Banner

CASP license

On January 1, 2025, the MiCA Regulation, which introduces common standards for crypto asset service providers (CASPs), will become effective in the European Union.

Gofaizen & Sherle helps current VASPs obtain a pan-European CASP license and choose the best jurisdiction to scale their virtual asset business.

The CASP (Crypto Asset Service Provider) license is a mandatory authorization for companies that provide crypto asset services. It covers exchange, storage, portfolio management, and advisory services. CASP regulates crypto-asset services, including exchange for fiat money and other digital assets, trading platform management, order fulfillment, transfer, and placement. With this license, companies can offer services across the European Union on a “passport-able” basis, similar to the EMI license.

The Markets in Crypto Assets Regulation (MiCA), which defines the rules for the CASP license, was adopted by the European Union in 2023 to unify cryptocurrency market regulation and create common standards across the EU. This decision was an important step towards a transparent and secure crypto market.

MiCA envisions a two-stage implementation of regulations:

  • The first set of regulations

Affects issuers of stablecoins and came into force on June 30, 2024, providing additional requirements for this type of asset.

  • The second set of rules

It will go into effect on December 30, 2024, and will cover cryptocurrency exchanges and other crypto asset service providers, including CASPs.

There is a transition period for existing virtual asset service providers (VASPs). They can continue to operate under their current national licenses until December 31, 2025, and in some countries, this period can be extended until July 1, 2026. From January 1, 2025, companies must apply for a MiCA CASP license to comply with the new requirements by the end of the transition period.

MiCA will significantly change the crypto services market in the EU by introducing strict standards of security and transparency, which in turn will increase trust in crypto assets. The new regulation will open up cross-border opportunities for companies and ensure that they operate under a single legal framework. This will allow them to expand their client base and provide services across the EU.

Gofaizen & Sherle is fully prepared for MiCA. We are experienced in dealing with regulators and have thoroughly understood the requirements of the new legislation, including CASP licenses. Our team offers full licensing and MiCA adaptation support, from preparing documentation to setting up processes that comply with all regulations. When MiCA comes into force, our clients will be able to grow their business with the confidence that they are fully compliant with the regulator’s requirements.

What to do for current VASP holders in Europe?

With the introduction of MiCA to regulate crypto assets, current VASP licensees in Europe must adapt to the new requirements for a favorable transition to CASP licensing. MiCA establishes uniform standards under EU regulations aimed at enhancing the transparency, security, and financial stability of crypto asset companies.

Key steps for the transition:

  • Capitalization. MiCA requires companies to ensure a minimum level of capitalization (up to €150,000, depending on the range of services provided). This requirement aims to improve financial stability and customer protection. Companies will need to review their capitalization to meet these standards.
  • AML compliance and internal policies. The requirements for AML policies and internal controls are significantly strengthened. Companies are required to create and implement detailed policies for risk management, data protection, protection of customer funds, and transaction monitoring. This also includes the implementation of internal controls and regular risk assessments.
  • Local presence. Companies must have a physical office in the EU and conduct some of their activities within the European Union. There must also be at least one EU-domiciled manager and an anti-money laundering compliance team.

Gofaizen & Sherle assists existing VASPs in obtaining a pan-EU CASP license.

New capital requirements for CASP license

MiCA regulation introduces new capital requirements for crypto asset service providers (CASPs), qualifying them into three types depending on the services provided and the level of responsibility to clients:

  • CASP Class 1 

A minimum capital of €50,000 is required for companies engaged in basic operations such as receiving and transmitting orders, advising and placing crypto-assets. These services involve lower risks, which determines the relatively low capital threshold.

  • CASP Class 2

Requires a capital requirement of €125,000 for companies that not only perform Class 1 functions but also engage in exchanging crypto assets for fiat money or other digital assets and operate trading platforms. These companies take a more active role in market transactions, so they require additional capital.

