LiFCP – Envis Begaj & Johannes de Jong
Voice-over: Welcome to the Leaders in Finance Compliance Podcast. We talk with experts, advisors and business leaders about navigating risk and compliance challenges within the financial sector, because the straight and narrow path doesn’t come with GPS.
We’d like to thank our partners Deloitte, Rabobank, Cense, Kayak and Osborne Clark. Your host is Jeroen Broekema.
Jeroen: Welcome listeners to a new episode of the Leaders in Finance Compliance Podcast. I am very, very happy that you are listening. Today, once again, I have a very interesting programme with two guests.
I will introduce them now, and they will also introduce themselves in a moment. To start off, we have Envis Begaj, Head of Compliance at Bitvavo. Secondly, we have Johannes de Jong, Co-Managing Partner Netherlands at Osborne Clark. He is also the Financial Regulatory Practice Lead there.
Welcome to you both. Thank you. Great to have you on the podcast. As I said, I would love for you to elaborate a little bit more on yourselves and on the work you do. So maybe, Envis, you could start.
Envis: Thank you, Jeroen. I’m Envis Begaj, Head of Compliance at Bitvavo. Bitvavo is one of the largest euro spot crypto exchanges in Europe, with nearly two million users. We are headquartered in the Netherlands and licensed under MiCA by the Dutch regulator, the AFM. I lead a team of 30 people focused on the design and implementation of compliance requirements, as well as the day-to-day management of compliance and financial crime risks, to ensure that Bitvavo operates safely, ethically and in line with supervisory expectations.
Jeroen: That’s great, and that’s quite a big team to manage, right?
Envis: Indeed. And of course, that is also in light of expectations under MiCA, but also expectations from Bitvavo’s perspective as one of the leaders in the crypto industry in the Benelux region.
Jeroen: Absolutely. And Johannes, you’re back on the podcast. You’ve been here before, so I’m very happy to have you again. But for those who haven’t listened to an episode with you before, maybe you could briefly introduce yourself as well.
Johannes: Thank you, Jeroen. Yes, it’s good to be back, although this time digitally. I’m Johannes de Jong, partner at Osborne Clark for close to ten years now. Before that, I worked at the AFM, the Dutch regulator, which is obviously a key regulator when it comes to MiCA. Before that, I was at Allen & Overy. So I’ve been in the field of financial supervision for close to twenty years.
These days, my work mainly focuses on crypto asset service providers, although I still work a lot with banks as well. The interesting thing is that banks and crypto service providers increasingly need each other, and the two worlds are becoming more and more integrated. For me, it feels like we’re almost coming full circle.
Jeroen: Wonderful. So today we’re going to talk about everything crypto, everything crypto and regulation-related, and also about supervisors. Before we dive into that, people know that I usually like to have personal conversations as well, although today we’re mainly focusing on some very serious topics. Still, maybe you could share one thing about yourself that most people are probably not aware of, or something else you’d like to share.
Envis: Absolutely. I come from a traditional finance regulatory background, having worked under MiFID and banking regimes in the past, both in Europe and in Canada. I’ve always been fascinated by the novelty and agility of crypto. So back in 2023, when MiCA was being finalised, I took the opportunity to be one of the pioneers in building best practices for compliance and market integrity standards in this new industry, and to implement them effectively at one of the largest crypto exchanges, like Bitvavo.
Jeroen: I’m not sure that’s super personal. I thought you were going to say you were one of the people who bought the first Bitcoin or Ethereum or something like that. Did you ever buy crypto, and if so, when did you buy your first crypto asset?
Envis: To be honest, I made my first crypto purchases when I joined Bitvavo. That’s when I understood that, contrary to some traditional perceptions, crypto can be very safe, very secure and very reliable. That was after I joined Bitvavo, back in 2023.
Jeroen: Wonderful. Johannes?
Johannes: The question I get a lot, and it’s very much along the lines of Envis’ answer, is whether I personally invest in crypto assets. The answer is no, I currently have zero. I did have a very small portfolio about seven or eight years ago. I think it was worth around 4,000 euros, consisting of Bitcoin and Ether.
