EEA Tracker · June 2026

EEA Regulated-Fintech Tracker

Name: EEA Regulated-Fintech Tracker
Creator: finconduit
Published: 2026-06-24T00:00:00Z
License: https://finconduit.com/terms

The MiCA Article 143 grandfathering hard deadline of 1 July 2026 is now one week away, and it dominates everything. ESMA confirmed on 17 April 2026 that there will be no extension: from 1 July, any firm providing crypto-asset services to EU clients without a full CASP authorisation is in breach of EU law and must cease. ~204 CASPs hold full authorisation EEA-wide (ESMA register, mid-June), with Germany still the clear leader. NCAs are visibly pre-positioning for enforcement — BaFin moved to block access to six offshore exchange domains targeting German users without authorisation. AMLA, operational since July 2025, is required to publish its first RTS set by 10 July 2026. PSD3 / PSR cleared its Parliament votes and Official Journal publication is tracking late Q2 / summer 2026 (may slip to September). Banking access stayed bifurcated and tightened further into the deadline: a flight-to-authorised-status is compressing Tier-1 appetite onto firms that already hold (or are days from) a CASP licence.

Snapshot 2026-06 · published 2026-06-24 · methodology

Practitioner layer

Where's the door open this month?

Per-jurisdiction temperature read on banking-access reality for foreign-controlled regulated fintechs. Tier-archetype framing — finconduit does not name specific banks per its published constraint.

Tier acceptance posture

Selective

Tier 1 — EU clearing

Into the 1 July deadline, Tier-1 EU clearing has compressed appetite onto firms that already hold a CASP authorisation. A grandfathered-but-unauthorised applicant is now effectively un-bankable at Tier-1 until the licence is granted. Onboarding cycles 16–26 weeks; the authorisation itself is the gate.

Open

Tier 2 — Specialist

Tier-2 specialist EEA banks and EMI-as-correspondent partners are absorbing the displaced pre-deadline demand at record volume. Pricing has firmed further. Onboarding 6–14 weeks; AML / TM programme depth is the binding constraint.

Open

Tier 3 — Crypto-aware

Tier-3 crypto-aware correspondents continue to onboard at scale, including firms repositioning post-deadline. Sanctions-screening and KYT depth remain the binding constraints. Onboarding 4–10 weeks for prepared applicants.

Jurisdiction temperature

Germany

↘

Selective

Flight-to-authorised-status into the 1 July deadline: Tier-1 EU clearing is now effectively reserved for firms that already hold a CASP authorisation (56 in DE). Grandfathered-but-unauthorised applicants are being deferred until the licence lands.

Netherlands

→

Selective

AFM-authorised CASPs retain workable Tier-1 access. The NL transitional regime ended a year ago (1 July 2025), so the deadline crunch is milder here than in late-transition jurisdictions.

France

→

Open

The matured PSAN-to-CASP pipeline keeps France the most workable Tier-1 banking corridor for authorised crypto activity. AMF authorisation throughput remains the bottleneck, not banking appetite.

Ireland

→

Selective

English-speaking corridor stays workable for US-headquartered groups holding (or imminently holding) a CASP authorisation. Irish-resident customer-base bias persists.

Lithuania

→

Constrained

The EEA's deepest EMI/PI hub (81 EMIs / 44 PIs) still has the banking layer as its binding constraint. Tier-1 correspondent reach has not recovered; CASP applicants are routing through Tier-2 specialist partners.

Estonia

→

Constrained

Post-2022 cleansing residue persists; FI authorisation still does not translate automatically into euro IBANs. New entrants face heightened banking-onboarding scrutiny.

Luxembourg

→

Selective

Strong private + institutional banking; Tier-2 specialist partners onboard regulated firms with mature AML programmes. CSSF Circular 26/906 governance-alignment continues to raise the substance bar.

Malta

→

Constrained

Post-Moneyval drag persists; the ESMA fast-track peer review on MFSA CASP authorisation continues to shape supervisor caution. Tier-2 specialist banking via EU correspondents typical; local Tier-1 access narrow.

Cyprus

↗

Constrained

CySEC cleared much of its application backlog into the deadline (13 CASPs now authorised). Banking remains the constraint: limited Cypriot correspondent reach, EMI-partner reliance the norm.

