NorthPoint Regulatory Wire
Volume 1, Issue 3 — Week of 18 May 2026 (W20)
Curated regulatory intelligence for crypto marketing functions. Authored and signed by Jukka Blomberg. Distributed every Monday at 12:00 EET to AI Crypto CMO subscribers.
Pre-load note (internal): Draft scaffold prepared 7 May 2026. Refresh MONDAY-MORNING REFRESH sections before publish; the rest of the structure is publish-ready.
At a glance
| Jurisdiction | What changed | Marketing impact |
|---|---|---|
| 🇪🇺 EU / MiCA | 6 weeks until cliff. First wave of cease-and-desist preparations expected at national level | High — unlicensed-operator marketing surfaces are now the highest-likelihood enforcement target |
| 🇬🇧 UK / FCA | Q1 2026 enforcement statistics published (typical FCA cadence) | Medium-High — base-rate data point for UK crypto promotions exposure |
| 🇺🇸 US / SEC | Token launch market reopens — first MiCA/SEC dual-jurisdiction launches reach US-facing surfaces | Medium-High — multi-jurisdictional marketing review now a launch-blocking dependency |
| 🇸🇬 SG / MAS | Quiet week; useful audit moment for Singapore-targeting infrastructure | Low-Medium — clean-up window |
| 🇦🇪 UAE / VARA | Pre-approval guidance update expected (typical mid-quarter cadence) | Medium — refresh internal review checklists |
🇪🇺 European Union — Markets in Crypto-Assets (MiCA)
6 weeks to cliff: first wave of cease-and-desist preparations
The MiCA transitional period ends on 1 July 2026. We are now six weeks out. National regulators across the bloc are entering the operational phase of cliff-readiness — moving from messaging guidance (the W19 theme) to active enforcement preparation. Expect publicly-announced warnings and the first wave of formal cease-and-desist letters to unauthorised operators serving EU clients to start landing this week and intensify through W21-W25.
The pattern from analogous regulatory cliffs (think GDPR’s mid-2018 wave, PSD2’s transitional enforcement) tells us the first wave will be loud, public, and designed to set examples. National regulators want compliance behaviour from the broader market, not just from the named entities. The way they get it is by publishing.
The marketing implication is twofold and counterintuitive. First, unauthorised operators marketing into the EU should expect their public-facing marketing to be the primary evidence in a cease-and-desist letter. Homepage hero copy, the meta description in Google search results, app store listings, archived social media posts — all are evidence. Second, authorised operators should expect the cease-and-desist coverage to create user anxiety that bleeds into their own customer base. The communications response to a competitor’s cease-and-desist is itself MiCA-Article-88 marketing — say the wrong thing about a competitor’s enforcement event and you become the next case.
What this means for marketing: Build the cease-and-desist response template now. Authorised CASPs need a pre-approved, MiCA-cleared communications response for the scenario where a competitor or peer gets a public cease-and-desist letter. The window between the news breaking and the customer Reddit post asking “is [our exchange] next?” is approximately six hours. The marketing team that has a pre-approved response template ships within those six hours. The team that doesn’t either ships nothing (loses the narrative) or ships something hasty (creates the next regulatory exposure).
What to ship around: Don’t run new acquisition campaigns this week if you have a pending licence application. The optics of acquiring users via paid media while waiting for licence approval are bad and the regulators are watching. Audience-defensive owned-channel work only.
[MONDAY-MORNING REFRESH — paste any cease-and-desist announcements from BaFin, AMF, CNMV, FIN-FSA, etc., before publish]
Sources: ESMA — MiCA hub · BaFin — supervision · AMF — crypto-assets
🇬🇧 United Kingdom — FCA financial promotions regime
Q1 2026 enforcement statistics: the new base rate
The FCA typically publishes quarterly enforcement-activity statistics around mid-month following quarter-end. This week’s expected Q1 2026 release is the first quarter to fully reflect the post-HTX environment, which makes it the cleanest data point we’ll have on the new base rate of FCA crypto-promotions enforcement activity.
What to look for in the published numbers and what each signal means for marketing operations:
The count of warning-list additions (companies added to the FCA Warning List in the quarter) is the broadest signal. A higher count signals broader screening activity; a stable count signals stable enforcement bandwidth. Either way, the number is a useful benchmark for any UK-touching marketing team to recalibrate against. The count of withdrawn promotions (promotions withdrawn following FCA intervention) is the more operationally relevant number — these are the cases that reached the level of formal action without becoming public Final Notices. They represent the silent enforcement layer that most marketing teams underestimate. The count of supervisory notices issued to authorised firms is the leading indicator for the next wave of enforcement: a quarterly increase in supervisory notices typically precedes a quarterly increase in Final Notices two to three quarters later.
