Global Crypto Licensing Requirements — Comprehensive Analysis

Prepared by: Senior Crypto Compliance Analyst Date: April 8, 2026 Classification: Internal Research Memorandum

---

EXECUTIVE SUMMARY

The global crypto licensing landscape has matured significantly. As of early 2026, over 70 jurisdictions have implemented or are actively enforcing crypto-specific licensing frameworks. The EU's MiCA regulation (fully effective since December 30, 2024) has become the benchmark, while the US remains fragmented across federal and state levels. Asia-Pacific jurisdictions vary widely — from Singapore's progressive framework to China's outright ban. The Middle East, led by the UAE and Bahrain, has emerged as a crypto-friendly hub with bespoke regimes.

Key trends:

• Convergence toward FATF Travel Rule compliance as a universal requirement
• Increasing capital requirements (trending upward since 2023)
• Mandatory local substance (directors, offices, servers) in most frameworks
• Stablecoin-specific licensing carving out from general VASP frameworks
• Growing enforcement actions against unlicensed operators

---

PART I: THE AMERICAS

---

1. UNITED STATES

The US has the most complex and fragmented regime globally. There is no single federal crypto license. Operators face overlapping federal and state requirements.

Federal Level

FinCEN — Money Services Business (MSB) Registration

Field	Detail
Country	United States (US)
Regulator	Financial Crimes Enforcement Network (FinCEN), US Department of the Treasury
License type	MSB Registration
Activities covered	Money transmission (including convertible virtual currency exchange), dealing in CVC
Capital requirements	No federal minimum capital; however, surety bond or equivalent required by state
Application timeline	Registration is immediate (filing FinCEN Form 107); compliance program must be in place before operations
Ongoing obligations	BSA/AML program, SAR filing, CTR filing ($10,000+ threshold), Travel Rule compliance (transfers >$3,000), OFAC screening, biennial re-registration
Foreign applicants	Foreign-located MSBs doing business "wholly or in substantial part" in the US must register; no local entity required for registration alone, but practical compliance requires US presence
Passporting	None — federal registration does not substitute for state MTLs
Key gotchas	Registration alone is insufficient; state-by-state MTL is also required. FinCEN has brought enforcement actions against unregistered MSBs including criminal referrals. The 2024-2025 proposed rulemaking on self-hosted wallets adds KYC obligations for certain unhosted wallet transfers.

SEC Considerations

Any token deemed a security requires the issuer/platform to register as a broker-dealer (BD) under the Securities Exchange Act of 1934, or as a national securities exchange or ATS. The SEC has taken an aggressive enforcement posture (50+ actions since 2023). Key registrations: Broker-Dealer (Form BD), ATS (Form ATS/ATS-N), Investment Adviser (Form ADV), Transfer Agent. Capital requirements for BDs: minimum $5,000 to $250,000 depending on activity (net capital rule 15c3-1).

CFTC Considerations

Crypto derivatives (futures, options, swaps on digital commodities) require registration as: FCM (Futures Commission Merchant), CPO (Commodity Pool Operator), CTA (Commodity Trading Advisor), or Swap Dealer. The CFTC has asserted jurisdiction over Bitcoin and Ether as commodities. Spot market authority remains under congressional debate as of 2026 (FIT21 / market structure bill).

State Level — Money Transmitter Licenses (MTLs)

Each state (plus DC, Puerto Rico, USVI, Guam) has its own MTL regime. 49 states + DC require MTLs (Montana is the sole exception).

Key State Regimes:

State	License Name	Regulator	Surety Bond	Net Worth	Timeline
New York	BitLicense / Limited Purpose Trust Charter	NYDFS	Determined case-by-case	Determined case-by-case (typically $1M+)	12-24+ months
California	Digital Financial Assets Law (DFAL) License	DFPI	$5M minimum	Varies	6-12 months (new as of July 2025)
Texas	Money Transmission License	TX DoB	$300,000 minimum	Varies by volume	3-6 months
Wyoming	SPDI Charter / MTL	WY Division of Banking	Varies	$5M for SPDI	3-6 months
Florida	MTL (with virtual currency activity)	FL OFR	Varies ($500K-$2M)	Varies	3-9 months
Illinois	Transmitters of Money Act License	IL DFPR	$100,000 min surety bond	Varies	3-6 months
Georgia	MTL (check-casher/money transmitter)	GA DBF	$150,000+ surety bond	$100,000+ net worth	3-6 months
Washington	Money Transmitter License (covers virtual currency)	WA DFI	Third-party audit of permissible investments	Varies	6-12 months
Connecticut	MTL (with virtual currency specific provisions)	CT DoB	Varies	$250,000 minimum	6-12 months
Louisiana	Virtual Currency Business Act License	LA OFI	$100,000 surety bond	Varies	3-6 months

Multi-State Licensing — NMLS

Most states use the Nationwide Multistate Licensing System (NMLS) for application processing. An operator seeking nationwide coverage must apply in each state individually through NMLS. Typical total cost for full 49-state licensing: $2M-$10M+ in bonds, legal fees, and compliance infrastructure. Timeline to full coverage: 18-36 months.

New York BitLicense — Deep Dive

Field	Detail
License type	BitLicense (23 NYCRR Part 200) or Limited Purpose Trust Company Charter
Activities	Virtual currency business activity: transmission, exchange, custody, issuance, controlling/administering
Capital	Determined by NYDFS on case-by-case basis; trust charters typically $2M-$10M+
Timeline	12-24+ months (some applications have taken 3+ years)
Ongoing	Quarterly financials, annual audits, BSA/AML compliance officer (NY-based), NYDFS-approved compliance program, pre-approval for new coins and products
Foreign applicants	Must establish NY entity or branch
Key gotchas	Most rigorous state regime. NYDFS pre-approves coin listings. Conditional BitLicenses introduced in 2020 but rarely granted. Many firms choose to exclude NY customers rather than apply.

---

2. CANADA

Field	Detail
Country	Canada (CA)
Regulator	Financial Transactions and Reports Analysis Centre of Canada (FINTRAC); Provincial securities regulators (via CSA coordination)
License type	MSB Registration (FINTRAC) + Restricted Dealer / Marketplace registration (securities regulators)
Activities covered	Dealing in virtual currencies, exchange, transfer, custody (if securities-related)
Capital requirements	MSB registration: no statutory minimum capital. Securities registration: proficiency requirements; firms dealing in crypto contracts must meet provincial capital and insurance requirements (typically $50K-$100K minimum capital for restricted dealers)
Application timeline	FINTRAC MSB registration: 2-4 weeks. Securities registration: 6-18 months
Ongoing obligations	FINTRAC: transaction reporting (>$10,000 CAD), suspicious transaction reports, Travel Rule compliance, 5-year record retention, compliance officer, biennial reporting. Securities: ongoing capital adequacy, client asset segregation, audited financials
Foreign applicants	Foreign MSBs serving Canadians must register with FINTRAC. Foreign crypto trading platforms must register as restricted dealers (CSA Staff Notice 21-327) or be subject to pre-registration undertakings
Passporting	No formal passporting; each province recognizes federal FINTRAC registration, but securities registration is coordinated across provinces via CSA
Key gotchas	CSA has been aggressive since 2021 in requiring trading platforms to register or face enforcement. Several platforms exited Canada rather than comply (e.g., Binance). Custody through qualified Canadian custodian often required for registered platforms. Pre-registration undertakings have specific terms including prohibiting margin trading and restricting altcoin offerings.