Material events — last 30 days

2026-06-18
tier1 tightening
Tier-1 EU clearing banks moved to a de-facto "authorised-only" posture into the 1 July deadline: pre-approval desks are deferring grandfathered-but-unauthorised crypto applicants until a CASP authorisation is granted, rather than progressing files in parallel.
2026-06-10
correspondent policy shift
Two Tier-1 EU correspondents tightened USD-clearing onboarding for crypto-flow EEA firms pending CASP authorisation, citing the imminent perimeter change. Effect: files held until the licence lands.
2026-06-05
tier2 entry
A specialist EEA Tier-2 partner expanded its CASP-onboarding desk to absorb pre-deadline demand displaced from Tier-1, prioritising firms with a granted authorisation or an in-principle approval.
2026-05-30
nca derisking statement
An NCA reiterated, via supervisory communication, that banks must not treat a pending CASP application as grounds for blanket de-risking — but in practice Tier-1 appetite has narrowed regardless ahead of 1 July.
2026-05-28
safeguarding bank change
A specialist EEA safeguarding-bank partner introduced deadline-linked onboarding conditions, prioritising authorised CASPs and EMIs with completed ICAAP-equivalent capital documentation.

Supervisory layer

What did supervisors do this month?

Public NCA enforcement actions and supervisory notices with a one-line read on what the action signals for the wider regulated-fintech population.

BaFin · Germanypublic warning
2026-06-16
BaFin moves to block access to offshore exchange domains targeting German users
BaFin acted to prevent access to six offshore crypto-exchange domains that were targeting German users without CASP authorisation. The move pre-positions enforcement ahead of the 1 July grandfathering expiry and signals that unauthorised access to German residents — not just German establishment — is in scope.
finconduit's read
BaFin is enforcing on the user-nexus, not only establishment. Offshore exchanges serving German residents without authorisation should expect domain-level blocking and public warnings from 1 July, not a grace period.
ESMA · EEA-widecasp supervisory notice
2026-06-12
ESMA reaffirms 1 July 2026 is a hard deadline — no extension
ESMA reaffirmed its 17 April 2026 statement that the MiCA Article 143 transitional period ends on 1 July 2026 with no extension across any member state. After that date, any entity providing crypto-asset services to EU clients without a full CASP authorisation is in breach of EU law and must cease.
finconduit's read
There is no soft landing. Firms still operating under grandfathering without a granted authorisation by 1 July must stop serving EU clients or face NCA enforcement. Wind-down planning should already be underway for the unauthorised.
AMF · Francepublic warning
2026-06-04
AMF continues pre-deadline enforcement-notice cadence against unauthorised actors
The AMF maintained its elevated enforcement-notice cadence (14 notices were issued in Q4 2025) against entities marketing crypto-asset services to French residents without the requisite authorisation, as the PSAN-to-CASP transition closes.
finconduit's read
France pairs an open authorisation pathway with active enforcement against the unauthorised. Firms relying on a "we will apply later" posture into 1 July are squarely in scope.
CySEC · Cypruscasp supervisory notice
2026-05-30
CySEC clears application backlog ahead of the deadline
CySEC granted a cluster of CASP authorisations in the final pre-deadline window, clearing much of the incomplete-application backlog it had flagged earlier in 2026. Firms that completed pre-application engagement were prioritised.
finconduit's read
Pre-application engagement was the decisive differentiator in the final window. The firms that engaged early got over the line; late filers did not. The same pattern will repeat for any future authorisation deadline.
AMLA · EEA-wideamla readiness
2026-05-28
AMLA signals direct-supervision readiness for largest cross-border crypto firms
AMLA — operational since 1 July 2025 — reiterated that crypto-asset firms operating cross-border in the EU must hold strong AML/CFT controls, ahead of its first RTS publication due 10 July 2026 and direct supervision of designated high-risk entities from 2028.
finconduit's read
The largest cross-border crypto firms should plan for AMLA direct supervision now. The 10 July RTS will turn the AMLR design parameters from draft into binding standard.
BaFin · Germanyauthorisation revocation
2026-05-26
BaFin withdraws authorisation of a grandfathered operator that missed the conversion
BaFin moved against a grandfathered crypto operator that did not complete CASP conversion in time, consistent with its short tolerance for unremediated authorisation gaps. Pattern follows BaFin's 2025 first-MiCA-enforcement action.
finconduit's read
Grandfathering is not a safe harbour. An operator that reaches 1 July without a granted authorisation faces withdrawal and wind-down, not an extension.

Forthcoming layer

What's coming, and when?

Upcoming regulatory milestones across MiCA, DORA, AMLR, ESA technical standards, EU lists, and national transpositions. Operational impact noted per item.

Next 30 days

2026-07-01MiCAeea

MiCA Article 143 grandfathering — HARD EXPIRY (no extension)

The MiCA transitional period ends across the EU on 1 July 2026. ESMA confirmed (17 April 2026) there is no extension in any member state. From this date, any firm providing crypto-asset services to EU clients without a full CASP authorisation is in breach of EU law and must cease.

