KYC automation under MiCA: how we operationalised it at Bitvavo
In December 2024, the EU's Markets in Crypto-Assets Regulation came into full effect. MiCA is the first unified regulatory framework for crypto-asset service providers across all 27 member states. It sets binding rules on how firms verify customer identities, monitor transactions continuously, and document every compliance decision. Every CASP serving customers in Europe needs a licence. The transitional period ends July 1, 2026 for most member states.
The Netherlands moved faster than most. Dutch CASPs had to comply by June 2025. Bitvavo, the largest EUR spot exchange in the world, was one of the first in Europe to receive its full CASP licence from the AFM. We built the KYC automation infrastructure that runs underneath it.
What KYC automation looks like under MiCA
The licensing requirements get most of the attention. Capital thresholds, governance structures, authorisation procedures. That documentation matters.
The day-to-day operational reality of MiCA lives somewhere else. It lives in the volume of customer verifications that need to happen at onboarding. In the continuous re-screening of existing customers as risk profiles change. In the sanctions list checks, the PEP screenings, the source of funds assessments for high-value accounts. And in the five-year audit trail that sits behind every single compliance decision, retrievable on demand by a regulator.
For a crypto platform with tens of thousands of customers, that workload does not fit inside a compliance team. It fits inside a system.
How Bitvavo handles 30,000 cases a month
Bitvavo was processing 30,000 customer cases every month across six languages. The support team was good at their work. The problem was that the exchange kept growing across Europe, the volume kept growing with it, and there is a ceiling to how fast you can hire and train people in a regulated environment.
The conversation we kept having was not about automation as a concept. It was about what specifically breaks when a compliance team runs at capacity during a market event and onboarding queues back up. Customers who cannot get verified do not wait.
Vavo, the digital employee we deployed together, handles customer interactions as the first point of contact. Identity verification, document extraction, database cross-referencing, and audit trail generation, all integrated directly with Bitvavo's existing systems including Zendesk. Twelve FTE freed. The volume kept growing. The headcount did not.
"Vavo became one of our most valuable team members, resulting in faster and more accurate responses 24/7, happier customers, and a support team that finally has time to focus on what matters." COO, Bitvavo
Why the audit trail is the compliance product
MiCA makes one thing explicit that is easy to underestimate. Compliance is not just about doing the right thing. It is about being able to prove it, five years later, to a regulator who was not in the room.
Every check needs a timestamp. Every escalation needs a record. Every document that went through the system needs a log of what was extracted, what was validated, and what decision followed. Not as a reporting layer added afterwards. As the way the process runs from the start.
Financial institutions running manual KYC typically spend between 6 and 12 euros per verification. That covers analyst time, tooling, quality checks, and rework when documents come in incomplete. At the volume MiCA's continuous monitoring requirements create, re-screening existing customers on top of new onboarding, that cost compounds in ways that are difficult to forecast until you are already inside them.
What happens when the deadline arrives
For CASPs in France, Malta, Luxembourg, and other member states that chose the full 18-month transition period, three months remain. Licence applications take time. National regulators across Europe are stretched. Firms that leave this to June will find a backlog.
Getting a licence and having an operation that can sustain compliance at scale are two different things. The firms in the best position right now have already answered two questions. How does your verification process handle a volume spike without a proportional cost spike? And what does your audit trail look like if a regulator requests five years of decisions next quarter?
We have built this in production with one of Europe's leading crypto platforms. If you are working through the operational side of MiCA compliance, we are happy to share what the process looked like.
Explore more workforce insights
Read how enterprises across industries deploy digital employees to transform operations.
FAQ
Common questions about AI agents, automation, and enterprise deployment answered.
AI agents handle repetitive workflows continuously without fatigue or error, eliminating the need for proportional headcount increases. Enterprises using Freeday reduce contact center costs by up to 92% while maintaining industry-leading CSAT scores. The agents process one million monthly calls with consistency that human teams cannot match, handling customer service inquiries, KYC verification, accounts payable processing, and healthcare intake simultaneously across voice, chat, and email channels.
Any workflow that follows consistent rules and doesn't require complex human judgment can be automated. This includes customer service inquiries, KYC verification, accounts payable processing, patient intake, appointment scheduling, booking modifications, returns management, and insurance verification. The platform connects to over 100 business applications including Salesforce, SAP, and Epic, enabling agents to access the systems your organization already uses.
Freeday maintains ISO 27001 certification with full GDPR and CCPA compliance built into the platform foundation. Security and governance requirements are not afterthoughts but core architectural principles. Your customer data and business processes receive protection that matches the sensitivity of the information involved, with enterprise-grade controls for organization-wide AI deployment.
Performance Intelligence tracks conversation metrics and auto-scores CSAT in real time, detecting issues before escalation becomes necessary. The system provides visibility into what agents are doing, why they're making decisions, and whether they're complying with regulations. This eliminates manual reporting that consumes time and introduces errors.
Freeday's architecture supports any AI model, protecting your investment as technology evolves. You're not locked into a single vendor's approach and can experiment with different models to choose what works best for your specific workflows. This flexibility ensures your platform remains current as the AI landscape changes.
Ready to learn more?
Reach out to our team to discuss your specific needs.