← Back to guides

VASP Licensing Guide

2026-04-07 · Web3 Compliance AI

What Is a VASP License?

A Virtual Asset Service Provider (VASP) license authorizes a business to offer crypto-related services — exchange, transfer, custody, or issuance — within a given jurisdiction. The FATF definition of VASP has become the global baseline, though each country implements it differently.

Key Jurisdictions

European Union — MiCA (Markets in Crypto-Assets)

Since December 2024, all Crypto-Asset Service Providers (CASPs) operating in the EU must be authorized under MiCA. The application goes through your home member state's National Competent Authority (NCA). Key requirements include minimum capital (ranging from EUR 50,000 to EUR 150,000 depending on service type), a detailed business plan, fit-and-proper assessments for directors, IT security and business continuity policies, and a complaints handling procedure. Once authorized, you benefit from EU-wide passporting.

United States

The US has no single federal VASP license. Instead, you face a patchwork: FinCEN Money Services Business (MSB) registration is mandatory at the federal level. Most states require a Money Transmitter License (MTL), each with its own application, surety bond, and net worth requirements. New York's BitLicense remains the most onerous state-level regime. Some businesses may also need SEC or CFTC registration depending on the assets involved.

Singapore — MAS Payment Services Act

The Monetary Authority of Singapore requires a Major Payment Institution (MPI) license for Digital Payment Token (DPT) services. Requirements include a base capital of SGD 250,000, a permanent place of business in Singapore, fit-and-proper directors, robust AML/CFT controls, and technology risk management frameworks. Processing times typically run six to twelve months.

UAE — VARA

The Virtual Assets Regulatory Authority in Dubai issues licenses for exchanges, brokers, custodians, and advisory services. VARA requires a physical presence in Dubai, substantial paid-up capital, comprehensive governance frameworks, and detailed technology and cybersecurity policies. The UAE has become a popular licensing jurisdiction due to its relatively clear framework and tax advantages.

The Application Process

Regardless of jurisdiction, expect these common steps:

  1. Pre-application engagement — Most regulators offer preliminary discussions. Use them.
  2. Corporate structuring — Ensure your legal entity, governance, and ownership structure meet requirements.
  3. Documentation — Prepare business plans, AML policies, IT security assessments, financial projections, and director CVs.
  4. Capital requirements — Have required capital in place before applying.
  5. Submission and review — Expect 3-18 months depending on the jurisdiction and completeness of your application.
  6. Ongoing obligations — Licensing is not the end. Expect annual audits, periodic reporting, and regulatory examinations.

Practical Tips

Engage local legal counsel in each target jurisdiction. Do not underestimate the time and cost — budget EUR 100,000-500,000 per jurisdiction for legal, compliance, and application fees. Consider starting in one jurisdiction and passporting or expanding from there rather than applying everywhere simultaneously.