At the time, it was held at Kraken, and I almost had to programme my own API interface just to be able to buy, because their interface was horrible. Then they went offline completely, a full blackout for months, and I thought, okay, this is gone. But they eventually came back, and I liquidated my portfolio.
Since then, I haven’t touched crypto again. I still struggle a bit with the concept of cryptocurrencies. Obviously, they’re here to stay and they have value, but I struggle much less with stablecoins, which I see as a completely different product and not something to speculate with, given their stable value. Cryptocurrencies themselves are not part of my portfolio today, and only were for a very limited period of time in the past.
Jeroen: That’s great, thank you. And Envis, are you a big crypto fan? You probably must be, given your employer. Or do you also have some reservations, like Johannes just mentioned?
Envis: Well, in my opinion, that depends on where you are doing your investments. I think that now, with MiCA, it will become easier for users to assess which companies are MiCA-licensed, how reliable those companies are, and how safe their assets are with them. I think that is the first rule for everyone who wants to invest in crypto. People should always, in a certain way, assess who the company is where they are doing their crypto business, and whether it is licensed and supervised by a regulator in Europe, and of course supervised by one of the most reliable and strict regulators in Europe, like the AFM. That also helps users make this kind of assessment.
Jeroen: I would love to learn more about where we stand with laws and regulations when it comes to crypto. Your assignment for today is to help me with that, but also to be very clear and not use too many abbreviations. Make sure you explain what the different abbreviations mean. First of all, is it MiCAR or MiCA? Because that seems to have changed over time in day-to-day conversations. Johannes?
Johannes: Yes, that’s a very, very good question, Jeroen. I still think that the battle around MiCA versus MiCAR hasn’t completely settled. I am increasingly getting outnumbered, but I prefer MiCAR, with the “R”, because that stands for regulation. As a lawyer, I want to make clear that we’re talking about a law. And the AFM is on my side, as they also use the term MiCAR. But in all honesty, ESMA uses MiCA, so it is probably a losing game, and we will likely end up with MiCA.
Jeroen: But just to be sure for people who are not aware, it stands for the Markets in Crypto-Assets Regulation. Exactly, regulation. So please help me: what are the latest developments when it comes to laws and regulations?
Johannes: MiCAR itself has been published for quite some time now and is fully in effect. There are still some elements that allow for a limited form of grandfathering, but let’s ignore those for now. We know what the services are under MiCAR, and we know what the licensing requirements are. That part is done.
I think the biggest challenge we currently face, and Envis and I discussed this just before the podcast, is the interplay between crypto asset services and payment services. That is a big topic right now and, in my view, also a bit of a design flaw. MiCA does touch on payment services, but it creates quite a lot of confusion. At the same time, the Payment Services Directive is being revised, which is partly positive, because it allows for some alignment with MiCAR and concepts we’ve learned there.
To give a bit of context for listeners who may not fully understand why this is an issue: a stablecoin is a specific type of crypto asset. It is essentially a DLT-based, blockchain-based asset that can be transferred, but it is backed by so-called reserve assets. In principle, this means one-to-one coverage.
For example, a euro-denominated stablecoin could be backed 100 percent by euros in a bank account, or by a combination such as 30 percent euros in a bank account and 70 percent treasury bills. That stablecoin can then be transferred over the blockchain, just like other cryptocurrencies or crypto assets, as we call them these days.
Because of this one-to-one backing, stablecoins have a stable value and can be used as a means of payment. That is their purpose. And once they are used as a means of payment, the question arises: if you handle them as a service provider, are you then providing a payment service? That is a very big question at the moment.
We know that certain transactions are captured both as payment transactions and as crypto asset services. This means that many regulated crypto asset service providers would also need some form of authorization to provide payment services. That is a major issue right now.
We could talk about this for a long time, but we shouldn’t. It is, however, a very big topic. The other point I want to mention, which is not public but is clearly emerging as a major theme, is the idea of centralizing supervision of crypto asset service providers in Europe. This would mean direct supervision by ESMA. If that were to happen within the next two years, it would be the fastest EU-wide single supervision regime ever introduced.
Jeroen: One follow-up before we move to Envis. Just to be very precise: is the reason this payments issue has become part of the debate mainly because of the revision of the PSD?