---

3. BRAZIL

Field	Detail
Country	Brazil (BR)
Regulator	Banco Central do Brasil (BCB); Comissao de Valores Mobiliarios (CVM) for securities tokens
License type	Virtual Asset Service Provider (VASP) Authorization (under Law 14,478/2022 and Decree 11,563/2023)
Activities covered	Exchange of virtual assets, transfer, custody, intermediation, advisory on virtual assets
Capital requirements	BCB is establishing tiered capital requirements; draft normative proposes BRL 1M-5M (~$200K-$1M USD) depending on activity scope
Application timeline	6-12 months (framework still being operationalized as of 2026)
Ongoing obligations	AML/CFT program, transaction reporting to COAF, audited financials, asset segregation, incident reporting
Foreign applicants	Must establish local entity (CNPJ); at least one local director
Passporting	None
Key gotchas	BCB gained supervisory authority in June 2023. Grandfathering period for existing operators was set with compliance deadlines extending to 2025. CVM separately regulates any token classified as a security (CVM Resolution 88/2022). Stablecoins pegged to BRL may require payment institution authorization. Tax reporting (IN RFB 1,888) requires monthly transaction reporting to Receita Federal above BRL 30,000.

---

4. MEXICO

Field	Detail
Country	Mexico (MX)
Regulator	Comision Nacional Bancaria y de Valores (CNBV); Banco de Mexico (Banxico)
License type	Financial Technology Institution (ITF) License — specifically "Instituciones de Fondos de Pago Electronico" (IFPE) or "Instituciones de Financiamiento Colectivo" under the Fintech Law (Ley para Regular las Instituciones de Tecnologia Financiera, 2018)
Activities covered	The Fintech Law covers electronic payment funds institutions and crowdfunding; crypto operations require authorization from Banxico for each virtual asset used internally. Direct crypto-to-fiat exchange for public is heavily restricted.
Capital requirements	IFPE: 33M UDIs minimum ($10M USD); varies by activity
Application timeline	12-24 months
Foreign applicants	Must establish Mexican entity; majority of board can be foreign but requires local presence
Passporting	None
Key gotchas	Mexico's Fintech Law does not create a pure "crypto exchange license." Banks and regulated entities are prohibited from offering crypto to clients (Banxico circular). The regime effectively forces crypto businesses into a narrow sandbox. Few licenses have been issued. Bitso is the most notable licensed entity.

---

5. ARGENTINA

Field	Detail
Country	Argentina (AR)
Regulator	Comision Nacional de Valores (CNV); Unidad de Informacion Financiera (UIF) for AML
License type	VASP Registration (CNV General Resolution 994/2024 and subsequent amendments)
Activities covered	Exchange, transfer, custody of virtual assets
Capital requirements	Minimal registration requirements; capital thresholds being formalized
Application timeline	3-6 months
Ongoing obligations	UIF AML/CFT reporting, suspicious transaction reports, KYC, record retention
Foreign applicants	Must register with CNV; local presence recommended
Passporting	None
Key gotchas	Argentina has high crypto adoption driven by peso instability. CNV oversight has been light but is tightening. Tax obligations under AFIP include reporting crypto transactions. Central bank (BCRA) restrictions on dollar access have pushed demand toward stablecoins.

---

6. COLOMBIA

Field	Detail
Country	Colombia (CO)
Regulator	Superintendencia Financiera de Colombia (SFC); Unidad de Informacion y Analisis Financiero (UIAF)
License type	No specific crypto license yet; sandbox ("LaArenera") available; AML registration with UIAF required
Activities covered	Exchange, remittances using crypto
Capital requirements	N/A (no formal license yet)
Application timeline	N/A
Ongoing obligations	UIAF suspicious transaction reporting; entities must comply with SARLAFT (AML/CFT system)
Foreign applicants	Can participate in sandbox
Passporting	None
Key gotchas	Colombia has taken a "regulatory sandbox" approach. SFC ran pilot programs with major exchanges. Formal licensing framework expected to be finalized in 2026. Banks have been cautious about serving crypto firms.

---

7. CHILE

Field	Detail
Country	Chile (CL)
Regulator	Comision para el Mercado Financiero (CMF)
License type	Fintech Law (Ley Fintec No. 21,521, 2023) — VASP registration
Activities covered	Exchange, custody, intermediation of virtual assets
Capital requirements	Being defined by CMF secondary regulation; expected UF-denominated thresholds
Application timeline	6-12 months
Foreign applicants	Must establish local entity
Passporting	None
Key gotchas	Chile's Fintech Law passed in January 2023. CMF is still issuing implementing regulations. Transition period for existing operators. Crypto-friendly banking access remains a challenge — Buda.com had high-profile battles with Chilean banks.

---

8. EL SALVADOR

Field	Detail
Country	El Salvador (SV)
Regulator	Comision Nacional de Activos Digitales (CNAD); Banco Central de Reserva (BCR)
License type	Digital Asset Service Provider License (under Bitcoin Law amendments and Digital Assets Law, 2024)
Activities covered	Exchange, issuance, custody, transfer of digital assets
Capital requirements	Tiered based on activity; details set by CNAD
Application timeline	3-6 months
Foreign applicants	Permitted; local registered agent required
Passporting	None
Key gotchas	Bitcoin is legal tender since September 2021 (Bitcoin Law). However, under IMF pressure in 2024, the law was amended to make Bitcoin acceptance voluntary for merchants. El Salvador launched the Chivo wallet but adoption has been modest. The country is positioning as a crypto-friendly jurisdiction with tax incentives for digital asset companies. Compliance standards remain below FATF expectations, which affects correspondent banking relationships.

---

9. BERMUDA

Field	Detail
Country	Bermuda (BM)
Regulator	Bermuda Monetary Authority (BMA)
License type	Digital Asset Business (DAB) License (under the Digital Asset Business Act 2018, amended 2020) — Class F (full) or Class M (modified)
Activities covered	Issuing, selling, redeeming digital assets; operating as a payment service provider using digital assets; exchange; custodial wallet; digital asset derivatives
Capital requirements	Class F: minimum $100,000 operational capital, plus risk-based capital (typically $300K-$1M+). Class M: reduced requirements for limited activities
Application timeline	3-6 months
Ongoing obligations	Annual audits, quarterly prudential returns, AML/ATF compliance officer, cybersecurity risk assessment, minimum liquidity requirements, BMA reporting
Foreign applicants	Must establish physical presence in Bermuda (mind and management); at least one Bermuda-resident director
Passporting	None, but recognized by several jurisdictions as a reputable license
Key gotchas	One of the first bespoke crypto licensing regimes globally. BMA is well-regarded. The 2020 amendment expanded scope to cover DeFi activities. Bermuda offers competitive corporate tax environment. However, banking access can be challenging — limited number of local banks willing to service DABs.

