NorthPoint Regulatory Wire
Volume 1, Issue 2 — Week of 11 May 2026 (W19)
Curated regulatory intelligence for crypto marketing functions. Authored and signed by Jukka Blomberg. Distributed every Monday at 12:00 EET to AI Crypto CMO subscribers.
Pre-load note (internal): Draft scaffold prepared 7 May 2026. Refresh the MONDAY-MORNING REFRESH sections below before publish; the rest of the structure is publish-ready.
At a glance
| Jurisdiction | What changed | Marketing impact |
|---|---|---|
| 🇪🇺 EU / MiCA | 7 weeks until cliff. National regulators issuing migration-communication guidance | High — every migration email is now MiCA Article 88 marketing copy |
| 🇬🇧 UK / FCA | HTX High Court action precedent now being cited in second-tier promotional sweeps | High — secondary enforcement wave likely targets mid-market operators next |
| 🇺🇸 US / SEC | First post-March-2026-interpretation no-action letters appearing | Medium-High — concrete language patterns now have regulator-blessed templates |
| 🇸🇬 SG / MAS | DPT public-channel ban anniversary (3 years since the prototype rule) | Medium — useful audit moment for any team with SG-resident users |
| 🇦🇪 UAE / VARA | Marketing pre-approval queue lengthening as more campaigns enter review | Medium-High — plan UAE campaign timelines with at least a 2-3 week buffer |
🇪🇺 European Union — Markets in Crypto-Assets (MiCA)
7 weeks to cliff: migration communications now front-line MiCA marketing
The MiCA transitional period ends on 1 July 2026. We are now inside the seven-week window. National regulators across the bloc — BaFin in Germany, AMF in France, CNMV in Spain, CONSOB in Italy, FIN-FSA in Finland — are pushing parallel migration-communication guidance to authorised CASPs and putting unauthorised operators serving EU clients on notice.
The substance of the regulator commentary this week converges on a single operational point: migration emails, in-app banners, and onboarding flows are no longer “internal communications” or “service announcements”. They are MiCA-Article-88 marketing copy, and the regulator is reading them with the same lens applied to a paid acquisition campaign.
The implication for marketing functions is direct. The standard pattern — “As of 1 July 2026, you’ll need to re-verify your account to continue trading on [exchange]” — is fine on its face. The version that quietly slips into trouble looks like this: “Your funds remain safe with us. We’ve worked closely with our regulators to ensure your account continues to deliver the returns you’ve come to expect.” That is three different MiCA breaches in two sentences (capital adequacy claim without basis, regulatory implication, and performance representation). It will not be the migration emails marketing teams know are sensitive that get flagged. It will be the ones that feel like service comms.
What this means for marketing: Pull every queued migration email and re-route it through Article 88 review before deployment. Treat the migration program as a campaign, not an operational comms project. Centralise approval. Log the version that ships.
What to ship around: Don’t run a parallel acquisition campaign on the same audience as your migration program in May or June. The two messages compete, the two compliance perimeters interact, and the audit trail becomes harder to defend. Pause the acquisition program until after 1 July.
[MONDAY-MORNING REFRESH — paste any new ESMA/national-regulator statements here before publish]
Sources: ESMA — MiCA hub · ESMA Q&A on transitional periods · BaFin — crypto supervision
🇬🇧 United Kingdom — FCA financial promotions regime
HTX precedent now cited in second-wave promotional sweeps
The HTX High Court action announced in February 2026 — covered in W18 — is no longer a one-off. The FCA’s enforcement messaging this week has shifted noticeably from “this is the first action of its kind” to “this is the operating standard going forward”. That tone change matters more than it looks. The first wave of FCA crypto-promotions enforcement was binary: you were either an outright unauthorised offshore operator marketing into the UK (HTX-shaped), or you were an authorised promoter on the right side of the regime. The second wave will be greyer — mid-market operators with partial UK authorisation, content-marketing-led firms with KOL networks, app-based operators relying on app-store geo-fencing they thought was sufficient.
The mid-market is also where most of the marketing happens. A second-wave FCA action will not look like HTX. It will look like a published Final Notice naming an authorised firm or a partner KOL agency, with a fine in the low six figures, and a list of social posts as exhibits.
The mechanical question every UK-touching marketing team should be asking this week is: if our last 90 days of UK-facing promotions were filed as exhibits in a Final Notice, would each individual asset hold up? Not “did we have approvals on file” — which is necessary but not sufficient — but “does each asset, on its face, satisfy the FCA’s clear-fair-not-misleading standard, with the cooling-off and risk-warning components intact, with no claim that needs context to defend?”