Johannes: Not necessarily. The main reason is that MiCA clarifies that a stablecoin qualifies as electronic money. In legal terms, this creates a presumption that if a crypto asset has the characteristics of a stablecoin, it is, by definition, electronic money.
Once it is electronic money, the Payment Services Directive and the revised Electronic Money Directive automatically come into play. On top of that, there is a recital in MiCA stating that certain crypto service providers, when offering stablecoin-related services, may also trigger payment services. And there are also several provisions in the regulation itself dealing with payment services, which, in my view, add even more complexity.
Jeroen: And why is this coming up now?
Johannes: That’s a very good point. It did come up earlier, around the end of 2024, when it was already clear this would become a problem. At that time, however, everyone was focused on obtaining their MiCA license and largely ignored the issue.
Then, in early 2025, regulators effectively woke up, and the EBA introduced an interim solution. In short, they created a grace period until 2 March 2026. Hopefully, and perhaps Envis will comment on this as well, that period will be extended, because I don’t think the market can realistically meet the 2 March deadline for obtaining payment services authorization as well.
Voice-over: This is the Leaders in Finance Compliance Podcast.
Jeroen: So Envis there are the two points Johannes is making right? First, everything around payments, and second, the potential centralisation of supervision across Europe. Are these also the two things on your mind, or are there other issues as well?
Envis: Yes, indeed. I fully agree with Johannes. He very accurately and clearly described the impact and implications of these two regulatory developments. They are certainly within the scope of the crypto industry.
That’s why, for example, with regard to the EBA opinion on the MiCA and PSD2 interplay, I would recommend that compliance professionals promptly assess whether their activities qualify as payment services under PSD2, especially given the potentially long licensing timelines at the moment. This is particularly relevant if they deal with EMTs, whether through custody of EMTs or transfer services of EMTs, meaning transfers from one crypto wallet to another.
I would also encourage compliance professionals in this industry to engage with regulators at an early stage and explore the possibility of reusing MiCA application documentation, in order to achieve a more efficient and potentially lighter regime where possible. In addition, I would advise engaging legal counsel to ensure accurate interpretation of the payment services requirements and proper benchmarking of licensing application elements.
As Jeroen mentioned earlier, we also expect and hope that, in line with the recent political agreement between the European Parliament and the Commission on PSD3 and the PSR, this approach will be reflected in supervisory practice.
Jeroen: Just to clarify, PSR, so we’re all on the same page.
Envis: PSR stands for the Payment Services Regulation, which is expected to come into force later in 2027. A few days ago, there was a political agreement between the Parliament and the Commission, aligning on a lighter regime for companies entering payment services activities and licensing in the future.
We hope that this approach will also be reflected by national regulators when crypto service providers apply for an EMI or payment services licence. That would help mitigate the risk created by the very tight timelines Johannes mentioned earlier.
On the second point, regarding supervision, I fully agree with Johannes. From a compliance perspective, we support more centralised supervision by ESMA, provided it is applied proportionately and based on clear thresholds and criteria for the crypto service providers involved. We also expect that more centralised supervision could help address some of the current challenges under MiCA, particularly differences in national implementation, which may otherwise threaten a level playing field.
Jeroen: Right. I’ll come back to the level playing field later. But one more question from a business perspective. All of this is quite complex and requires a lot of attention. We’ve already seen significant consolidation in the market, with smaller players struggling to keep up, especially with regulation. Is that trend likely to continue given everything that’s happening now?
Envis: I think it’s still very much a work in progress, largely because different national competent authorities are working with different timelines for MiCA implementation and licensing. We see that member states are at very different stages in this process. As a result, there are still unlicensed companies operating in jurisdictions where transitional periods are still in effect. That said, in other jurisdictions, such as the Netherlands, we clearly see the market becoming more consolidated.
Jeroen: Right. So where do most players stand overall? You both have insight into many different companies. Where do crypto players currently stand when it comes to regulation, in your view?
Johannes: Yeah, we assist about 20-plus MiCA applicants or parties that are doing notifications, such as banks or EMIs. So we have quite a good overview. And if you look at our client base and what we hear from them, I think we will see that a large number of what were historically VASPs, entities operating under the registration regime prior to MiCA, will not make it.
