions aimed at assessing the client's real knowledge about the specific types of crypto-assets, for example by asking the client multiple choice questions to which the client should provide the right answer; * instead of asking a client whether he feels sufficiently experienced to invest in certain crypto-assets, the crypto-asset service provider should ask the client what types of crypto-assets the client is familiar with and how recent and frequent his trading experience with them is; * instead of asking whether clients believe they have sufficient funds to invest, the crypto-asset service provider should ask clients to provide factual information about their financial situation, e.g. the regular source of income and whether outstanding liabilities exist (such as bank loans or other debts, which may significantly impact the assessment of the client's ability to financially bear any risks and losses related to the investment); * instead of asking whether a client feels comfortable with taking risk, the crypto-asset service provider should ask what level of loss over a given time period the client would be willing to accept, either on the individual investment or on the overall portfolio. 49. In assessing a client's knowledge and experience, a crypto-asset service provider should also avoid using overly broad questions with a yes/no type of answer and or a very broad tick-the-box self-assessment approach (for example, crypto-asset service providers should avoid submitting a list of crypto-assets to the client and asking him/her to indicate which s/he understands). Where crypto-asset service providers pre-fill answers based on the client's transactions history with that crypto-asset service provider (e.g., through another crypto-asset service provided), they should ensure that only fully objective, pertinent, and reliable information is used and that the client is given the opportunity to review and, if necessary, correct and/or complete each of the pre-filled answers to ensure the accuracy of any pre-populated information. Crypto-asset service providers should also refrain from predicting clients' experience based on assumptions. 50. A client's prior investments in crypto-assets should not be sufficient in itself for the crypto-asset service provider to conclude that such client understands crypto-assets and crypto-asset services (especially the risks associated with crypto-assets). 51. When assessing the risk tolerance of their clients through a questionnaire, crypto-asset service providers should not only investigate the desirable risk-return characteristics of future investments but they should also take into account the client's risk perception. To this end, whilst self-assessment for the risk tolerance should be avoided, explicit questions on the clients' personal choices in case of risk uncertainty could be presented. Furthermore, crypto-asset service providers could for example make use of graphs, specific percentages or concrete figures when asking the client how he would react when the value of his portfolio decreases. 52. Where crypto-asset service providers rely on tools to be used by clients as part of the suitability process (such as questionnaires or risk-profiling software), they should ensure that they have appropriate systems and controls to ensure that the tools are fit for purpose and produce satisfactory results. For example, risk-profiling software could include some controls of coherence of the replies provided by clients in order to highlight contradictions between different pieces of information collected. 53. Crypto-asset service providers should also take reasonable steps to mitigate potential risks associated with the use of such tools. For example, potential risks may arise if clients were encouraged to provide certain answers in order to get access to crypto-assets or crypto-asset services that may not be suitable for them (without correctly reflecting the clients' real circumstances and needs). 29 54. In order to ensure the consistency of client information, crypto-asset service providers should view the information collected as a whole. Crypto-asset service providers should be alert to any relevant contradictions between different pieces of information collected, and contact the client in order to resolve any material potential inconsistencies or inaccuracies. Examples of such contradictions are clients who have little knowledge or experience and an aggressive attitude to risk, or who have a prudent risk profile and ambitious investment objectives. 55. Crypto-asset service providers should adopt mechanisms to address the risk that clients may tend to overestimate their knowledge and experience, for example by including questions that would help crypto-asset service providers assess the overall clients' understanding about the characteristics and the risks of crypto-assets in general and the different types of crypto-assets. Such measures may be particularly important in the case of robo-advice, since the risk of overestimation by clients may result higher when they provide information through an automated (or semi-automated) system, especially in situations where very limited or no human interaction at all between clients and the crypto-asset service provider's employees is foreseen. **5.5 Updating client information (Guideline 5)** Relevant legislation: [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), (8), (10) and (12) of MiCA. 56. Where a crypto-asset service provider has an ongoing relationship with the client (such as by providing ongoing advice on crypto-assets or portfolio management of crypto-assets), in order to be able to perform the suitability assessment, crypto-asset service providers should adopt procedures defining: (a) what part of the client information collected should be subject to updating and at which frequency; (b) how the updating should be done and what action should be undertaken by the crypto-asset service provider when additional or updated information is received or when the client fails to provide the information requested. 57. Crypto-asset service providers should regularly review client information to ensure that it does not become manifestly out of date, inaccurate or incomplete. To this end, crypto-asset service providers should implement procedures to encourage clients to update the information originally provided where significant changes occur. 58. Frequency of update might vary depending on, for example, clients' risk profiles and taking into account the type of crypto-asset recommended. Based on the information collected about a client under the suitability requirements, a crypto-asset service provider will determine the client's risk profile, i.e. what type of crypto-asset services or crypto-assets can in general be suitable for him taking into account his knowledge and experience, his financial situation (including his ability to bear losses) and his investment objectives (including his risk tolerance). For example, a risk profile giving to the client access to a wider range of riskier products is an element that is likely to require more frequent updating. Certain events might also trigger an updating process; this could be so, for example, for clients reaching the age of retirement or facing unemployment. 