--- title: "MiCA Reverse Solicitation: When Can Offshore Firms Serve EU Clients?" slug: mica-reverse-solicitation-offshore publishedAt: 2026-04-28T09:00:00Z author: Finconduit Editorial Team tags: MiCA, ESMA, MiFID II canonicalUrl: https://finconduit.com/resources/mica-reverse-solicitation-offshore --- # MiCA Reverse Solicitation: When Can Offshore Firms Serve EU Clients? MiCA reverse solicitation explained — what counts as 'exclusive initiative', what defeats the defence, the 30-day rule, and when offshore firms must obtain a CASP authorisation instead. Reverse solicitation is the most misunderstood concept in **MiCA**. Founders and offshore operators repeatedly believe it works as a general workaround: incorporate in **Dubai** or the **Cayman Islands**, set up a website, and serve **EEA** customers under a 'they came to us' theory. The [Markets in Crypto\-Assets Regulation](https://eur-lex.europa.eu/eli/reg/2023/1114/oj), [MiCA Article 61](https://eur-lex.europa.eu/eli/reg/2023/1114/oj), and [MiCA Recital 75](https://eur-lex.europa.eu/eli/reg/2023/1114/oj), read together with the [ESMA Statement on reverse solicitation](https://www.esma.europa.eu/) published in October 2024, leave almost no room for that interpretation. Reverse solicitation is a **narrow** exemption, the **burden of proof** sits on the third\-country firm, and **ESMA** has signalled active enforcement against operators that try to stretch it.¹[^1]²[^2]³[^3]⁴[^4] What **reverse solicitation** does cover: a one\-off, fully unsolicited approach by an **EEA** resident to a non\-**EU** **CASP**, where the client initiates contact through their own **exclusive own initiative** without any **active marketing**, paid promotion, app\-store targeting, or affiliate referral pulling them toward the firm. The exemption is consumer\-facing and per\-service: a reverse\-solicited exchange relationship does not authorise the firm to subsequently offer custody, advice, or any **new category of crypto\-assets** to that same client without a **CASP authorisation**. This guide explains what **reverse solicitation** actually is, how **ESMA** defines '**exclusive initiative**' and '**active marketing**', the **30\-day rule** on new product offerings, the practical scenarios that pass and fail the test, what **ESMA**'s October 2024 Statement signals about enforcement, and the operational architecture that minimises risk for non\-**EEA** firms with legitimate inbound **EEA** demand. ## What **MiCA** Reverse Solicitation Actually Is **Article 61** of the **Markets in Crypto\-Assets Regulation** creates a **narrow** exemption: a third\-country firm may provide a crypto\-asset service to an **EEA**\-resident client if and only if that client approached the firm at their **exclusive own initiative**. **Recital 75** explicitly warns that the exemption must not be used to circumvent **MiCA** — the operating presumption is that any third\-country firm with **EEA**\-resident clients is in breach unless it can prove otherwise. The exemption mirrors the equivalent regime under [MiFID II Article 42](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32014L0065) for investment services. **ESMA** has signalled in multiple public statements that it will interpret **MiCA** **reverse solicitation** as restrictively as it has interpreted the MiFID II equivalent — and **ESMA**'s MiFID II case law, particularly post\-Brexit on **UK** firms serving **EU** clients, is among the most restrictive interpretations of any reverse\-solicitation regime in **EU** financial services.⁶[^5] > **Warning:** The burden of proof sits on the third\-country firm. ESMA Statement October 2024 makes clear that it is not enough to show 'we did not advertise' — the firm must demonstrate that the EEA client approached at their exclusive own initiative with no triggering communication from the firm. Email signatures, blog posts, social media presence, and even partner referrals can fail this test. ## What Counts as 'Active Marketing' Into the **EEA** If you do any of the things below, you are not relying on **reverse solicitation** — you are providing crypto\-asset services to **EEA** residents through **active marketing**, and you need a **CASP authorisation**. The list is non\-exhaustive but reflects **ESMA**'s stated and inferred position. *Table: Activities ESMA treats as 'active marketing' into the EEA — each defeats the reverse\-solicitation defence.