The Markets in Crypto-Assets (MiCA) Regulation, i.e., Regulation (EU) 2023/1114, requires crypto-asset service providers (CASPs) in the European Union to apply for authorization from the competent authority in their home member state. A CASP license authorizes them to offer their crypto-asset services across all EU member-states.
What documents are needed for a CASP application for authorization? We prepared this CASP application documents checklist based on our extensive experience providing CASP licensing support to hundreds of clients across our network of offices in Estonia and other EU member states, as well as Canada, Hong Kong, and the United States.
Key Takeaways
- The MiCA Regulation harmonizes the standards for authorizing or licensing crypto-asset service providers (CASPs) across the European Union.
- A fintech company intending to offer crypto-asset services anywhere in the EU can apply for authorization to be a crypto-asset service provider.
- A CASP authorization in one EU member state is a license to operate in other EU member states.
- A CASP can work with a MiCA licensing consultant to ensure the thorough preparation and compilation of a complete CASP application package.
Table of Contents
- The Legal Basis of MiCA CASP Document Requirements
- Mandatory MiCA CASP Document Requirements
- Supporting MiCA Compliance Documents for CASPs
- Where to Apply for a CASP License
- Variations in Specific Documentary Requirements
- Frequently Asked Questions
- Before Applying for a CASP License
The Legal Basis of MiCA CASP Document Requirements
Article 62 of the Markets in Crypto-Assets (MiCA) Regulation sets the framework for licensing crypto-asset service providers (CASP). The supplementary regulations, the Commission Delegated Regulation (EU) 2025/305 and Commission Implementing Regulation (EU) 2025/306, meanwhile, operationalize this framework.
The Delegated Regulation (EU) 2025/305 provides the regulatory technical standards specifying the information to be included in the application for authorization as a crypto-asset service provider. The Implementing Regulation (EU) 2025/306 sets out the technical standards for such a licensing application.
Mandatory MiCA CASP Document Requirements
The following MiCA CASP document requirements comprise the core CASP authorization application package. These are the mandatory requirements typically set by national competent authorities (i.e., regulators) in EU member states, and they are specified in the MiCA Regulation and the supporting technical and implementation standards.
1. Application and Corporate Documents
A company must prove its legitimacy as a legal entity eligible to apply for a CASP license. In line with this, they must submit the following application and corporate documents:
- Application form for authorization as a crypto-asset service provider
- Articles of association/constitutional documents
- Certificate of incorporation/extract from the Commercial Register
- Group structure chart/ownership structure chart
- Description of other activities, if the company carries out any additional business activities
2. Business and Services Description
A company applying for CASP authorization must provide a detailed program of operations or business plan disclosing its business strategy. It must also describe the business and its services in detail.
Here is a list of the documents and information you must submit to give the regulator a better appreciation of your business:
- Program of operations/business plan
- A description of the company’s crypto-asset services
- A description of the crypto assets
- A description of the business model
Note: See our CASP business plan article for a handy CASP license business plan checklist.
3. Capital and Financial Soundness
Article 67 of the MiCA Regulation says a CASP must maintain a prudential safeguard equivalent to (or greater than) the higher of the following:
- The minimum capital requirement that applies based on the provider’s service class
- One quarter of its fixed overheads in the preceding year
The minimum capital requirement can be EUR 50,000, EUR 125,000, or EUR 150,000. The higher a CASP’s class, the bigger the minimum capital requirement. The services offered determine a CASP’s class.
- Class 1, EUR 50,000: reception and transmission of orders, placing, execution of orders, advice, portfolio management, transfer services
- Class 2, EUR 125,000: custody and administration, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets
- Class 3, EUR 150,000: operation of a trading platform for crypto-assets
A company applying for a CASP license must submit proof that it is financially sound and has adequate prudential safeguards in place. The specific prudential safeguard documents include the following:
- Prudential safeguards calculation
- Evidence of initial capital/own funds
- Financial forecasts for the first three years
- Procedures for monitoring prudential safeguards
- Bank confirmation/statement of deposited funds, where needed to evidence capital
- Insurance policy/guarantee documents, where prudential safeguards are not covered solely by capital
4. Governance, Control and Compliance
Regulators want information on a CASP’s organizational structure and its internal control and compliance mechanisms to establish continuity and identify potential conflicts of interest.
