Italy Brings MiCA Into Force as SEC Crypto Enforcement Hits Record $4.7 Billion

Two of the world’s most significant crypto regulatory developments converge this week. On September 14, 2024, Italy’s Legislative Decree No. 129 officially enters into force, transposing the European Union’s Markets in Crypto-Assets Regulation (MiCA) into Italian national law and fundamentally reshaping how crypto-asset service providers operate in one of Europe’s largest economies. Meanwhile, across the Atlantic, the United States Securities and Exchange Commission has secured a record $4.7 billion in crypto-related enforcement actions in 2024 — a staggering 3,018% increase from the previous year — signaling that regulators on both sides of the ocean are tightening their grip on the digital asset industry.

TL;DR

• Italy’s Legislative Decree No. 129 entered into force on September 14, 2024, implementing the EU’s MiCA Regulation into Italian law
• Italian regulators CONSOB and the Bank of Italy gain sweeping supervisory and investigative powers over crypto-asset service providers
• Existing Italian virtual asset service providers (VASPs) face a compressed 12-month transition period to comply with stricter MiCA standards
• The SEC has collected $4.7 billion in crypto enforcement actions in 2024, driven primarily by the $4.47 billion Terraform Labs settlement
• Despite fewer enforcement actions (33 in 2024 vs. 47 in 2023), the SEC’s monetary recoveries surged over 3,000%

Italy’s MiCA Decree: A New Era for European Crypto Regulation

Italy has taken a decisive step in the European Union’s coordinated approach to crypto regulation. Legislative Decree No. 129, signed on September 5 and published in the Official Gazette on September 13, 2024, formally entered into force the following day. The decree adapts Italy’s national legislation to the provisions of Regulation (EU) 2023/1114 — the landmark MiCA framework — which establishes the first comprehensive regulatory regime for crypto-assets across the European Union.

The decree designates two primary supervisory authorities: CONSOB, Italy’s securities regulator, and the Bank of Italy. CONSOB assumes responsibility for receiving notifications of white papers related to the public offering and admission to trading of crypto-assets other than asset-referenced tokens (ARTs) and e-money tokens (EMTs). It also gains the power to authorize crypto-asset service providers (CASPs) after consultation with the Bank of Italy, and exercises supervisory powers over transparency, market integrity, and investor protection in the crypto sector.

The Bank of Italy, meanwhile, oversees aspects related to financial stability, prudential supervision, and the regulation of asset-referenced and e-money tokens — the two categories of stablecoins addressed by MiCA.

From VASPs to CASPs: A Steep Compliance Climb

The transition from Italy’s existing virtual asset service provider (VASP) framework to the new MiCA-aligned CASP regime represents a significant upgrade in regulatory standards. Under the previous system, VASPs operated under a relatively light-touch regime based on a registration procedure with the Organismo Agenti e Mediatori (OAM) that typically took just 15 days to complete.

The new CASP requirements are substantially more demanding. CASPs must be established as joint stock companies, partnerships limited by shares, limited liability companies, or cooperative companies. Members of a CASP’s management body must satisfy the same fit-and-proper requirements applicable to Italian bank executives. Shareholders holding qualifying stakes face the same good standing, honorability, and competency requirements as those applicable to investment firm shareholders. CASPs are also required to prepare financial statements in compliance with IAS/IFRS standards, appoint external auditors consistent with rules for other regulated financial institutions, and comply with Italian whistleblowing regulations.

Notably, the decree introduces a mandatory asset segregation regime. Crypto-assets and funds held by CASPs on behalf of customers are segregated by law from all other assets of the provider and cannot be subject to enforcement actions by the CASP’s creditors. CASPs are explicitly prohibited from using customer crypto-assets and funds for their own account — a safeguard directly responsive to the failures that plagued platforms like FTX.

A Compressed Transition Period

Under MiCA’s Article 143, Member States had the option to allow existing crypto service providers to continue operating until July 1, 2026. However, aligning with recommendations from the European Securities and Markets Authority (ESMA), Italy chose to exercise its right to shorten the transitional period.

VASPs duly registered in Italy’s OAM register as of December 27, 2024, may continue operating until June 30, 2025. Those that apply for CASP authorization — either in Italy or another EU Member State — by June 30, 2025, may continue operating pending the issuance or rejection of their application, but in any case no later than December 30, 2025. Providers that do not intend to pursue CASP authorization must cease Italian operations by June 30, 2025, terminate existing contracts, and return customer assets.