Either they simply cannot meet the MiCA threshold at all, and we saw a number of those early on, or they dissolve. We’ve already seen cases where companies have dissolved and their employees have been picked up by other MiCA applicants. So there was an initial shakeout fairly quickly.
My expectation was that this shakeout would have been bigger than it actually is. And I think that, at least in the Netherlands, this is partly because the AFM applies a fair amount of proportionality in its licensing approach.
If you look at the larger players, such as trading platforms, of which we have two in the Netherlands, including Bitvavo, you see very high scrutiny and very complex supervision already at the stage of market entry, so at licence granting.
But if you are a more plain-vanilla crypto asset service provider, for example one that only provides exchange services, essentially currency conversion for crypto assets, without safekeeping or custody, then the process is actually less complex.
That said, my expectation is that we will see another shakeout later on, because the ongoing compliance burden for these entities is really significant, in many cases more significant than under payment services or MiFID. Of course, it depends on the exact services you provide.
But I think it is fair to say that the level of compliance that firms like Bitvavo now have is easily comparable to that of banks. The big difference, obviously, is that there is no bank balance sheet to manage, which is very complex in itself. But that is more or less the only element that is missing.
If you look at the rest of the compliance framework, it is extensive: AML, sanctions, TFR and the travel rule, wallet verification, market abuse. The level of operational risk on a day-to-day basis at such an institution is very significant.
And that means that, looking ahead, I am quite confident, Jeroen, that we will see another shakeout, at least in the more serious jurisdictions. Hopefully, the rest of Europe will move towards the same level of supervision and quality that we see in the Netherlands, which would then lead to a more EU-wide shakeout.
Envis:
Indeed. And going back to Johannes’ point, another piece of regulation that clearly brings considerable compliance costs and challenges is DAC8. For our listeners, DAC8 refers to the EU Directive on Administrative Cooperation in Direct Taxation.
From 1 January 2026, crypto asset service providers will need to ensure that they collect the relevant information set out in this directive. This includes, for example, user balances, user transfers and tax-related information. All affected crypto asset service providers will then need to report this information to the tax authorities from 1 January 2027.
This regulation has been somewhat under the radar, partly because it is quite technical. However, it creates significant implementation challenges and compliance costs, because it requires, in effect, a revamp of the entire compliance infrastructure. That includes data collection, verification processes, KYC processes, collecting additional information from clients, and ensuring that all relevant information is reported in the correct format to tax authorities from 1 January 2027.
There have also been recent reports highlighting the high compliance costs that crypto asset service providers will face when implementing DAC8.
Voice-over:
You’re listening to the Leaders in Finance Compliance Podcast.
Jeroen:
Let’s be a bit clearer in terms of opinion. You’ve both described very well what’s going on, but I’d like you to add a bit more of your own view, especially when it comes to proportionality.
Is it proportional in your view? Johannes, you were very clear earlier: apart from the balance sheet, the compliance burden is more or less comparable to banks. So, first, is it proportional? And second, does it actually achieve the goals this regulation set out to achieve? These are big questions, but maybe you can reflect on them.
Johannes:
Let’s not immediately discuss the goals of MiCAR, because MiCAR has many goals. And honestly, every European policymaker I speak to seems to define those goals differently, so that’s a difficult topic.
But to add some colour on proportionality: being a professional in this field probably makes my view a bit biased. Still, I do think it is fair that the requirements are very high and strict. That inevitably makes it difficult for some smaller companies to comply, and I fully acknowledge that.
Commercially, yes, it has killed companies. Let’s be honest about that. But if I look at the maturity of the companies we’ve assisted, including large players and even US players, some of the structures we encountered were, frankly, ridiculous and highly risky.
The fact that some of the mechanisms we designed in the Netherlands for large US players are now being exported back to the US shows that serious players recognise that stepping up their compliance game actually makes sense.
