Belgium FSMA Flags Six Unauthorized CASPs After MiCA Deadline
Belgium's Financial Services and Markets Authority (FSMA) has named six crypto-asset service providers it says are operating in Belgium without authorization, publishing the warning just days after the EU's MiCA transitional deadline expired on 1 July 2026. For accounting firms, auditors, and CFOs with European crypto-exposed clients, the action is a clear signal: MiCA compliance crypto enforcement is no longer theoretical. National regulators are actively applying the licensing perimeter, and the consequences of using an unauthorized CASP are immediate and measurable.
What the FSMA Actually Did
The six named entities
The FSMA added the following six entities to its official list of fraudulent CASPs: Aurum Foundation, Bank Bit, Bithf Pro, Dxago, Global Dynamic Trade, and ZeriaFunding. The regulator stated that each of these providers is active in Belgium without the authorization required under the Markets in Crypto-Assets (MiCA) regulation. Consumers were strongly advised not to accept offers from any of them, and the FSMA directed users to verify any provider against its official CASP register before engaging.
The broader consumer protection warning
Alongside the naming action, the FSMA reiterated several structural risk factors that apply to crypto assets generally: price volatility, potential liquidity limitations, and the absence of a compensation scheme. Unlike bank deposits or certain investment products, crypto holdings placed with an unauthorized CASP carry no backstop if the provider fails or absconds. That last point has direct implications for how firms disclose client crypto exposures in financial statements.
Why 1 July 2026 Matters So Much
The transitional regime and what it permitted
MiCA entered into force at the end of 2024 and introduced a harmonized licensing framework across the EU for both CASPs and issuers of crypto-assets. To avoid disrupting markets overnight, member states were permitted to run transitional regimes allowing existing providers to continue operating while they sought full authorization. Belgium's transitional regime, like those of most member states, ran until 1 July 2026. From that date, any CASP serving Belgian clients without a valid MiCA authorization is operating outside the law.
Services that now require authorization
Under FSMA guidance, the full list of crypto-asset services requiring authorization includes: custody and administration on behalf of clients, operation of a trading platform, exchange of crypto assets against fiat currency, exchange of crypto assets for other crypto assets, execution of orders, transfer services, placement of crypto assets, reception and transmission of orders, advice, and portfolio management. That is a broad perimeter. Any business model touching these activities in Belgium, or targeting Belgian clients from abroad, must now be authorized.
Binance as a wider bellwether
The pressure the 1 July deadline created was already visible before it arrived. On 24 June 2026, Binance filed for authorization in Greece, acknowledging that some users could be affected while it worked through the process. That a major global exchange was still navigating its authorization path days before the deadline illustrates how demanding the MiCA licensing process has been, even for well-resourced operators. Smaller or less transparent providers are clearly further behind.
Accounting and Audit Implications for Firms and CFOs
Counterparty risk and the going-concern question
When a client holds assets on, or has recently transacted through, one of the six named entities, two immediate accounting questions arise. First, is the balance recoverable? Assets held with an unauthorized CASP flagged as fraudulent by a regulator carry a materially higher impairment risk. Under IFRS 9 or IAS 36 (depending on how the asset is classified), that risk must be assessed and, if material, reflected in the financial statements. Second, is the CASP itself viable? Regulatory action of this kind often precedes a forced wind-down. Firms should consider whether any receivable from or deposit at these entities is still a going-concern asset.
Transaction trail and evidence preservation
Any transactions processed through an unauthorized CASP between the expiry of the transitional period and the point a client ceases using it could be subject to regulatory scrutiny. Auditors reviewing periods that straddle 1 July 2026 should document the CASP authorization status at each transaction date. Digital asset accounting software that captures on-chain transaction data with timestamped records will be essential here, because the authorization status of a CASP at a specific date is a fact that needs to be demonstrated, not assumed.
AML and KYC exposure
Under MiCA and the accompanying Transfer of Funds Regulation, authorized CASPs must implement transaction monitoring and Travel Rule compliance. Unauthorized providers carry no such obligation. Any transactions your client ran through an unauthorized CASP during the post-deadline period may therefore lack the AML documentation that an authorized provider would have generated. For firms advising clients with AML reporting obligations of their own, that gap in documentation is a compliance liability that needs to be addressed proactively rather than discovered during an audit.
Disclosure obligations for corporate clients
CFOs of companies holding crypto assets must review their treasury policy and counterparty approval processes. If a CASP in the treasury's approved-provider list no longer holds valid MiCA authorization, the company may be in breach of its own internal controls framework. Auditors should request updated authorization evidence for every CASP used by corporate clients from 1 July 2026 onwards. The FSMA's official CASP register is the definitive reference point for Belgium; the European Securities and Markets Authority (ESMA) is building out a pan-EU register that will eventually cover all member states.