What this means for marketing: Run the 90-day post-mortem this week. Pull every UK-facing promotion since 1 February 2026. For each, confirm: prominent risk warning, cooling-off mechanism preserved, no comparative-yield claim, no implied-endorsement language. Document the review, store it, version it.
What to ship around: Pause any KOL contracts in the UK that haven’t been re-papered to current FCA standards. The KOL surface is the highest-risk surface in the UK regime right now.
[MONDAY-MORNING REFRESH — check FCA Warning List additions and any newly published Final Notices]
Sources: FCA — common issues with crypto marketing · FCA Warning List · FCA — Final Notices
🇺🇸 United States — SEC & CFTC
First post-March-2026 no-action letters: the language template emerges
The most useful development in the US category this week is structural rather than enforcement-led. The first publicly available no-action letters issued since the SEC-CFTC March 2026 joint interpretation are now in the public record. They give marketing teams something they have not had since Howey was applied to crypto: regulator-blessed language patterns for what an investment-contract-free token marketing surface actually looks like.
The pattern is not surprising — it tracks the Hinman/Clayton-era playbook with sharper edges. What it adds is concrete: phrases that the SEC has now accepted, in writing, as not creating an investment contract. The opposite — phrases the SEC will not accept — was already implicit but is now explicit.
The marketing-side takeaway is two-fold. First, the audit ratchet got more specific: any phrase implying “essential managerial efforts that drive expected profits” remains a first-order risk factor, but now there are precedent-blessed alternatives that achieve much of the marketing goal without the regulatory exposure. Second, the no-action precedent makes “we used the standard language pattern” a real defence — but only if the team can document that they did, including version control on the marketing copy.
This is a meaningful upgrade for any US-facing crypto marketing team that has historically operated without a regulator-blessed reference set. It is also a step-function increase in the audit-trail expectation: if the patterns now exist, the regulator’s tolerance for teams who haven’t adopted them will compress.
What this means for marketing: Set up a US-facing copy reference library this quarter, anchored on the no-action-letter language patterns, versioned, dated, and accessible to anyone shipping copy. Treat it as your reusable copy bank, not as a one-off legal review.
What to ship around: Don’t ship a US token product page in May or June without comparing it line-by-line against the no-action-letter precedent. The shape of the sentences matters.
[MONDAY-MORNING REFRESH — link the most recent no-action letters from SEC.gov before publish]
Sources: SEC — No-action letters · A&O Shearman — SEC interpretive guidance · Cleary Gottlieb — 2026 Digital Assets Regulatory Update
🇸🇬 Singapore — MAS
DPT public-channel advertising ban — three-year audit moment
This week marks the three-year anniversary of MAS’s prohibition on Digital Payment Token service providers advertising in public spaces, mass media, or via social media influencers. The rule was the prototype for what subsequently became the most restrictive crypto marketing regime in the world. There has been no material loosening, no carve-out, no exception, no enforcement softening. The rule is still binary, still total, still unforgiving.
The audit value of the anniversary is not in the rule itself — every crypto marketer with SG-resident users already knows the rule — but in the maturity of MAS enforcement around it. Three years of operating data make it possible to characterise how MAS enforces. The pattern is clear: enforcement action is rare, but when it lands it is total. There is no first-strike forgiveness, no warning-letter ramp, no graduated response. The first public action against a non-compliant marketer is the Final Notice, and the Final Notice forecloses the channel entirely for the named entity.
Three useful things to do this week with the anniversary as cover. First, audit your current geo-targeting rules to confirm Singapore is excluded from any KOL or influencer campaign. Second, audit your last 90 days of paid-social campaigns to confirm Singapore was excluded at the impression level, not just at the targeting-intent level. Third, audit any third-party affiliate or partnership program to confirm none of your branded creative has reached a Singapore-resident audience via partner channels.
What this means for marketing: The MAS rule is not the place where marketing teams get aggressive. Treat it as a binary excluder in the geo-targeting layer, full stop.
