MiCA Regulation – CASP license in EU

MiCA CASP license in EU

MiCA (Markets in Crypto-Assets) regulation provides a unified licensing regime for the entire European Union. Crypto businesses which are currently classified as VASPs (Virtual Asset Service Providers) will be classified as CASPs (Crypto-Asset Service Providers) under MiCA. MAXCORP is well prepared to once again support for a successful licensing outcome.

The estimated opening of MiCA license application submissions is Q2 of 2024. Every company holding a VASP license must re-apply for a new MiCA CASP license. The regulator handling the application and monitoring will also change in our jurisdictions. VASPs will have a transition period (length depending on Member State, up to July 2026) and they can operate during the review of the MiCA license application.

A CASP license is passportable and it covers operations in any EU country (e.g. same as for an EMI license). The first set of regulations will take effect on June 30th 2024 (stablecoin issuers) and the second set on December 30th 2024 (crypto exchanges). However, as of February 2024 our specialization jurisdictions (Lithuania, Poland, Estonia) legislators have not yet published the final laws to identify the country specific requirements. Still, even though there are further guidelines per jurisdictions to expect, the core principles of MiCA are known and steps towards full compliance can be started now.

Quick summary

Expected start for MiCA CASP license applications is Q2 of 2024. A new regulator is appointed.

Current VASP license holders must re-apply for a MiCA CASP license.

Current VASPs will have a transition period (length undetermined as of Jan 2024) during which they can operate.

Key points for current VASP license holders

To ensure a smooth transition, current VASPs should use the requirements of MiCA regulation as a blueprint to adjust towards the upcoming regulatory regime. From the perspective of a current VASP license holder we would outline 3 main categories for a successful MiCA CASP license application (expected Q2 of 2024):

1. Capitalisation: heightened capital requirements (up to €150k) are set to ensure financial service stability, to protect customer rights and to offer a threshold for entering the market. We can support with the registry procedures.

2. AML compliance and internal policies: a set of internal policies required by MiCA have to established for internal control mechanisms, risk assessment, confidentiality and safeguarding of funds. Our specialized lawyers can support.

3. Local substance: a registered office where at least part of the activities are carried out; management taking place in the EU with at least one director being a resident of the EU, in addition qualified local resident AML compliance specialists (e.g. CCO and MLRO). The exact requirements per Member State are still to be published. We can provide outsourcing solutions.

New CASP license capital requirements

MiCA regulation presents three different classes for share capital requirement depending on the specific CASP activities. We recommend increasing the share capital of the VASP company already now in the commercial registry to avoid administrative tasks later.

Class 1 CASP – EUR 50.000 capital for the following crypto-asset services:
– reception and transmission of orders on behalf of third parties; and/or
– providing advice on crypto-assets; and/or
– execution of orders on behalf of third parties; and/or
– placing of crypto-assets.

Class 2 CASP – EUR 125.000 capital for any crypto-asset services under Class 1 and:
– exchange of crypto-assets for fiat currency that is legal tender;
– exchange of crypto-assets for other crypto-assets;
– operation of a trading platform for crypto-assets.

Class 3 CASP – EUR 150.000 capital for any crypto-asset services under Class 2 and:
– custody and administration of crypto-assets on behalf of third parties.

CASP License Application Overview

MiCA will enter into force for crypto exchanges in December 2024, but the license application submission is expected to open in Q2 of 2024. The EU Member States have the option of granting currently licensed VASPs up to an additional 18-month “transitional period” during which they may continue to operate without a MiCA license (“grand-fathering clause”). Thus the current VASPs may potentially operate until as late as 1st July 2026 – the exact date however may vary by jurisdiction based on how each Member State chooses to apply (or not apply) the optional transitional measures per Article 143(3) of MiCA.

MiCA license application foresees submitting an application to the regulator who has up to 25 business days to assess whether the application is complete (if not, a deadline is provided). Thereafter the regulator will assess within 3 months if the CASP license applicant complies with the requirements and provides a reasoned decision – the applicant is notified within 3 business days of the decision. Even though the indicative timeframes suggest approx. 4 months licensing duration, then based on experience with e.g. crowdfunding and EMI licenses (same regulator, similar requirements) we estimate the total length of the licensing process to be twice as long.

For a CASP license application we will begin with a concentrated legal opinion on the business model, shareholding structure, policy documentation and AML compliance systems. We can thereafter prepare a plan and handle all aspects of the licensing process. Below we have noted some selected important requirements per MiCA Article 54(2) for the license application documentation.

  • Programme of Operations: sets out the types of crypto-asset services that the applicant wishes to provide, including where and how these services are to be marketed. It entails a three-year plan for regulated and unregulated activities, geographical distribution of services, and target client categories. It also covers the outsourcing policy, including intra-group arrangements, a list of outsourced service providers, a financial forecast, and plans for crypto-asset exchanges and activities.
  • Business continuity policy, disaster recovery plan, internal control mechanisms and effective procedures for risk assessment, systems and procedures to safeguard the security, integrity and confidentiality of information. CASPs must also have in place systems, procedures and arrangements to monitor and detect market abuse. There are also requirements for outsourcing and to maintain and to operate an effective policy to prevent, identify, manage and disclose conflicts of interest.

  • CASPs will be required to have adequate measures in place to safeguard the assets of their clients, especially in case of insolvency and to prevent the use of a client’s crypto-assets on their own account. Client’s funds should be placed with an EU credit institution and steps taken to ensure that the client funds are held in separate accounts. Additionally, CASPs will need to confirm that they have adequate insurance coverage to protect their clients in case of theft or loss of assets.