There are also parts of MiCAR that overlap with other frameworks, such as DORA, the Digital Operational Resilience Act. Everyone says they have a great tech stack, proven technology, and that they’ve never been hacked. But once the DORA questions come in, the flaws become visible. In all cases we’ve worked on, teams were ultimately happy, because they realised they had fixed serious weaknesses in their framework.
And that’s just the IT side. We’re not even talking yet about legal structure, for example the safekeeping of crypto assets. That was often handled on a company-by-company basis. In many cases there wasn’t even proper asset segregation. And sometimes, even with large players, it wasn’t clear under which jurisdiction you were actually trading.
That simply cannot exist in a mature market. That’s a cowboy landscape, and MiCAR is right to address that. So no, I don’t think the level of strictness under MiCAR is too high. I do think that regulators applying proportionality makes sense.
There may be some overreach in terms of the level of communication expected from crypto asset service providers towards their customers. Compared to other markets, regulators might be going a bit too far there.
Jeroen: All right, fair point. So Envis, is this the moment where you’re going to disagree with Johannes, or not?
Envis: To be honest, I agree with what Johannes said. There is no doubt that the intention and goals of MiCAR are fair. However, there is room for more proportionality in how the regulation is applied.
I also agree that there is a level of complexity and, in some areas, overreach, especially when it comes to Level 2 and Level 3 regulatory acts. These increase both the compliance burden and the implementation effort, including for the types of crypto asset service providers Johannes mentioned.
Coming from a traditional finance and MiFID II background myself, this is different from my previous MiFID II experience, where I did not encounter this same level of overreach compared to what we see under the MiCAR licensing and implementation regime.
Jeroen: I’m quite surprised. I expected more disagreement on proportionality. That brings us to the relationship with supervisors.
And I deliberately say supervisors, in the plural, across Europe. As you mentioned earlier, Envis, there is significant differentiation in terms of expertise and also in terms of where different member states are in the process. So how is that relationship in practice, given that you operate in multiple jurisdictions?
Envis: Yes, indeed. We operate in multiple jurisdictions, but one of the benefits of being MiCAR-licensed is that supervision is centred around the national competent authority, with the ability to passport the licence into other jurisdictions. That means we primarily worked with the AFM during the licensing process and afterwards.
Overall, that experience has been positive and constructive. I would highlight the regulator’s genuine interest in understanding how the industry operates, which has helped foster productive and transparent dialogue between the regulator and crypto industry participants. While there is no denying the workload associated with the volume of information required and the strict supervisory expectations, it is also fair to acknowledge the clarity and openness shown by the AFM in our case at Bitvavo, which made the process more efficient given the circumstances.
The licensing process was ultimately mutually beneficial, as both sides were able to exchange relevant insights. Dutch regulators are traditionally known for high standards, and as a result, being MiCAR-licensed in the Netherlands means you are well prepared to operate across the rest of the EU.
Jeroen: That sounds positive. There’s good communication, albeit with a heavy workload, but clarity and a high supervisory standard. As you say, that means you’re ready for other jurisdictions that may not yet be at the same level.
But I can imagine that it must also be frustrating if competitors can passport their licence from jurisdictions that are lagging behind. You mentioned the level playing field earlier. Is that something you’re concerned or even annoyed about?
Envis: Yes, that is one of the challenges we are currently experiencing with MiCAR implementation. As mentioned earlier, different regulators are working with different implementation timelines. Ensuring a truly level playing field under MiCAR, with harmonised approaches not only to licensing but also to ongoing supervision, remains a challenge.
We are actively engaged on this topic through industry associations and in discussions with regulators, with the aim of supporting a common approach that ensures fair competition and, importantly, protects clients’ interests.
Jeroen: Any thoughts, Johannes?
Johannes: I understand Envis’ perspective, but I have also seen clients become genuinely frustrated with the level of scrutiny applied. And perhaps Envis is being polite, which I understand. I have seen cases where the depth of supervision almost killed businesses commercially.
It’s always a balancing act between maintaining a solid market entry process through licensing and avoiding commercial destruction. We have seen entire sectors effectively disappear under previous regimes. In the investment funds market, that happened. In the investment firm market, it happened as well, apart from some exceptions driven by Brexit-related dynamics.