For Acme-shaped operators (mid-market, partially-authorised, multi-jurisdictional), the relevant audit response to the published numbers is to use them as the calibration baseline for your own internal compliance metrics. “We had X internal pre-flight reviews this quarter, Y resulted in copy revisions, Z were withdrawn” is a useful internal data set. Map your own pattern against the FCA-published pattern. If your internal review rate is materially below the FCA’s external withdrawal rate, your pre-flight standards may be too lax.
What this means for marketing: Treat the Q1 2026 FCA statistics as the calibration baseline for the marketing-compliance review function. Adjust internal pre-flight standards if your numbers diverge meaningfully from the published FCA enforcement pattern.
What to ship around: Don’t deprioritize KOL contract reviews. The KOL surface remains the most-frequently-flagged channel in published Final Notices.
[MONDAY-MORNING REFRESH — Q1 2026 FCA enforcement data and any newly published Final Notices]
Sources: FCA — Annual Report and Statistics · FCA — Final Notices search · FCA Warning List
🇺🇸 United States — SEC & CFTC
Token launch market reopens — first MiCA/SEC dual-jurisdiction launches
The token launch market in the US has been functionally closed since 2022. The combination of the March 2026 SEC-CFTC interpretation, the no-action letter precedents that emerged in W19, and the easing of legacy enforcement in fiscal year 2025 has reopened it — cautiously, structurally, but materially.
The first wave of token launches reaching US-facing marketing surfaces in May 2026 is dual-jurisdictional: tokens that were structured for MiCA compliance from the outset and are now extending into US distribution under the new interpretive framework. The marketing-side implication of this is the most interesting development of the week. Multi-jurisdictional marketing review is no longer a nice-to-have for token launches — it is a launch-blocking dependency.
The reason matters. The MiCA whitepaper requirements specify what can and cannot be claimed about a token in the EU. The SEC-interpretive-guidance language patterns specify what can and cannot be claimed about a token in the US. The two regimes are not aligned in their detail — what passes a MiCA whitepaper review can fail an SEC marketing review, and vice versa. The same token-launch landing page, viewed from each jurisdiction, can be in two different compliance states.
The operational fix for marketing teams shipping token launches in 2026 is jurisdiction-specific landing pages with shared brand assets but distinct copy decks, each compliance-cleared in its own perimeter. The single-page-for-all approach, which was viable in 2023, is not viable in 2026.
What this means for marketing: If you have a token launch on the roadmap for Q3 2026, the dual-jurisdiction marketing review should be slotted into the project plan before creative ships, not after. Add 2-3 weeks of cross-jurisdiction review buffer.
What to ship around: Don’t launch a US-facing token marketing surface that uses MiCA-whitepaper-derived copy as a starting point. The two regimes’ language requirements diverge too much. Each surface needs its own clean copy build.
[MONDAY-MORNING REFRESH — SEC token-launch coverage, any newly cleared launches]
Sources: SEC — No-action letters · A&O Shearman — SEC interpretive guidance · Cleary Gottlieb — 2026 Digital Assets Regulatory Update
🇸🇬 Singapore — MAS
Quiet week — useful clean-up audit
A quiet week in MAS-land is the right week to do the operational housekeeping that gets deprioritized when the regulator is making news. Three discrete tasks worth queuing this week if the rest of the calendar is dominated by MiCA-cliff work:
First, review your Singapore IP geo-blocking and ensure it works on mobile, not just on desktop. A common failure mode is a desktop-tested geo-block that fails silently on mobile webview, particularly when KOL traffic refers users in via in-app browsers that don’t pass the standard headers.
Second, review your KOL contracts for any clauses that allow the KOL to share content with their full follower list, including Singapore residents. The cleanest contracts have a Singapore exclusion baked into the deliverables; the next-cleanest have a Singapore-targeting prohibition; the messy ones have neither and rely on the KOL’s individual operational discipline.
Third, review your affiliate program landing pages for any that include Singapore as a default-on territory. The affiliate-program surface is the most-overlooked Singapore exposure for many crypto marketing teams; the surface lives outside the main marketing review process and frequently doesn’t have the geo-block layer baked in.
