MiCA CASP Licensing: Complete Application and Compliance Guide

The MiCA CASP license is the gateway to the European digital asset market. Any entity seeking to provide crypto-asset services to EU customers – whether custody, exchange, trading, advisory, or portfolio management – must obtain authorization from a national competent authority. The application process is rigorous, requiring comprehensive documentation of the applicant’s governance, compliance framework, technology infrastructure, and financial resources. This guide provides the step-by-step operational framework for obtaining MiCA authorization.

Scope of CASP Services

MiCA defines ten categories of crypto-asset services, each requiring authorization:

1. Custody and administration of crypto-assets – holding or controlling crypto-assets or the means of access on behalf of clients
2. Operation of a trading platform for crypto-assets – managing a multilateral system that matches buyer and seller interests
3. Exchange of crypto-assets for funds – concluding contracts to buy/sell crypto-assets for fiat currency
4. Exchange of crypto-assets for other crypto-assets – concluding contracts to exchange one crypto-asset for another
5. Execution of orders for crypto-assets on behalf of clients – entering into agreements to buy/sell crypto-assets
6. Placing of crypto-assets – marketing newly issued crypto-assets to specific purchasers on behalf of the offeror/issuer
7. Reception and transmission of orders – receiving and transmitting client orders to other CASPs
8. Providing advice on crypto-assets – offering personalized recommendations on crypto-asset transactions
9. Providing portfolio management of crypto-assets – managing portfolios containing crypto-assets on a discretionary basis
10. Providing transfer services for crypto-assets – transferring crypto-assets from one address to another on behalf of clients

Each service category carries specific compliance requirements in addition to the general CASP obligations.

Choosing the Home Member State

Key Considerations

The choice of home member state is a strategic decision that affects:

NCA Processing Capacity and Approach:

• France (AMF): Experienced regulator with a crypto-specific team. Processed DASP registrations since 2019. Relatively efficient processing. Strong in DeFi and exchange licensing. See our France jurisdiction profile.
• Germany (BaFin): Thorough and demanding assessment. Strong emphasis on governance and AML. Longer processing times. Preferred by firms seeking German market credibility.
• Ireland (Central Bank of Ireland): English-speaking jurisdiction. Competitive corporate tax environment. Growing digital asset regulatory practice. Attractive for international firms.
• Luxembourg (CSSF): Deep financial services expertise. Strong in fund administration and custody. Higher operational costs but excellent banking access.
• Netherlands (AFM): Pragmatic approach. Strong AML emphasis. Growing crypto regulatory capacity.
• Lithuania (Bank of Lithuania): Lower operational costs. Efficient processing. Popular with smaller CASPs. English language capability.

Operational Factors:

• Local substance requirements (office, management, staff)
• Banking access (critical and varies significantly by jurisdiction)
• Tax treatment
• Availability of compliance talent
• Language requirements for client-facing operations
• Legal system familiarity

NCA Application Fees

Application Requirements

Documentation Package

The MiCA CASP application must include:

1. Programme of Operations:

• Detailed description of each crypto-asset service to be provided
• Types of crypto-assets to be serviced
• Target client base (retail, professional, or both)
• Marketing strategy and distribution channels
• Three-year financial projections
• Technology architecture and systems description

2. Governance Arrangements:

• Organizational chart with clear reporting lines
• Board composition and qualifications of directors
• Description of management body responsibilities
• Internal governance policies (decision-making, oversight, risk management)
• Fitness and propriety documentation for shareholders with qualifying holdings (10%+ ownership), directors, and key function holders

3. Compliance Framework:

• AML/CFT policies and procedures
• Conflicts of interest policy
• Complaints handling procedure
• Outsourcing policy
• Data protection and privacy policies
• Market abuse detection and reporting procedures
• Best execution policy (for order execution services)
• Client categorization procedures

4. Risk Management:

• Risk management framework description
• Risk appetite statement
• Key risk indicators and monitoring procedures
• Operational risk management
• ICT risk management (DORA compliance)
• Business continuity and disaster recovery plans