* | Activity | Treatment | Notes | | --- | --- | --- | | Paid advertising targeting EEA IP addresses or postcodes | Active marketing | Includes Google Ads geo\-targeting, Meta location targeting | | EEA\-language website or app interface \(German, French, Italian, Spanish\) | Active marketing | Even with a 'not for EEA residents' disclaimer | | App\-store listing accessible from EEA storefronts | Active marketing | Even with terms\-of\-service exclusion | | Affiliate or referral programme paying for EEA\-resident sign\-ups | Active marketing | Affiliate compensation = solicitation | | Influencer or KOL marketing whose audience includes EEA residents | Active marketing | ESMA cites this explicitly in the October 2024 Statement | | Industry\-conference sponsorships or speaker slots in EEA venues | Active marketing | Booth, branded merchandise, lead capture | | Email campaigns to EEA\-resident lists | Active marketing | Cold outreach is unambiguous | | LinkedIn / X / Telegram targeted advertising in EEA member states | Active marketing | Paid social = solicitation | | Press releases distributed via wires reaching EEA media | Active marketing | Disseminating via Reuters / Bloomberg = active | | Blog post translated into EEA languages | Active marketing | Translation suggests intended audience | | A purely English\-language blog post visible globally | Borderline — usually not active marketing | Subject to other indicators | > **Note:** Geo\-blocking is a meaningful defensive control but not a complete defence. ESMA has signalled that geo\-blocking lowers risk but does not by itself save a firm whose marketing was demonstrably targeted at EEA audiences in the first place. Deploy geo\-blocking and EEA\-IP exclusion alongside an active\-marketing audit, not as a standalone fix. ## The Exclusive Initiative Test Reverse solicitation only applies when the client approached at their **exclusive own initiative**. The **ESMA Statement** on **reverse solicitation** unpacks this in detail, alongside the [EBA Guidelines](https://www.eba.europa.eu/) on **AML** risk for cross\-border services. The client must initiate the contact, the firm must not have communicated with the client beforehand in any way that could have prompted the approach, and the firm bears the **burden** of demonstrating both.⁵[^6] - Cold outbound contact from the firm to the client — automatically defeats **reverse solicitation**. - Marketing that the client saw before approaching — defeats the test even if the marketing was not directly aimed at **EEA**. **ESMA**'s standard is causation, not intent. - Affiliate or partner referral — defeats the test because the affiliate is acting on the firm's behalf for compensation. - Search\-engine click on the firm's organic website page — borderline. **ESMA** position appears to be that organic SEO that targets **EEA**\-relevant keywords is itself a form of solicitation. - Word\-of\-mouth from a non\-affiliate user — the cleanest case for **reverse solicitation** but still requires the firm to evidence that no triggering communication occurred. ## The 30\-Day Rule on New Services and Asset Categories Even where a firm has legitimately served an **EEA** client under **reverse solicitation**, the exemption does not extend to new services or new categories of crypto\-assets offered to that same client more than 30 days after the initial reverse\-solicited service began. **ESMA**'s October 2024 Statement reflects the same restrictive reading as the MiFID II case law: every new service requires a fresh own\-initiative approach from the client. In practice, this means a third\-country firm cannot use one reverse\-solicited exchange relationship as a springboard to upsell custody, advisory, or new asset classes. Each upsell either requires the client's **exclusive own initiative** for that specific new service or — far more practically — requires the firm to obtain a **CASP authorisation** and serve the relationship under **MiCA**. ## Scenarios — When Reverse Solicitation Passes and Fails The table below sets out common scenarios and **ESMA**'s likely treatment. None of these are formal **ESMA** findings — they reflect the regulator's stated approach and its MiFID II precedent. *Table: Reverse solicitation scenarios — likely ESMA treatment.* | Scenario | Likely outcome | Why | | --- | --- | --- | | EEA resident hears about a Cayman exchange from a friend, finds the website organically, signs up to trade BTC | Plausibly compliant | No active marketing, exclusive own initiative; firm must still document the case | | Same exchange runs YouTube ads geo\-blocked from EEA but visible via VPN; an EEA resident watches one and signs up | Likely non\-compliant | ESMA treats VPN\-bypass as no defence; the ad existed and was solicitation | | A UAE\-licensed CASP runs paid ads targeting MENA. An EU resident in Dubai for work clicks an ad and signs up | Borderline — facts\-and\-circumstances | Habitual residence vs temporary presence is decisive | | A Singapore CASP partners with an EEA referral affiliate paid per sign\-up | Non\-compliant | Affiliate compensation = active marketing through agent | | A non\-EEA exchange has 200 organic EEA\-resident customers from pre\-MiCA word\-of\-mouth | Likely non\-compliant unless firm proves zero triggering communication for each | Burden of proof per client; impractical at scale | | A non\-EEA institutional desk receives an inbound RFQ from an EEA\-resident family office | Plausibly compliant | B2B inbound, sophisticated counterparty, single transaction; document carefully | | The same desk markets a new structured product to that family office 90 days later | Non\-compliant for the new product | 30\-day rule; new service requires new own\-initiative approach or CASP authorisation | | A non\-EEA firm sponsors a Lisbon crypto conference | Non\-compliant | Sponsorship = active marketing into EEA territory | ## Penalties for Misuse Operating in the **EEA** without a **CASP authorisation** — including via stretched **reverse solicitation** — exposes the firm to the full **MiCA** enforcement perimeter. NCAs can issue cease\-and\-desist orders, freezes, public censure, and administrative fines up to the higher of €5 million or 12.5% of total annual turnover. Individuals \(directors, senior managers\) face fines and disqualification. Beyond **MiCA**, the operational consequences are usually faster than the regulatory ones. **EEA** banks decline correspondent relationships with non\-**CASP** firms whose business is plausibly **EEA**\-facing. Payment processors \(Stripe, Adyen\) terminate merchant relationships. Major counterparties refuse to onboard, citing **AML** risk. By the time an NCA issues a formal enforcement notice, the firm has often already lost banking and payment access. ## Operational Architecture for Non\-**EEA** Firms If you are a third\-country firm with non\-**EEA** primary markets and incidental **EEA**\-resident demand, the right architecture combines five controls. - **EEA** **geo\-blocking**. IP\-based access restrictions, payment\-method restrictions \(no SEPA inputs\), and **KYC** residence checks at onboarding. - Active\-marketing audit. Document every channel, language, geography, and target — ensure none target **EEA**. Keep advertising metadata \(targeting parameters, audience definitions\) for 5 years. - Reverse\-solicitation case files. For every **EEA** resident the firm chooses to serve, document the inbound channel, the lack of prior firm\-initiated communication, and the client's own\-initiative approach. Store contemporaneously. - 30\-day discipline. No new service offered to an **EEA** client beyond the original scope without a fresh own\-initiative request from that client. - **MiCA** passport route. If **EEA** volume is meaningful, obtain a **CASP authorisation** in a fast jurisdiction \(**Lithuania**, **Cyprus**, **Malta**\) — usually cheaper than the legal and operational cost of running the reverse\-solicitation defence. ## Frequently Asked Questions ### Can I serve **EEA** customers from **Dubai** under **reverse solicitation**? Only at the margin and with rigorous documentation. Habitually\-**EEA**\-resident customers cannot be your primary or significant customer base. If a meaningful share of your volume comes from the **EEA**, **ESMA** will treat the firm as actively marketing into the **EEA** regardless of where the entity is incorporated. The credible architecture is: **VARA**\-licensed entity for MENA \+ **UAE** customers, **MiCA CASP**\-licensed entity \(**Lithuania**, **Cyprus** or **Malta**\) for **EEA** customers — not **reverse solicitation** as a substitute for the **EEA** licence. ### Does an English\-language website fail the active\-marketing test? Not by itself. English is a global language and an English\-only site is not automatically targeting the **EEA**. The borderline case becomes problematic when other indicators are present — **EU**R pricing, SEPA payment options, **EEA**\-relevant SEO content, or material levels of **EEA**\-resident traffic. **ESMA** looks at the totality of indicators, not any single fact. ### What about **reverse solicitation** under MiFID II — is the **MiCA** position the same? Materially yes. **ESMA** has signalled that its restrictive MiFID II Article 42 interpretation applies analogously to **MiCA Article 61**. The MiFID II case law since the **UK** left the **EU** has consistently rejected reverse\-solicitation defences offered by **UK** firms with **EU** clients — including where the firm pointed to disclaimers, **geo\-blocking**, or written client representations. The **MiCA** position will be at least as restrictive. ### If a customer signs a written declaration that they approached at their own initiative, does that protect me? It is necessary but far from sufficient. **ESMA Statement** October 2024 makes clear that a client's written