CASP License under MiCA
Whether you’re launching a crypto exchange, custody wallet, or on/off-ramp, a CASP license gives you the legal foundation to operate, safeguard client assets, and scale with institutional trust.
Why Is a CASP License Important
For companies planning to build digital banks, wallets, or super apps, the CASP license is the better long-term option.
Legal Authorization
Operate compliant virtual asset services (exchange, custody, transfer) under FATF standards and local law (EU: CASP under MiCA).
AML/Travel Rule Compliance
Meet KYC/KYB, sanctions screening, and Travel Rule data-sharing requirements to prevent illicit flows.
Custody & Safeguarding
Provide secure wallet infrastructure (hot/warm/cold, MPC/HSM) with clear segregation of client assets.
Banking & Fiat Rails
Access payment partners for on/off-ramps, EUR/GBP/USD settlement, and card/acquiring where permitted.
Institutional Trust
Licensing improves bank access, liquidity relationships, and partner credibility.
Market Expansion
Unlock multi-country operations (e.g., EU passporting for CASPs under MiCA once authorized).
Security & Resilience
Demonstrate robust IT, cybersecurity, incident response, and chain analytics (KYT) controls.
Revenue Opportunities
Trading fees, spread, custody fees, staking-as-a-service (where allowed), listings, and B2B APIs.
What Is a CASP license?
CASP (Crypto-Asset Service Provider) license is the authorization required under the EU’s MiCA regulation for companies that offer crypto-asset services in the EU/EEA. Depending on the jurisdiction, the authorization may be called VASP, CASP under the EU’s MiCA framework, a virtual asset license, a crypto service provider authorization, or an MSB registration with virtual currency activities (e.g., in Canada or certain US states). Typical VASP operations include fiat–crypto and crypto–crypto exchange, client asset custody and wallet key management, and the transfer of virtual assets on behalf of customers; many also provide brokerage and OTC execution, and in some markets may offer staking or delegation services where explicitly permitted by law.
With FinHost’s crypto compliance and infrastructure expertise, you can secure your VASP/CASP authorization faster, acquire a ready-made licensed entity if needed, and deploy the custody, KYT/Travel Rule, and fiat on/off-ramp stack required to operate and scale confidently under MiCA and other global regimes.
How to Obtain a VASP (CASP) License in the European Union
Timeline: ~3–9 months (jurisdiction & application quality dependent)
1. Choose Jurisdiction
Selecting the right EU jurisdiction is the foundation of the licensing process. Countries such as Lithuania, Estonia, France, Malta, and Ireland provide clear pathways under the upcoming MiCA regime. The decision depends on expected capital, staffing requirements, and regulator experience with crypto businesses.
2. Incorporate & Appoint Key Persons
After choosing the country, a company must establish a local legal entity and appoint directors, a Compliance Officer or MLRO, and risk and security leads who meet the “fit and proper” standards. Regulators expect local presence, operational control, and governance transparency.
3. Build Compliance & Risk Framework
Before applying, the company prepares AML/KYC and KYT procedures, Travel Rule and custody policies, risk management, IT security, and outsourcing rules. The goal is to demonstrate compliance with MiCA and EU AML directives through clear manuals and internal controls.
4. Develop Technical Infrastructure
The applicant must have a working technical setup for onboarding, transaction monitoring, and secure wallet management. Regulators assess the system’s ability to track blockchain activity, protect client funds through MPC or cold storage, and maintain audit trails and reporting tools.
5. Submit Application to Regulator
All documentation — business plan, financials, compliance manuals, and fit-and-proper forms — is submitted to the national competent authority. The review includes clarifications and, if necessary, remediation steps before the license is granted.
6. Authorisation & EU Passporting
Once authorised as a CASP under MiCA, the company can operate across all EU and EEA countries under one license. The firm must maintain reporting, safeguard client assets, and conduct regular AML and IT audits to preserve regulatory approval.
How FinHost Supports Your VASP/CASP Journey
At FinHost, we provide end-to-end solutions for companies aiming to obtain or acquire an VASP/CASP license:
Regulatory Strategy & Authorization
MiCA (CASP) vs UK/UAE/HK/EU national regimes; scope mapping, timelines, costs, and full application pack (business plan, AML/KYC/KYT, Travel Rule, custody & security policies, governance, risk).
Compliance-as-a-Service (CaaS)
End-to-end KYC/KYB, sanctions screening, KYT/chain analytics, Travel Rule orchestration, continuous monitoring, alerts, and regulator-ready reporting.
Custody & Wallet Infrastructure
MPC/HSM setup, key ceremonies, wallet policies (hot/warm/cold), cold-storage operations, reconciliations, and asset segregation controls.
Banking, Liquidity & Integrations
Fiat on/off-ramps, safeguarding/settlement partners, market makers & liquidity, card/acquiring where permitted, plus API integrations to core vendors.
Security, Assurance & Scale
ISO 27001 readiness, pen-tests, SOC 2 guidance, incident/BCP drills, automated regulatory reporting, audits, change management—and, if speed is critical, ready-made VASP/CASP entities to cut time-to-market from months to weeks.
Key Requirements for Operating as a VASP/CASP
- Governance: Fit-and-proper directors, Compliance Officer/MLRO.
- Compliance: KYC/KYB, sanctions/PEP, KYT/Travel Rule, ongoing monitoring.
- Custody: Client asset segregation, wallet policy (hot/warm/cold), MPC/HSM.
- Security: ISO 27001-aligned controls, pen-tests, incident response, BCP/DR.
- Financials: Jurisdiction-specific capital/net assets, audited accounts.
- Disclosures & Complaints: Clear T&Cs, risk warnings, conflicts, handling.
- Reporting: Regulatory/tax reporting; keep complete records.
Alternatives – Marketplace for Financial Licenses, Providers, and Technology
We’re a platform where companies can source and acquire ready licenses (EMI/SEMI, PI, MSB), plug into BaaS partners, activate KYC/AML tooling, connect with banking rails (SEPA/IBAN, safeguarding), and deploy white-label fintech tech — everything required for a rapid, compliant launch.
Success Stories
Ready to Scale with Confidence?
Frequently Asked Questions
What are the main VASP/CASP requirements?
Fit-and-proper management, MLRO, AML/KYC/KYT and Travel Rule tooling, secure custody/wallet controls (MPC/HSM), InfoSec program, and clear client disclosures.
Can an EU VASP operate across the EU?
Under MiCA, authorized CASPs can passport across EU/EEA, subject to notification and scope.
How much capital is needed?
Varies significantly (by service type and jurisdiction). Expect defined initial capital or ongoing net-asset thresholds and audit obligations.
What other solutions does Finhost offer beyond compliance?
In addition to compliance services, Finhost offers SaaS hybrid infrastructure, source code licensing, dedicated development teams, BaaS and third-party API integrations, as well as ready-to-use MSB licenses for sale — all tailored to accelerate your fintech or crypto banking launch.