  • CASP Class 3

Companies that provide all Class 1 and Class 2 services and additionally handle the custody and management of crypto assets on behalf of clients have the highest capital requirement of €150,000. These companies have increased responsibility for client funds, which requires the highest level of financial stability.

info

In addition, companies with a CASP license are required to have at least one European Union bank account. For existing VASPs, it is recommended to increase the capital to the required levels in advance to avoid administrative delays and to facilitate adaptation to the new MiCA standards.

Main requirements for a CASP license

  1. CASPs must be registered as legal entities with a statutory structure that protects clients and allows them to comply with MiCAR requirements.
  2. Must have a registered office in the jurisdiction in which they are licensed and have effective management in the EU. There must be at least one EU resident director on the management team to comply with local controls.
  3. CASP companies are required to implement internal controls and risk management systems that incorporate anti-money laundering (AML) and preventing the financing of terrorism (CFT) measures. MiCAR requires companies to develop procedures to identify customers, monitor transactions, assess potential risks, and provide mechanisms to manage operational, legal, and information technology threats.
  4. Companies are required to protect customer data and assets. MiCAR requires the implementation of security measures such as access controls, data encryption, and regular security audits to ensure the confidentiality and integrity of information.
  5. Candidates for a CASP license must have insurance reserves to cover risks associated with privacy breaches, business process errors, and customer liabilities. These safeguards can be implemented through equity or insurance policies.
  6. MiCAR requires CASPs to develop a business continuity policy, including backup, data recovery, and crisis response plans, to ensure the smooth running of the company.
  7. CASP companies are required to develop clear procedures for handling complaints, respond promptly to customer complaints, and disclose how they are made.
  8. Procedures must be in place to identify, manage, and disclose internal and external conflicts of interest. This is important to maintain fair and transparent relationships with customers.
  9. Must apply for authorization with full information about their activities. Once licensed, CASPs can offer crypto asset services across the EU without the need for separate national authorizations.

Recordkeeping

The CASP shall keep records of crypto-asset services, activities, orders, and transactions undertaken by the CASP to enable the competent authorities to fulfill their supervisory tasks and take enforcement measures. The client shall be able to request the necessary record upon request.

According to ESMA, the CASPs will have the flexibility to maintain all the transaction data elements in the format they consider most appropriate, provided that some of these elements can be converted into a specified format when competent authorities request information. The records to be kept shall be sufficient to enable competent authorities to fulfill their supervisory tasks and to perform enforcement measures, in particular, to ascertain whether CASPs have complied with all obligations with respect to clients or prospective clients and the integrity of the market.

The records shall be kept for a period of 5 years and, where requested by the competent authority before five years have elapsed, for a period of up to 7 years.

Preparing to apply for a MiCA CASP license

Follow these steps to prepare to apply for a CASP license in the EU:

  • Study the MiCA regulations. Familiarize yourself with the requirements that establish CASP categories and rules for crypto asset companies.
  • Determine the category for your business. Determine which category your company falls under (exchanger, depository accounts, ICO providers), as each category has different requirements.
  • Conduct an internal audit to ensure compliance with MiCA requirements. Assess whether the company’s current processes are compliant with MiCA risk management, data protection, and AML/CFT compliance requirements.
  • Choose the right jurisdiction in the EU. As requirements can vary from country to country, select the jurisdiction most suitable for your company’s licensing process.
  • Prepare the necessary documentation. Compile key application documents such as a business plan, management and shareholder details, a description of risk management systems and IT infrastructure, and financial statements.
  • Consult with professionals. Professional consultants can assist in compiling documents, reviewing for compliance, and preparing your company for a successful CASP license application.

CASP licensing process

The procedure for obtaining a CASP license may vary depending on the rules of the chosen EU country but usually includes basic steps common to all jurisdictions:

Preparation of documentation.

Stage 1

A CASP must prepare a number of documents, including a business plan, program of operations, internal risk management, and AML/CFT policies and procedures. A detailed description of IT systems and information security measures will be required, as well as details of key executives and shareholders.