acknowledgement does not by itself satisfy the firm's **burden of proof**. The firm must still demonstrate that no firm\-initiated communication preceded the approach. Written declarations are best treated as one piece of a documentation package, not the package. ### What about institutional clients — is **reverse solicitation** easier? Marginally. Sophisticated counterparties \(regulated banks, broker\-dealers, asset managers\) carry less consumer\-protection weight in the supervisory analysis, and B2B inbound RFQ\-driven flow is the cleanest case for the exemption. But the **30\-day rule** still applies: a one\-off RFQ\-driven trade does not authorise the third\-country firm to subsequently offer the same client custody, advisory, or new\-asset trades without a **CASP authorisation** or a fresh own\-initiative request per service. ### Will the 2027 **AML**R or **AML**A change anything? Not directly — the **AML** Package addresses **AML** obligations, not the licensing perimeter. Reverse solicitation remains governed by **MiCA Article 61** and **ESMA**'s interpretation. But **AML**A's direct supervision of major obliged entities increases the risk of cross\-border investigation: a third\-country firm flagged in one member state's FIU is more likely to be investigated by **AML**A than by 27 separate national authorities. > **Call to action:** Operating from outside the EEA but seeing inbound EU demand? Finconduit can scope whether reverse solicitation is genuinely defensible for your business, or whether a Lithuanian / Cypriot / Maltese CASP authorisation is the better route. Get a free perimeter assessment. ## Related Guides - [MiCA Compliance Guide for CASPs](/resources/mica-compliance-guide-casps): Authorisation walkthrough — capital, governance, supplier stack - [EEA vs UK vs Offshore: Where to Incorporate Your Crypto Business](/resources/eea-uk-offshore-crypto-incorporation): Which jurisdiction maximises regulatory access and tax efficiency - [CASP Transitional Period: Country\-by\-Country Calendar](/resources/casp-transitional-period-calendar): When each **EEA** member state's grandfathering window closes - [MiCA Travel Rule Providers Compared](/resources/mica-travel-rule-providers-compared): Notabene vs Sumsub vs Sygna vs Veriscope Reverse solicitation under **MiCA** is real but **narrow**. It works for a handful of inbound institutional flows, properly documented, with rigorous active\-marketing discipline. It does not work as a market\-access strategy for a non\-**EEA** firm that wants meaningful **EEA** business. The economically rational answer for any third\-country firm with sustained **EEA** demand is the same: get a **MiCA CASP** authorisation. The cost is well below the cost of an **ESMA** enforcement action — and well below the cost of being de\-banked when a regulator flags your traffic patterns to your correspondent banks. ## Update — December 2024: ESMA Tightens the Reverse Solicitation Bar On 13 December 2024, **ESMA**[ issued a supervisory statement](https://www.esma.europa.eu/sites/default/files/2024-12/ESMA75-453128700-1323_Statement_on_provision_of_certain_crypto_asset_services_under_MiCA.pdf) \(ESMA75\-453128700\-1323\)[^7] that hardened how national supervisors should read the **reverse solicitation** exemption under **Article 61 MiCA**. The supervisory bar has materially moved — and offshore firms relying on the exemption as a soft marketing pathway into the EU should treat the statement as a direct warning shot. ### What the ESMA Statement Actually Says Four points stand out. First, the concept of **"exclusive initiative"** must be interpreted strictly: any prior solicitation that influenced the client's decision — direct or indirect — destroys the defence. Second, a third\-country firm operating a **website targeting EU users** \(EU\-language toggle, EUR pricing, EU jurisdictional drop\-down, EU\-targeted SEO\) cannot then claim that EU clients who sign up are exercising exclusive initiative. Third, **sponsorship of EU\-based influencers**, referral arrangements, affiliate codes, or paid placements — including in EU\-targeted Telegram and Discord channels — equate to active marketing and kill the exemption. Fourth, the **same\-type limitation** \(Article 61\(3\)\) is to be read narrowly: each new crypto\-asset class and each new service category counts as a separate type, so an offshore firm cannot upsell from a reverse\-solicited spot exchange into custody, staking, or advisory without a fresh solicitation defence. ### National Competent Authority Posture National competent authorities have moved in lockstep. **BaFin** \(Germany\) has signalled categorical rejection of "soft marketing" — landing pages, lead magnets, gated whitepapers, and webinars aimed at German