---

10. CAYMAN ISLANDS

Field	Detail
Country	Cayman Islands (KY)
Regulator	Cayman Islands Monetary Authority (CIMA)
License type	Virtual Asset Service Provider (VASP) Registration (under the Virtual Asset (Service Providers) Act, 2020 — VASPA)
Activities covered	Exchange, transfer, custody, financial services related to virtual assets, participation in and provision of financial services related to token issuance/sale
Capital requirements	Determined by CIMA on a case-by-case basis; minimum operational net worth typically $100,000+
Application timeline	3-9 months
Ongoing obligations	Annual audits, CIMA prudential reporting, AML compliance officer (local), ongoing fit-and-proper assessments, cybersecurity framework
Foreign applicants	Must establish Cayman presence with local directors and compliance infrastructure
Passporting	None
Key gotchas	Cayman is a major domicile for crypto funds (many Cayman-domiciled hedge funds trade crypto). The VASPA registration requirement is separate from fund regulation. CIMA has been increasingly rigorous in enforcement. Sandbox license available for innovative products. Banking is extremely difficult for new VASPs — established relationships essential.

---

11. BAHAMAS

Field	Detail
Country	Bahamas (BS)
Regulator	Securities Commission of The Bahamas (SCB)
License type	Digital Asset and Registered Exchange (DARE) Act — Registration as Digital Asset Business
Activities covered	Exchange, dealing, token issuance, digital asset custodial services, digital asset advisory
Capital requirements	Varies by category; SCB determines minimum based on business plan
Application timeline	3-9 months
Ongoing obligations	Annual audits, SCB quarterly reporting, AML/KYC program, local compliance officer
Foreign applicants	Must establish Bahamian entity
Passporting	None
Key gotchas	FTX was licensed under the DARE Act — its collapse in November 2022 severely damaged the Bahamas' reputation as a crypto jurisdiction. SCB has since tightened scrutiny significantly. New applicants face enhanced due diligence. The Sand Dollar (CBDC) operates alongside the framework.

---

PART II: EUROPE

---

12. EUROPEAN UNION — MiCA (Markets in Crypto-Assets Regulation)

The EU's MiCA regulation (Regulation (EU) 2023/1114) became fully applicable on December 30, 2024. It is the most comprehensive crypto-specific regulatory framework globally.

Key License Types Under MiCA:

License Type	Activities	Minimum Capital	Prudential Requirements
Crypto-Asset Service Provider (CASP) Authorization — Class 1	Custody and administration of crypto-assets on behalf of clients	EUR 50,000	Higher of: fixed minimum, 1/4 of prior year fixed overhead
CASP — Class 2	Operation of a crypto-asset trading platform	EUR 150,000	Higher of: fixed minimum, 1/4 of prior year fixed overhead
CASP — Class 3	Exchange of crypto-assets for funds or other crypto-assets	EUR 125,000	Higher of: fixed minimum, 1/4 of prior year fixed overhead
CASP — Class 4	Execution of orders on behalf of clients	EUR 50,000	Same formula
CASP — Class 5	Placing of crypto-assets	EUR 50,000	Same formula
CASP — Class 6	Reception and transmission of orders on behalf of clients	EUR 50,000	Same formula
CASP — Class 7	Providing advice on crypto-assets	EUR 50,000	Same formula
CASP — Class 8	Portfolio management of crypto-assets	EUR 50,000	Same formula
CASP — Class 9	Providing transfer services for crypto-assets on behalf of clients	EUR 50,000	Same formula
Asset-Referenced Token (ART) Issuer	Issuance of stablecoins pegged to multiple assets/currencies	EUR 350,000	Reserve assets = 100%+ of outstanding tokens; additional own funds requirements
E-Money Token (EMT) Issuer	Issuance of stablecoins pegged to single fiat currency	Must hold EMI or credit institution license	Reserve = 100%+ of outstanding tokens; 30% in credit institutions
Significant ART/EMT Issuer	ART/EMT exceeding significance thresholds (>5M holders, >EUR 5B market cap, >EUR 500M daily transactions)	Enhanced requirements	EBA direct supervision; additional 2-3% own funds buffer; stricter reserve requirements

MiCA CASP Authorization — Detailed Requirements:

Field	Detail
Regulator	National Competent Authority (NCA) of home member state (e.g., AMF in France, BaFin in Germany, CNMV in Spain, CBI in Ireland)
Application timeline	NCAs have 40 business days to assess completeness, then 25 business days to decide (extendable by 20); total typically 3-6 months in practice, but some NCAs are slower
Ongoing obligations	Ongoing capital adequacy, asset segregation, complaints handling, outsourcing oversight, conflicts of interest management, regular reporting to NCA, AML/CFT under AMLD6, Travel Rule (TFR implementation), annual audit, governance requirements (fit and proper for management body)
Foreign applicants	Must establish legal entity in an EU member state; purely third-country firms cannot provide services into the EU without authorization (reverse solicitation very narrowly defined)
Passporting	YES — this is MiCA's key feature. A CASP authorized in one member state can provide services across all 27 EU/EEA member states via passporting notification (notify home NCA, who notifies host NCA within 20 business days)
Key gotchas	Transition period: member states could grant up to 18 months for existing operators (July 2026 deadline), but some chose shorter periods (France: 6 months, Germany: 12 months). The "grandfathering" varies significantly by member state. ESMAs RTS/ITS guidelines still being finalized for several areas. White paper requirements for new token issuances. DeFi largely excluded but under review. NFTs excluded unless fungible. Market abuse rules apply to all listed crypto-assets.

MiCA — Specific Member State Implementations:

13. FRANCE

Field	Detail
Country	France (FR)
Regulator	Autorite des Marches Financiers (AMF); Autorite de Controle Prudentiel et de Resolution (ACPR)
License type	CASP Authorization (replacing prior DASP/PSAN regime). Legacy: PSAN Registration (mandatory) and PSAN Optional License
Activities covered	All CASP services under MiCA
Capital requirements	Per MiCA (EUR 50,000-150,000 depending on service)
Application timeline	3-6 months (AMF is one of the more experienced NCAs)
Key gotchas	France had the EU's most mature pre-MiCA regime (PACTE Law 2019). AMF chose a SHORT 6-month transition period — existing PSANs had to apply for full CASP authorization by June 30, 2025. France is positioning as EU crypto hub — favorable AMF guidance. Circle chose France for EU MiCA authorization.

14. GERMANY

Field	Detail
Country	Germany (DE)
Regulator	Bundesanstalt fur Finanzdienstleistungsaufsicht (BaFin)
License type	CASP Authorization (MiCA). Pre-MiCA: Crypto Custody License (Kryptoverwahrgeschaft) under KWG
Activities covered	All CASP services; Germany had already required crypto custody licensing since January 2020
Capital requirements	Per MiCA; pre-MiCA crypto custody: EUR 125,000 minimum initial capital
Application timeline	6-12 months (BaFin is known for thoroughness/slower processing)
Key gotchas	Germany was a pioneer with its 2020 crypto custody license. ~40 entities hold or have applied for the custody license. BaFin transition period is 12 months. BaFin requires very detailed business plans and IT security concepts (BAIT/DORA). German tax treatment classifies crypto as private property — gains tax-free after 1-year holding period for individuals.

