Market Abuse Regulation and Cryptoassets: What CASPs and Token Issuers Must Do Now

Market Abuse Regulation and Cryptoassets, A Significantly Expanded Regime

Market abuse regulation for cryptoassets is the compliance area that catches the most operators unprepared in 2026. The reason is historical: until MiCA, there was no EU-wide market abuse regime specifically covering crypto-asset markets. The UK's Market Abuse Regulation (UK MAR) applied only to financial instruments admitted to trading on regulated venues, most cryptoassets were outside scope. Crypto market participants built compliance frameworks without market abuse components because market abuse law did not clearly apply to them.

MiCA changed this with the introduction of a market abuse framework in Title VI (Articles 90–111) specifically designed for crypto-asset markets. The UK is developing its own equivalent under the forthcoming FCA Part 4A regime. For any CASP or crypto-asset issuer operating in or accessible from the EU or UK, market abuse compliance is now a mandatory component of the compliance framework, not an optional enhancement.

What MiCA's Market Abuse Framework Prohibits

MiCA Articles 91–93 establish three categories of prohibited conduct: insider dealing, unlawful disclosure of inside information, and market manipulation. These map broadly to the categories in UK MAR and EU MAR for financial instruments, adapted for the specific characteristics of crypto-asset markets.

Inside information in crypto markets

Under MiCA Article 87, inside information means information of a precise nature that has not been made public, relating to crypto-assets or to issuers or offerors of crypto-assets, which, if made public, would be likely to have a significant effect on the price of those crypto-assets. The definition is functionally similar to the EU MAR definition for financial instruments.

In practice, inside information in crypto markets includes: undisclosed information about a significant protocol upgrade or vulnerability; undisclosed information about a partnership, listing, or commercial arrangement that would materially affect the token's value; undisclosed information about regulatory action against the issuer or CASP; and undisclosed information about the actions of a large holder (a "whale") that has a relationship with the issuer or CASP.

Market manipulation in crypto, the unique challenges

MiCA Article 93 prohibits market manipulation in crypto-asset markets. The prohibited behaviours include: entering into transactions that give false or misleading signals as to supply, demand, or price; entering into transactions with the primary purpose of securing the price of a crypto-asset at an artificial level; and disseminating false or misleading information that gives false signals as to price.

• Wash trading, simultaneous buying and selling of the same crypto-asset to create the appearance of liquidity or volume, without genuine change of beneficial ownership. This is explicitly prohibited and is technically identifiable through on-chain data analysis.
• Spoofing and layering, placing large buy or sell orders with the intent to cancel them before execution, to create a false impression of market depth. This is harder to identify in decentralised markets but is clearly within scope.
• Pump and dump, artificially inflating the price of a crypto-asset through promotional activity, then selling at the inflated price. Common in small-cap crypto markets and a primary enforcement target for NCAs.
• NFT wash trading, executing wash trades in NFTs to inflate floor prices or trading volumes. ESMA has specifically identified NFT market manipulation as within MiCA's scope where the NFT is within MiCA's definitional scope.

Building a Market Abuse Compliance Programme

A market abuse compliance programme for a CASP or crypto-asset issuer must address three distinct components: detection (identifying potential market abuse), prevention (controls that reduce the risk of market abuse occurring), and reporting (the obligation to report suspicious transactions to the competent authority).

Surveillance and detection

MiCA Article 101 requires CASPs to establish and maintain effective arrangements, systems, and procedures to detect and report suspicious transactions and orders. The practical requirement is a market surveillance system that monitors trading activity on the CASP's platform for the patterns associated with the prohibited behaviours listed above.

For centralised exchanges, market surveillance is an established discipline, the tools and methodologies used in traditional financial markets can be adapted for crypto. For decentralised platforms, surveillance is more challenging because the relevant trading data is on-chain and the CASP may not have visibility of all trading activity. A CASP operating a hybrid model, a centralised order book with on-chain settlement, must design surveillance that covers both layers.

