MiCA Regulation – CASP license in EU

MiCA CASP license in EU – Start Preparations Now!

MAXCORP is well prepared for a successful licensing outcome. MiCA (Markets in Crypto-Assets) regulation provides a unified licensing regime for the entire European Union. Crypto businesses which are currently classified as VASPs (Virtual Asset Service Providers) will be classified as CASPs (Crypto-Asset Service Providers) under MiCA.

The opening of MiCA license application submissions is January 2025. Every company holding a VASP license must re-apply for a new MiCA CASP license. The regulator handling the application and monitoring will also change in most jurisdictions. VASPs will have a transition period (length depending on jurisdiction), but as the timeframes are quite narrow we recommend starting preparations now, e.g. with drafting the required policy documentation as well as setting up local substance such as a physical office and a local team of senior level AML specialists – a successful outcome is best obtained with thorough and timely preparations.

A CASP license is passportable and it covers operations in any EU country (e.g. same as for an EMI license). The first set of regulations took effect on June 30th 2024 for stablecoin issuers and the second set took effect on December 30th 2024 for crypto exchanges. We have strong connections, extensive experience and an exemplary track record (e.g. for EMI, PI and crowdfunding licenses issuance) with local regulators who will now be handling also MiCA CASP licenses. Therefore we are well aligned to navigate current VASPs on their journey to a pan-European MiCA CASP license issuance.

Quick summary

MiCA CASP license application can be submitted from Jan 2025. A new regulator is appointed.

Current VASP license holders must re-apply for a MiCA CASP license.

Current VASPs will have a transition period (length varies per jurisdiction) during which they can operate.

Key points for current VASP license holders

To ensure a smooth transition, current VASPs should use the requirements of MiCA regulation as a blueprint to adjust towards the upcoming regulatory regime. From the perspective of a current VASP license holder we would outline 3 main categories for a successful MiCA CASP license application:

1. Capitalisation: heightened capital requirements (up to €150k) are set to ensure financial service stability, to protect customer rights and to offer a threshold for entering the market. We can support with the capital injection registry procedures and banking advisory for an EU credit institution bank account.

2. AML compliance and internal policies: a set of internal policies required by MiCA have to established for internal control mechanisms, risk assessment, confidentiality and safeguarding of funds. Our specialized lawyers can support with all legal documentation review and preparation.

3. Local substance: a physical office where at least part of the activities are carried out; management taking place in the EU with at least one director being a resident of the EU, in addition senior level local AML compliance specialists (e.g. CCO, CRO and MLRO roles). The expectations of the legislator and regulator differ per jurisdiction. We provide team-staffing and local team management solutions.

New CASP license capital requirements

MiCA regulation presents different classes for share capital requirement depending on the specific CASP activities. We recommend increasing the capital of the VASP company already now in the registry to avoid administrative tasks later.

Class 1 CASP – EUR 50.000 capital for the following crypto-asset services:
– reception and transmission of orders on behalf of third parties; and/or
– providing advice on crypto-assets; and/or
– execution of orders on behalf of third parties; and/or
– placing of crypto-assets.

Class 2 CASP – EUR 125.000 capital for any crypto-asset services under Class 1 and:
– exchange of crypto-assets for fiat currency that is legal tender;
– exchange of crypto-assets for other crypto-assets;
– operation of a trading platform for crypto-assets.

Class 3 CASP – EUR 150.000 capital for any crypto-asset services under Class 2 and:
– custody and administration of crypto-assets on behalf of third parties.

Note: a CASP should also consider to have at least one bank account opened at a EU based credit institution (EMI bank account does not qualify).

CASP License Application Overview

MiCA entered into force for crypto exchanges on December 30th 2024, but the license applications opening varies by jurisdiction. The EU Member States have the option of granting currently licensed VASPs up to an additional 18-month “transitional period” during which they may continue to operate without a MiCA license (“grand-fathering clause”). Thus the current VASPs may potentially operate until as late as 1st July 2026 – the exact date however may vary by jurisdiction based on how each Member State chooses to apply (or not apply) the optional transitional measures per Article 143(3) of MiCA. For example, Lithuania has confirmed the transition period until June 1st 2025, whilst Estonia has confirmed the transition period until July 1st 2026.

MiCA license application foresees submitting an application to the regulator who has up to 25 business days to assess whether the application is complete (if not, a deadline is provided). Thereafter the regulator will assess within 3 months if the CASP license applicant complies with the requirements and provides a reasoned decision – the applicant is notified within 3 business days of the decision. Even though the indicative timeframes suggest approx. 4 months licensing duration, then based on experience with e.g. crowdfunding and EMI licenses (same regulator, similar requirements) we estimate the total length of the licensing process to be twice as long.

We can provide several approach possibilities in regards to substance for meeting regulatory requirements, e.g. we can support with setting up a local physical office and sourcing highly qualified professionals for direct employment of Chief Executive Officer (CEO), Chief Compliance Officer (CCO) and Money Laundering Reporting Officer (MLRO) roles, including support with on-going training, office and team management.

The duties of a Chief Compliance Officer (CCO) include, inter alia:

  • Main areas of work: internal controls; ensuring correct data keeping, reporting to the statistics agency, reporting to the data protection Agency, upkeep to any local regulatory deadlines to manage their compliance incl. AML, data breaches, fraud prevention, IT security and privacy procedures.