15. IRELAND

Field	Detail
Country	Ireland (IE)
Regulator	Central Bank of Ireland (CBI)
License type	CASP Authorization (MiCA); pre-MiCA: VASP registration under Criminal Justice Act
Activities covered	All CASP services under MiCA
Capital requirements	Per MiCA
Application timeline	6-12 months (CBI is rigorous)
Key gotchas	Ireland has become a major fintech hub. CBI pre-MiCA VASP registration was AML-focused only. Several major exchanges (Coinbase, Gemini) chose Ireland as EU base. CBI Individual Accountability Framework applies to senior management. CBI expects detailed outsourcing and operational resilience documentation.

16. NETHERLANDS

Field	Detail
Country	Netherlands (NL)
Regulator	De Nederlandsche Bank (DNB); Autoriteit Financiele Markten (AFM)
License type	CASP Authorization (MiCA); pre-MiCA: VASP registration with DNB
Capital requirements	Per MiCA
Application timeline	6-12 months
Key gotchas	DNB pre-MiCA registration had a very HIGH rejection rate (~90% of initial applications failed or withdrew). DNB requires rigorous WWFT (AML) compliance. Substantial integrity screening of UBOs and policy-makers. Withdrawal of several exchanges from Netherlands due to stringent requirements.

17. SPAIN

Field	Detail
Country	Spain (ES)
Regulator	Comision Nacional del Mercado de Valores (CNMV); Banco de Espana
License type	CASP Authorization (MiCA); pre-MiCA: VASP registration with Banco de Espana
Capital requirements	Per MiCA
Application timeline	6-12 months
Key gotchas	Spain has attracted crypto firms with relatively reasonable registration process. Crypto advertising regulations (CNMV circular) require mandatory risk warnings on all marketing. Tax reporting obligations: Form 721 for overseas crypto assets; Form 172 for domestic holders.

18. ITALY

Field	Detail
Country	Italy (IT)
Regulator	Organismo Agenti e Mediatori (OAM); Commissione Nazionale per le Societa e la Borsa (CONSOB)
License type	CASP Authorization (MiCA); pre-MiCA: VASP registration with OAM
Capital requirements	Per MiCA
Application timeline	6-9 months
Key gotchas	Italy introduced a 26% capital gains tax on crypto profits in 2023. OAM registration was straightforward AML registration. Italy's MiCA implementation designates CONSOB and Banca d'Italia as co-competent authorities.

19. PORTUGAL

Field	Detail
Country	Portugal (PT)
Regulator	Banco de Portugal; Comissao do Mercado de Valores Mobiliarios (CMVM)
License type	CASP Authorization (MiCA); pre-MiCA: VASP registration with Banco de Portugal
Capital requirements	Per MiCA
Application timeline	6-12 months
Key gotchas	Portugal was previously famous as a crypto tax haven (no capital gains on crypto for individuals). This changed in 2023 — short-term crypto gains (<365 days) now taxed at 28%. Banco de Portugal's VASP registration has been slower than expected with significant backlog.

20. MALTA

Field	Detail
Country	Malta (MT)
Regulator	Malta Financial Services Authority (MFSA)
License type	CASP Authorization (MiCA); pre-MiCA: VFA (Virtual Financial Assets) License under the VFA Act 2018
Activities covered	Full MiCA scope; VFA Act covered exchange, custody, advisory, portfolio management, ICO platforms
Capital requirements	Pre-MiCA VFA: EUR 50,000-730,000 depending on class. MiCA: standard CASP requirements
Application timeline	6-12 months
Key gotchas	Malta branded itself "Blockchain Island" in 2017-2018 and passed one of the first comprehensive crypto frameworks (VFA Act, ITAS Act, MDIA Act). In practice, very few VFA licenses were actually issued (fewer than 10 as of 2025). MFSA found the framework overly complex and slow. MiCA replacement is welcome simplification. FATF gray-listed Malta in 2021 (removed 2022) — reputational concern lingers.

21. ESTONIA

Field	Detail
Country	Estonia (EE)
Regulator	Rahapesu Andmeburoo (Financial Intelligence Unit — FIU Estonia)
License type	CASP Authorization (MiCA); pre-MiCA: VASP License (crypto exchange + wallet service)
Capital requirements	Pre-MiCA: EUR 100,000-350,000 (after 2022 tightening). MiCA: standard
Application timeline	3-6 months
Key gotchas	Estonia was initially very permissive — issued 1,000+ crypto licenses before 2020. Massive tightening in 2022: revoked ~400 licenses, increased capital requirements, required Estonian management board members, prohibited virtual offices. Currently a much more serious regime. Many shell-company licensees were revoked.

22. LITHUANIA

Field	Detail
Country	Lithuania (LT)
Regulator	Lietuvos Bankas (Bank of Lithuania)
License type	CASP Authorization (MiCA); pre-MiCA: VASP registration; also EMI licensing for crypto-related payment services
Capital requirements	EMI: EUR 350,000. VASP: EUR 125,000 (post-2023 tightening). MiCA: standard
Application timeline	3-6 months
Key gotchas	Lithuania became a popular EU fintech hub — many EMI licenses issued to crypto-adjacent companies. Bank of Lithuania has been cooperative but increasingly strict. Local substance requirements increased significantly. Lithuania is popular for EU e-money tokens under MiCA (EMI path).

23. LUXEMBOURG

Field	Detail
Country	Luxembourg (LU)
Regulator	Commission de Surveillance du Secteur Financier (CSSF)
License type	CASP Authorization (MiCA); pre-MiCA: VASP registration with CSSF
Capital requirements	Per MiCA
Application timeline	6-12 months
Key gotchas	Luxembourg is a major hub for crypto investment funds (under AIFMD). CSSF is experienced with fund structures but cautious on retail crypto services. Blockchain Law II (2021) enables tokenized securities. Strong legal framework for DLT-based financial instruments.

---

24. UNITED KINGDOM

Field	Detail
Country	United Kingdom (GB)
Regulator	Financial Conduct Authority (FCA)
License type	Crypto-asset registration (under MLR 2017 Part 11, as amended); future comprehensive regime under Financial Services and Markets Act 2023 (FSMA) crypto chapter
Activities covered	Current registration: exchange, custody, ATMs. Future regime (expected 2025-2026 phased implementation): full suite including trading platforms, intermediation, lending, staking, stablecoins
Capital requirements	Current registration: no statutory minimum but FCA assesses financial adequacy. Future regime: will mirror MiCA-style tiered capital requirements (HM Treasury consultation proposed this)
Application timeline	Current: 6-12+ months (FCA has been very slow; >80% rejection/withdrawal rate). Future regime: TBD
Ongoing obligations	MLR compliance program, nominated officer, ongoing monitoring, annual financial crime returns, FCA portal reporting
Foreign applicants	Must establish UK office and appoint UK-based MLRO (Money Laundering Reporting Officer)
Passporting	No — post-Brexit, no EU passporting. UK registration covers UK only
Key gotchas	FCA has the highest rejection rate of any major regulator for crypto registrations (~85% of applications rejected or withdrawn). Only ~40 firms currently registered. FCA crypto marketing rules (effective October 2023) are extremely strict — all promotions must include risk warnings, be "clear, fair, and not misleading," and comply with financial promotions regime. FCA banned crypto derivatives for retail consumers (2021). Stablecoin regulation is being fast-tracked under FSMA powers — fiat-backed stablecoins will be regulated as a new controlled activity. The UK is NOT implementing MiCA — it is developing its own bespoke framework.