Insider lists

MiCA Article 89 requires issuers of crypto-assets to draw up a list of all persons who have access to inside information and who work for them under a contract of employment or otherwise perform tasks through which they have access to inside information. The insider list must be maintained and updated in real time. This is an operational requirement that most crypto-asset issuers have not yet implemented.

Suspicious transaction reporting

Under MiCA Article 101, CASPs must report to the competent authority as soon as possible if they have a reasonable suspicion that a transaction or order in a crypto-asset constitutes insider dealing, unlawful disclosure of inside information, or market manipulation. This is separate from, but operationally similar to, the SAR reporting obligation under AML law. A CASP needs a process for identifying suspicious transactions from a market abuse perspective, distinct from the financial crime monitoring process, and a reporting procedure that ensures timely notification to the NCA.

UK Market Abuse for Cryptoassets, Where the FCA Regime Is Heading

UK MAR currently applies only to financial instruments admitted to trading on regulated venues. Cryptoassets that are not financial instruments are outside UK MAR's scope. However, the FCA has signalled clearly that the Part 4A cryptoasset authorisation regime will include a market abuse framework modelled on UK MAR, adapted for crypto-asset markets.

The FCA's consultation papers on the cryptoasset regime have indicated that prohibited behaviours will be broadly equivalent to those in MiCA Title VI, insider dealing, unlawful disclosure, and market manipulation. The key question is the scope: which cryptoassets will be within the UK crypto market abuse regime, and which CASPs will be subject to it.

The FCA has indicated that the market abuse regime will apply to cryptoassets that are admitted to trading on FCA-authorised cryptoasset trading venues. This means that the trading venue, not the issuer, will be the primary point of regulatory obligation. A cryptoasset listing on an FCA-authorised exchange will bring that cryptoasset within the market abuse regime, with obligations on both the exchange and the issuer.

Social Media, Promotions, and Market Abuse

The boundary between legitimate promotional activity and market manipulation is one of the most difficult lines to draw in crypto market abuse regulation. MiCA Article 93 specifically includes disseminating information through the media, including social media, that gives false or misleading impressions of the supply, demand, or price of a crypto-asset as a form of market manipulation.

The "influencer pump", where a person with a social media following promotes a crypto-asset that they hold (or that they have been paid to promote) without disclosing their interest, is a clear example of prohibited conduct under MiCA. ESMA has issued guidance making clear that this applies to social media posts as well as traditional media, and that the prohibition applies to any person, not just regulated entities.

Practical Steps for Compliance in 2026

• Conduct a market abuse risk assessment, specific to your business model, the crypto-assets you issue or trade, and your market position. The risk profile of a DEX aggregator is different from that of a centralised exchange or a token issuer.
• Build or procure a market surveillance system, appropriate to your transaction volumes and the complexity of your trading environment. This does not need to be a bespoke build; several established surveillance solutions have been adapted for crypto markets.
• Establish an insider list, for token issuers, implement the insider list process required by MiCA Article 89 immediately. This is an operational requirement that is straightforward to implement but frequently overlooked.
• Design a suspicious transaction reporting process, distinct from your AML SAR process, covering the market abuse categories. Train relevant staff on the reporting obligation and the threshold for making a report.
• Review social media and communications policies, ensure staff understand the market abuse implications of social media activity, implement disclosure requirements, and maintain records of communications that may be relevant to market abuse surveillance.
• Coordinate with legal counsel on UK MAR exposure, if any cryptoassets you issue or trade are or may become financial instruments within the scope of UK MAR, the existing UK MAR obligations apply now, not just after the FCA's crypto market abuse regime is implemented.

How Arca Compliance Can Help

Arca Compliance advises CASPs and crypto-asset issuers on market abuse compliance programme design, from risk assessment and surveillance system selection through to insider list implementation, suspicious transaction reporting processes, and staff training on market abuse obligations. We work alongside specialist legal partners for formal legal opinions on the application of market abuse law to specific instruments and business models.