MiCA EU Crypto AML for Self-Custody — 2026 Compliance Guide

The EU's Markets in Crypto-Assets Regulation (MiCA) came into full force during 2024 and 2025, and the parallel Anti-Money Laundering Regulation (AMLR) imposes specific obligations on Crypto-Asset Service Providers (CASPs), OTC operators and, in certain transactions, individual self-custody holders. This guide explains what MiCA and AMLR mean for crypto AML in 2026, the self-custody transfer thresholds that trigger reporting, and how pre-transfer AML screening keeps EU residents and operators on the right side of EU CFSP sanctions.

The regulatory architecture in one paragraph

MiCA regulates the issuance, custody and trading of crypto-assets in the EU. The AMLR — passed in 2024 and effective in stages through 2027 — extends the EU's AML framework to crypto and creates the new AML Authority (AMLA) based in Frankfurt. AMLR specifically addresses crypto transfers, including transfers between CASPs and self-hosted (self-custody) wallets, with new screening, identification and reporting obligations triggered by transaction value and counterparty type.

The EUR 1,000 self-custody threshold

The most-discussed provision for self-custody holders is the EUR 1,000 threshold for transfers between CASPs and self-hosted wallets. Above this threshold per single transaction, CASPs must verify the identity of the counterparty self-custody wallet holder, in addition to the standard CASP-to-CASP travel-rule information exchange.

This is not a transaction ban. It is a verification obligation that falls on the CASP, not directly on the self-custody holder. But the practical effect for the self-custody holder is that large transfers to and from CASPs now require enhanced customer due diligence, including documentation of the self-hosted wallet's source of funds.

Sanctions screening obligations under AMLR

CASPs licensed under MiCA must screen every incoming and outgoing transfer against EU CFSP sanctions, UN Security Council Consolidated List, and national lists of the CASP's member-state jurisdiction. Member states implement EU CFSP designations into national law; CASPs must comply with all relevant designations across the EU 27.

The categorical surface CASPs screen against includes:

• EU CFSP Consolidated Financial Sanctions list — including Russia, Belarus, Iran, DPRK and counter-terrorism designations.
• UN Security Council Consolidated List — globally binding.
• National sanctions lists — member-state specific designations supplementing EU lists.
• OFAC SDN list — not legally binding in the EU but operationally screened by most CASPs to avoid US secondary sanctions exposure. Read OFAC crypto wallet sanctions.
• Mixer cluster proximity — CASPs treat mixer exposure as elevated risk regardless of explicit sanctions designation.

What this means for self-custody holders in practice

Three operational changes affect EU self-custody users in 2026:

1. CEX deposits from self-custody face enhanced KYC

Depositing more than EUR 1,000 of any crypto-asset to an EU-licensed CASP from your self-hosted wallet may trigger an identity-verification step where the CASP confirms the self-hosted wallet's ownership and source of funds. For long-standing CASP customers this is usually quick; for new deposit addresses or unusual amounts, it adds friction.

2. OTC and B2B counterparty due diligence is now formal

EU OTC desks operating as CASPs must perform sanctions screening on every counterparty before settlement. Receiving payment from an EU OTC desk means the desk has screened you and your sending address. Sending payment to one means they will screen yours. Pre-transfer screening on both sides reduces failed settlements. Read P2P and OTC crypto address verification.

3. Cross-border transfers receive scrutiny

EU residents transferring crypto to or from non-EU jurisdictions on the EU's high-risk-third-country list face additional documentation requirements at the receiving CASP. Documentation of the source of funds for the originating self-custody wallet may be requested.

EU CFSP sanctions enforcement — what gets flagged

The most active EU CFSP designations in 2026 affecting crypto include:

• Russia-related designations — Garantex (sanctioned by both EU and OFAC), specific individuals on the EU CFSP list, designated entities with known wallet infrastructure.
• DPRK / Lazarus Group — Cluster addresses linked to the Lazarus Group are sanctioned across EU, UN and OFAC simultaneously.
• Iran-related designations — Specific individuals and entities.
• Counter-terrorism designations — The EU 1267-aligned list of terrorist financiers.
• Tornado Cash — The smart contract is sanctioned by OFAC and treated as high-risk by EU CASPs even where not directly EU-sanctioned.

