Vienna’s MiCA Playbook: How the “Rent-a-CEO” Model Positions Austria as a Gateway for High-Risk Crypto Exchanges
How Austria’s Licensing Practice Turned Vienna into a Preferred MiCA Entry Point
Austria’s Financial Market Authority (Financial Market Authority, FMA) has quietly transformed Vienna into one of the most attractive gateways for crypto exchanges seeking authorisation under the EU’s MiCA regime. A recurring figure in this process is Viennese lawyer Oliver Stauber, whose name appears at the licensing stage of multiple high-risk global platforms. First KuCoin, now Bitget — both exchanges with notable regulatory histories — entered the EU market through Austria with Stauber acting as CEO or managing director during the authorisation phase. From a compliance and governance perspective, this repeated “rent-a-CEO” pattern raises structural concerns.
Key Facts at a Glance
- Oliver Stauber acted as managing director/CEO during KuCoin EU’s MiCA application in Austria; the FMA granted the CASP licence on 27 November 2025.
- Shortly after approval, Stauber exited KuCoin EU Exchange GmbH and KuCoin EU Holding GmbH; management was transferred to a new leadership team led by Jing Liu.
- In January 2026, Bitget appointed Stauber as EU CEO to establish a Vienna hub and pursue MiCA authorisation with the FMA — closely mirroring the KuCoin approach.
- KuCoin pleaded guilty in the United States to operating an unlicensed money-transmission business, agreed to penalties nearing $300 million, faces a C$19.5 million AML fine in Canada, and is permanently banned from Ontario’s capital markets.
- Bitget has received regulatory warnings in Australia and Canada for offering unlicensed derivatives and operating without proper registration.
- EY Law has publicly highlighted its role in securing KuCoin’s MiCA licence and markets itself as a leading MiCA advisory firm in Austria for offshore exchanges.
- Meanwhile, the FMA, France’s Autorité des marchés financiers (AMF), and Italy’s Commissione Nazionale per le Società e la Borsa (Consob) jointly warned that MiCA enables “opportunistic choices between countries for authorisation” and called for direct supervision by European Securities and Markets Authority (ESMA).
Vienna’s Emerging Role in the MiCA Ecosystem
Over the past year, Vienna has become a preferred entry point for offshore crypto exchanges seeking MiCA authorisation — and with it, access to the entire EU single market. The FMA acts as the formal gatekeeper, while a small circle of legal and advisory actors appear to hold the practical keys.
In late 2025, KuCoin EU Exchange GmbH, linked to a Seychelles-based structure and already under scrutiny by U.S. and Canadian authorities, secured MiCA approval in Austria. The FMA’s public announcement listed the decision but made no reference to the exchange’s enforcement history.
According to reporting by the local investigative outlet Wiener Zocker, Stauber was registered as managing director/CEO of KuCoin’s Austrian entities during the licensing phase and disappeared from the commercial register shortly after approval.
In early 2026, the same pattern re-emerged: Stauber surfaced as EU CEO of Bitget, another exchange with prior regulatory warnings, again positioning Vienna as the launchpad for EU-wide operations under MiCA.
Extended Analysis: When MiCA Meets the “Rent-a-CEO” Model
From a regulatory compliance perspective, three core issues stand out.
1. Fit-and-Proper as a Temporary Formality
MiCA requires senior managers of crypto-asset service providers to be “fit and proper” and to genuinely direct the business. In Austria, this requirement appears to be applied in a front-loaded, personality-based manner:
- A well-connected local lawyer with regulatory credibility is appointed CEO or managing director.
- EY Law structures the MiCA application and promotes the successful outcome.
- Once authorisation is secured, the local figure exits and operational control shifts to foreign management.
While MiCA does not prohibit management changes post-authorisation, the effective outsourcing of local accountability to a temporary figure undermines the intent of the fit-and-proper standard, reducing it to a procedural checkpoint.
2. High-Risk Applicants, Limited Transparency
Neither KuCoin nor Bitget qualifies as a low-risk applicant:
- KuCoin admitted in the U.S. to Bank Secrecy Act violations and unlicensed money transmission, accepted nearly $300 million in penalties, and agreed to a two-year withdrawal from the U.S. market.
- Canada’s FINTRAC imposed a record C$19.5 million AML penalty, and Ontario regulators banned KuCoin permanently.
- Bitget has drawn scrutiny from Australian Securities and Investments Commission (ASIC) and Canadian regulators for offering high-leverage derivatives without authorisation.
MiCA allows authorisation of firms with prior issues if risks are sufficiently mitigated. However, absent detailed public reasoning, the FMA’s approvals resemble regulatory arbitrage: firms with substantial enforcement histories obtain an EU licence in a smaller jurisdiction and then passport it across the Union.
3. The FMA’s Contradictory MiCA Messaging
In September 2025, the FMA joined AMF and Consob in warning that MiCA enables regulatory shopping and arguing for direct ESMA supervision of large global CASPs.
Yet weeks later, the same authority approved KuCoin EU under a governance structure closely aligned with the very risks highlighted in that joint paper.
Either the FMA believes it can effectively supervise such entities from Vienna — which would make the alarmist tone of the position paper questionable — or Austria has positioned itself as a soft-entry jurisdiction ahead of potential ESMA centralisation. In both cases, transparency around risk assessment and supervisory expectations remains notably absent.
A Broader Question of Regulatory Substance
There is no public evidence that Oliver Stauber personally breached regulatory obligations. The broader issue raised by Scam-Or Project is structural: has Austria’s MiCA licensing pipeline, shaped by a narrow group of legal and advisory actors, shifted away from substantive investor protection toward regulatory optics?
Practical Takeaways
For Banks and Payment Service Providers
Apply enhanced AML, governance, and counterparty risk scrutiny to MiCA-licensed CASPs emerging from Austria, particularly where there is a documented record of foreign enforcement actions. An FMA licence alone should not substitute for independent risk assessment.
For EU Regulators and ESMA
Examine the recurring rent-a-CEO pattern in CASP applications and assess whether licence conditions should limit rapid post-authorisation management changes in high-risk cases.
For Policymakers
The joint FMA–AMF–Consob paper already identifies the danger of regulatory shopping. The KuCoin and Bitget cases represent real-world stress tests for MiCA. The regime’s credibility depends on closing the gap between regulatory theory and licensing practice.
Call for Information
Scam-Or Project continues to examine Austria’s MiCA licensing process, including the role of legal advisors, gatekeepers, and political networks in Vienna.
- Were you involved in the KuCoin or Bitget licensing processes in Austria?
- Have you worked inside FMA-supervised CASPs or supported their applications?
- Do you have internal materials related to governance structures, AML controls, or political lobbying surrounding these licences?
Compliance professionals, insiders, and whistleblowers can securely submit information via the Scam-Or Project whistleblower section. All submissions are handled confidentially and in accordance with established whistleblower protection standards.
