CASP
An entity providing crypto-asset services (e.g. custody, trading, exchange, advice). As a rule, it requires CASP authorisation.
MiCA / Crypto-assets
We help companies enter and scale crypto-asset services in the EU: from MiCA applicability assessments to the CASP licence and post-authorisation obligations.
fintech brands we have worked with
Who is covered by MiCA and where exemptions end
First we establish the organisation's regulatory role. This step decides whether we follow the CASP path, the ART/EMT issuer path, or the path for issuing other crypto-assets.
ART issuer
Issuer of a token referenced to a basket of assets. The strictest rules on reserves and oversight apply.
EMT issuer
An e-money token pegged 1:1 to a fiat currency. Requires the EMI/banking regime as well as additional MiCA obligations.
Issuer of other crypto-assets
A public offering or admission to trading of utility/payment/governance tokens requires compliance with disclosure and organisational obligations.
Typical exemptions (require a substance test)
- financial instruments (MiFID II)
- deposits and insurance products
- unique and non-fungible NFTs (with a substance-over-form test)
- fully decentralised protocols without an identifiable operator
Key dates and risks
1 July 2026 marks the end of the transitional regimes. After that date, operating without the required authorisation may result in cease-and-desist orders, financial penalties, and the risk of losing the licence.
Maximum administrative fines at EU level reach EUR 540 million, and AML/KYC shortcomings can lead to withdrawal of authorisation.
Source and reference date: MiCA Implementation Compendium, legal status/materials as at 21 February 2026.
10 CASP services and capital requirements
We map each service to the MiCA catalogue and calculate the required minimum capital. The higher of two values applies: the fixed minimum or one quarter of the previous year's fixed overheads.
| Service | Operational scope | Minimum capital |
|---|---|---|
| Custody | Custody of clients' crypto-assets or keys | EUR 125 000 |
| Trading platform | Operation of a trading platform | EUR 150 000 |
| Crypto-to-fiat exchange | Buying/selling crypto-assets for funds | EUR 125 000 |
| Crypto-to-crypto exchange | Swap between different crypto-assets | EUR 125 000 |
| Order execution | Execution of client orders | EUR 50 000 |
| Summary | Placing of crypto-assets in a public offering | EUR 50 000 |
| Reception and transmission of orders | Order intermediation | EUR 50 000 |
| Business advisory | Advice on crypto-assets | EUR 50 000 |
| Portfolio management | Management of a client's crypto-asset portfolio | EUR 50 000 |
| Transfer services | Transfer of crypto-assets on behalf of clients | EUR 125 000 |
Asset classification: ART, EMT, and other crypto-assets
Correct classification is critical. It determines the legal regime, the scope of documentation, and the implementation timeline.
ART (asset-referenced token)
A token referenced to a basket of assets. Requires a rigorous approach to reserves, redemption, and oversight.
- authorisation and oversight by the NCA/EBA
- reserves and asset management policy
- ban on interest and monitoring of significant token status
EMT (e-money token)
An e-money token pegged 1:1 to a fiat currency. In practice it combines the e-money regime with MiCA obligations.
- EMI or banking licence
- 1:1 reserves and redemption at par value
- possible overlap with PSD2 obligations on custody and transfer (from March 2026)
MiCA / Crypto-assets
Utility, payment, and governance tokens require an appropriate disclosure package and a notification process.
- white paper compliant with Annex I/II/III
- iXBRL format (from 23 Dec 2025)
- consistency of marketing communications with the white paper
MiCA implementation plan: stages 0-9
Every stage ends with a concrete deliverable. This lets the management board track progress and gives the organisation ready-made artefacts for the authorisation process and audits.
Stage 0 - applicability and regulatory role
OutcomeWe verify whether the business model falls within MiCA, determine the roles (CASP/issuer), and examine potential exemptions.
MiCA applicability assessment + classification memo + determination of the regulatory role.
Stage 1 - classification of assets and services
OutcomeWe map every asset and service to the relevant MiCA category and calculate the capital requirements.
Classification matrix + CASP services map + capital requirements calculation.
Stage 2 - CASP licence
OutcomeWe design the governance model, application documentation, operating model, and the jurisdiction in which to run the process.
CASP licence application package + jurisdiction analysis + business plan.
Stage 3 - AML/KYC and the Travel Rule (TFR)
OutcomeWe implement AML/CFT procedures, customer due diligence (CDD/EDD), transaction monitoring, screening, and processes for exchanging originator and beneficiary data.
AML/CFT policy + CDD/EDD procedures + Travel Rule implementation + suspicious transaction reporting (STR) procedure.
Stage 4 - DORA and cyber resilience
OutcomeWe build IT risk management, the business continuity plan (BCP/DRP), third-party oversight, and security procedures for the crypto environment.
IT risk management framework + business continuity plan (BCP/DRP) + third-party risk register + cybersecurity policy.
Stage 5 - client protection and conduct rules
OutcomeWe put in order asset segregation, advertising rules (fair, clear, and not misleading), complaints handling, and risk communication.
Client asset protection policy + advertising compliance guide + complaints procedure.