59. Due to the requirement to review the suitability assessment at least every two years (in accordance with [Article 81(12)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA), updates should occur at least every two years to ensure that the updated suitability assessment is not based on outdated client's information. This also implies that the update should be done prior to any new suitability assessment occurring on the two-year deadline. 60. Updating could, for example, be carried out by sending an updating questionnaire to clients. Relevant actions might include changing the client's profile based on the updated information collected. 61. It is also important that crypto-asset service providers adopt measures to mitigate the risk of inducing the client to update his own profile so as to make appear as suitable a certain investment product or service that would otherwise be unsuitable for him, without there being a real modification in the client's situation. 30 As an example of a good practice to address this type of risk, crypto-asset service providers could adopt procedures to verify, before or after transactions are made, whether a client's profile has been updated too frequently or only after a short period from last modification (especially if this change has occurred in the immediate days preceding a recommended investment). Such situations would therefore be escalated or reported to the relevant control function. These policies and procedures are particularly important in situations where there is a heightened risk that the interest of the crypto-asset service provider may come into conflict with the best interests of its clients, e.g. in situations in which the crypto-asset service provider is placing crypto-assets with its own clients. Another relevant factor to 30 Also relevant in this context are measures adopted to ensure the reliability of clients' information as detailed under guideline 4, paragraph 46. consider in this context is also the type of interaction that occurs with the client (e.g. telephone conversation vs through an automated system). 62. Crypto-asset service providers should inform the client when the additional information provided results in a change of his profile, whether it becomes more risky (and therefore, potentially, a wider range of riskier and more complex crypto-assets may as a result be suitable for him, with the potential to incur in higher losses) or vice-versa more conservative (and therefore, potentially, a more restricted range of crypto-assets may as a result be suitable for him). **5.6 Client information for legal entities or groups (Guideline 6)** Relevant legislation: [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), (8) and (10) of MiCA. 63. Where a client is a legal person or a group of two or more natural persons or where one or more natural persons are represented by another natural person, the crypto -asset service provider should establish and implement a policy, on an ex-ante basis, on the procedure and criteria that should be followed in order to comply with the MiCA suitability requirements in such situations. This includes (i) who should be subject to the suitability assessment, (ii) how the suitability assessment should be done in practice, including from whom information about knowledge and experience, financial situation and investment objectives should be collected and (iii) the possible impact this could have for the relevant clients, in accordance with the existing policy. 64. Where a client is a legal person or a natural person represented by another natural person, the financial situation and investment objectives should be assessed in light of those of the underlying client (the legal person or the natural person that is being represented) rather than of the representative. The knowledge and experience to be assessed should be that of the representative. This would imply amongst others that they verify that the representative is indeed - according to relevant national law - authorised to carry out transactions on behalf of the client. 65. Crypto-asset service providers should consider whether the applicable national legal framework provides specific indications that should be taken into account for the purpose of conducting the suitability assessment (this could be the case, for instance, where the appointment of a legal representative is required by law: e.g. for underage or incapacitated persons or for a legal person). 66. The policy should make a clear distinction between situations where a representative is foreseen under applicable national law, as it can be the case for example for legal persons, and situations where no representative is foreseen, and it should focus on these latter situations. Where the policy foresees agreements between clients, they should be made aware clearly and in written form about the effects that such agreements may have regarding the protection of their respective interests. Steps taken by the crypto-asset service provider in accordance with its policy should be appropriately documented to enable ex-post controls. 67. Where the client is a group of two or more natural persons and no representative is foreseen under applicable national law, the crypto-asset service provider's policy should identify from whom necessary information will be collected and how the suitability assessment will be done. Clients should be properly informed about the crypto-asset service provider's approach (as decided in its policy) and the impact of this approach on the way the suitability assessment is done in practice. 68. Approaches such as the following could possibly be considered by crypto-asset service providers: (a) they could choose to invite the group of two or more natural persons to designate a representative; or, (b) they could consider collecting information about each individual client and assessing the suitability for each individual client. **Inviting the group of two or more natural persons to designate a representative** 69. If the group of two or more natural persons agrees to designate a representative, the same approach as the one described in paragraph 64 above could be followed: the knowledge and experience shall be that of the representative, while the financial situation and the investment objectives would be those of the underlying client(s). Such designation should be made in written form as well as according to and in compliance with the applicable national law, and recorded by the relevant crypto-asset service provider. The clients - part of the group - should be clearly informed, in written form, about the impact that an agreement amongst clients could have on the protection of their respective interests. 70. The crypto-asset service provider's policy could however require the underlying client(s) to agree on their investment objectives. 