The duties of a Money Laundering Reporting Officer (MLRO) include, inter alia:

  • Main areas of work: supervision, monitoring and reporting functions, along with the communication with customers for EDD/CDD/ODD document collection and revision of any KYC/KYB/KYT reports, answering to the CEO/CCO.

We would also outline that the suggested local substance and employee count depends on your business model (inc. business plan) and trading volumes, we can provide our suggestions after completion of the preliminary analysis.

For a CASP license application we will begin with a concentrated legal opinion on the business model, shareholding structure, policy documentation and AML compliance systems. We can thereafter prepare a plan and handle all aspects of the licensing process. Below we have noted some selected important requirements for the license application documentation.

  • Programme of Operations: sets out the types of crypto-asset services that the applicant wishes to provide, including where and how these services are to be marketed. It entails a three-year plan for regulated and unregulated activities, geographical distribution of services, and target client categories. It also covers the outsourcing policy, including intra-group arrangements, a list of outsourced service providers, a financial forecast, and plans for exchanges and activities.
  • Business continuity policy: disaster recovery plan, internal control mechanisms and effective procedures for risk assessment, systems and procedures to safeguard the security, integrity and confidentiality of information. CASPs must also have in place systems and procedures to monitor and detect market abuse. There are also requirements for outsourcing and to maintain and to operate an effective policy to prevent, identify, manage and disclose conflicts of interest.

  • CASPs will be required to have adequate measures in place to safeguard the assets of their clients, especially in case of insolvency and to prevent the use of a client’s assets on their own account. Client’s funds should be placed with an EU credit institution and steps taken to ensure that the client funds are held in separate accounts. Additionally, CASPs will need to confirm that they have adequate insurance coverage to protect their clients in case of theft or loss of assets.

Below we have covered the main list of required documentation, policies and rules (referring to Article 62 of MiCA) which have to be tailor-made for each applicant for the CASP license. We can handle all aspects of the licensing process, ensuring a smooth and efficient application experience.

  1. Programme of Operations -Article 62(2)(d) of MiCA
  2. Insurance Policy
  3. ICT Systems Security Policy
  4. Market Abuse Monitoring and Reporting Policy
  5. Client Crypto-Asset Safeguarding Policy
  6. Client Complaint Handling Policy
  7. Conflict of Interest Policy
  8. The Outsourcing Management Policy
  9. Custody Policy
  10. Trading Platform Operating Rules
  11. Non-Discriminatory Commercial Policy
  12. Order Execution Policy (if applicable)
  13. Governance Arrangements
  14. Internal Control Policy
  15. Business Continuity Policy
  16. IT Systems and Security Arrangements Policy
  17. Proof of Meeting Prudential Safeguards Documentation Policy
  18. Client’s Crypto-Assets and Funds Segregation Procedures Policy
  19. Subsidiary Relationship Information Documentation
  20. Compliance Assessment Documentation
  21. Cross-Border Service Provision Information Documentation
  22. Notification of Cross-Border Activities Documentation
  23. AML Policy
  24. Whistleblowing Policy

For the full MiCA regulation please refer to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (Text with EEA relevance)

The MiCA CASP license may be terminated by the regulator in several cases, excluding any regulatory deficiencies, also in case licensed activities have not started within 12 months of obtaining the license or if crypto-asset services have not been provided in a period of 9 months.

MiCA also establishes financial penalty  thresholds, from 3% up to 12.5% of the total annual turnover of the entity or more, periodic penalty payments, withdrawal/suspension of the license or removal/ban of a person from the managerial positions.

Prepare for MiCA CASP License application

For current VASP license holders we recommend to approach MiCA in stages, to secure the high level specialists time allocations for a balanced approach. Our track record with 500+ VASP licenses since the birth of EU crypto regulations and 30+ in-house professional background AML specialists can be at your disposal. We’d be glad to support your VASP company with the preparation of a successful MiCA CASP license application and the associated legal documentation. 

  • STAGE 1: ANALYSIS Enterprise Wide Risk Assessment (EWRA)
  • Objective: Business plan, AML and IT infrastructure in-depth analysis
  • Outcome: Detailed legal opinion what needs improvement prior to MiCA licensing
  • Budget: legal work input from 50 hours
  • STAGE 2: LEGAL WORK MiCA Required Policy Documentation
  • Objective: Eliminate deficiencies and solve problems mapped in the EWRA analysis
  • Outcome: Full set of final procedures, rules and policies required by MiCA regulation
  • Budget: legal work quoted after Stage 1
  • STAGE 3: CASP LICENSE MiCA CASP License Application
  • Objective: Prepare and submit license application, correspondence with regulator
  • Outcome: MiCA CASP license issuance to operate in the European Union
  • Budget: legal work input from 80 hours

Partner attorney-at-law and senior AML compliance specialist combined hourly fee is applied for MiCA licensing. All orders are subject to review and final confirmation; conditions may apply. All packages and pricing is indicative and subject to our final confirmation upon receiving further details. Additional fees may apply. We reserve the right to update our individual and package pricing at any time without prior notice. Please contact us for a detailed offer specific to your project.

Book a meeting for more information

We can provide further information after gathering the preliminary project information. We follow a thorough checklist to confirm that all legal requirements are met. Please contact our legal department through the contact form below to set up an online meeting, we will get back to you shortly.

    Contact details

    Please contact us to schedule a meeting with our crypto projects manager.