The following are the governance, control, and compliance documents a CASP applicant must prepare:
- Governance arrangements description
- Internal control framework
- Organizational chart
- Compliance policies and procedures
- Policy on outsourcing
- The list of outsourced functions and service providers
- Business continuity plan
- Record-keeping arrangements
- Conflicts of interest policy
- Whistleblowing/infringement reporting procedure
5. AML/CFT
AML/CFT stands for anti-money laundering and combating/countering the financing of terrorism. It’s crucial that a CASP authorization application provide information on how the company plans to prevent and mitigate the risks of money laundering and terrorist financing.
In line with this AML/CFT compliance requirement, a CASP must prepare the following documents:
- AML/CFT risk assessment
- AML/CFT policies and procedures
- AML/CFT internal controls description
- AML/CFT officer file
- Customer due diligence framework
- Suspicious transaction/activity reporting procedure
6. Management and shareholders
Financial services regulators assess the directors and shareholders of a CASP to determine their suitability and fit for their roles. Individuals or entities with a qualifying holding merit extra scrutiny.
To provide management and shareholder information, a CASP must prepare the following:
- A Fit and Proper File for each management body member
- CVs
- Criminal record certificates
- Declarations of good repute
- Declarations of time commitment
- Evidence of knowledge, skills and experience
- Shareholders/members information pack
- Qualifying holdings information pack, where there is a qualifying holding
7. Technology and Client Protection
CASPs must have resilient and secure information and communications technology (ICT) systems, technological safeguards, and procedural measures to protect clients’ interests.
Therefore, a CASP has to submit the following:
- ICT systems and security arrangements
- Non-technical description of ICT systems
- Segregation of clients’ crypto-assets and funds procedures
- Complaints-handling procedures
Supporting MiCA Compliance Documents for CASPs
Regulators often require CASPs to supplement their core application information with the following supporting annexes, evidence, templates, and confirmations.
- Detailed business model description
- Ownership/ultimate beneficial ownership (UBO) chart
- Passports/ID copies of directors and shareholders
- CVs and declarations
- Criminal record certificates
- Source of funds/source of wealth documents, where there is a qualifying holding or complex financing
- Draft client agreements/terms and conditions
- Draft AML, compliance, outsourcing, and ICT policies
- Three-year financial model
- Bank letter confirming paid-in capital or available funds
- Contracts or draft contracts with outsourcing/cloud/IT/AML providers
Important: Official records, certificates, and documents to be submitted to a financial services regulator for CASP licensing under MiCA should (generally) not be older than three months at the time of submission.
Where to Apply for a CASP License
Applying for a MiCA Regulation CASP license requires submitting an authorization package to the competent authority (i.e., regulator) of your EU home member state.
If you’re local, submit your authorization application to your home country’s regulator. For instance, if you’re a homegrown Cyprus company, submit your crypto license in Cyprus application to the Cyprus Securities and Exchange Commission (CySEC).
If you’re a foreign entity domiciled outside the EU, establish a legal entity and set up a physical presence in any one of the 27 EU countries. Your EU address will become your EU home member-state, and that’s where you must apply for a CASP license.
For example, if your Dubai crypto exchange company is expanding its operations in Europe via Spain, submit your MiCA CASP document requirements to the Comisión Nacional del Mercado de Valores (CNMV) and obtain a CASP license in Spain.
Note: A CASP license in an EU member-state authorizes you to operate as a crypto-asset service provider anywhere in the EU.
Variations in Specific Documentary Requirements
Country–specific regulations, a company’s structure/circumstances, and the types of services a company will offer determine what documents are needed for a CASP application.
Country-Specific Regulations
Specific documentary requirements can vary from one EU country to another. While the MiCA Regulation provides EU member-states with a harmonized framework and standards for CASP licensing, individual national competent authorities retain primary oversight and authority over crypto license approvals.