71. If the parties involved have difficulties in deciding the person/s from whom the information on knowledge and experience should be collected, the basis on which the financial situation should be determined for the purpose of the suitability assessment or on defining their investment objectives, the crypto-asset service provider should adopt the most prudent approach by taking into account, accordingly, the information on the person with the least knowledge and experience, the weakest financial situation or the most conservative investment objectives. Alternatively, the crypto-asset service provider's policy may also specify that it will not be able to provide advice on crypto-assets or portfolio management of crypto-assets in such a situation. Crypto-asset service providers should at least be prudent whenever there is a significant difference in the level of knowledge and experience or in the financial situation of the different clients part of the group. **Collecting information about each individual client and assessing the suitability for each individual client** 72. When a crypto-asset service provider decides to collect information and assess suitability for each individual client part of the group, if there are significant differences between the characteristics of those individual clients (for example, if the crypto-asset service provider would classify them under different investment profiles), the question arises about how to ensure the consistency of the advice on crypto-assets or portfolio management of crypto-assets provided with regard to the crypto-assets or portfolio of that group of clients. In such a situation, a crypto-asset may be suitable for one client part of the group but not for another one. The crypto-asset service provider's policy should clearly specify how it will deal with such situations. Here again, the crypto-asset service provider should adopt the most prudent approach by taking into account the information on the client part of the group with the least knowledge and experience, the weakest financial situation or the most conservative investment objectives. Alternatively, the crypto-asset service provider's policy may also specify that it will not be able to provide advice on crypto-assets or portfolio management of crypto-assets in such a situation. In this context, it should be noted that collecting information on all the clients part of the group and considering, for the purposes of the assessment, an average profile of the level of knowledge and competence of all of them, would unlikely be compliant with the MiCA overarching principle of acting in the clients' best interests. **5.7 Arrangements necessary to understand crypto-assets (Guideline 7)** Relevant legislation: [Article 81(10)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. 73. Crypto-asset service providers should have adequate policies and procedures in place to ensure that they understand the characteristics, nature, features, including costs and risks of crypto-asset services and crypto-assets selected for their clients and that they assess, while taking into account cost and complexity, whether equivalent crypto-asset services or crypto-assets can meet their client's profile. 74. Crypto-asset service providers should adopt robust and objective procedures, methodologies and tools that allow them to appropriately consider the different characteristics and relevant risk factors (such as credit risk, market risk, liquidity risk 31 , operational risk including hacking risk, etc.) of each crypto-asset they may recommend or invest in on behalf of clients. Considering the level of 'complexity' of products is 31 It is particularly important that the liquidity risk identified is not balanced out with other risk indicators (such as, for example, those adopted for the assessment of credit/counterparty risk and market risk). This is because the liquidity features of crypto-assets should be compared with information on the client's willingness to hold the crypto-assets for a certain length of time, i.e. the so called 'holding period'. particularly important, and this should be matched with a client's information (in particular regarding their knowledge and experience). 75. Crypto-asset service providers should adopt procedures to ensure that the information used to understand and correctly classify crypto-assets included in their product offer is reliable, accurate, consistent and up-to-date. When adopting such procedures, crypto-asset service providers should take into account the different characteristics and nature of the crypto-assets considered. 76. In addition, crypto-asset service providers should review the information used so as to be able to reflect any relevant changes that may impact the product's classification. This is particularly important, taking into account the continuing evolution and growing speed of crypto-asset markets. **5.8 Arrangements necessary to ensure the suitability of crypto-assets or crypto-asset services (Guideline 8)** Relevant legislation: [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), (10), (11) and (12) of MiCA. 77. In order to match clients with suitable investments and services, crypto-asset service providers should establish policies and procedures to ensure that they consistently take into account: * all available information about the client necessary to assess whether a crypto-asset or service is suitable, including the client's current portfolio of investments (and asset allocation within that portfolio which should not be limited to crypto assets allocation); * all material characteristics of the crypto-assets and services considered in the suitability assessment, including all relevant risks and any direct or indirect costs to the client. 78. Crypto-asset service providers are reminded that the suitability assessment is not limited to recommendations to buy a crypto-asset. Every recommendation must be suitable, whether it is, for example, a recommendation to buy, hold or sell a crypto-asset, or not to do so. 79. Crypto-asset service providers that rely on tools in the suitability assessment process (such as model portfolios, asset allocation software or a risk-profiling tool for potential investments), should have appropriate systems and controls to ensure that the tools are fit for purpose and produce satisfactory results. 80. In this regard, the tools should be designed so that they take account of all the relevant specificities of each client or crypto-asset. For example, tools that classify clients or crypto-assets broadly would not be fit for purpose. 81. A crypto-asset service provider should establish policies and procedures which enable it to ensure inter alia that: * the advice on crypto-assets and portfolio management of crypto-assets services provided to the client take account of an appropriate degree of risk diversification, including regarding the type of instruments held in the portfolio (crypto assets, financial instruments, etc.); * the client has an adequate understanding of the relationship between risk and return, i.e. of the necessarily low remuneration of risk free assets, of the incidence of time horizon on this relationship and of the impact of costs on his investments; * the financial situation of the client can finance the crypto-assets and the client can bear any possible losses resulting from the investments; * any personal recommendation or transaction entered into in the course of providing advice on crypto-assets or portfolio management of crypto-assets, where an illiquid product is involved, takes into account the length of time for which the client is prepared to hold the investment; and * any conflicts of interest are prevented from adversely affecting the quality of the suitability assessment. 