Fill this form to discuss your fintech licensing project

Thank you!
Your submission has been received.
Our experts will get in touch with you shortly!
Nice
Oops! Something went wrong while submitting the form.

CONTENTS

MiCA Crypto authorisation in the EU
Exemptions
Crypto Asset Service Providers (CASPs)
CASP capital requirements
Time frames
Requirements
Scope of work
What we will need from you
The UBO (Ultimate Beneficiary Owner)
The Key Individuals (e.g., directors)
The software requirements
About Us
Our Case Studies
Our Completed Projects
Reach Out Now
Home
Licensing

MiCA Crypto authorisation in the EU

EMI Licence in the UK promo image

The Markets in Crypto-Assets Regulation (MiCA) is a the new EEA regulatory framework for  crypto asset regulation fully-applied on 30 December 2024. Applicable to all of 30 EEA member states, MiCA introduces licensing requirements for CASPs - Crypto Asset Service Providers, replacing previous VASPs - Virtual Asset Service Providers. It includes rules on governance, capital, safeguarding and prudential requirements, and the necessary disclosures.

Companies willing to provide any of the crypto-related services in the EEA must obtain relevant authorisation according to one of three Classes of activity in one of the member states.

Fintheo’s licensing team created one of the early MiCA applications in Lithuania and obtained one of the first Cryptoregistrations in UK - MiCA’s UK analogue.

TALK TO OUR EXPERTS

Exemptions:

MiCA does not apply to:

  • Decentralised protocols (DeFI) with no identifiable issuer or operator
  • Central banks and public authorities
  • NFTs (unless part of a fractionalised or fungible offering)
  • Firms already regulated under MiFID II, provided crypto services are incidental and compliant with MiCA.

Crypto Asset Service Providers (CASPs)

To avoid doubt, the list of businesses requiring authorisation under MiCA as crypto-asset service provider includes:

1. Crypto exchanges - Class 3/Class 2

  • Platforms that enable buying, selling, and exchanging of crypto-assets (e.g. spot trading platforms)
  • Crypto exchange ( using proprietary funds) of both crypto-to-crypto and crypto-to-fiat trading

2. Custodians & wallet providers -  Class 2

  • Entities that safeguard private cryptographic keys on behalf of clients
  • This includes custodial wallet services and third-party key management solutions

3. Brokerage firms - Class 1

  • Companies that execute orders on behalf of clients for crypto-assets
  • Similar to traditional brokers under MiFID II, but applied to digital assets

4. Crypto advisors & Portfolio managers - Class 1

  • Firms providing investment advice on crypto-assets
  • Those managing portfolios containing crypto-assets on behalf of clients

5. Placing agents - Class 1

  • Entities helping issuers place crypto-assets with investors (primary market activity)
  • Common in initial token offerings and other fundraising activities

6. Transfer Services Providers (TSPs) - Class 1

  • Companies facilitating the transfer of crypto-assets between addresses or accounts on behalf of third parties

7. Crypto order book operators & Multilateral Trading Facilities (MTFs) - Class 3

  • If the service resembles a multilateral trading platform for crypto-assets, authorisation is required

Once authorised in any of the EEA member states, CASPs regulatory permissions can be passported across the remaining 29 countries.

CASP capital requirements

MiCA mandates CASPs to have a minimum initial capital (depending on the type of services provided) and imposes ongoing capital requirements to ensure operational stability. It should be paid to the company’s bank account in cash, not assets and be no less than one of the three thresholds below. This sum should not fall below the required amount at any point in time to avoid a regulatory breach after authorisation.

CASP Class (Annex IV)
Type of services
Initial minimum capital (EUR)
Class 1
  • execution of orders on behalf of clients
  • placing of crypto-assets
  • providing transfer services for crypto-assets on behalf of clients
  • reception and transmission of orders for crypto-assets on behalf of clients
  • providing advice on crypto-assets; and/or
  • providing portfolio management on crypto-assets
€50,000
Class 2
All Class 1 services plus:  
  • providing custody and administration of crypto-assets on behalf of clients
  • exchange of crypto-assets for funds; and/or
  • exchange of crypto-assets for other crypto-assets
€125,000
Class 3
All Class 1 and 2 services plus:  
  • operation of a trading platform for crypto-assets
€150,000

Even where a CASP meets the fixed capital threshold, the prudential capital requirement may be greater if 25% of last year’s fixed overheads exceeds that amount.