The compressed timeline reflects a broader European regulatory philosophy: the crypto industry has had enough time to prepare, and the transition to proper financial regulation is non-negotiable.

SEC’s Record-Breaking Enforcement Year

While Europe builds its regulatory framework, the United States continues to rely heavily on enforcement as its primary regulatory tool for crypto. According to a report from Social Capital Markets published in September 2024, the SEC secured approximately $4.7 billion in crypto-related enforcement actions during the year — a 3,018% increase from the $150.3 million in fines collected in 2023.

The overwhelming majority of that figure comes from a single case: the SEC’s landmark $4.47 billion settlement with Terraform Labs and its former CEO Do Kwon, finalized in June 2024. That case stemmed from the collapse of the Terra ecosystem in May 2022, which wiped out approximately $40 billion in investor value. The settlement included disgorgement, prejudgment interest, and civil penalties, and represented the largest enforcement action in the SEC’s history related to crypto assets.

What makes the 2024 figures particularly notable is the contrast in enforcement volume. The SEC brought just 33 cryptocurrency-related enforcement actions in 2024, a 30% decrease from the 47 actions filed in 2023. However, the monetary impact of those fewer actions was dramatically larger. According to Cornerstone Research, half of the SEC’s crypto enforcement actions in 2024 were concentrated in September and October, suggesting an end-of-fiscal-year push typical of the agency’s enforcement calendar.

First Enforcement Actions Against Relationship Investment Scams

In the same week as Italy’s MiCA implementation, the SEC announced its first-ever enforcement actions against relationship investment scams involving crypto assets. On September 17, the Commission charged five entities and three individuals in connection with two schemes — NanoBit and CoinW6 — that used WhatsApp, LinkedIn, and Instagram to lure investors to fake crypto trading platforms.

In the NanoBit case, scheme participants impersonated financial industry professionals in WhatsApp groups, falsely claiming the platform’s affiliate was an SEC-registered broker. Investors’ funds — more than $2 million — were wired to Hong Kong bank accounts. In the CoinW6 scheme, fraudsters posed as wealthy young professionals on LinkedIn and Instagram, pursued romantic relationships over WhatsApp, and convinced victims to open accounts on a fake platform that displayed fictitious investment returns of up to 3% per day.

“Relationship investment scams, including those involving crypto asset investments, pose a risk of catastrophic harm to retail investors,” said Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. The SEC collaborated with the CFTC, FINRA, and NASAA to issue an investor alert about these emerging threats.

Two Continents, Two Approaches

The contrast between the European and American regulatory trajectories is stark. The EU has chosen the legislative path — building comprehensive frameworks like MiCA that establish clear rules of the road for crypto businesses. Italy’s implementation of MiCA, complete with designated supervisory authorities, transition timelines, and specific compliance requirements, exemplifies this structured approach.

The United States, lacking a comprehensive crypto-specific legislative framework, continues to rely on existing securities laws applied through enforcement actions. The result is a regulatory environment characterized by uncertainty for compliant businesses and increasingly severe penalties for bad actors.

For crypto businesses operating globally, the message from September 2024 is clear: regulatory scrutiny is intensifying regardless of jurisdiction. In Europe, the rules are being written and enforced proactively. In the United States, the rules are being defined through courtrooms and settlement agreements. In both cases, the era of regulatory ambiguity is drawing to a close.

Why This Matters

The simultaneous developments in Italy and the United States represent a watershed moment for crypto regulation. Italy’s MiCA decree creates a concrete, enforceable framework that crypto businesses must comply with — complete with asset segregation, governance standards, and supervisory oversight on par with traditional financial institutions. The SEC’s record $4.7 billion in enforcement penalties demonstrates that even without bespoke crypto legislation, US regulators possess enormous punitive power. Together, these developments signal that the global crypto industry is entering its regulated era, and firms that fail to adapt — whether in Milan or Miami — face existential consequences.

Disclaimer: This article is for informational purposes only and does not constitute financial, legal, or investment advice. The regulatory landscape for digital assets is evolving rapidly. Readers should consult qualified legal and financial professionals for guidance specific to their circumstances. Past enforcement actions and regulatory changes do not predict future outcomes.