What this means for marketing: Use the quiet MAS weeks to harden the operational hygiene. The next noisy MAS week (which is coming, even if the timing isn’t predictable) is a bad week to discover a geo-block gap.
[MONDAY-MORNING REFRESH — any MAS announcements or DPT-related releases]
Sources: MAS — official site · Sumsub — Singapore crypto regulations
🇦🇪 UAE — VARA
Pre-approval guidance update expected — refresh the internal review checklist
VARA typically updates its operational guidance on marketing pre-approval at predictable mid-quarter intervals. This week is a likely refresh window. The substantive marketing rules — banned phrases, mandatory disclaimers, no unsolicited tokens — are unlikely to change. The operational guidance — what documentation to submit, how the queue is prioritised, what triggers an expedited review — is more likely to evolve.
For marketing teams with active UAE campaigns or campaigns in the queue, two operational steps are worth taking this week regardless of whether new guidance lands:
First, rebuild your internal VARA pre-approval checklist as a living document, versioned, dated, owned by a named team member. The most common failure mode for UAE campaigns is the team member who maintained the previous version of the checklist leaves the company and the checklist drifts out of date. A versioned checklist with named ownership eliminates that failure mode.
Second, build a relationship with your external counsel’s VARA practice if you haven’t already. The marketing-side review is much faster when the external compliance partner is briefed on your campaign cadence and creative inventory. Building that relationship in a quiet week is cheaper than building it during a campaign-deadline crunch.
The W19 wire flagged the lengthening pre-approval queue. Building on that: any team that treats VARA marketing review as a discrete event (one campaign, one approval) is taking on more friction than necessary. The teams that treat it as an ongoing relationship (continuous brief, predictable cadence, anticipated pipeline) get smoother processing.
What this means for marketing: Refresh the VARA review checklist. Brief external counsel on Q3 campaign pipeline. Plan UAE timelines with the 2-3 week queue buffer baked in.
[MONDAY-MORNING REFRESH — VARA bulletins, any updated pre-approval guidance]
Sources: VARA — official site · Linklaters — VARA crypto marketing regulations · Neoslegal — VARA fines 19 crypto firms
Jukka’s read
Signed read for AI Crypto CMO subscribers.
W18’s read was about convergence. W19’s was about inflection. This week’s is about preparation. The MiCA cliff is six weeks out, the FCA enforcement base rate is being recalibrated, the SEC token-launch market is reopening with multi-jurisdictional review as the new gatekeeping function, the MAS clean-up window is open, and VARA is iterating its operational guidance. Each of these is a different kind of preparation problem.
The pattern that links them is structural. The 2026 crypto regulatory environment has matured to the point where the answer to “how do we do this safely?” is the same in every jurisdiction: build the marketing-compliance perimeter as continuous, versioned, documented, and proactive, not as a one-off review-then-ship process. The cliff doesn’t change that pattern; it just makes the cost of not having the pattern more visible.
The most useful exercise for any marketing leader reading this in May 2026 is to walk through your last shipped campaign and answer four questions in writing. Did this campaign go through pre-flight review? Was the pre-flight review documented in a way that would survive a regulator request? Was the version that shipped the version that was reviewed? Is the asset still archived in a way that’s retrievable in 18 months? If any of those answers are uncertain, the cliff window is when you fix it.
The next wire (W21) will cover the third quarter of the cliff window — five weeks out, with the first publicly-announced enforcement actions likely to have landed by then. The shape of those actions will be diagnostic of the regulator’s enforcement posture for the remainder of the year.
— Jukka Blomberg, NorthPoint
This wire is heuristic regulatory intelligence, not legal advice. For binding regulatory guidance, retain qualified counsel. NorthPoint provides marketing-side compliance and judgment via the AI Crypto CMO subscription. Subscribers receive this wire every Monday at 12:00 EET, plus the full audit perimeter (MiCA, GDPR, FCA, SEC, cross-jurisdiction reviews) and 24/7 emergency comms hotline.
Questions or corrections: jukka@northpoint.fi.
Sources
MiCA / EU
- ESMA — MiCA activities hub
- BaFin — Crypto supervision
- AMF — Crypto-assets framework
- Regulation Tomorrow — ESMA statement on end of transitional periods
FCA / UK
SEC & CFTC / US
- SEC — No-action letters
- A&O Shearman — SEC unveils landmark interpretive guidance
- Cleary Gottlieb — 2026 Digital Assets Regulatory Update