Operational impact

This is now days away. Firms without a granted authorisation or an explicit NCA in-principle approval must either stop serving EU clients on 1 July or face enforcement (domain blocking, public warnings, cease-and-desist). Wind-down planning should already be complete for the unauthorised.

2026-07-10AMLReea

AMLA — first RTS publication deadline

AMLA is required to publish its first set of Regulatory Technical Standards by 10 July 2026 — one year after commencing operations (1 July 2025) and one year before AMLR application.

Operational impact

The RTS define the operational AML/CFT obligations under AMLR. From 10 July the design parameters move from draft consultation to binding standard — AML programme uplifts should be drafted to the RTS, not the legacy national variants.

Next 90 days

2026-07-31PSD3eea

PSD3 / PSR — Official Journal publication (anticipated)

Following the Parliament votes, OJ publication of PSD3 (Directive) and PSR (Regulation) is anticipated for late Q2 / summer 2026 (June–July, may slip to September). PSR applies 20 days after OJ publication for selected provisions; PSD3 requires 18-month national transposition.

Operational impact

Once published, all in-scope PIs / EMIs have a defined transposition clock (practical applicability tracks 2028). EMIs should note PSD3 collapses EMD2 into the PI regime. Begin gap analysis against the published text now.

2026-09-01ESA RTSeea

ESMA RTS — MiCA market-abuse detection (CASP trading platforms)

ESMA scheduled to finalise the RTS on market-abuse detection systems for CASPs operating trading platforms (MiCA Class 3 / Class 2 venues). Proportionate framework across venue size tiers.

Operational impact

CASPs operating trading platforms should plan market-abuse detection implementation in Q4 2026 once the RTS is final. Smaller venues should track which proportionality carve-outs survive the final draft.

2026-09-15EU Listeea

EU Commission high-risk-third-country list — quarterly review

European Commission scheduled quarterly review of the high-risk-third-country list under Delegated Regulation (EU) 2016/1675. The January 2026 update (Delegated Regs 2026/46 and 2026/83) brought the list to 35 jurisdictions.

Operational impact

List changes trigger automatic EDD obligations under 6AMLD Article 18a / forthcoming AMLR for any customer-base exposure to newly-listed jurisdictions. Update sanctions and EDD policies within 30 days of publication.

Beyond 180 days

2027-07-10AMLReea

AMLR — application date

Regulation (EU) 2024/1624 (AMLR) becomes applicable. Replaces large parts of national AMLD-derived law with a directly-applicable single rulebook; AMLA commences direct supervision of designated cross-border high-risk institutions.

Operational impact

AML programmes built against 6AMLD-derived national law need re-baselining against AMLR before application. The ~13-month runway (June 2026 → July 2027) is the practical window for AMLR-aligned programme uplift.

Working through one of these?

We see the operating reality these tracker entries reflect — every working day.

Authorisation in progress, banking-access pressure, an inspection finding to remediate, a regulatory deadline approaching — book a free assessment to map the right next move against your specific facts.