Below we have covered the main list of required documentation, policies and rules which have to be tailor-made for each applicant for the CASP license. We can handle all aspects of the licensing process, ensuring a smooth and efficient application experience.

  1. Programme of Operations – Article 40 and 51of MiCA
  2. Client Information and Best Interest Policy – Article 59 of MiCA
  3. Insurance Policy – Article 60 of MiCA
  4. ICT Systems Security Policy – Article 61 (7) of MiCA
  5. Market Abuse Monitoring and Reporting Policy – Article 61 (9) of MiCA
  6. Client Crypto-Asset Safeguarding Policy – Article 63 of MiCA of MiCA
  7. Client Complaint Handling Policy – Article 64 of MiCA
  8. Conflict of Interest Policy – Article 65 of MiCA
  9. The Outsourcing Management Policy – Article 66 of MiCA
  10. Custody Policy – Article 67 of MiCA
  11. Trading Platform Operating Rules – Article 68 of MiCA
  12. Non-Discriminatory Commercial Policy – Article 69 of MiCA
  13. Order Execution Policy (if applicable) – Article 70 of MiCA
  14. Governance Arrangements – Article 30 of MiCA
  15. Internal Control Policy – Article 30 of MiCA
  16. Business Continuity Policy – Article 61 (6) of MiCA
  17. IT Systems and Security Arrangements Policy – Article 54(2)(i) of MiCA
  18. Proof of Meeting Prudential Safeguards Documentation Policy – Article 54(2)(j) of MiCA
  19. Client’s Crypto-Assets and Funds Segregation Procedures Policy – Article 54(2)(l) of MiCA
  20. Subsidiary Relationship Information Documentation – Article 55(4) of MiCA
  21. Compliance Assessment Documentation – Article 55(5) of MiCA
  22. Cross-Border Service Provision Information Documentation – Article 58(1) of MiCA
  23. Notification of Cross-Border Activities Documentation – Article 58(2) of MiCA
  24. AML Policy – Article 30 (3) of MiCA
  25. Whistleblowing Policy – (78) of MiCA

For the full MiCA regulation please refer to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (Text with EEA relevance)

We can provide several options for a solution in regards to AML compliance support, we can further support with professional Compliance Officer/Money Laundering Reporting Officer out-sourcing to take care of the company reporting requirements.

The duties of a Compliance Officer (CO) include, inter alia:

  • organisation of the collection and analysis of information referring to unusual transactions or transactions or circumstances suspected of money laundering or terrorist financing, which have become evident in the activities of the obliged entity;
  • reporting to the regulator in the event of suspicion of money laundering or terrorist financing;
  • periodic submission of written statements on compliance with the requirements to the management board;
  • performance of other duties and obligations related to compliance with the requirements.

The overall requirements set for a Compliance Officer (CO) include:

  • only a person who has the education, professional suitability, the abilities, personal qualities, experience and reputation required for performance of the duties of a CO may be appointed as a CO;
  • the company must organize specialized training on money laundering and / or terrorist financing prevention measures for their employees, especially those who work directly with customers and their transactions.

The MiCA CASP license may be terminated by the regulator in several cases, excluding any regulatory deficiencies, also in case licensed activities have not started within 12 months of obtaining the license or if crypto-asset services have not been provided in a period of 9 months.

MiCA also establishes financial penalty  thresholds, from 3% up to 12.5% of the total annual turnover of the entity or more, periodic penalty payments, withdrawal/suspension of the license or removal/ban of a person from the managerial positions.

Prepare for MiCA CASP License application

For current VASP license holders we recommend to approach MiCA in stages, to secure the high level specialists time allocations for a balanced approach. Our track-record with 500+ VASP licenses since the birth of EU crypto regulations and 30+ in-house professional background AML specialists can be at your disposal. We’d be glad to support your VASP company with the preparation of a successful MiCA CASP license application and the associated legal documentation. 

  • STAGE 1: ANALYSIS Enterprise Wide Risk Assessment (EWRA)
  • Objective: Business plan, AML and IT infrastructure in-depth analysis
  • Outcome: Detailed legal opinion what needs improvement prior to MiCA licensing
  • To start: legal work indication from 50 hours; recommended to perform during Q1 of 2024.
  • STAGE 2: LEGAL WORK MiCA Required Policy Documentation
  • Objective: Eliminate deficiencies and solve problems mapped in the EWRA analysis
  • Outcome: Full set of final procedures, rules and policies required by MiCA regulation
  • To start: legal work indication from 100 hours; recommended to perform during Q1 of 2024.
  • STAGE 3: CASP LICENSE MiCA CASP License Application
  • Objective: Prepare and submit license application, correspondence with regulator
  • Outcome: MiCA CASP license issuance to operate in the European Union
  • To start: legal work starting from 80 hours; recommended to perform during Q2 of 2024.

Partner attorney-at-law and senior AML compliance specialist combined hourly fee is applied for MiCA licensing. All orders are subject to review and final confirmation; conditions may apply. All pricing is indicative and is subject to our final confirmation upon receiving further details. Discounts may be applied. Additional fees may apply. We reserve the right to update our individual and package prices at any time without prior notice. Please contact us for a detailed offer specific to your project.

Book a meeting for more information

We can provide further information after gathering the preliminary project information. We follow a thorough checklist to confirm that all legal requirements are met. Please contact our legal department through the contact form below to set up an online meeting, we will get back to you shortly.

    Contact details

    Please contact us to be connected with our crypto projects manager or to schedule a meeting.

    Call our head office at +372.50.43.245

    E-mail us at mica@maxcorp.eu

    Lithuania | Poland | Estonia