5. Financial Resources:

• Evidence of initial capital meeting minimum thresholds
• Source of capital documentation
• Financial projections demonstrating ongoing own funds compliance
• Capital adequacy assessment

6. Client Asset Safeguarding:

• Custody policy and procedures
• Description of wallet infrastructure and key management
• Segregation of client assets from own assets
• Insurance or comparable arrangement for client asset protection
• Procedures for client asset return in the event of insolvency

7. Technology and Security:

• System architecture description
• Cybersecurity policies and controls
• Penetration testing and vulnerability assessment procedures
• Incident response plan
• DORA (Digital Operational Resilience Act) compliance framework

Application Timeline

Standard Process

Week 1-8: Application Preparation Develop all required documentation with experienced MiCA counsel. Engage compliance consultants for framework development. Prepare the governance and compliance infrastructure.

Week 8-12: Pre-Filing Engagement Many NCAs offer pre-filing meetings or guidance sessions. Use this opportunity to understand the NCA’s priorities, clarify specific requirements, and identify potential application issues before formal submission.

Week 12: Application Submission File the complete application package with the NCA.

Week 12-17: Completeness Assessment The NCA has 25 business days to assess whether the application is complete. If incomplete, the NCA requests additional information and the clock resets.

Week 17-25: Substantive Assessment After acknowledging completeness, the NCA has 40 business days to make a decision. During this period, the NCA may request additional information or clarification. ESMA and EBA are consulted on cross-border and systemic considerations.

Week 25+: Decision The NCA grants or refuses authorization. If granted, the CASP is entered in the ESMA register and can commence operations.

Total Timeline: 6-12 months from initial preparation to authorization, depending on the NCA and the complexity of the application. For a detailed breakdown of costs across jurisdictions, see our cost of compliance benchmark.

Capital Requirements

Minimum Initial Capital

Ongoing Own Funds

CASPs must maintain own funds equal to the higher of:

1. The applicable minimum initial capital
2. One quarter of the preceding year’s fixed overhead expenditure
3. For custody providers: 0.4% of the total value of crypto-assets held on behalf of clients
4. For trading platform operators: a percentage of transaction volume (specified by ESMA RTS)

Own Funds Composition

Own funds consist of:

• Common Equity Tier 1 (CET1): share capital, retained earnings, share premium
• Additional Tier 1 instruments (subject to conditions)
• Tier 2 instruments (subject to conditions)

In practice, most CASPs fund their initial capital and ongoing own funds through share capital and retained earnings.

Post-Authorization Obligations

Ongoing Compliance

After authorization, CASPs must maintain:

Regulatory Reporting:

• Regular supervisory returns to the NCA
• Financial reporting (annual accounts)
• Complaints data reporting
• AML/CFT reporting
• Incident reporting under DORA

Notification Obligations:

• Material changes to governance, ownership, or services
• Changes to the management body
• Outsourcing arrangements (new or modified)
• Significant operational incidents
• Suspected market abuse

Record Keeping:

• All transactions executed for at least five years
• Client records and agreements
• Complaints and their resolution
• Internal communications relating to crypto-asset services
• Marketing communications

Passporting Procedure

To provide services in another EU member state:

1. Notify the home NCA of the intention to passport, specifying the host member state(s) and services
2. The home NCA transmits the notification to the host NCA and ESMA within 10 business days
3. The CASP can commence services in the host member state after the notification is transmitted
4. The host NCA may impose additional marketing requirements

Common Application Pitfalls

1. Insufficient local substance: NCAs expect genuine presence, not a letterbox entity. At minimum, two senior management personnel must be resident in the member state.
2. Weak AML framework: NCAs scrutinize AML programs intensely. Generic or template-based policies without crypto-specific content are rejected.
3. Inadequate capital planning: Financial projections that show own funds falling below thresholds during the first three years.
4. Unclear governance: Lack of clear Board oversight, risk management accountability, or compliance function independence.
5. Technology gaps: Insufficient cybersecurity documentation or failure to address DORA requirements.

Cost Summary