82. When making a decision on the methodology to be adopted to conduct the suitability assessment, the crypto-asset service provider should also take into account the type and characteristics of the crypto-asset services provided and, more in general, its business model. 83. When conducting a suitability assessment, a crypto-asset service provider providing the service of portfolio management of crypto-assets should, on the one hand, assess - in accordance with the second bullet point of paragraph 41 of these guidelines - the knowledge and experience of the client regarding each type of crypto-asset that could be included in his portfolio, and the types of risks involved in the management of his portfolio. Depending on the level of complexity of the crypto-assets involved, the crypto-asset service provider should assess the client's knowledge and experience more specifically than solely on the basis of the type to which the crypto-asset belongs (e.g., an asset-referenced token linked to a basket of emerging markets currencies versus an asset-referenced token solely linked to EUR and USD). On the other hand, with regard to the client's financial situation and investment objectives, the suitability assessment about the impact of the crypto-asset(s) and transaction(s) can be done at the level of the client's portfolio as a whole. In practice, if the portfolio management agreement defines in sufficient details the investment strategy that is suitable for the client with regard to the suitability criteria defined by MiCA and that will be followed by the crypto-asset service provider, the assessment of the suitability of the investment decisions could be done against the investment strategy as defined in the portfolio management agreement and the portfolio of the client as a whole should reflect this agreed investment strategy. When a crypto-asset service provider conducts a suitability assessment based on the consideration of the client's portfolio as a whole within the service of advice on crypto assets, this means that, on the one hand, the level of knowledge and experience of the client should be assessed regarding each crypto-asset and risks involved in the related transaction. On the other hand, with regard to the client's financial situation and investment objectives, the suitability assessment about the impact of the product and transaction can be done at the level of the client's portfolio. 84. When a crypto-asset service provider conducts a suitability assessment based on the consideration of the client's portfolio as a whole, it should ensure an appropriate degree of diversification within the client's portfolio, taking into account the client's portfolio exposure to the different financial risks (geographical exposure, currency exposure, etc.). Crypto-asset service providers should be especially prudent regarding credit risk: exposure of the client's portfolio to one single issuer or to issuers part of the same group should be particularly considered. This is because, if a client's portfolio is concentrated in products issued by one single entity (or entities of the same group), in case of default of that entity, the client may lose up to his entire investment. 85. In order to ensure the consistency of the suitability assessment conducted through automated tools (even if the interaction with clients does not occur through automated systems), crypto-asset service providers should regularly monitor and test the algorithms that underpin the suitability of the transactions recommended or undertaken on behalf of clients. When defining such algorithms, crypto-asset service providers should take into account the nature and characteristics of the crypto-assets and services included in their offer to clients. In particular, crypto-asset service providers should at least: * establish an appropriate system-design documentation that clearly sets out the purpose, scope and design of the algorithms. Decision trees or decision rules should form part of this documentation, where relevant; * have a documented test strategy that explains the scope of testing of algorithms. This should include test plans, test cases, test results, defect resolution (if relevant), and final test results; * have in place appropriate policies and procedures for managing any changes to an algorithm, including monitoring and keeping records of any such changes. This includes having security arrangements in place to monitor and prevent unauthorised access to the algorithm; * review and update algorithms to ensure that they reflect any relevant changes (e.g. market changes and changes in the applicable law) that may affect their effectiveness; * have in place policies and procedures enabling to detect any error within the algorithm and deal with it appropriately, including, for example, suspending the provision of advice if that error is likely to result in an unsuitable advice and/or a breach of relevant law/regulation; * have in place adequate resources, including human and technological resources, to monitor and supervise the performance of algorithms through an adequate and timely review of the advice provided; and * have in place an appropriate internal sign-off process to ensure that the steps above have been followed. 86. Where advice on crypto-assets or portfolio management of crypto-assets are provided in whole or in part through an automated or semi-automated system, the responsibility to undertake the suitability assessment should remain with the crypto-asset service provider providing the service and shall not be reduced by the use of an electronic system in making the personal recommendation or decision to trade. **5.9 Costs and complexity of equivalent products (Guideline 9)** Relevant legislation: [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), (10) and (12) of MiCA. 87. Suitability policies and procedures should ensure that, before a crypto-asset service provider makes a decision on the crypto-asset(s) that will be recommended, or invested in the portfolio managed on behalf of the client, a thorough assessment of the po ssible crypto-assets and crypto-asset services alternatives is undertaken, taking into account products' cost and complexity. 88. A crypto-asset service provider should have a process in place, taking into account the nature of the service, its business model and the type of crypto-assets that are provided, to assess crypto-assets available that are 'equivalent' to each other in terms of ability to meet the client's needs and circumstances, such as crypto-assets with similar target clients and similar risk-return profile. 