Book a regulatory assessment

Regulator-issued
ESMA — Interim MiCA Register: authorised crypto-asset service providers under MiCA Title V (~204 EEA-wide, mid-June 2026). Weekly update.
https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
Verified 2026-06-24
Regulator-issued
ESMA — Interim MiCA Register: authorised E-Money Token issuers (Title IV), ~24 EEA-wide mid-June 2026.
https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
Verified 2026-06-24
Regulator-issued
ESMA — Interim MiCA Register: authorised Asset-Referenced Token issuers (Title III). 0 authorised as of retrieval date; applications under NCA review.
https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
Verified 2026-06-24
Regulator-issued
ESMA — statement (17 April 2026) confirming the MiCA Article 143 transitional period ends 1 July 2026 with no extension. After that date, providing crypto-asset services to EU clients without CASP authorisation is a breach of EU law.
https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica
Verified 2026-06-24
Regulator-issued
BaFin — Database of authorised institutions (EMIs, PIs, MiCA CASPs).
https://www.bafin.de/EN/PublikationenDaten/Datenbanken/datenbanken_node_en.html
Verified 2026-06-24
Regulator-issued
BaFin — consumer-protection / unauthorised-business actions, including measures to block access to offshore exchange domains targeting German users without CASP authorisation (June 2026).
https://www.bafin.de/EN/PublikationenDaten/Datenbanken/Unternehmensdatenbank/unternehmensdatenbank_node_en.html
Verified 2026-06-24
Regulator-issued
AMF — public warnings / blacklist of unauthorised actors marketing crypto-asset services to French residents (14 enforcement notices in Q4 2025; cadence maintained into 2026).
https://www.amf-france.org/en/news-publications/news-releases/protection-savings-news-releases
Verified 2026-06-24
Regulator-issued
AMLA — EU Authority for Anti-Money Laundering, operational since 1 July 2025. First RTS due 10 July 2026; direct supervision of designated cross-border high-risk entities from 2028.
https://www.amla.europa.eu/
Verified 2026-06-24
Regulator-issued
DNB — Public registers of authorised institutions (EMI, PI, ART / EMT issuers).
https://www.dnb.nl/en/public-registers/
Verified 2026-06-24
Regulator-issued
ACPR / Banque de France — REGAFI register of authorised financial institutions.
https://acpr.banque-france.fr/en/popular-services/regafi
Verified 2026-06-24
Regulator-issued
Central Bank of Ireland — Registers of regulated entities.
https://registers.centralbank.ie
Verified 2026-06-24
Regulator-issued
Bank of Lithuania — Public register of supervised financial market participants (EMI / PI counts).
https://www.lb.lt/en/fs-electronic-money-institutions
Verified 2026-06-24
Regulator-issued
CSSF — Public registers of EMIs / PIs / AISPs incorporated under Luxembourg law.
https://www.cssf.lu/en/Document/list-of-electronic-money-institutions-incorporated-under-luxembourg-law/
Verified 2026-06-24
Regulator-issued
MFSA — Financial services register.
https://www.mfsa.mt/financial-services-register/
Verified 2026-06-24
Regulator-issued
CySEC — Public registers and lists.
https://www.cysec.gov.cy/en-GB/entities/
Verified 2026-06-24
Regulator-issued
CySEC — Public announcements; CASP authorisation grants clearing the pre-deadline application backlog (mid-2026).
https://www.cysec.gov.cy/en-GB/public-info/announcements/
Verified 2026-06-24
Practitioner experience
finconduit engagement-derived observation across active client engagements and aggregated public NCA / EBA statements; tier-archetype framing per finconduit's published constraint of not naming specific banks, EMIs, or qualified custodians.
Verified 2026-06-24
Regulator-issued
Aggregated public NCA statements on de-risking and supervisory expectations, treated at category level rather than naming the individual NCA letter for tracker brevity. Verify in the relevant NCA communication page.
Verified 2026-06-24
Regulator-issued
BaFin — Administrative measures database against supervised institutions. Pattern follows the first-ever MiCA enforcement action (Ethena GmbH, 2025).
https://www.bafin.de/EN/PublikationenDaten/Datenbanken/Massnahmendatenbank/Massnahmendatenbank_node_en.html
Verified 2026-06-24
Regulator-issued
ESMA — Annual work programme and pipeline of RTS / Q&A publications, including MiCA market-abuse detection RTS for trading platforms.
https://www.esma.europa.eu/about-esma/governance/work-programme
Verified 2026-06-24
Regulator-issued
European Commission — high-risk third-countries list under Delegated Regulation (EU) 2016/1675, as amended (Delegated Regs 2026/46 and 2026/83, effective 29 January 2026; total 35 jurisdictions).
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R1675
Verified 2026-06-24
Primary statute
Regulation (EU) 2023/1114 (MiCA) Article 143 — transitional provisions / grandfathering. 18-month window: 30 December 2024 → 1 July 2026 (hard outer boundary, no extension per ESMA 17 April 2026).
https://eur-lex.europa.eu/eli/reg/2023/1114/oj
Verified 2026-06-24
Primary statute
Regulation (EU) 2024/1624 (AMLR) — Single AML/CFT Rulebook, applicable 10 July 2027. AMLA operational 1 July 2025; first RTS deadline 10 July 2026.
https://eur-lex.europa.eu/eli/reg/2024/1624/oj
Verified 2026-06-24
Regulator-issued
PSD3 / PSR legislative status: COREPER endorsement 22 April 2026; ECON committee + Parliament plenary votes held; OJ publication anticipated late Q2 / summer 2026 (may slip to September). PSR applies 20 days post-OJ; PSD3 18-month transposition; EMD2 collapses into the PI regime.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=PI_COM:Ares(2023)4083072
Verified 2026-06-24

For orientation only — not financial, legal, regulatory, or investment advice. Outputs are directional and based on generalised inputs. Decisions should be taken only after consultation with a qualified adviser on your specific facts — book the full assessment before acting on anything you read here.

Numbers shown exclude finconduit fees and any third-party costs (legal, audit, regulator-mandated experts, banking-relationship fees, document-translation, ongoing supervisory levies, or local agent / service-provider charges). Real-world authorisation budgets typically exceed the headline regulator-side numbers by a meaningful multiple.