CASPs that have not been in business for one year from the date on which they began providing services shall use the projected fixed overheads included in their projections for the first 12 months of service provision, as submitted with their application for authorisation.

Time frames

Class of activity and jurisdiction are the two main factors that affect the approval timeline. MiCA also assigns statutory authorisation timelines for applicants:

Milestone
Deadline
Acknowledge receipt of application and notify applicant of missing info
25 working days (from submission)
Decision on complete application
40 working days (from date of completeness)

At Fintheo we aim to prepare and draft the Class 2 CASP application within 8-10 weeks, whereas the regulators indicate review periods of 3-6 months. We recommend that our clients plan for 6-8 months of total turnaround time.

Requirements

When creating a CASP-authorised business, you will need:

  1. To open a legal entity - a registered entity in a country of authorisation.
  2. Initial capital requirement - an amount of at least €50,000, €125,000 or €150,000 (according to class) or higher paid into your company’s bank account.
  3. Appoint key individuals - on average 3-4 local individuals well-versed in their field. See “Key Individuals” below.
  4. Source of Wealth (SoW) - of the Ultimate Beneficiary Owner (UBO) for the full amount of capital to be committed to the business. The origin of funds must be of legitimate nature and supporting documentation must be provided to demonstrate it.
  5. Software - with detailed technical documentation. See “Software” below.

MiCA application is a rigorous process, and inconsistent documentation can lead to rejection by the regulator, thus jeopardising further ability to be approved in the future. Only trust your application to regulatory compliance professionals with a recent proven track record of succeeding in the application process!

Scope of work

Our work is structured in three key Stages to ensure a smooth and efficient CASP application process for MiCA.

We begin with a questionnaire and an in-depth interview with you as a client, to then outline the roadmap, risks and timelines in an Application Development Plan (ADP), liaised with you before beginning the work. Once approved by you, we begin work on Stage One document pack and present it’s results for approval with options for amendments. Before each new stage an invoice is issued, making sure we go smoothly throughout the process to a timely and effective submission.

The full list of document pack we prepare according to stages can be found below:

MiCA CASP authorisation document checklist:

Stage One
  1. Regulatory business plan
    A concise version of your full business plan focused on regulatory expectations coupled with financial forecast for the 3 year period following authorisation.
  2. Financial forecast for at  least three years
    Describes the day-to-day activities, scope of operations, and delivery channels.
  3. Compliance and governance arrangements
    Details your internal control systems, compliance policies, and governance structure.
  4. Prudential requirements
    Explains how customer plan to meet initial and on-going capital requirements.
  5. Structural organisation chart
    Shows the company’s internal structure, management lines, and group affiliations.
  6. Governance structure
    Provides background information, experience, and responsibilities of key individuals.
Stage Two
  1. Details of shareholders and their qualifying holdings (if any)
    Identifies ownership stakes and verifies the source of invested funds.
  2. Initial capital confirmation
    Evidence that the firm meets the CASP minimum capital requirement. We recommend increasing that to a minimum of 40% buffer above the required capital to ensure there is enough funds to support operations int the first several months.
  3. Financial forecasts (3 years)
    Provides projected balance sheets, profit/loss statements, and cash flow forecasts.
  4. IT security and risk assessment
    Assesses risks tied to your technology infrastructure and how they’re mitigated. DORA compliant documentation.
  5. AML/CTF policy and procedures
    Outlines how the firm will prevent money laundering and terrorist financing.
  6. Outsourcing agreements (if applicable)
    Describes key third-party arrangements for critical functions or services.
  7. A description of the procedure for the segregation of clients’ crypto-assets and funds;

  8. Specific policies relevant to the type of services that the CASP is going to provide (e.g., rules of the trading platform, custody and administration policy).

Stage Three
  1. Risk management framework
    Describes your approach to identifying, assessing, and controlling business risks.
  2. Complaints handling policy
    Outlines how customer complaints will be received, handled, and resolved.
  3. Evidence of local presence
    Confirms the firm has a physical presence (a secure office space for a min of 2) and operational footprint in the country of operations.
  4. Application forms
    The official application form(s) submitted through the means outlined by the regulator, including all required declarations and attachments (we provide assistance).
Once the full application pack is prepared and submitted to the regulator, we support the client by managing their correspondence with the regulator and assisting with any follow-up queries until the authorisation is granted.