That has not happened under MiCAR, at least not to the same extent, although at certain moments it came close. There were edge cases, particularly around disclosures and fee transparency, where it was tested how far regulators could go.
Jeroen: In simple terms, Johannes, is this gold plating by the Dutch authorities, or is something else going on?
Johannes: Yes, there is gold plating. It’s a combination of gold plating and, at times, insufficient expertise, which creates uncertainty and complexity. Where the AFM has mandates to develop policy rules, we see elements of gold plating. In areas where guidance is lacking, there is sometimes uncertainty about how to proceed.
That said, the creation of a specialised MiCAR team at the AFM has made a real difference. It has been close at times, but overall it worked out well, which I think is positive for the Dutch market. Strong local supervision is preferable, because otherwise Dutch customers will simply take their business abroad.
Jeroen: You both have very busy schedules, so I’ll allow myself just a few more questions. I could easily continue for hours, but there are a couple of things I really want to cover.
In the past, we often talked about traditional finance on the one hand, and crypto on the other. We’ve seen similar dynamics with fintech and payments, where outsiders grew into major players and eventually became part of what we now consider traditional finance.
Do you see a similar convergence happening with crypto? Is crypto merging with traditional finance in your view?
Envis: I think that with the introduction of MiCA, crypto and traditional finance are no longer two separate worlds. Both industries are growing together and complementing each other. We now see traditional finance companies, such as banks and investment firms, being able to carry out MiCA activities.
But also the other way around, we see crypto companies becoming more engaged in payment services and increasingly involved in MiFID II–type activities. One of the relevant topics here is the tokenisation of products, because that offers a number of advantages, such as 24-hour settlement, reliability and security. And in the end, that is clearly to the benefit of users and client protection.
Johannes: I completely agree with Envis. I am also a big believer in tokenisation. And what I mean by tokenisation is essentially this: if blockchain-related technology can provide a faster, better or cheaper alternative to an existing structure in traditional finance, then tokenisation makes sense.
We increasingly see that this is the case. For example, we talked about stablecoins. If stablecoins can be traded on a blockchain, you can then start looking at other assets on the blockchain and execute transactions entirely within that environment. Those are the elements that, in my view, will shape the future.
I think tokenisation will be a big deal. At the same time, I think that MiCA itself, and crypto asset service providers as we know them today, will ultimately not play such a big role. That’s my assumption.
If you look at stablecoins, for me that is purely about payments. In my view, it has very little to do with MiCA. It shouldn’t really sit there. Stablecoins will be widely adopted and become part of the broader financial system. Everyone will be transacting in stablecoins.
Cryptocurrencies themselves will remain an asset class. You may or may not access that asset class through a dedicated crypto asset service provider, or you may do it yourself. That’s how I see it.
Then there are asset-referenced tokens, the niche product created under MiCA. At the moment, we basically have none in the EU. I think that part needs to be restructured to make it more attractive. If that happens, it could create an additional asset class on the blockchain and fill a gap. Overall, I expect everything to grow more towards each other and become more integrated.
I also think that the role of large crypto asset service providers, as we know them today, will become more niche over time, while many of the elements they introduced will be adopted more broadly.
Jeroen: If you want to respond briefly, Envis, please do. Otherwise, I’ll move on to the second of my final three questions.
Envis: Very briefly, just to add that MiCA was one of the first regulatory frameworks to explicitly regulate and include stablecoins. What we see now is that other jurisdictions, such as the US, Hong Kong and Singapore, are adopting regulatory approaches that are more flexible and more innovation-oriented.
Compared to MiCA and the broader European regulatory framework, these jurisdictions are applying stablecoin requirements in a more flexible way. That is something European regulators should consider carefully, to ensure that regulation does not become a blocker for the stablecoin industry and that Europe maintains its competitive position.
Jeroen: So if you had a lot of money to spend on lobbying, and you could lobby one thing towards regulators or lawmakers, whether in the Netherlands or at the European level, what would you want to change, or prevent from coming into force? Preferably one main point.
Envis: Based on our experience with MiCA implementation so far, one of the key issues is the significant differences between member states. These differences create opportunities for regulatory arbitrage, which can be exploited to the detriment of client protection and financial stability.