89. When considering the cost factor, crypto-asset service providers should take into account all costs and charges covered by the relevant provisions under [Article 81(4)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. As for the complexity, crypto-asset service providers should refer to the criteria identified in the above guideline 7. For crypto-asset service providers with a restricted range of crypto-assets, or those recommending one type of crypto-asset, where the assessment of 'equivalent' crypto-asset could be limited, it is important that clients are made fully aware of such circumstances. In this context, it is particularly important that clients are provided appropriate information on how restricted the range of crypto-assets offered is, pursuant to [Article 81(2)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md)(b) of MiCA. 32 90. Where a crypto-asset service provider uses common portfolio strategies or model investment propositions that apply to different clients with the same investment profile (as determined by the crypto-asset service provider), the assessment of cost and complexity for 'equivalent' crypto-assets could be done on a higher level, centrally, (for example within an investment committee or any other committee defining common portfolio strategies or model investment propositions) although a crypto-asset service provider will still need to ensure that the selected crypto-assets are suitable and meet their clients' profile on a client-by-client basis. 91. Crypto-asset service providers should be able to justify those situations where a more costly or complex crypto-asset is chosen or recommended over an equivalent crypto-asset, taking into account that for the selection process of products in the context of advice on crypto-assets or portfolio management further criteria can also be considered (for example: the portfolio's diversification, liquidity, or risk level). Crypto-asset service providers should document and keep records about these decisions, as these decisions should deserve specific attention from control functions within the crypto-asset service provider. The respective documentation should be subject to internal reviews. When providing advice on crypto-assets crypto-asset service providers could, for specific well-defined reasons, also decide to inform the client about the decision to choose the more costly and complex crypto-asset. **5.10 Costs and benefits of switching investments (Guideline 10)** Relevant legislation: [Article 81(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), (10) and (12) of MiCA. 92. As part of the policies and procedures on the suitability assessment, crypto-asset service providers should undertake an analysis of the costs and benefits of a switch such that crypto-asset service providers are reasonably able to demonstrate that the expected benefits of switching are greater than the costs. 93. For the purpose of this guideline, investment decisions such as rebalancing a portfolio under management, in the case of a 'passive strategy' to replicate an index (as agreed 32 In accordance with MiCA, crypto-asset service providers are therefore not expected to consider the whole universe of possible crypto-asset options existing in the market in order to follow guideline 7. with the client) would normally not be considered as a switch. For the avoidance of doubt, any transaction without maintaining these thresholds would be considered as a switch. 94. Crypto-asset service providers should take all necessary information into account, so as to be able to conduct a cost-benefit analysis of the switch, i.e. an assessment of the advantages and disadvantages of the new crypto-asset(s) considered. When considering the cost dimension, crypto-asset service providers should take into account all costs and charges covered by the relevant provisions under [Article 81(4)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. In this context, both monetary and non-monetary factors of costs and benefits could be relevant. These may include, for example: * the expected net return of the proposed alternative transaction (which also considers any possible up-front cost to be paid by the client(s)) vs the expected net return of the existing investment (that should also consider any exit cost which the client(s) might incur to divest from the crypto-asset already in his/their portfolio); * a change in the client's circumstances and needs, which may be the reason for considering the switch, e.g. the need for liquidity in the short term as a consequence of an unexpected and unplanned family event; * a change in the crypto-assets' features and/or market circumstances, which may be a reason for considering a switch in the client(s) portfolio(s), e.g. if a crypto-asset becomes illiquid due to market trends; * benefits to the client's portfolio stemming from the switch, such as (i) an increase in the portfolio diversification (by geographical area, type of crypto-asset, type of issuer, etc.); (ii) an increased alignment of the portfolio's risk profile with the client's risk objectives; (iii) an increase in the portfolio's liquidity; or (iv) a decrease of the overall credit risk of the portfolio. 95. When providing advice on crypto-assets, a clear explanation of whether or not the benefits of the recommended switch are greater than its costs should be included in the suitability report 33 the crypto-asset service provider has to provide to the client before the transaction is made. 33 The report on suitability referred to in [Article 81(13)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. 96. Crypto-asset service providers should also adopt systems and controls to monitor the risk of circumventing the obligation to assess costs and benefits of recommended switch, for example in situations where an advice to sell a crypto-asset is followed by an advice to buy another crypto-asset at a later stage (e.g. days later), but the two transactions were in fact strictly related from the beginning. 97. Where a crypto-asset service provider uses common portfolio strategies or model investment propositions that apply to different clients with the same investment profile (as determined by the crypto-asset service provider), the costs/benefits analysis of a switch could be done on a higher level than at the level of each individual client or each individual transaction. More especially, when a switch is decided centrally, for example within an investment committee or any other committee defining common portfolio strategies or model investment propositions, the costs/benefits analysis could be done at the level of that committee. If such a switch is decided centrally, the costs/benefits analysis done at that level would usually be applicable to all comparable client portfolios without making an assessment for each individual client. In such a situation also, the crypto-asset service provider could determine, at the level of the relevant committee, the reason why a switch decided will not be performed for certain clients. Although the costs/benefits analysis could be done at a higher level in such situations, the crypto-asset service provider should nevertheless have appropriate controls in place to check that there are no particular characteristics of certain clients that might require a more discrete level of analysis. 98. Where a portfolio manager has agreed a more bespoke mandate and investment strategy with a client due to the client's specific investment needs, a cost-benefit analysis of the switch at client-level should be performed, in contrast to the above. 