[MONDAY-MORNING REFRESH — check MAS press releases for any DPT-related announcements]
Sources: MAS — official site · Sumsub — Singapore crypto regulations · WCR Legal — MAS framework explained
🇦🇪 UAE — VARA
Marketing pre-approval queue lengthening — plan UAE campaign timelines accordingly
VARA’s marketing pre-approval requirement remains the most operationally distinctive element of the UAE crypto regime. The substantive rules — banned phrases, mandatory disclaimers, no unsolicited tokens — are well-documented. The operational element that catches teams flat-footed is the pre-approval queue, which has been lengthening as more campaigns enter review.
Practical effect on planning: a UAE-facing campaign that was previously achievable in a 5-7 day timeline is now realistically a 2-3 week timeline, with iteration. The queue is not a sign of dysfunction at VARA — it’s a sign that the regulator is reviewing each campaign at depth. But it does mean campaign timelines need rebuilding around it.
For multi-jurisdictional campaigns, this creates a coordination problem. A pan-EMEA campaign that ships in EU markets in week 1 cannot ship in the UAE until week 3 or 4 without a separately-paced UAE track. Most marketing teams haven’t restructured their campaign-planning processes for this — they’re still treating the UAE as an executional last-mile rather than a parallel-cadence jurisdiction.
The W18 wire flagged the 19-firm enforcement action in early 2026 and the standalone marketing-violation triggers. Building on that: any team that has had a campaign delayed in the VARA queue should treat that delay as a positive signal, not a negative one. The campaigns that get pulled out of queue and shipped without approval are the ones that end up in the Final Notice. The campaigns that wait two extra weeks in queue do not.
What this means for marketing: Re-build UAE campaign timelines with a 2-3 week pre-approval buffer. Build the buffer into the marketing-planning calendar at the campaign-spec stage, not at the deployment stage.
What to ship around: Don’t pull campaigns out of the VARA queue under deadline pressure. The deadline pressure is the trap.
[MONDAY-MORNING REFRESH — VARA enforcement bulletins and any new pre-approval guidance]
Sources: Linklaters — VARA crypto marketing regulations · Neoslegal — VARA fines 19 crypto firms · VARA — official site
Jukka’s read
Signed read for AI Crypto CMO subscribers.
Last week’s wire framed the dominant theme as convergence: regulators in five jurisdictions arriving at the same operational conclusion that crypto marketing copy is the load-bearing surface for compliance enforcement. This week, the dominant theme is inflection. The MiCA cliff is now seven weeks out, the FCA second-wave is forming, the SEC has produced its first reusable language patterns under the new interpretation, and the VARA queue is lengthening. Each of these is the moment when the abstract regulatory shift becomes a concrete operational constraint on how marketing teams ship.
The single most-useful reframe for any marketing leader reading this wire in May 2026 is to stop treating the regulatory categories as separate review lanes and start treating them as a unified compliance perimeter that wraps around the entire marketing function. The MiCA review is not a downstream filter on EU campaigns. The FCA review is not a separate process for UK campaigns. The SEC audit is not a US-only concern. The same campaign asset frequently touches three or four jurisdictions simultaneously, and a single weak phrase can trigger three or four overlapping enforcement vectors.
The seven-week countdown is the action window. If you have a queued migration program, run it through full MiCA review this week. If you have queued UK promotions, run the 90-day post-mortem this week. If you have a US-facing token product page, reference it against the new no-action language patterns this week. If you have a UAE campaign in development, rebuild its timeline this week.
The seven-week window will not slow down. The marketing team that uses these seven weeks well is the team that ships through 1 July without an enforcement letter. The team that uses these seven weeks badly is the team whose homepage becomes a 2026 case study in 2027.
— Jukka Blomberg, NorthPoint
This wire is heuristic regulatory intelligence, not legal advice. For binding regulatory guidance, retain qualified counsel. NorthPoint provides marketing-side compliance and judgment via the AI Crypto CMO subscription. Subscribers receive this wire every Monday at 12:00 EET, plus the full audit perimeter (MiCA, GDPR, FCA, SEC, cross-jurisdiction reviews) and 24/7 emergency comms hotline.
Questions or corrections: jukka@northpoint.fi.
Sources
MiCA / EU
- ESMA — MiCA activities hub
- BaFin — Crypto supervision
- Regulation Tomorrow — ESMA statement on end of transitional periods
FCA / UK
- FCA — Common issues with crypto marketing
- FCA Warning List
- FCA — Final Notices search
- Lewis Silkin — FCA takes action against HTX
SEC & CFTC / US
- SEC — No-action letters
- A&O Shearman — SEC unveils landmark interpretive guidance
- Cleary Gottlieb — 2026 Digital Assets Regulatory Update