They also create a competitive disadvantage for Europe’s strong, homegrown crypto industry compared to third-country firms that are subject to less stringent rules. From our perspective, as one of the largest euro-denominated exchanges and being based in the Netherlands, we would strongly support a true regulatory level playing field.
That means a framework that supports competitiveness and innovation, while also ensuring stability and safety. In particular, we would support policies that recognise the benefits of MiCA-protected order execution, create a level playing field around custodial operations, promote a common approach to the travel rule and white paper requirements, and streamline European payments licensing and supervision.
There isn’t just one single topic on the wish list. It’s a combination of issues that currently create complexity. But we hope that through cooperation, we can arrive at a better outcome for the European crypto framework as a whole.
Jeroen: Thank you. And Johannes, maybe in a few sentences, what would be your take on this? Where would you put your money?
Johannes: That’s a very good question. I would do pretty much one thing, and I would fully bet on tokenisation. What we really need to fix in the Netherlands is a clear legal framework that is designed one hundred percent with tokenisation in mind.
So that when you look at Europe and you want to structure something related to tokenisation, you come to the Netherlands because you get legal certainty. And that is what is currently lacking. It’s not that we have it, we don’t. It’s simply not there. There are blockers in the law.
So that’s where I would put all my money, Jeroen.
Jeroen: Very clear. Very clear. And last question from my side.
Any tips for heads of compliance, chief compliance officers? Envis, you’re one of them, but also to your peers. And Johannes, from a legal perspective, for chief compliance officers, whether in banks, crypto, or anywhere else. We always ask this question. We’ve probably done it more than 150 times by now.
Maybe you could each share one or two tips. Who wants to go first? Yes, Envis, please.
Envis: Thanks, Jeroen. My tips would be very simple. First of all, I would suggest not waiting for perfect regulatory clarity, because that may not be achievable at this stage.
Instead, engage early with your regulator, be transparent, and ensure alignment. My second piece of advice would be to invest early in governance, compliance, and both human and non-human resources. For example, ensure a strong local presence for third-country firms applying in the Netherlands, have appropriate second-line and third-line functions in place, and make sure DORA compliance is properly addressed, as this is an area with significant regulatory focus.
Finally, I would suggest not underestimating or under-resourcing MiCA compliance. What we have seen in the licensing process is that compliance is not treated as a box-ticking exercise, but rather as a transformational process that can fundamentally change a company’s business model, as Johannes mentioned earlier.
Jeroen: Wow, very clear. Johannes?
Johannes: Well, I’m not a compliance expert, and I definitely don’t have the experience that Envis has. But one thing that always strikes me is the lack of understanding of where the risks actually sit within a company.
I see this especially in the MiCA space, where many compliance professionals enter the market without prior experience with crypto assets. And if you don’t have that experience, it’s extremely difficult to assess where the real risks are.
For me, compliance as a second line is really an extension of risk management, and the two go hand in hand. So my advice would be to really invest time in deep-dive training on how the products actually work and where the risks truly sit.
Jeroen: Wonderful. And as always with these podcasts, especially when they involve specialists, it really deserves much more time. Every time you learn something new, even more questions come to mind.
So I would definitely like to invite you both back to the podcast to continue the conversation. But for now, we’ll leave it here. Johannes de Jong, Co-Managing Partner Netherlands at Osborne Clark and lead of the financial regulatory practice, thank you so much.
And Envis Begaj, Head of Compliance at Bitvavo, thank you both very much for your time.
Normally, I record these podcasts in person and hand over a small present, which is, of course, fully compliant and meets all compliance standards. This time, I’ll send it to your offices instead.
Once again, thank you for taking the time to have this interesting conversation with me.
Voice-over: You’ve been listening to the Leaders in Finance Compliance Podcast. We’d like to thank our partners Deloitte, Rabobank, Cense, Kayak and Osborne Clark.
Would you like to know more or leave us a comment? You can do so on our LinkedIn page. If you follow us there, we’ll keep you up to date with new episodes.
We’d be grateful if you could leave a review and tell others about this podcast. And don’t forget to check out the other podcasts on our channel. There’s bound to be something for you.