What the FSMA Action Tells Us About EU-Wide Enforcement
National regulators are moving fast
The fact that the FSMA published this warning within days of the transitional deadline signals a more proactive supervisory posture than some market participants expected. Historically, post-deadline enforcement sweeps in financial services tend to build slowly. The speed of Belgium's action suggests that national competent authorities have been monitoring the market throughout the transitional period and were prepared to act the moment the deadline passed. Other EU national regulators are likely to follow a similar pattern in the weeks ahead.
The fraudulent CASP list as a live compliance tool
The FSMA maintains a public list of entities it has identified as operating without authorization. This list is not static; it is updated as new cases are identified. Accounting firms and compliance teams serving EU clients should treat this list, and its equivalents in other member states, as a routine data source to check when onboarding new clients or reviewing existing counterparty relationships. Integrating that check into crypto bookkeeping software workflows and client due diligence procedures is the practical next step, not a one-off review.
Cross-border reach of MiCA enforcement
MiCA applies not only to providers established in Belgium but also to those marketing or providing services to Belgian clients from outside the country. The FSMA's action therefore has extraterritorial reach. A provider incorporated outside the EU that targets Belgian retail investors is also within scope. For firms with clients who used foreign-domiciled platforms during the transitional window, the question of whether those platforms are now authorized, or have ceased serving EU clients, is worth pressing explicitly. The situation around how Revolut's USDT delisting illustrates the MiCA authorization pressure on CASPs is a useful parallel: even large, partially regulated platforms have had to restructure their EU product offerings to stay compliant.
Practical Steps for Accounting Firms Now
Immediate checklist
The following steps are worth completing before the next client reporting cycle closes:
- Cross-check every CASP used by EU clients against the FSMA's authorized register and, where available, the relevant national competent authority register for each member state where the client operates.
- For any client with exposure to the six named entities (Aurum Foundation, Bank Bit, Bithf Pro, Dxago, Global Dynamic Trade, ZeriaFunding), assess whether assets are impaired and document the rationale.
- Review transaction records for the period from 1 July 2026 onwards and flag any transactions processed through a CASP whose authorization status is unclear or negative.
- Update client due diligence files to record the authorization status of each CASP at the date of each transaction, not just at onboarding.
- Advise corporate clients to amend treasury and counterparty policies to require documented MiCA authorization as a condition of using any CASP.
- Set calendar reminders to recheck CASP authorization status quarterly, because authorizations can be suspended or withdrawn as well as granted.
Longer-term framework considerations
As EU enforcement activity builds, the authorization status of a CASP will become a standard audit evidence point, similar to verifying the banking licence of a deposit-taking institution. Firms that build this verification into their digital asset accounting software workflows now will be ahead of the curve when the first post-MiCA enforcement cases reach the courts and regulators begin expecting documented counterparty checks as a matter of course. For context on what a properly authorized structure looks like under MiCAR, it is worth reviewing what a CASP authorization under MiCAR Article 60 looks like in practice, which illustrates the level of scrutiny a legitimate authorization involves.
Frequently Asked Questions
What does it mean for a CASP to be on the FSMA's fraudulent CASP list?
It means the FSMA has identified the provider as offering crypto-asset services in Belgium without the authorization required under MiCA. The designation does not automatically mean the provider is running a scam in the colloquial sense, though the risk of fraud is elevated. It means, at minimum, that the provider is operating outside the regulated perimeter, with none of the client-protection obligations that an authorized CASP must meet.
Can clients who used these providers before 1 July 2026 face any liability?
The transitional period allowed some providers to operate legally before the deadline, so historical use is not automatically problematic. The key date is 1 July 2026. Transactions processed after that date with an unauthorized CASP are the primary compliance concern. That said, if a provider was operating fraudulently even during the transitional window, separate liability questions may arise depending on the specific facts.
How do accounting firms verify CASP authorization status?
For Belgium, the FSMA maintains an official CASP register on its website. For other EU member states, the relevant national competent authority operates a similar register. ESMA is developing a centralized EU-wide register, but in the interim, country-by-country checks are required. Authorization status should be verified at the point of onboarding and periodically thereafter, because authorizations can be withdrawn.
What accounting treatment applies to assets held at an unauthorized CASP?
This depends on the applicable accounting standards and the specific facts. Under IFRS, assets held with a provider flagged as operating outside the regulatory perimeter carry elevated recoverability risk. If there is material uncertainty about whether assets can be recovered, impairment testing under IAS 36 or expected-credit-loss assessment under IFRS 9 (depending on asset classification) may be required. Disclosures in the notes should reflect the counterparty risk.
Does MiCA apply to crypto-asset service providers based outside the EU?
MiCA applies to any CASP that offers or markets services to clients located in the EU, regardless of where the provider itself is incorporated. A provider based outside the EU that actively targets Belgian or other EU clients must either obtain MiCA authorization or cease offering those services. This is why several non-EU exchanges restructured their EU product lines ahead of the 1 July 2026 deadline.
Source: Cointelegraph
