Austria’s Financial Market Authority (FMA) has turned Vienna into a MiCA hub – and a single Viennese lawyer, Oliver Stauber, keeps appearing at the front door. First KuCoin, now Bitget: both global exchanges with serious regulatory baggage, both pushing their EU entry via Austria, both with Stauber as CEO or managing director at the licensing stage. From a compliance perspective, this “rent-a-CEO” model looks increasingly problematic.
Key Points
- Viennese lawyer Oliver Stauber led KuCoin EU’s MiCA application in Austria as managing director/CEO – the FMA granted the MiCA CASP licence on 27 November 2025.
- Shortly after the licence was granted, Stauber exited both KuCoin EU Exchange GmbH and KuCoin EU Holding GmbH; KuCoin EU is now run by a new management line-up headed by Jing Liu and others.
- In January 2026, Bitget appointed Stauber as EU CEO to build its Vienna hub and pursue a MiCA licence with the FMA – effectively replaying the KuCoin script.
- KuCoin has pleaded guilty in the U.S. to operating an unlicensed money-transmission business and agreed to pay almost $300 million in penalties, and faces a record C$19.5m AML fine in Canada, plus a permanent market ban in Ontario.
- Bitget has been warned by regulators in Australia and Canada for offering unlicensed derivatives products and operating without registration.
- EY Law publicly celebrates its role in securing KuCoin’s MiCA licence and positions itself as leading MiCA adviser in Austria, including for other large offshore exchanges.
- At the same time, the FMA, AMF and Consob jointly warned that MiCA as implemented allows “opportunistic choices between countries for authorisation” and called for ESMA to directly supervise large CASPs.
Short Narrative
Over the past year, Vienna has quietly become a preferred entry point for large offshore crypto exchanges seeking a MiCA licence – and therefore a passport into the entire EU single market. Austria’s FMA is the gatekeeper; Oliver Stauber and EY Law are among the architects of the key that opens the gate.
In late 2025, KuCoin EU Exchange GmbH – backed by a Seychelles structure and already under heavy fire from U.S. and Canadian authorities – obtained MiCA authorisation in Austria. The FMA’s brief notice simply lists the licence decision; the heavy enforcement baggage is not mentioned.
As the local investigative platform Wiener Zocker has documented, Stauber appeared as managing director/CEO of KuCoin’s Austrian entities during the licensing phase, only to disappear from the commercial register once the licence was secured.
Now the same lawyer has surfaced as EU CEO of Bitget, another exchange with a history of regulatory warnings, which is likewise building an EU headquarters in Vienna with MiCA as the prize.
Extended Analysis – MiCA Meets “Rent-a-CEO”
From a compliance standpoint, three issues stand out.
1. Fit-and-Proper as a Temporary Sticker
MiCA requires senior managers of crypto-asset service providers (CASPs) to be “fit and proper” and to effectively direct the business. In practice, Austria appears to allow a front-loaded, personality-based model:
- A well-connected local lawyer with a political and regulatory profile (Stauber) is installed as CEO/managing director.
- EY Law structures the licence application and publicly celebrates the successful approval.
- Once the licence is granted, the “face” of the project steps aside and foreign managers take over operational control.
MiCA does not forbid management changes after authorisation – but if the entire local competence and accountability layer is effectively rented for the licensing window and then removed, the spirit of the regime is undermined. Fit-and-proper degenerates into a one-off box-ticking exercise.
2. High-Risk Clients, Low-Signal Licensing
KuCoin is not a clean, greenfield applicant:
- It pleaded guilty in the U.S. to operating an unlicensed money-transmission business and to Bank Secrecy Act violations, agreeing to penalties of nearly $300 million and a two-year exit from the U.S. market.
- In Canada, the AML watchdog FINTRAC imposed a record C$19.5m penalty for serious AML failings.
- In Ontario, KuCoin is permanently banned from the capital markets.
Bitget, for its part, is on the radar of ASIC and Canadian provincial regulators for offering high-leverage derivatives without proper authorisation.
Granting these players an EU passport via Austria is not per se unlawful – MiCA allows firms with prior issues to be authorised where risk-mitigating measures are deemed sufficient. But in the absence of published, granular reasoning, the FMA’s decisions look less like careful rehabilitation and more like regulatory arbitrage: firms with serious cross-border findings obtain a fresh “regulated” label in a comparatively small market and then passport across the Union.
3. FMA’s Split Personality on MiCA
The most striking contradiction is the FMA’s own messaging.
In September 2025, the FMA co-signed a joint position paper with France’s AMF and Italy’s Consob, warning that current MiCA structures are not sufficient for global platforms and advocating direct ESMA supervision to avoid “opportunistic choices between countries for authorisation.”
Yet just weeks later, the same authority signed off MiCA licences for KuCoin EU – precisely the kind of global, enforcement-exposed exchange described in the paper – and did so under a governance structure that looks very much like the opportunistic playbook the FMA claimed to fear.
Either the FMA believes it can effectively supervise such structures from Vienna – in which case the alarmist tone of the position paper is puzzling – or it has indeed become a “soft-entry” hub whose licences are intended to be passported under a future ESMA umbrella. In both scenarios, transparency about risk assessment and ongoing supervision is conspicuously missing.
To be clear: there is no public evidence that Stauber himself has violated regulatory obligations. The question FinTelegram raises is different: Has Austria’s MiCA pipeline, built by a small circle of lawyers and advisors, drifted from investor protection toward regulatory cosmetics?
Actionable Insight (for banks, partners, and regulators)
- For banks and PSPs: Treat MiCA-licensed CASPs coming out of Austria with a heightened AML and governance risk premium, especially where there is a documented history of foreign enforcement actions. Do not outsource your risk assessment to the FMA stamp alone.
- For EU regulators and ESMA: Scrutinise the rent-a-CEO pattern in CASP applications and consider whether licence conditions should explicitly restrict rapid post-authorisation management swaps in high-risk cases.
- For policymakers: The FMA/AMF/Consob paper already acknowledges the risk of regulatory shopping. Austria’s KuCoin and Bitget cases are real-world testbeds. MiCA’s credibility will depend on how quickly this gap between theory and practice is closed.
Call for Information
FinTelegram is continuing to investigate Austria’s MiCA licensing pipeline, including the role of local gatekeepers, law firms, and political networks in Vienna.
- Were you involved in the KuCoin or Bitget licensing processes in Austria?
- Did you work inside FMA-supervised CASPs or assist in their applications?
- Do you have internal documents or communications about governance, AML controls, or political lobbying around these licences?
Insiders, compliance officers, and whistleblowers can contact us securely via Whistle42.com. As always, we treat submissions confidentially and in line with our whistleblower protection standards.
