Obtaining a CASP licence – key information for crypto companies

The CASP (Crypto-Asset Service Provider) licence is a mandatory licence under the MiCA (Markets in Crypto-Assets) regulation that companies providing services related to crypto-assets in the European Union must obtain. This includes cryptocurrency exchanges and cryptocurrency exchange offices.

How to obtain a CASP licence?

In order to operate in the field of crypto assets in accordance with MiCA regulations, entrepreneurs must meet certain requirements and submit an application to the relevant supervisory authority in their country.

Requirements for physical presence in the EU

In accordance with Article 59(2) of MiCA, crypto asset service providers must:

• Have their head office in a member state where they actually carry out at least part of their cryptoasset service business.
• Have their place of effective management in the EU.
• Have at least one director who is resident in the EU.

Therefore, purely virtual operations without a physical presence in the EU do not meet the regulatory requirements.Where do I apply for a CASP authorisation?

Entities applying for a CASP authorisation shall submit an application to the competent supervisory authority of their home Member State.

The home member state for a crypto-asset service provider will be the member state in which the crypto-asset service provider has its registered office.

Does the CASP authorisation allow for the provision of services throughout the EU?

Yes, once they have obtained a CASP licence, companies can provide crypto-asset services throughout the European Union under the freedom of establishment or the freedom to provide services. Importantly, cross-border activity does not require a physical presence in the host Member State.

Requirements for board members of entities applying for a CASP

Board members must:

• They must be of good repute, have a clean criminal record and have appropriate knowledge and experience.
• They must not have been convicted of offences relating to money laundering or terrorist financing or of other offences that could affect their good repute.
• At least one board member must be resident in the Union.
• They must also demonstrate that they are able to dedicate sufficient time to effectively fulfil their duties.
• They must not be subject to any penalty under commercial law, insolvency law, financial services regulations, anti-money laundering and anti-terrorist financing regulations, anti-fraud regulations or professional liability regulations.

The fulfilment of these conditions must be documented with appropriate evidence and attached to the authorisation application. The supervisory authority will verify whether these conditions are actually met.

Documents required for the CASP authorisation application

The exact list of documents and information that must be included in the CASP application depends on the type of services that the applicant intends to provide according to Art. 3, Paragraph 1, No. 16 of the MiCA. Therefore, the first step in preparing an application should always be to identify the services you plan to provide and verify the requirements that the MiCA has set for the authorisation of these specific services.

However, based on the requirements set out in the MiCA regulation and the accompanying technical standards, it is possible to define a basic catalogue of documents and information that will need to be completed by an entity preparing to apply for a CASP licence. These will include:

• Identification data of the applicant.
• Articles of association or partnership agreement.
• Programme of activities and type of services planned, as well as the place and manner in which they will be provided.
• Proof of compliance with the prudential requirements set out in Article 67 of the MiCA (documents confirming the required funds or guarantees, insurance policies if applicable).
• Description of management principles – organisational structure of the applicant and internal supervision system and decision-making procedures.
• Proof of good repute and competence of the members of the management body – (Criminal records and CVs as well as information on experience).
• Description of internal control and risk management procedures (Policies and procedures for identifying, assessing and managing risks, procedures for combating money laundering and terrorist financing, and a business continuity plan).
• Technical documentation of ICT systems and security solutions with a non-technical description (Consistent non-technical description and business continuity policy, which includes ICT business continuity plans as well as ICT response and recovery plans).
• Procedures for segregating crypto assets and customer funds.
• Complaint handling procedures.
• Cryptoasset custody policy (Required for custody service plans).
• Description of trading platform operating rules (if applicable) – Platform rules and procedures and market abuse prevention system.
• Confirmation of the knowledge and experience of persons providing advice or portfolio management (if we intend to provide crypto-asset advice or crypto-asset portfolio management services) – Documents confirming the competence and experience of advisors necessary to fulfil their duties.
• Indication of the type of crypto assets to which the crypto asset service relates.
• Systems and procedures to ensure the availability, authenticity, integrity and confidentiality of data.
• Outsourcing policy, including policies on contingency plans and exit strategies, taking into account the scale, nature and scope of the crypto asset services provided.

Summary

Considering the detail and extent of the information and documents that must be attached to the CASP licence application, there is no doubt that this is a process that requires thorough preparation. Therefore, if you are planning to apply for a MICA licence, please contact us to make sure that your application meets all regulatory requirements! We will gladly help you prepare the relevant documentation and ensure compliance with MiCA regulations, as well as other regulations relevant to, among others, financial entities or those in the crypto-asset industry – in particular, GDPR or DORA.