99. Notwithstanding the above, if a portfolio manager considers that the composition or parameters of a portfolio should be changed in a way that is not permitted by the mandate agreed with the client, the portfolio manager should discuss this with the client and review or conduct a new suitability assessment to agree a new mandate. **5.11 Qualifications of staff (Guideline 11) 34** Relevant legislation: [Articles 68(5)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-2/article-68.md) and [81(7)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. 100. Crypto-asset service providers are required to ensure that staff involved in material aspects of the suitability process have an adequate level of skills, knowledge and expertise with regard to crypto-assets and crypto-asset services. 101. Staff should understand the role they play in the suitability assessment process and possess the skills, knowledge and expertise necessary, including sufficient knowledge of the relevant regulatory requirements and procedures, to discharge their responsibilities. 34 As per the mandate under [Article 81(15)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md)(a) of MiCA, ESMA will, at a later date, issue more general guidelines on the criteria for the assessment of knowledge and competence in accordance [Article 81(7)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. 102. Staff should possess the necessary knowledge and competence, including with regard to the suitability assessment. To that effect, crypto-asset service providers should give staff appropriate training. 103. Other staff that does not directly face clients but is involved in the suitability assessment in any other way should still possess the necessary skills, knowledge and expertise required depending on their particular role in the suitability process. This may regard, for example, setting up the questionnaires, defining algorithms governing the assessment of suitability or other aspects necessary to conduct the suitability assessment and controlling compliance with the suitability requirements. 104. Where relevant, when employing automated tools (including hybrid tools), crypto-asset service providers should ensure that their staff involved in the activities related to the definition of these tools: - have an appropriate understanding of the technology and algorithms used to provide digital advice (particularly they are able to understand the rationale, risks and rules behind the algorithms underpinning the digital advice); and - are able to understand and review the digital/automated advice generated by the algorithms. #### 6. Guidelines on the format of the periodic statement for portfolio management of crypto-assets **6.1 Durable medium (Guideline 1)** Relevant legislation: [Article 81(14)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. 105. Crypto-asset service providers should provide each such client with the periodic statement provided for in [Article 81(14)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA in an electronic format that is also a durable medium. 106. Such medium should enable a client to i) store the information addressed personally to that client in a way accessible for future reference and for a period of time adequate for the purposes of the information; and ii) allow the unchanged reproduction of the information stored. **6.2 Access to an online system (Guideline 2)** Relevant legislation: [Article 81(14)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. 107. For the purposes of [Article 81(14)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md), second subparagraph of MiCA, crypto-asset service providers should ensure that: - the online system their clients have access to qualifies as a durable medium; - the client is notified electronically of where and how the information may be accessed (for instance, if the online system is a website, the client should be notified of the address of the website, and the place on the website where the information may be accessed); - the client is notified when a new periodic statement is made available; and - the information is accessible continuously through that online system and for such period of time as the client may reasonably need to inspect it. **6.3 Content of the periodic statement (Guideline 3)** Relevant legislation: [Article 81(14)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-81.md) of MiCA. 108. To ensure that clients get a fair and balanced review of the activities undertaken, of the performance of the portfolio and of how the activities undertaken meet the preferences, objectives and updated information on the suitability assessment during the reporting period, the periodic statement should include, as a minimum: - a statement of the contents and the valuation of the portfolio, including details of each crypto-asset held, its market value, or fair value if market value is unavailable and the cash balance, all at the beginning and at the end of the reporting period; - the performance of the portfolio during the reporting period, including any tokens received for free for the continuity of operations of a proof-of-work and proof-of-stake- blockchain consensus mechanisms (staking awards); - the total amount of fees and charges incurred during the reporting period, itemising at least total management fees and total costs associated with execution, and including, where relevant, a statement that a more detailed breakdown will be provided on request; - a comparison of performance during the period covered by the statement with the performance benchmark (if any) agreed between the crypto-asset service provider and the client; - for each transaction executed during the period, the main characteristics of the relevant transaction; - an explanation as to how the activities or lack of activity meet the preferences, objectives and other characteristics of the client. 109. Crypto-asset service providers should also specify the date of the last suitability assessment or its review and, if relevant, on which basis it was last updated (e.g. new information provided by the client causing a change in the client's profile, new criteria applied by the crypto-asset service provider). ### Guidelines on the procedures and policies, including the rights of clients, in the context of transfer services for crypto-assets #### 1 Scope **Who?** 1. These guidelines apply to:\ \&#xNAN;**(i)** competent authorities and\ \&#xNAN;**(ii)** crypto-asset service providers that act as providers of transfer services for crypto-assets on behalf of clients within the meaning of [Article 3(1)](/mica/title-i-subject-matter-scope-and-definitions-art.-1-3/article-3.md)(26) of MiCA. **What?** 2. These guidelines apply in relation to [Article 82](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-82.md) of MiCA. **When?