---

25. SWITZERLAND

Field	Detail
Country	Switzerland (CH)
Regulator	Swiss Financial Market Supervisory Authority (FINMA); also self-regulatory organizations (SROs) like VQF, SO-FIT, AOOS
License type	No single "crypto license" — activity-dependent: Banking License, Securities Dealer License, FinTech License (sandbox or innovation license), SRO Membership for financial intermediation, DLT Trading Facility License (new category under DLT Act)
Activities covered	DLT Trading Facility: multilateral trading of DLT securities. Banking: deposit-taking, lending. FinTech: deposit-taking up to CHF 100M without lending. SRO: exchange, brokerage
Capital requirements	Banking: CHF 10M+. FinTech license: CHF 300,000. SRO membership: no minimum but adequate resources required. DLT Trading Facility: determined by FINMA based on activity
Application timeline	Banking: 12-18 months. FinTech: 3-6 months. SRO: 1-3 months. DLT Trading Facility: 6-12 months
Ongoing obligations	Varies by license type; generally: AMLA compliance, FINMA reporting, annual audit, capital adequacy
Foreign applicants	Can apply but FINMA requires Swiss management and operations substance
Passporting	None (Switzerland is not EU/EEA)
Key gotchas	Switzerland is a top-tier crypto jurisdiction ("Crypto Valley" in Zug). The DLT Act (2021) was groundbreaking — introduced DLT securities as a new legal category. FINMA's "no-action letter" approach and case-by-case guidance is flexible but uncertain. The SRO path is the most common for smaller crypto brokers/exchanges. Taxation: crypto treated as movable property for individuals (wealth tax, not income tax on capital gains for private investors).

---

26. LIECHTENSTEIN

Field	Detail
Country	Liechtenstein (LI)
Regulator	Financial Market Authority Liechtenstein (FMA)
License type	TVTG (Token and VT Technology Service Providers Act — "Blockchain Act") Registration — 10 specific service categories
Activities covered	Token generation, custody, physical validation (mining), protecting private keys, exchange, TT identity service, TT price service, token issuance, token offering platform
Capital requirements	Varies by category: EUR 30,000-100,000+ depending on service type
Application timeline	3-6 months
Ongoing obligations	FMA supervision, AML compliance, annual reporting, adequate organization
Foreign applicants	Must have registered office in Liechtenstein or EEA (EEA passporting applies)
Passporting	YES — Liechtenstein is in the EEA, and TVTG registrations are transitioning to MiCA CASP authorizations with EU/EEA passporting
Key gotchas	The TVTG (2020) was one of the most innovative and comprehensive frameworks globally — it regulates the "token economy" rather than just crypto. It defines tokens at the legal level as containers for rights. Liechtenstein's EEA membership makes it a strategic gateway to the EU market. Under MiCA transition, existing TVTG registrations are being converted. Small country with efficient regulator — popular for specialized token projects.

---

27. GIBRALTAR

Field	Detail
Country	Gibraltar (GI)
Regulator	Gibraltar Financial Services Commission (GFSC)
License type	DLT Provider License (under the Financial Services (Distributed Ledger Technology Providers) Regulations 2020)
Activities covered	Use of DLT for storing or transmitting value belonging to others (broad definition covers exchanges, wallets, custodians)
Capital requirements	Determined case-by-case; typically GBP 50,000-100,000+
Application timeline	3-9 months
Ongoing obligations	9 regulatory principles (honesty/integrity, customer care, adequate resources, risk management, security, corporate governance, etc.), annual audit, GFSC reporting
Foreign applicants	Must establish Gibraltar company; mind and management in Gibraltar
Passporting	No (not EU post-Brexit; not EEA)
Key gotchas	Gibraltar was an early mover (DLT framework effective January 2018). Principles-based approach rather than prescriptive rules. ~15 licensed entities. Post-Brexit, lost EU passporting — significant disadvantage. GFSC generally regarded as accessible and pragmatic.

---

28. TURKEY

Field	Detail
Country	Turkey (TR)
Regulator	Capital Markets Board of Turkey (SPK/CMB); Financial Crimes Investigation Board (MASAK)
License type	Crypto Asset Service Provider License (under the Crypto Assets Law, enacted July 2024)
Activities covered	Crypto-asset platform operations, custody, transfer, exchange
Capital requirements	TRY 50M (~$1.5M USD) minimum paid-up capital for platform operators
Application timeline	6-12 months (new framework; early applications in process)
Ongoing obligations	MASAK AML/CFT compliance, SPK prudential reporting, customer asset segregation, cybersecurity requirements, annual audit
Foreign applicants	Must establish Turkish legal entity; board members with Turkish residency required
Passporting	None
Key gotchas	Turkey has one of the world's highest crypto adoption rates. The 2024 law came after years of regulatory uncertainty and the Thodex exchange fraud (2021, CEO fled with ~$2B). Crypto payments were banned in April 2021 (CBRT regulation) — this ban remains despite the new licensing framework. Very high trading volumes despite restrictions. The new law includes criminal penalties for unlicensed operation.

---

29. NORWAY

Field	Detail
Country	Norway (NO)
Regulator	Finanstilsynet (Financial Supervisory Authority of Norway)
License type	CASP Authorization under MiCA (via EEA Agreement incorporation); pre-MiCA: VASP registration
Capital requirements	Per MiCA
Key gotchas	Norway is EEA but not EU — MiCA applies via EEA Agreement incorporation (slight delay possible). Finanstilsynet has been cautious and relatively strict. Norway has favorable energy costs for mining but concerns about energy consumption have led to data center taxation discussions.

