MiCA, SO-FIT & AMLA: Crypto Payment Compliance for European and Swiss Merchants
Regulation around crypto payments has matured significantly. For merchants in the EU and Switzerland, that is good news β it means accepting crypto now comes with a clear legal framework, predictable obligations, and a path to full compliance. The less welcome news is that navigating two overlapping but distinct regulatory regimes β the EU's MiCA and Switzerland's AMLA/GwG under SO-FIT supervision β requires some groundwork.
The practical shortcut for most merchants: choose a payment gateway that carries the regulatory burden for you.
This article explains what each framework requires, what it means in practice for merchants, and what to look for when evaluating a compliant provider.
What MiCA Means for Merchants Accepting Crypto Payments
MiCA β the Markets in Crypto-Assets Regulation β is the EU's unified legal framework for crypto-asset services. It entered into force in June 2023, with the provisions covering crypto-asset service providers (CASPs) fully applicable from December 2024.
MiCA applies directly to entities that provide crypto-asset services as a business activity in the EU β exchanges, custodians, and payment processors are the primary categories. For a merchant based in Germany, France, or the Netherlands who simply wants to accept crypto at checkout, MiCA does not require you to obtain your own CASP authorisation. What it does require is that any intermediary you use to process those payments is itself authorised under MiCA.
Article 71 of MiCA sets out the authorisation obligation for CASPs: providers must be authorised by the competent authority in their home EU member state and may then passport that authorisation across all member states. An unauthorised provider operating in the EU is in breach of MiCA. If you route payments through one, you inherit reputational and β depending on jurisdiction β potential legal exposure.
For merchants, the practical implication is straightforward: verify that your crypto payment gateway holds a valid MiCA authorisation (or is operating under a grandfathering arrangement during the transition period). If it does, you are using a supervised service. You do not need a separate crypto licence to accept payments.
A further practical point: MiCA-authorised CASPs are required to hold adequate capital, maintain custody standards, and apply anti-money laundering controls aligned with the EU's AMLD framework. That means the due diligence work is largely done at the gateway level.
The Swiss Framework: SO-FIT Supervision and AMLA/GwG
Switzerland operates its own financial regulatory regime, which is rigorous, internationally recognised, and separate from MiCA. Swiss crypto payment providers are not subject to MiCA by default β but they are subject to the Anti-Money Laundering Act (known in German as the GeldwΓ€schereigesetz, or GwG), which implements FATF recommendations including the Travel Rule β which applies to all crypto transfers in Switzerland with no minimum threshold.
Compliance with AMLA/GwG in Switzerland is enforced through self-regulatory organisations (SROs) recognised by FINMA. For fintech and payment service providers, the relevant body is SO-FIT β the Self-Regulatory Organisation for FinTech. SO-FIT membership is mandatory for Swiss-based crypto service providers that handle funds on behalf of clients. It requires verified AML/KYC programmes, ongoing transaction monitoring, and regular audits.
SO-FIT supervision also means FATF Travel Rule compliance: when a crypto transfer is made, the sending and receiving institutions must exchange originator and beneficiary information above the threshold. This is the crypto equivalent of the correspondent banking rules that banks have followed for decades.
For Swiss merchants, the same principle applies as in the EU: if your payment gateway is SO-FIT supervised and AMLA-compliant, you are transacting through a regulated financial intermediary. You do not carry the AML obligation yourself β the gateway does.
Switzerland's framework is aligned in spirit with MiCA on key points β customer due diligence, Travel Rule, prohibition of unhosted wallets for certain transfers β but it remains a distinct regime. A payment provider that holds only EU MiCA authorisation is not automatically supervised in Switzerland, and vice versa. For merchants operating across both markets, dual compliance matters.
What to Look for in a Compliant Crypto Payment Provider
Choosing a regulated provider is the most consequential compliance decision a merchant makes. Here is what the supervision frameworks actually require, translated into provider selection criteria.
Regulatory standing. The provider should be able to demonstrate SO-FIT membership (for Switzerland) and MiCA authorisation or equivalent supervised status (for EU). Ask for registration numbers. These are verifiable with FINMA and the relevant EU national competent authority.
KYC and AML programme. A compliant gateway runs identity verification on the sender side, applies transaction monitoring, and screens against sanctions lists β including OFAC, EU consolidated list, SECO, and UN. Merchants should not need to run their own crypto AML controls; the gateway handles this.
Travel Rule compliance. Every crypto transfer requires originator and beneficiary data to travel with it β the Travel Rule applies from the first franc or euro in both Switzerland and the EU (no minimum threshold for crypto). The provider must handle this data exchange automatically. This is a legal requirement, not an optional feature.
Settlement in euros. A regulated gateway settles in conventional currency, removing price fluctuation risk from your books entirely. You receive a fixed euro amount regardless of crypto market movements between payment initiation and settlement.
Transparent fee structure. Regulated providers operate under conduct obligations that require fee transparency. If a provider's pricing is opaque, that is a signal about its overall compliance posture.
WickiePay is SO-FIT supervised under AMLA/GwG and built for MiCA-ready operation across EU and Swiss markets. Merchants using WickiePay settle in euros, with no crypto price fluctuation exposure, and operate entirely within a supervised payment framework. The compliance infrastructure is ours to maintain β not yours.
Frequently Asked Questions
Do I need a crypto licence as a merchant to accept crypto payments?
No. Merchants accepting crypto payments as a form of payment β rather than providing crypto-asset services themselves β do not require a CASP authorisation under MiCA or a financial intermediary licence under AMLA/GwG. The obligation to hold a licence sits with the payment service provider processing the transaction on your behalf. Using a regulated gateway like WickiePay means the regulated entity in the chain is your provider, not you.
What is the difference between MiCA authorisation and SO-FIT membership?
MiCA authorisation is granted by an EU member state's competent authority and permits a CASP to provide services across the EU under a single licence. SO-FIT membership is granted by Switzerland's self-regulatory organisation under FINMA oversight and covers operations in the Swiss market under AMLA/GwG. They are parallel frameworks for parallel jurisdictions. A provider operating in both markets β as WickiePay does β must comply with both.
What does the FATF Travel Rule mean for my payments?
The Travel Rule, implemented in Switzerland under AMLA/GwG and in the EU under the Transfer of Funds Regulation (TFR), requires that identity information about the sender and recipient travels with a crypto transfer above the applicable threshold. In practice, this happens at the infrastructure level between your payment gateway and the counterpart institution. As a merchant, you do not need to implement Travel Rule compliance yourself β your regulated gateway handles it. What matters is that you use a gateway that actually does.
Ready to accept crypto payments within a fully regulated framework? Contact WickiePay to discuss onboarding for your business.
Ready to Accept Crypto Payments?
Get started with a regulated payment gateway in under 48 hours.
Get Started