** 3. These guidelines apply 60 calendar days from the date of their publication on ESMA's website in all official EU languages. #### 2 Legislative references, abbreviations and definitions **2.1 Legislative references** **ESMA Regulation** Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC 35 **MiCA** Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 36 **TOFR** Regulation (EU) 2023/1113 of the European Parliament and the Council of 31 May 2023 on information accompanying **2.2 Abbreviations** | | | | ---- | ----------------------------------------- | | EC | European Commission | | ESFS | European System of Financial Supervision | | ESMA | European Securities and Markets Authority | | EU | European Union | #### 3 Purpose 4. These guidelines, developed by ESMA in close cooperation with EBA, are based on [Article 82(2)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-82.md) of MiCA. The objectives of these guidelines are to establish consistent, efficient and effective supervisory practices within the ESFS and to ensure the common, uniform and consistent application of the provisions in [Article 82](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-82.md) of MiCA. In particular, they aim at providing more clarity on the requirements for crypto-asset service providers providing transfer services for crypto-assets on behalf of clients as regards procedures and policies, including the rights of clients, in the context of transfer services for crypto assets. In this regard, ESMA anticipates a corresponding strengthening of investor protection. These guidelines apply without prejudice to the relevant rules under PSD 2, where applicable to relevant transfers of crypto-assets, notably EMTs. #### 4 Compliance and reporting obligations **4.1 Status of the guidelines** 5. In accordance with Article 16(3) of the ESMA Regulation, competent authorities and crypto-asset service providers shall make every effort to comply with these guidelines. 6. Competent authorities to which these guidelines apply should comply by incorporating them into their national legal and/or supervisory frameworks as appropriate, including where particular guidelines are directed primarily at financial market participants. In this case, competent authorities should ensure through their supervision that crypto-asset service providers comply with the guidelines. **4.2 Reporting requirements** 37 OJ L 150, 9.6.2023, p. 1-39. transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849 37 7. Within two months of the date of publication of the guidelines on ESMA's website in all EU official languages, competent authorities to which these guidelines apply must notify ESMA whether they (i) comply, (ii) do not comply but intend to comply, or (iii) do not comply and do not intend to comply with the guidelines. 8. In case of non-compliance, competent authorities must also notify ESMA within two months of the date of publication of the guidelines on ESMA's website in all EU official languages of their reasons for not complying with the guidelines. 9. A template for notification is available on ESMA's website. 38 Once the template has been filled in, it shall be transmitted to ESMA. 10. Crypto-asset service providers are not required to report whether they comply with these guidelines. #### 5 Guidelines on the policies and procedures in the context of transfer services for crypto-assets **5.1 General provisions on the policies and procedures on transfer of crypto-assets (Guideline 1)** 11. Crypto-asset service providers should establish, implement and maintain adequate policies and procedures (including appropriate tools) to ensure that, in good time before the client enters into any agreement for the provision of transfer services for crypto-assets, they provide the client, in an electronic format, with the information and conditions related to the transfer services for crypto-assets. 12. The information provided should include at least the following: * the name of the crypto-asset service provider, the address of its head office, and any other address and means of communication, including electronic mail address, relevant for communication with the crypto-asset service provider; * the name of the national competent authority in charge of supervising the crypto-asset service provider; * a description of the main characteristics of the transfer service for crypto-assets to be provided; * a description of the form of and procedure for initiating or consenting to a transfer of crypto-assets and withdrawing an instruction or consent, including the specification of the information that has to be provided by the client in order for a 38 See: transfer of crypto-assets to be properly initiated or executed (including, how to authenticate); * the conditions under which the crypto-asset service provider may reject an instruction to carry out a transfer of crypto-assets; * a reference to the procedure or process established by the crypto-asset service provider to determine the time of receipt of an instruction or consent to a transfer of crypto-assets and any cut-off time established by the crypto-asset service provider; * an explanation per crypto-asset, of which distributed ledger technology (DLT) network is supported for the transfer of this crypto-asset; * the maximum execution time for the transfer of crypto-assets service to be provided; * for each DLT network, reasonably estimated time or number of block confirmations needed for the transfer to be irreversible on the DLT network or considered sufficiently irreversible in case of probabilistic settlement taking into account the rules and circumstances of the DLT network; * all charges, fees or commissions payable by the client in relation to the crypto-assets transfer service, including those connected to the manner in and frequency with which information is provided or made available and, where applicable, the breakdown of the amounts of such charges; * the means of communication, including basic information about the technical requirements for the client's equipment and software (for example, the minimum software or mobile operating system), agreed between the parties for the transmission of information or notifications related to the crypto-asset transfer service ; * the manner in, and frequency with which, information related to the service of crypto-asset transfer is to be provided or made available; * the language or languages in which the agreement referred to in [Article 82(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-82.md) of MiCA will be concluded and communication during this contractual relationship undertaken; * the secure procedure for notification of the client by the crypto-asset service provider in the event of suspected or actual fraud or security threats; * the means and time period within which the client is to notify the crypto-asset service provider of any unauthorised or incorrectly initiated or executed transfers of crypto-assets as well as the crypto-asset service provider's liability, including maximum amount thereof, for unauthorised or incorrectly initiated or executed transfers; * the right of the client to terminate the agreement on the provision of crypto-asset transfer services and the modalities to do so; 13. The policies and procedures relating to the transfer services of crypto-assets should ensure that the crypto-asset service provider provides the relevant information in easily understandable words and in a clear and comprehensible form. 14. The policies and procedures referred to in paragraph 12 should also ensure that: * at any time during the contractual relationship related to the crypto-asset transfer services, the client should be able to access or receive, on request, the agreement referred to in [Article 82(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-82.md) of MiCA as well as the information listed in paragraph 12, in an electronic format; * the client is made aware, of any intended change to the information listed in paragraph 12 in good time before such change starts to apply. 