← Back to guides

MiCA Compliance Checklist for CASPs

2026-04-02 · Web3 Compliance AI

MiCA Overview

The Markets in Crypto-Assets Regulation (EU 2023/1114) establishes a comprehensive framework for crypto-asset issuers and service providers across the EU. Title V governs Crypto-Asset Service Providers (CASPs). Authorization became mandatory in December 2024, with transitional provisions varying by member state.

Pre-Application Phase

  • Identify applicable CASP services — MiCA defines ten service types: custody, operating a trading platform, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of orders, placing of crypto-assets, reception and transmission of orders, providing advice, providing portfolio management, and providing transfer services.
  • Select your home member state — Choose which EU member state's NCA you will apply to. Consider regulatory capacity, processing times, and local market access.
  • Determine capital requirements — Minimum permanent capital ranges from EUR 50,000 (advice, order reception) to EUR 125,000 (exchange, trading platform operation) to EUR 150,000 (custody). Some NCAs may require higher amounts.
  • Engage local legal counsel — MiCA implementation details vary by member state. Local expertise is essential.

Corporate and Governance Requirements

  • Legal entity in the EU — Establish or designate a legal entity registered in your home member state.
  • Management body — At least two directors with sufficient knowledge, skills, and experience. Fit-and-proper assessments required.
  • Shareholders/qualifying holders — Identify all persons with qualifying holdings (10%+). They must demonstrate good repute and financial soundness.
  • Organizational structure — Clear lines of responsibility, adequate internal controls, and effective risk management.
  • Business continuity plan — Documented procedures for operational disruptions.
  • Outsourcing policy — If outsourcing critical functions, document the framework and ensure the NCA can still supervise.

AML/CFT Compliance

  • AML/CFT policies — Written policies covering CDD, transaction monitoring, SAR filing, and sanctions screening.
  • Compliance officer — Appointed MLRO with appropriate authority and resources.
  • Risk assessment — Business-wide ML/TF risk assessment.
  • Transfer of Funds Regulation — Travel Rule compliance for all crypto transfers (no de minimis threshold under EU TFR).

Technical and Operational Requirements

  • IT security policy — Covering access controls, encryption, vulnerability management, incident response, and penetration testing.
  • Data protection — GDPR compliance, Data Protection Impact Assessments where required.
  • Complaints handling — Published procedure for receiving and handling customer complaints, free of charge.
  • Conflicts of interest — Written policy identifying, preventing, managing, and disclosing conflicts.
  • Client asset segregation — If providing custody, robust segregation of client and proprietary assets.
  • Record-keeping — Maintain records of all services and transactions for at least five years.

Disclosure and Transparency

  • Website disclosures — Pricing, complaints procedure, risk warnings, and details of the authorization.
  • Pre-contractual information — Clear description of services, risks, fees, and applicable law provided to clients before engagement.
  • Marketing communications — Must be fair, clear, and not misleading. Identifiable as marketing.

Application Submission

  • Application form — Complete the NCA's application, attaching all required documentation.
  • Programme of operations — Detailed business plan covering services, target market, marketing strategy, and financial projections.
  • Capital evidence — Proof that minimum capital requirements are met.
  • Insurance or guarantee — Professional indemnity insurance or comparable guarantee (if applicable to your service type).

Post-Authorization Obligations

  • Ongoing reporting — Periodic regulatory returns as required by your NCA.
  • Material change notifications — Notify the NCA of any material changes to the information provided in your application.
  • Annual audit — Financial statements audited annually.
  • Passporting — To operate in other EU member states, notify your NCA which will inform the host state NCA.