Throughout the stages, we can support the recruitment of qualified individuals through our recruitment division, offer you introductions to banks or other vendors.

What we will need from you

While we will handle the majority of the application process, your input and cooperation are essential. In particular, there are a few key matters that will need to be completed directly by you:

  • Provide the Source of Wealth (SoW) for the ultimate beneficial owner (UBO), as required for regulatory due diligence.
  • Register a legal entity in the country of application or provide an existing one.
  • Recruit key management individuals (e.g., directors, CEO, MLRO, CFO).
  • Select your software provider, by providing its technical documentation and draft agreement.
  • Choose your vendors (banks, crypto exchanges, compliance tools) by providing information of their fees and draft agreements.
  • Provide us with in-depth information in questionnaire & interviews, where we will gather essential information about your business model, services, and future plans (including financial ones).

We will guide you through each step, but your timely involvement in these areas will ensure a smooth and efficient application process.

The UBO (Ultimate Beneficiary Owner)

The regulators apply particular scrutiny on the controller (UBO) of a CASP: they must be able to demonstrate the legitimate source of wealth, links to industry, a clean reputation as well as a clear, transparent ownership structure. While the UBO is not expected to be involved in day-to-day operations, they must be deemed fit and proper. Any history of financial misconduct, sanctions, or regulatory issues will be assessed by the regulator.

The regulator will also assess whether the UBO has any other passports, side agreements or is related to any other regulated company.

The Key Individuals (e.g., directors)

The most common set of key individuals appointed in CASP includes the CEO, Head of Compliance (AML officer, MLRO), CFO, and CTO. In practice, senior management and directors must also meet a number of expectations:The most common set of EMD individuals appointed by UK EMIs includes the CEO, MLRO, CFO, and CTO. In practice, they must meet several strict, unwritten expectations:

  • most of the senior managers/directors are generally required to be residents of the country where authorisation is sought
  • have at least four years of relevant managerial experience in their field
  • have good working knowledge of the crypto space.
Fintheo can help you find and hire these individuals quickly and reliably to achieve your goals.

The software requirements

There are typically three routes to solving the software challenge for a crypto service provider: purchasing a Software-as-a-Service (SaaS) solution, buying a software with the source code, or developing a custom platform yourself. Whichever route you decide to choose, make sure you have the set of technical documentation ready for the application process. This is a critical point in your CASP application process.There are typically three routes to solving the software challenge for an EMI:

Digital Operational Resilience for CASPs

Although Digital Operational Resilience Act (DORA) does not explicitly list CASPs in its original scope, yet it applies to all the CASPs authorised under MiCA and falling within the EU definition of financial entities. DORA imposes a range of requirements on CASPs in terms of ICT risk management, operational resilience, business continuity and third-party risk management.Therefore, MiCA CASP application pack must meet DORA requirements for a successful authorisation.

About Us

We are a team of former MLROs, compliance officers, and fintech and regtech professionals, dedicated to guiding firms through the regulatory landscape. Since 2019, our team has actively supported customers in building, scaling and expanding fintech businesses by providing a full suite of consulting services.

Our commitment to provide end-to-end support for businesses pursuing regulated activities led to the creation of Fintheo. We are a tech-driven company that strives to offer impeccable service to customers. As part of our proposition, we also offer a purpose-built e-money software platform which is fully DORA-compliant. In 2022, we expanded our services to include Fintheo.Recruitment, a division focused on sourcing fit and proper individuals for director and management roles to support clients during the licensing process.

Fintheo. Competence. Prudence. Result.

Our Completed Projects

Reach Out Now

Contact our consultant today
for the next steps

Thank you!
Your submission has been received.
Our experts will get in touch with you shortly!
Nice
Oops! Something went wrong while submitting the form.

Contact Us

info@fintheo.com

Meet Us in London

Level 1
Devonshire House
One Mayfair Place
London W1J 8AJ
UK

Registered Address & Correspondence

Brulimar House
Jubilee Road
Middleton M24 2LX
UK

LinkedIn logo
Connect on LinkedIn
Privacy Policy
Cookie Policy
© 2025 Fintheo Consulting LTD. All rights reserved.