Selecting a jurisdiction for licensing.

Stage 2

Although MiCAR sets out uniform requirements, some jurisdictions may have additional rules. CASPs should select the EU member state where the licensing requirements and procedure best fit its business model.

Submitting an application.

Stage 3

The application for licensing is submitted to the competent authority of the country selected for licensing. In the application, the CASP should specify:

  • company name, legal form, and address;
  • types of crypto asset services to be provided;
  • a description of anti-money laundering and anti-terrorist financing programs;
  • business continuity and data protection plan;
  • a description of the risk management and internal control system.

Audit and verification of documentation.

Stage 4

Competent authorities audit the data and documents provided, assess compliance with MiCAR requirements, and verify the company’s readiness to comply with regulatory standards. It is important to demonstrate that all key individuals and shareholders meet the requirements of integrity and professional reputation.

Obtaining a license and providing services.

Stage 5

Once the application is approved, CASPs are licensed to operate in the EU and authorized to provide crypto asset services throughout Europe. CASPs can provide cross-border services by submitting notifications to regulators in other EU countries where they plan to operate without the need for additional authorizations.

Compliance with standing requirements.

Stage 6

Licensed CASPs must comply with ongoing MiCA requirements, including regular AML/CFT reviews, record keeping, timely updates to data protection procedures, and compliance with business continuity standards.

Provision of Crypto-Asset Services from Abroad

There are no requirements to obtain a CASP license for service providers who provide crypto-asset services at the exclusive initiative of the client located in the EU. This exception doesn’t apply in each of the following cases:

  • a client is solicited by firm(s) that have close links to this service provider or acts on behalf of such service provider regardless of any contractual clauses or disclaimers;
  • new crypto-asset services provided to the client (e., the client has requested the exchange service and the service provider offers another service, like custody or transfer).

Conclusion

The introduction of a single CASP license under MiCA regulation marks an important milestone for cryptocurrency businesses in Europe, offering a more transparent and robust environment to operate in the EU single market. Standard requirements for capitalization, risk management, internal controls, and AML and data protection compliance ensure customer protection and industry stability. Companies already holding VASP status can use the transition period to prepare for CASP licensing, including selecting the best jurisdiction, customizing internal policies, and bringing the business into compliance with MiCA requirements.

Complying with all requirements and obtaining a CASP license will open your company to a wide range of business opportunities across the EU, ensuring stability and compliance with the new MiCA regulatory standards. If you need assistance in preparing for and completing the licensing process, our experts are ready to provide comprehensive support and assistance at every stage of the process.

FAQ about CASP license

What is a CASP license?

A CASP license allows cryptoasset companies to operate legally in the EU, ensuring user protection and MiCA compliance.

Who is required to obtain a CASP license?

Licensing is mandatory for all crypto asset service providers in the EU, including exchanges, asset custodians, exchange service providers, and other cryptocurrency companies.

What should current VASP holders in Europe do?

Current VASP holders can continue to operate under their existing license until the end of the transition period, but they need to prepare to obtain a CASP license to comply with the new MiCA requirements.

What is the transition period for the CASP license?

The transition period runs until the end of 2025, but the exact timeline may depend on the specifics of each EU member state.

How do I choose a jurisdiction for a CASP license?

The choice of jurisdiction depends on local regulatory requirements, licensing costs, infrastructure for crypto services, and support from the regulator in each specific country.

How do I get a CASP license?

To obtain a license, you need to register a company, prepare internal policies (AML/CFT), submit an application, and be vetted by the local regulator.

Connect with our experts

Our experts will tell you how to do it as quickly and easily as possible.

Estonia

    By clicking the button, I confirm that I have read the privacy policy and consent to the collection and processing of my personal data in accordance with the GDPR rules.

    Thank you

    Thank you for reaching us. Our team is working on your request, and we will contact you soon.