---

PART III: ASIA-PACIFIC

---

30. JAPAN

Field	Detail
Country	Japan (JP)
Regulator	Financial Services Agency (FSA/JFSA)
License type	Crypto-Asset Exchange Service Provider (CAESP) Registration (under the Payment Services Act, as amended); Electronic Payment Instrument Exchange Service Provider (for stablecoins, under 2023 amendments)
Activities covered	Purchase/sale of crypto assets, exchange of crypto assets, intermediary services, custody/management. Stablecoin: issuance (banks, trust companies, fund transfer businesses), intermediation
Capital requirements	JPY 10M (~$70,000 USD) minimum capital; must maintain net assets equal to or greater than positive net assets. Separate user asset segregation (100% cold storage for customer assets recommended). Financial instruments businesses require JPY 50M+
Application timeline	6-18 months (JFSA is very thorough)
Ongoing obligations	Quarterly reporting to JFSA, annual business reports, mandatory segregation of customer assets (trust account or equivalent), JVCEA (self-regulatory body) membership mandatory, annual audit by CPA, cybersecurity assessment, Travel Rule compliance
Foreign applicants	Must establish Japanese subsidiary (kabushiki kaisha or equivalent); Japanese-resident representative director required
Passporting	None
Key gotchas	Japan was the first major economy to regulate crypto exchanges (after Mt. Gox collapse, 2014). The regime is mature but strict. JFSA has rejected applications and taken enforcement actions. Japan Virtual and Crypto Assets Exchange Association (JVCEA) is a mandatory SRO — it pre-screens token listings (the "green list" and "white list" system). Stablecoin framework (2023) requires stablecoin issuers to be licensed financial institutions and maintain 100% reserves in deposits or trust. Very limited DeFi participation due to regulatory uncertainty. Margin trading capped at 2x leverage. Token taxation is high — up to 55% for individuals as miscellaneous income (reform discussions ongoing).

---

31. SINGAPORE

Field	Detail
Country	Singapore (SG)
Regulator	Monetary Authority of Singapore (MAS)
License type	Payment Services Act (PSA) License — specifically: (1) Standard Payment Institution (SPI) License, (2) Major Payment Institution (MPI) License, for Digital Payment Token (DPT) services
Activities covered	DPT service: buying/selling DPT, facilitating exchange, transfer/transport of DPT, custodial services for DPT. Cross-border money transfer, e-money issuance also under PSA
Capital requirements	SPI: SGD 100,000 ($75,000 USD) base capital; annual transaction limits (SGD 3M for any single service, SGD 6M aggregate). MPI: SGD 250,000 ($185,000 USD) base capital; no transaction limits. Additionally: security deposits (cash or bank guarantee), professional indemnity insurance
Application timeline	6-18 months (MAS has been processing a large backlog; some applications have taken 2+ years)
Ongoing obligations	Ongoing AML/CFT compliance (MAS Notice PSN02), Travel Rule compliance, annual audit, technology risk management (MAS TRM Guidelines), business continuity planning, outsourcing guidelines, safeguarding of customer assets, MAS reporting, annual returns
Foreign applicants	Must establish Singapore entity (Pte Ltd); at least one Singapore-resident director; local compliance officer; physical office in Singapore
Passporting	None
Key gotchas	MAS received 170+ applications under the PSA — only ~20-30 full MPI licenses granted to DPT service providers as of early 2026. High rejection rate. MAS explicitly discourages crypto speculation for retail (2022 guidelines restrict marketing to general public, ban ATM placements in public areas, prohibit incentive programs like referral bonuses for retail). Singapore's strength is its institutional and B2B crypto ecosystem rather than retail exchange. Stablecoin regulatory framework (August 2023) requires MAS-regulated issuers to maintain reserve assets at 100%+ in cash/cash equivalents held with Singapore-licensed institutions. User protection guidelines (2024) require segregation of customer assets in statutory trust.

---

32. HONG KONG SAR

Field	Detail
Country	Hong Kong SAR (HK)
Regulator	Securities and Futures Commission (SFC); Hong Kong Monetary Authority (HKMA) for stablecoins; Customs and Excise Department (C&ED) for non-SFC-regulated VASPs
License type	(1) Virtual Asset Trading Platform (VATP) License under Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO); (2) SFC Type 1 (Dealing) / Type 7 (Automated Trading Services) for security tokens; (3) HKMA stablecoin issuer license (under Stablecoins Ordinance, expected 2025-2026)
Activities covered	VATP: operating a platform for trading virtual assets (exchange, custody incidental to trading). SFC Type 1/7: dealing in securities, operating ATS
Capital requirements	VATP: HKD 5M (~$640,000 USD) minimum paid-up share capital; liquid capital requirements per SFC rules. SFC Type 1: HKD 3M. SFC Type 7: HKD 5M
Application timeline	12-18 months (SFC is extremely thorough)
Ongoing obligations	Monthly/quarterly SFC returns, annual audit, independent assessment of cybersecurity, customer asset insurance requirements, compensation fund contributions, hot/cold wallet ratio requirements (98% cold storage), listing due diligence committee, retail investor knowledge assessments
Foreign applicants	Must incorporate in Hong Kong; SFC requires responsible officers to be Hong Kong residents
Passporting	None
Key gotchas	Hong Kong pivoted to crypto-friendly stance in October 2022 (policy declaration). The dual licensing regime (SFC for security tokens, AMLO for all VATPs) came into force June 1, 2023. Only OSL and HashKey received VATP licenses initially. SFC requires 98% cold storage (one of the strictest globally). Retail trading was allowed from June 2023 but only for specific "approved tokens" on licensed platforms. HK requires all VATPs to be licensed or deemed unlicensed — no exemptions. Stablecoin regime under development with sandbox. Banks (HSBC, Standard Chartered) have been directed by HKMA to bank licensed crypto firms.

---

33. SOUTH KOREA

Field	Detail
Country	South Korea (KR)
Regulator	Financial Services Commission (FSC); Financial Intelligence Unit (KoFIU)
License type	Virtual Asset Service Provider (VASP) Registration (under the Act on Reporting and Using Specified Financial Transaction Information, as amended 2021); Virtual Asset User Protection Act (VAUPA, effective July 2024)
Activities covered	Virtual asset exchange, transfer, custody, brokerage
Capital requirements	VAUPA: minimum KRW 3B (~$2.2M USD) equity capital for exchanges; must maintain reserves for compensation
Application timeline	3-6 months for registration; ongoing compliance with VAUPA
Ongoing obligations	KoFIU reporting, ISMS certification (mandatory), real-name verified bank account partnership (one exchange per bank), customer asset segregation (100% cold storage for reserves), annual audit, incident reporting, abnormal transaction monitoring
Foreign applicants	Must establish Korean entity; Korean-resident officers required
Passporting	None
Key gotchas	South Korea's "real-name bank account" requirement is the critical bottleneck — each exchange must partner with a Korean commercial bank for fiat on/off-ramp with real-name verification. Only 5 exchanges (Upbit, Bithumb, Coinone, Korbit, Gopax) have achieved this; dozens of smaller exchanges operate as crypto-only (no fiat pairs). VAUPA (2024) added investor protection: unfair trading prohibitions, insider trading restrictions, mandatory insurance/reserves for exchange failures. The market is dominated by Upbit (~80% market share). Token listing requires exchange self-assessment. ICOs remain effectively banned since 2017 (administrative guidance, not law).

