On 30 June 2026 the FCA published its final rules for the UK cryptoasset regime. The read that matters: producible compliance evidence is now the price of market access. What changed, and where the architecture sits ↓
The cliff has passed. From 1 July, NCAs enforce — fines, censure, suspension, withdrawal. The paperwork question is settled; the architecture question isn't. Surviving CASPs must still evidence controls — those who did it without warehousing raw PII start the new regime ahead.
Sumsub's new MCP integration stands up verification in minutes, not days. Genuinely useful. But speed isn't the architectural question: configured fast or slow, the stack still warehouses raw PII. Verifier-private attestation changes what's stored, not just how fast you start.
KYC ongoing monitoring is three distinct operating models, not three names for the same thing. Periodic refresh. Trigger-based review. Continuous monitoring. Different evidence, different costs, different questions answered. The article walks all three.
From 1 July 2026, MiCA's transitional window shuts. Any firm serving EU crypto clients without a licence is in breach and must stop. ~80% of EU platforms are still unlicensed ⚠ If you hold crypto on one, check it is authorised before the deadline. #MiCA#CASP
ESMA refreshed its Interim MiCA Register on 19 June — authorised CASPs, ART/EMT issuers, non-compliant entities. Days before the cliff, the line between authorised and grandfathered sharpens. After 1 July, demonstrable onboarding compliance is what tells those two columns apart.
Fewer than 1 in 5 pre-MiCA firms made it through to full CASP authorisation. The survivors absorb the market's volume — and their compliance stack becomes the moat. The hard part now: evidence MiCA-grade onboarding without warehousing the raw PII the deadline scramble multiplied.
1,200+ crypto firms registered in the EU before MiCA. Days from the 1 July deadline, only ~210 hold full CASP authorisation. Roughly 75-80% face forced exit. ESMA has confirmed no extension. ↓
25 October 2027.
That is the date the UK cryptoasset regime commences. Every authorised firm starts running a per-customer evidence pipeline that day. The gateway closes eight months earlier.
The gateway is a date. The architecture is an operating surface.
⚠ UK cryptoasset gateway: opens 30 Sep 2026, closes 28 Feb 2027. Regime commences 25 Oct 2027.
SI 2026/102 layers FSMA on top of MLR 2017 (FCA AML supervision since 10 Jan 2020).
The architecture matters more than the date.
https://t.co/QZ2xXK1z5S #CASP
Both Verifyo and Jumio satisfy FATF Recommendation 10 and AMLR Article 20. The compliance verdict is parity.
But the data shape that lands in your platform's logs is fundamentally different. A thread on what actually crosses the wire ↓
Three rulings in a single week pushed the same instruction: a name on a list is not a decision. CJEU on OFAC matches. UK narrowing mandatory EDD. FCA pulling a payments firm for a framework that could not evidence one. The list is becoming an input, not a verdict.
100k verifications/month.
Onfido: $150K–$350K/year paid away as service expense.
Verifyo Pro (75,000 MTO): $150K held on the balance sheet.
Tokens held — not staked, burned, or locked. Fully owned, transferable.
Held asset vs recurring expense.
https://t.co/yXwL0oBjMo
1 July 2026. The MiCA transitional period ends. CASPs still operating without authorisation must wind down their EU client books — no further grace. Re-onboarding is lighter when KYC travels as a reusable attestation, not a fresh document pull each time. ↓
The Verifyo vs Onfido matrix ticks the same rows: documents, biometrics, SDK weight, countries covered.
Two questions it never asks:
— Where does the user's PII live after onboarding?
— What does year-one compliance capital become on the balance sheet?
A 7-post read. ↓
On 5 June ServiceNow patched a bug that let unauthenticated users query hosted customer-instance tables. No password required. Those tables hold support tickets, employee records, keys, credentials.
The pattern matters more than the bug. Here is why.
Payer is a wallet, not a person. Identity-binding answers one half — who's behind the wallet. Transaction monitoring and source-of-funds analysis sit elsewhere; we don't do those. The wallet-to-verified-person bind is the half we own. https://t.co/g27T1pTdyV #stablecoins
BSP confirms neither Binance nor BlockShoals holds a VASP licence in the Philippines. Sandbox status doesn't exempt central-bank licensing.
A two-regulator perimeter multiplies the onboarding evidence a firm must hold, not the identity. Reusable attestations collapse that.
Paradigm + Hyperliquid to FinCEN: a wallet holding or transferring a stablecoin isn't the issuer's customer. GENIUS Act obligations calibrate to the primary market. Secondary is wallet-to-wallet. Where does the obligation attach? https://t.co/wwewcCxqXQ #GENIUSAct#stablecoins
Five developments this week — three jurisdictions, one running question. When value moves, who proves who is behind it, and where does the evidence live? 6-12 June, in one thread. ↓