Stage 6 - white paper and issuer obligations
OutcomeWe prepare the white paper and notification process and, for ART/EMT, finalise the reserve, redemption, and reporting policies.
White paper (iXBRL) + reserve management policy + redemption plan + notification to the NCA.
Stage 7 - market integrity
OutcomeWe implement market abuse prevention mechanisms (insider dealing, market manipulation) and full event recordkeeping.
Market abuse prevention policy + trade surveillance system specification + order recordkeeping policy.
Stage 8 - training and internal governance
OutcomeWe create a training programme for the management board, compliance, tech, and sales, plus whistleblowing mechanisms and acknowledgement records.
Training programme + training register + whistleblowing policy.
Stage 9 - authorisation and post-licensing obligations
OutcomeWe run the application submission, Q&A with the regulator, passporting, and set up an ongoing compliance maintenance model.
Licence application + passporting notifications + compliance maintenance calendar.
Regulatory and operational integration
MiCA does not operate in isolation. We deliver one coherent model that ties together licensing, operational, and reporting requirements.
MiCA + AML/TFR
KYC, screening, STR, and Travel Rule processes are embedded into the CASP operating model.
MiCA + DORA
We combine IT resilience, incident management, cyber testing, and third-party oversight with MiCA requirements.
MiCA + market integrity
We build market abuse prevention rules, personal account dealing policies, and trade event recordkeeping.
Post-licensing
We implement periodic reporting, documentation updates, audits, and ongoing capital requirements maintenance.
What an organisation must maintain after obtaining the licence
- service passporting and up-to-date register entries
- transaction, volume, and incident reporting
- annual audits and regular cybersecurity tests
- governance model updates whenever services, the team, or infrastructure change
Packages and scope of support
We tailor the scope of work to the project's maturity: from a rapid diagnostic, through a multi-stage implementation, to an ongoing maintenance model.
MiCA readiness assessment
For teams that want to quickly establish their regulatory status and implementation priorities.
Crypto-asset classification memo
For issuers and platforms that need a formal classification opinion for their assets and services.
CASP licensing project
Full management of the authorisation project and communication with the supervisory authority.
Full AML/KYC implementation
Implementation of AML/CFT procedures and an operational Travel Rule model for crypto-asset transfers.
DORA for crypto
IT resilience, third-party oversight, incident response, and security testing for the crypto environment.
White paper support
Preparation and review of the white paper (Annex I/II/III), iXBRL formatting, and notification to the NCA.
Ongoing compliance support
An ongoing advisory model: policy updates, reporting support, and periodic compliance reviews.
Compliance audit and outsourcing
Independent MiCA/DORA/AML audits and outsourcing of selected compliance functions.
Expert leading the MiCA practice
On MiCA projects we combine the regulatory, operational and business perspectives to shorten the path from diagnosis to licensing readiness.
Expert support from the first decision
- Mapping the business model to the right regulatory role
- Running the licensing project and phasing the work
- Working together with the board, compliance and operations teams
Podcasts | Legal Geek
- Experience at the intersection of MiCA, AML/TFR and DORA
- A practical approach to governance, IT and operations
- Designing audit- and inspection-ready documentation
Contact about MiCA
Tomasz Klecor
Managing Partner
FinTech navigator. Lawyer.
For 15 years he has helped Poland's largest and most ambitious fintechs grow safely and globally. Starting as a lawyer, he now combines law, strategy, and technology — advising founders and boards on key decisions: how to scale in compliance with regulations, how to correctly implement DORA, MiCA, or AML and prepare for PSD3/PSR, and how to avoid the regulatory killers that can stop growth in its tracks.
LinkedIn
FAQ: questions from the board, compliance and operations
Not always. The firm's regulatory role and a precise mapping of services to the MiCA catalogue are key. That is why we begin with the applicability stage — there we determine whether CASP authorisation is needed at all.
It depends on the organisation's readiness and the scope of services. The application stage alone is a multi-month project, usually delivered alongside a parallel AML and DORA roll-out.
Yes, in specific scenarios a simplified notification is possible (Article 60 MiCA), but the operational and organisational requirements still have to be met.
An ART (asset-referenced token) is backed by a basket of assets, while an EMT (e-money token) is pegged 1:1 to a single fiat currency. They differ in the authorisation path, the scope of reserve requirements and the supervisory model.
Every transfer between crypto-asset service providers (CASPs) requires sharing originator and beneficiary data. You also need to implement procedures for handling exceptions and transfers from self-hosted wallets.
MiCA defines the requirements for running a crypto business, while DORA covers IT resilience. In practice, obtaining a CASP licence without mature DORA processes creates significant operational and supervisory risk.
For a public offering or admission to trading, generally yes. The scope and format depend on the asset class (Annex I/II/III, iXBRL).
The maintenance phase begins: reporting, audits, cyber tests, documentation updates, and preparation for NCA/ESMA inspections.
Yes. For many organisations, an ongoing support model is the most effective: day-to-day advice, monitoring of regulatory changes, and periodic compliance reviews.
Get in touch about MiCA
Tell us where you are (diagnosis, licensing, post-licensing) and we will propose a sequence of actions and a scope of work for your team.