---

34. AUSTRALIA

Field	Detail
Country	Australia (AU)
Regulator	Australian Transaction Reports and Analysis Centre (AUSTRAC); Australian Securities and Investments Commission (ASIC) for securities/derivatives
License type	Digital Currency Exchange (DCE) Registration with AUSTRAC; AFSL (Australian Financial Services License) for crypto-related financial products (derivatives, managed investment schemes, security tokens)
Activities covered	DCE: exchange of digital currency for fiat, exchange between digital currencies. AFSL: dealing/advising on crypto financial products
Capital requirements	DCE registration: no minimum capital requirement. AFSL: varies by authorization (typically AUD 50,000-5,000,000+)
Application timeline	DCE registration: 1-3 months. AFSL: 6-12 months
Ongoing obligations	AML/CTF program, AUSTRAC reporting (suspicious matters, threshold transactions, international transfers), record-keeping, biennial compliance assessment. AFSL holders: ongoing capital, compliance framework, audit, ASIC reporting
Foreign applicants	DCE registration: must have presence in Australia (at least designated business group). AFSL: Australian company or registered foreign company
Passporting	None
Key gotchas	Australia is in the process of comprehensive crypto reform. Treasury released a "token mapping" exercise (2023) and proposed a new licensing framework. The existing framework is patchwork — DCE registration is purely AML, while ASIC regulates crypto when it constitutes a financial product. ASIC took aggressive action against crypto derivative issuers (2021 onward) including design and distribution obligations. Debanking of crypto firms has been a major issue — Senate inquiry in 2023 highlighted widespread account closures. The proposed framework (expected legislation 2025-2026) will likely introduce a CASP-style authorization covering custody, exchange, and stablecoin issuance.

---

35. NEW ZEALAND

Field	Detail
Country	New Zealand (NZ)
Regulator	Financial Markets Authority (FMA); Department of Internal Affairs (DIA) for AML
License type	No specific crypto license; AML reporting entity registration with DIA required. Financial service provider registration (FSPR) for certain activities
Activities covered	Exchange, custody (as "financial services" — registerable)
Capital requirements	No statutory crypto-specific capital requirements
Application timeline	AML registration: 1-2 months. FSPR: 1-2 months
Key gotchas	New Zealand has a light-touch approach. Crypto is classified as property (not currency). GST does not apply to crypto-to-fiat exchange. AML obligations apply to providers of virtual asset services. FMA has issued guidance but no bespoke licensing. Relatively straightforward jurisdiction but limited local banking options for crypto firms.

---

36. INDIA

Field	Detail
Country	India (IN)
Regulator	Financial Intelligence Unit India (FIU-IND); Securities and Exchange Board of India (SEBI) for securities-classified tokens; Reserve Bank of India (RBI) for stablecoins/payments
License type	Virtual Digital Asset Service Provider (VDA SP) Registration with FIU-IND (under Prevention of Money Laundering Act amendments, March 2023)
Activities covered	Exchange, custody, transfer of virtual digital assets
Capital requirements	No specified minimum capital for FIU registration
Application timeline	1-3 months for FIU registration
Ongoing obligations	FIU-IND STR reporting, KYC obligations, record retention, compliance officer appointment
Foreign applicants	Must register with FIU-IND (several offshore exchanges were blocked in 2024 for non-compliance — Binance, KuCoin, others)
Passporting	None
Key gotchas	India has the most punitive crypto tax regime globally: 30% flat tax on crypto income (no deduction of losses against gains), 1% TDS (Tax Deducted at Source) on all crypto transactions above INR 50,000. The 1% TDS has been a massive friction point — killed trading volumes on Indian exchanges. RBI has historically been hostile (attempted outright ban in 2018, reversed by Supreme Court in 2020). Comprehensive crypto legislation has been "upcoming" since 2021 but not enacted. FIU-IND blocked access to 9 offshore exchanges in January 2024 for non-compliance; most subsequently registered (including Binance). No framework for stablecoins, DeFi, or token issuance. The RBI has launched a CBDC pilot (Digital Rupee) which it views as the preferred alternative to private crypto.

---

37. THAILAND

Field	Detail
Country	Thailand (TH)
Regulator	Securities and Exchange Commission (SEC Thailand); Bank of Thailand (BOT)
License type	Digital Asset Operator License — subcategories: (1) Digital Asset Exchange, (2) Digital Asset Broker, (3) Digital Asset Dealer, (4) Digital Asset Fund Manager, (5) Digital Asset Advisory Service
Activities covered	Exchange, brokerage, dealing, fund management, advisory of digital assets and digital tokens
Capital requirements	Exchange: THB 50M ($1.4M USD). Broker: THB 25M ($700K USD). Dealer: THB 5M. Fund Manager: THB 5M. Advisory: THB 5M
Application timeline	6-12 months
Ongoing obligations	SEC quarterly reporting, annual audit, customer asset segregation, cybersecurity assessment (aligned with SEC standards), AML compliance, net capital adequacy, investor protection fund contribution
Foreign applicants	Must establish Thai entity; Thai-resident directors required
Passporting	None
Key gotchas	Thailand was an early regulator (Emergency Decree on Digital Asset Business, 2018). SEC has licensed ~15 operators. Bitkub is the dominant exchange. SEC banned crypto payments in 2022 (BoT + SEC joint guidance). ICO portal licensing is separate (only approved portals can facilitate token offerings). Utility tokens and investment tokens have different regulatory treatments. 15% withholding tax on crypto gains (enforcement has been inconsistent). DeFi remains unregulated. SEC has been active in enforcement — revoked licenses (Zipmex) and investigated fraud cases.

---

38. PHILIPPINES

Field	Detail
Country	Philippines (PH)
Regulator	Bangko Sentral ng Pilipinas (BSP); Securities and Exchange Commission (SEC Philippines)
License type	Virtual Asset Service Provider (VASP) License from BSP (under BSP Circular 1108/2021)
Activities covered	Exchange of virtual assets and fiat, transfer of virtual assets, custody, financial services related to virtual assets
Capital requirements	PHP 50M (~$900K USD) minimum capitalization
Application timeline	6-12 months
Ongoing obligations	BSP prudential reporting, AML compliance (AMLC), IT risk management, consumer protection requirements, BSP examination
Foreign applicants	Must establish Philippine entity; 60% Filipino ownership requirement may apply depending on structure (under foreign investment regulations, though this is debated for VASPs)
Passporting	None
Key gotchas	Philippines has high crypto adoption (driven by remittances and gaming/play-to-earn). BSP licensed the first batch of VASPs in 2021-2022. Coins.ph and PDAX are major licensed operators. BSP imposed a moratorium on new VASP licenses in 2022 to assess existing licensees; partially lifted in 2024. SEC has separately warned about unlicensed crypto offerings. Axie Infinity/play-to-earn drove massive adoption (2021) but also regulatory scrutiny.

---

39. INDONESIA

Field	Detail
Country	Indonesia (ID)
Regulator	Otoritas Jasa Keuangan (OJK — Financial Services Authority); previously Badan Pengawas Perdagangan Berjangka Komoditi (Bappebti — Commodity Futures Trading Regulatory Agency)
License type	VASP Registration/License with OJK (authority transferred from Bappebti to OJK in January 2025 under Omnibus Financial Law P2SK)
Activities covered	Crypto asset trading (as commodity futures), exchange, custody
Capital requirements	Previously under Bappebti: IDR 50B (~$3.2M USD) for physical traders. OJK requirements being finalized post-transfer
Application timeline	6-12 months
Ongoing obligations	OJK supervision, transaction reporting, AML compliance (PPATK), customer asset segregation, cybersecurity standards
Foreign applicants	Must establish Indonesian entity (PT — Perseroan Terbatas)
Passporting	None
Key gotchas	Indonesia classified crypto as a commodity (not currency) — trading was regulated under Bappebti commodity futures framework. Authority transferred to OJK in January 2025 with a transition period. Indonesia launched its own crypto exchange (Bursa Kripto Indonesia/national crypto bourse) in 2023. 0.1% income tax + 0.11% VAT on each crypto transaction since May 2022. Islam-related considerations (MUI/scholars debating whether crypto is halal) affect adoption. Very large market by population.