15. Crypto-asset service providers should be able to provide the relevant information at the time of providing a copy of the draft agreement referred to in [Article 82(1)](/mica/title-v-authorisation-and-operating-conditions-for-crypto-asset-service-providers-art.-59-85/chapter-3/article-82.md) of MiCA. 16. As a good practice, crypto-asset service providers are encouraged to also take into account, in the policies and procedures referred to in paragraph 11, how to provide clients with educational material helping them to learn about and better understand their rights and the function and risks of crypto-asset transfers. **5.2 Information on individual transfers for crypto-assets (Guideline 2)** 17. Crypto-asset service providers should establish, implement and maintain adequate policies and procedures (including appropriate tools) to ensure that, after receipt of an instruction to transfer crypto-assets, but before the execution of the transfer of crypto-assets, the crypto-asset service provider provides the client with at least the following information: * a brief and standardised warning as to whether and when the crypto-asset transfer will be irreversible or sufficiently irreversible in case of probabilistic settlement 39 ; * the amount of any charges for the crypto-asset transfer payable by the client and, where applicable, a breakdown of the amounts of such charges, distinguishing, for example, between the gas fees charged for the transaction through the relevant DLT network and other fees crypto-asset service providers charge for their services. 39 Depending on the type of consensus algorithms relating to the relevant DLT. 18. The policies and procedures referred to in the previous paragraph should also ensure that initiation or execution of the transfer does not take place before adequate steps have been taken to ensure compliance with TOFR, including [Article 14](https://www.mica.wtf/tofr/transfer-of-funds-regulation/chapter-iii-casp-obligations/article-14-information-accompanying-transfers-of-crypto-assets) thereof. 19. Crypto-asset service providers should establish, implement and maintain adequate policies and procedures (including appropriate tools) to ensure that, after execution of individual transfers for crypto-assets, the crypto-asset service provider provides the client with at least the following information: * the names of the originator and the beneficiary; * the originator's distributed ledger address or crypto-asset account number; * the beneficiary's distributed ledger address or crypto-asset account number; * a reference enabling the client to identify each transfer of crypto-assets; * the amount and type of crypto-assets transferred or received; * the debit value date or the credit value date of the transfer of crypto-assets. * the amount of any charges, fees or commissions relating to the transfer of crypto-assets and, where applicable, a breakdown of the amounts of such charges. 20. The policies and procedures referred to in paragraph 19 should also cover the periodicity of the information listed in paragraph 19, any fees or charges incurred for the provision of the information and how the information is to be provided. 21. The information listed in paragraph 19 should be provided in an electronic format and, where not provided more frequently than once a month, free of charge 22. Crypto-asset service providers should establish, implement and maintain adequate policies and procedures (including appropriate tools) to ensure, without prejudice to other applicable regulatory requirements, that, where a transfer of crypto-assets is rejected, returned or suspended, the client is provided with, at least, the following information: * the reason for the rejection, return or suspension; * if applicable, how to remedy the rejection, return or suspension; * the amount of any charges or fees incurred by the client and whether reimbursement is possible. **5.3 Execution times and cut-off times (Guideline 3)** 23. Crypto-asset service providers should establish, implement and maintain adequate policies and procedures relating to, at least: * the cut-off times for instructions for the transfer of crypto-assets to be regarded as received on the same business day; * the maximum execution times depending on the crypto-asset transferred * the reasonable estimation of the time or number of block confirmations needed for the transfer of crypto-assets to be irreversible on the DLT, or sufficiently irreversible in case of probabilistic settlement, for each DLT network. **5.4 Rejection or suspension of an instruction to transfer crypto-assets or return of crypto-asset transferred (Guideline 4)** 24. Crypto-asset service providers should establish, implement and maintain adequate risk-based policies and procedures for determining whether and how to execute, reject, return or suspend a transfer of crypto-assets. Such policies and procedures should particularly take into account the provisions of TOFR, as relevant and as specified in the European Banking Authority's Guidelines preventing the abuse of funds and certain crypto-assets transfers for money laundering and terrorist financing purposes. **5.5 Liability of the crypto-asset service provider (Guideline 5)** 25. Crypto-asset service providers should establish, implement and maintain adequate policies and procedures determining the conditions of the liability of the crypto-asset service provider to clients in case of unauthorised or incorrectly initiated or executed transfers of crypto-assets. (ESMA website source: ) ### Related * [providing transfer services for crypto-assets on behalf of clients](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/providing-transfer-services-for-crypto-assets-on-behalf-of-clients.md) — defined term used on this page * [providing portfolio management of crypto-assets](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/providing-portfolio-management-of-crypto-assets.md) — defined term used on this page * [providing advice on crypto-assets](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/providing-advice-on-crypto-assets.md) — defined term used on this page * [crypto-asset service provider](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/dora/crypto-asset-service-provider.md) — defined term used on this page * [crypto-asset service provider](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/crypto-asset-service-provider.md) — defined term used on this page * [distributed ledger technology](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/mica/distributed-ledger-technology.md) — defined term used on this page * [crypto-asset service provider](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/tofr/crypto-asset-service-provider.md) — defined term used on this page * [distributed ledger technology](https://github.com/jakesenfti/micawtf/blob/main/spaces/definitions/tofr/distributed-ledger-technology.md) — defined term used on this page --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://www.mica.wtf/eu-level/guidelines/final-report-on-the-guidelines-specifying-certain-requirements-of-mica-on-investor-protection-thir.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.