The pre-transfer screening workflow for EU users

1. Identify the counterparty address — whether you are sending or receiving.
2. Run a local AML scan — free AML screening on Windows indexes the EU CFSP list, UN list, OFAC SDN, and mixer/hack clusters.
3. Document the scan — timestamped PDF report of the screen.
4. For transfers above EUR 1,000 to or from a CASP — retain the screen alongside source-of-funds documentation. EU CASPs may request this during enhanced due diligence.
5. For OTC settlement — share the screen result with the counterparty as part of pre-settlement compliance.

How MiCA differs from US and UK regimes

MiCA is more prescriptive than the equivalent US framework. The US relies on FinCEN guidance and OFAC sanctions enforcement; FATF Travel Rule implementation varies by exchange. The UK operates a similar regime under FCA registration and OFSI sanctions enforcement. MiCA + AMLR creates a more uniform pan-EU baseline with specific quantitative thresholds (EUR 1,000) where the US relies on risk-based interpretation.

For EU operators dealing with US or UK counterparties, the operational practice is to screen against the union of all three sanctions regimes — EU CFSP + OFAC + OFSI — even if only one is legally binding for your transaction. The intersection of regimes drives risk.

AMLA enforcement — what changes through 2027

The Anti-Money Laundering Authority (AMLA) is being stood up through 2025 and 2026, with operational supervisory powers expected in 2027 and 2028. AMLA will directly supervise the largest CASPs across the EU and coordinate national-level supervision of smaller operators. For self-custody holders, the practical effect is harmonisation: what counts as compliance in one EU member state will increasingly count in all 27.

Practical checklist for EU self-custody holders in 2026

• Maintain source-of-funds documentation for all crypto holdings.
• Run pre-transfer AML screens on every transfer above EUR 1,000 to or from a CASP.
• Save timestamped scan reports as part of your compliance file.
• Use an AML tool that covers EU CFSP, UN, and national lists at minimum.
• For OTC and B2B settlements, screen counterparty addresses and request reciprocal screens.
• Verify the regulatory status of any CASP you transact with — MiCA registration is mandatory for EU-resident counterparties.
• For transfers involving non-EU jurisdictions, retain additional documentation for cross-border due diligence.

Related EU and regulatory guides

For the broader FATF context, read FATF Travel Rule for self-custody. For sanctions-specific deep dives, see OFAC crypto wallet sanctions check and free wallet sanctions lookup. For institutional context, read Chainalysis vs Elliptic vs TRM vs AegisAML.

Frequently asked questions

Do I need to register as a CASP if I hold crypto in self-custody?

No. MiCA applies to entities providing crypto services to third parties (custody, trading, exchange, transfer). Self-custody of your own assets does not require CASP registration.

Does the EUR 1,000 threshold apply per transaction or per day?

Per transaction. The threshold is a single-transfer trigger for enhanced due diligence at the CASP. Aggregation rules may apply for structuring (multiple transfers split to evade the threshold), but the base rule is per-transaction.

Can EU CASPs reject a deposit from my self-custody wallet?

Yes. CASPs can decline transactions that do not pass their internal AML risk thresholds. Pre-transfer screening on your side helps avoid surprise rejections. Documenting source of funds before depositing helps if a rejection turns into a review.

Is Tornado Cash sanctioned in the EU?

The EU has not directly sanctioned Tornado Cash as an entity in the way OFAC did in 2022. However, EU CASPs operationally treat Tornado Cash proximity as high-risk and apply the same screening logic. Funds with Tornado Cash exposure will likely be flagged by EU CASPs regardless of explicit EU designation. Read Tornado Cash wallet exposure check.