Cryptocurrency Licensing Requirements in Portugal

Portugal requires Virtual Asset Service Providers (VASPs) and Crypto-Asset Service Providers (CASPs) to obtain authorization from the Bank of Portugal (Banco de Portugal) before operating, regulated under the MiCA (Markets in Crypto-Assets) framework and EU Directive 5AMLD[1][2][3].

Types of Licensed Activities

VASP/CASP authorization is mandatory for:

• Exchange of cryptocurrency for fiat currency and vice versa[1][2]
• Crypto-to-crypto exchange operations[2]
• Custodial services (storage of crypto-assets and encrypted keys)[1][4]
• Trading platform operations[6]
• Wallet provider services[1]
• ICO/IEO and stablecoin issuance and maintenance[2]
• Execution of orders on behalf of clients[6]
• Reception and transmission of orders[6]
• Crypto-asset advisory and portfolio management services[6]
• Transfer services for crypto-assets[6]

Individual users may hold, purchase, and sell crypto-assets without licensing unless those assets qualify as securities under financial law[6][7].

Registration vs. Licensing Regime

Portugal operates a licensing regime, not a registration-only model. All cryptocurrency businesses engaged in in-scope activities must obtain prior authorization from Banco de Portugal before commencing operations[3][10]. This differs from simple registration; the regulator actively evaluates applications against specific requirements.

Key Capital and Financial Requirements

Management and Local Presence Requirements

• At least one director with qualifications and experience in finance, compliance, or law must be based in Portugal[3]
• Registered office: Local or virtual office is acceptable for legal correspondence[3]
• Compliance Officer: Appointment of a local Compliance Officer with experience in Portuguese financial regulations is required[1]
• Internal compliance personnel: AML and compliance duties must be covered by internal staff[3]

AML/KYC and Compliance Obligations

• Full compliance with Law No. 83/2017 (Anti-Money Laundering Law) and FATF standards is mandatory[1][2]
• KYC procedures: Identify and verify client identity, understand the nature of business relationships, and document beneficial ownership information in a Central Register[7]
• Ongoing transaction monitoring and regular reporting to Unidade de Informação Financeira (UIF)[1]
• Internal compliance programs including risk assessments, internal policies, and staff training[7]
• Compliance with restrictive measures approved by the UN or EU[7]

Technological and Operational Requirements

Banco de Portugal imposes rigorous technological standards for crypto exchange and custodial platforms[2]:

• Backup systems and operation log audits
• User and investor data protection
• Integration of financial monitoring and reporting tools
• Regular IT infrastructure audits
• Transaction transparency and fraud prevention procedures[2]

Required Documentation for Application

• Proof of legal incorporation as a Portuguese company (LDA/SA)[3]
• Evidence of capital deposit with AML documentation[3]
• AML and IT security policies[3]
• Business plan and fee schedule[3]
• Director and compliance officer credentials

Regulatory Oversight

Banco de Portugal serves as the sole regulator for all VASPs/CASPs[1][2][7]. Currently, its supervision focuses on anti-money laundering (AML) and counter-terrorist financing (CFT) purposes; prudential and conduct-of-business regulation remain limited[7]. The regulator issues licenses in accordance with EU Directive 5AMLD (2018/843) and the MiCA framework[2][3].

Application Process

The Bank of Portugal provides a "clear and structured registration process for crypto asset service providers, with predictable timelines and requirements,"[8] though specific timeline details were not provided in available sources. Applications must include complete documentation packages demonstrating compliance with all requirements outlined above[5].