As such, the requirements set by the Malta Financial Services Authority (MFSA) for obtaining a CASP license in Malta may differ slightly (or significantly) from the application requirements set forth by Latvijas Banka, the regulatory body that can award a crypto license in Latvia.
Specific Circumstances
The presence of a specific structure or particular circumstances, such as those in the list below, can trigger additional or special documentary requirements:
- A company has been operating for some time.
- There is a qualifying holding.
- The company uses outsourcing.
- The company is using external ICT or cloud providers.
- The company uses insurance or a guarantee as a prudential safeguard.
- The company plans to set up a branch.
Services Offered
Finally, the services a CASP offers determine what additional documents they need to submit when applying for authorization. An application package expands proportionally with a CASP’s services.
For instance, a Class 3 CASP that operates a platform for trading crypto-assets must submit the following additional documents:
- Operating rules of the trading platform
- Market abuse detection procedure
- Admission/listing rules
- Assessment procedure for admissions to trading
- Trading platform governance and control documents
Meanwhile, a class 1 CASP that places crypto-assets has to provide these additional documents:
- Placing procedure
- Conflicts of interest procedure for placing
- Client/offeror arrangement documents
Every crypto-asset service comes with specific additional requirements. Your fintech licensing consultant should be able to put together the appropriate application package depending on the national competent authority, your specific circumstances/structure, and the crypto-asset services you plan to offer.
Frequently Asked Questions
What documents are usually required for a CASP application?
A CASP application under MiCA (Regulation (EU) 2023/1114) requires seven categories of documentation: corporate and identity documents, a detailed business plan or program of operations, proof of financial soundness or adequate prudential safeguards, governance and internal control policies, AML/CFT compliance materials, and information on management and shareholders.
Does every CASP need a detailed business plan under MiCA?
Yes, Article 62(2), point (d) of the MiCA Regulation requires that every CASP application for authorization include a detailed business plan, also known as a program of operations. It must specify the organizational structure, the company’s strategy for providing crypto-asset services to its target clients, and its operational capacity for the three years following authorization.
Which internal policies are most often reviewed by regulators?
Regulators most often review internal anti-money laundering and combating/countering the financing of terrorism (AML/CTF) policies and procedures. Regulators also heavily scrutinize governance compliance and procedures, paying special attention to a company’s internal control framework and policies on outsourcing and conflicts of interest.
Do authorities expect governance and risk documents at the filing stage?
Yes, authorities expect governance and risk documents at the filing stage. A company applying for CASP authorization must provide governance documents, including a description of its governance arrangements, internal control framework, organizational chart, and business continuity plan. It must also submit an AML/CFT risk assessment, among other risk documents.
How can applicants avoid submitting an incomplete file?
The most reliable way to avoid submitting an incomplete file is to compile documents based on the official regulatory checklist provided by the relevant national competent authority (.e.g, the National Bank of Slovakia or NBS), cross-referenced against the crypto license application requirements set forth in the MiCA Regulation, Delegated Regulation (EU) 2025/305, and Implementing Regulation (EU) 2025/306.
The number of documents you must compile to apply for a MiCA license can be overwhelming. Applicants must consider retaining the services of a law firm that provides fintech licensing services to help put together their application packages and arrange a pre-filing consultation with the member-state’s regulator.
Before Applying for a CASP License
The MiCA Regulation has harmonized the framework and standards for regulating crypto-asset service providers. It’s a significant positive step towards maintaining the integrity of crypto-asset markets and protecting the interests of crypto-asset retail holders.
However, there’s a lot of complexity and variation involved in crypto-asset markets, licensing regulations, and crypto-asset services. Indeed, no two CASP application packages can be exactly the same.
This is why the National Bank of Slovakia urges companies applying for a crypto license in Slovakia to undergo a pre-filing consultation and engagement. It’s also the reason fintech companies applying for a MiCA CASP license need professional guidance from a fintech licensing services provider like Legalaes.
Contact us and let’s talk about how we can help you get your MiCA CASP license.