residents will defeat the exemption even where the actual sign\-up is client\-initiated. France's **AMF** has reiterated its long\-standing hostility to third\-country solicitation of French retail, applying the same tests it uses for forex and CFD providers. The Netherlands' **AFM** has confirmed that Dutch\-language marketing — including translated FAQs and Dutch\-localised support — is itself active marketing. Cyprus' **CySEC**, historically more permissive on inbound flow, has aligned with the ESMA position and is expected to treat reverse solicitation as a **defence of last resort** rather than a business model. ### The MiFID II Precedent Overlay The supervisory template is not new. ESMA's January 2023 [Supervisory Briefing on the Notion of Reverse Solicitation under MiFID II](https://www.esma.europa.eu/sites/default/files/library/esma35-43-3242_supervisory_briefing_on_reverse_solicitation.pdf) \(ESMA35\-43\-3242\)[^8] articulated the same restrictive framework for investment services — and the December 2024 MiCA statement explicitly imports that interpretive method. Practically this means **MiFID II case law and supervisory practice** are directly persuasive for **MiCA** purposes: the same evidentiary thresholds on **"at the client's own exclusive initiative"**, on the prohibited promotion of additional services, and on the burden of proof sitting squarely with the firm, all apply. ## What This Means for Your Documentation In practical terms, the December 2024 statement converts **reverse solicitation** from a marketing posture into an **evidentiary exercise**. The firm bears the burden of proof — per client, per service, per asset class. The only defensible posture is a contemporaneous evidence file built at onboarding, refreshed at every upsell, and capable of withstanding a hostile supervisory review years after the fact. For the operational answer, see our companion guide — [Build a Reverse Solicitation Evidence Pack](/resources/reverse-solicitation-evidence-pack-crypto) — which sets out the **seven documents** every offshore firm should hold on file per EU client to defend the **Article 61** exemption: the inbound\-channel attestation, the marketing\-absence certification, the client\-initiative declaration, the same\-type\-services log, the **30\-day quarantine** record, the upsell\-firewall sign\-off, and the supervisory\-ready chronology. > **Warning:** ESMA's December 2024 statement explicitly closed the loopholes most offshore CASPs were relying on — EU\-targeted websites, influencer sponsorship, affiliate\-channel funnels, and same\-relationship upsell. Treat reverse solicitation as a defence of last resort, not a marketing strategy. If your inbound funnel depends on any EU\-targeting signal, the exemption does not protect you. The net effect: **reverse solicitation** under **MiCA** is no longer a pathway — it is a narrow, defensive exception governed by **ESMA**'s strict interpretive lens and enforced by **BaFin**, **AMF**, **AFM**, and **CySEC** with the same evidentiary rigour applied under **MiFID II**. Firms relying on the defence must instrument every inbound interaction to produce contemporaneous, per\-client evidence — the **marketing absence** certificate, the **exclusive initiative** declaration, and the **same\-type limitation** log are now the minimum operational floor. - [The Reverse Solicitation Evidence Pack](/resources/reverse-solicitation-evidence-pack-crypto) — the seven\-document file every offshore firm should hold per client to defend the MiCA defence. ## Footnotes [^1]: Regulation \(EU\) 2023/1114 \(Markets in Crypto\-Assets Regulation — MiCA\), OJ L 150, 9.6.2023. [^2]: MiCA Article 61 — Solicitation of Union clients by third\-country firms. Reverse solicitation is interpreted strictly as the exclusive own initiative of the client. [^3]: MiCA Recital 75 — clarifies that reverse solicitation should not be relied upon to circumvent MiCA; the exemption is narrow and should be interpreted strictly. [^4]: ESMA Statement on reverse solicitation under MiCA, 17 October 2024 — clarifies the narrow scope and the burden of proof on third\-country firms. [^5]: MiFID II Article 42 — equivalent reverse solicitation exemption in investment services; ESMA's MiCA interpretation aligns with its restrictive MiFID II case law. [^6]: EBA Guidelines on the management of money laundering and terrorist financing risks \(EBA/GL/2021/02\). [^7]: ESMA, Statement on the provision of certain crypto\-asset services by third\-country firms under MiCA, ESMA75\-453128700\-1323, 13 December 2024. [^8]: ESMA, Supervisory Briefing on the Notion of Reverse Solicitation under MiFID II, ESMA35\-43\-3242, 13 January 2023. --- Source: https://finconduit.com/resources/mica-reverse-solicitation-offshore