---

40. VIETNAM

Field	Detail
Country	Vietnam (VN)
Regulator	State Bank of Vietnam (SBV); Ministry of Finance
License type	None — crypto is not legally recognized as a payment method; no licensing framework yet
Activities covered	N/A — crypto trading occurs in a regulatory gray zone
Key gotchas	Vietnam has very high crypto adoption despite the lack of legal framework. SBV has stated crypto is not a lawful means of payment (Directive 02/CT-NHNN/2014). Draft regulatory framework has been discussed since 2020 with no enacted legislation. Vietnamese users actively trade on international platforms. Government directed agencies to develop regulatory proposals by 2025. No tax framework specific to crypto — technically taxable as "other income" at 5-35%.

---

41. MALAYSIA

Field	Detail
Country	Malaysia (MY)
Regulator	Securities Commission Malaysia (SC); Bank Negara Malaysia (BNM)
License type	Recognized Market Operator (RMO) — Digital Asset Exchange (DAX) registration under the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019
Activities covered	Operating a digital asset exchange platform, IEO platform
Capital requirements	MYR 5M (~$1.1M USD) minimum shareholders' funds
Application timeline	6-12 months
Ongoing obligations	SC reporting, annual audit, AML/CFT compliance (BNM standards), cybersecurity framework, customer asset segregation, investor education requirements
Foreign applicants	Must establish Malaysian entity with local directors
Passporting	None
Key gotchas	Only 5 DAX operators registered (Luno, Tokenize, MX Global, Sinegy, Hata). SC has been strict and slow in issuing registrations. Crypto designated as securities under Capital Markets and Services Act. P2P crypto trading and offshore platform access remains common. SC has issued cease-and-desist orders against unregistered operators (including Binance in 2021). IEO framework requires separate SC approval.

---

42. TAIWAN

Field	Detail
Country	Taiwan (TW)
Regulator	Financial Supervisory Commission (FSC)
License type	VASP Registration (under "Guiding Principles for Management of Virtual Asset Service Providers" — guidelines-based, being formalized into law)
Activities covered	Exchange, custody, transfer of virtual assets
Capital requirements	Being formalized; FSC guidelines reference adequate capital and reserves
Application timeline	3-6 months for registration
Ongoing obligations	AML/CFT compliance, customer asset segregation, annual audit, FSC reporting, information security management
Foreign applicants	Must establish Taiwanese entity
Passporting	None
Key gotchas	Taiwan has taken a gradual approach — FSC issued guidance before legislation. A dedicated VASP law is under legislative review (expected 2025-2026). Self-regulatory organizations among exchanges. MaiCoin and BitoPro are major local players. Stablecoin framework under development. Taiwan's approach is influenced by both Japan and Singapore models.

---

43. CHINA (PRC)

Field	Detail
Country	China (CN)
Regulator	People's Bank of China (PBOC); China Securities Regulatory Commission (CSRC)
License type	NONE — all crypto trading, mining, and ICO activities are banned
Activities covered	N/A
Key gotchas	China banned ICOs in September 2017, closed domestic exchanges in 2017, and comprehensively banned all crypto transactions and mining in September 2021 (PBOC + 10-agency joint notice). Criminal penalties for facilitating crypto transactions. Despite the ban, Chinese citizens continue to trade via VPNs and OTC markets. Hong Kong and Macau have separate regimes. China is developing the Digital Yuan (e-CNY) CBDC as the official digital currency alternative. Blockchain technology (not cryptocurrency) is actively promoted by the government.

---

PART IV: MIDDLE EAST & AFRICA

---

44. UNITED ARAB EMIRATES

The UAE has TWO separate crypto regulatory frameworks — one federal (SCA/CBUAE) and one in each financial free zone.

A. Dubai — VARA (Virtual Assets Regulatory Authority)

Field	Detail
Country	United Arab Emirates — Dubai (AE)
Regulator	Virtual Assets Regulatory Authority (VARA)
License type	VASP License — categories: Advisory, Broker-Dealer, Custody, Exchange, Lending & Borrowing, Transfer & Settlement, VA Management & Investment. Each requires separate authorization
Activities covered	Full spectrum (7 categories above); can apply for multiple categories
Capital requirements	Varies by activity: Exchange: AED 15M (~$4.1M USD). Broker-Dealer: AED 5M. Custody: AED 5M. Advisory: AED 1M. Transfer: AED 5M
Application timeline	3-9 months (VARA has streamlined significantly since 2023)
Ongoing obligations	VARA prudential returns (monthly/quarterly), annual audit, AML/CFT compliance (CBUAE goAML reporting), technology governance, reserve/capital adequacy, market surveillance, customer protection requirements
Foreign applicants	Must establish Dubai entity (mainland or DMCC/DWTC free zone); local office and staff required
Passporting	VARA license covers the Emirate of Dubai only (excluding DIFC — see below)
Key gotchas	VARA was established by Dubai Law No. 4 of 2022 and is the world's first standalone virtual asset regulator. VARA's full market product regulations went live in 2023. Binance received a VASP license in Dubai (2023-2024). VARA has a "Minimum Viable Product" (MVP) phase before full operational license. Marketing rules are strict. VARA has imposed fines on unlicensed operators. Dubai's competitive advantage is speed and clarity.

B. Abu Dhabi — ADGM (Abu Dhabi Global Market)

Field	Detail
Country	UAE — Abu Dhabi (ADGM free zone)
Regulator	Financial Services Regulatory Authority (FSRA) of ADGM
License type	Financial Services Permission (FSP) for Operating a Crypto Asset Business (under FSRA's Framework for Regulation of Virtual Asset Activities, 2018/amended 2023)
Activities covered	Dealing as agent/principal, managing crypto assets, advising, arranging, operating a crypto asset exchange, providing custody
Capital requirements	Varies: Operating an exchange: $2M+ base capital. Custody: $500K-$1M+. Dealing/Brokerage: $250K+. Determined by FSRA case-by-case with risk assessment
Application timeline	3-9 months
Ongoing obligations	FSRA prudential returns, annual audit, AML compliance (ADGM AML rules), technology governance, client money rules, complaint handling
Foreign applicants	Must establish ADGM-registered entity; need not be UAE national
Passporting	Covers ADGM only (not wider UAE without additional licensing)
Key gotchas	ADGM was one of the first free zones globally to create a comprehensive crypto framework (2018). Reputation as "the serious regulatory jurisdiction" within UAE. FSRA is staffed with ex-FCA/MAS regulators. Common law jurisdiction (English law applies). More institutional focus vs. VARA's broader retail remit.

C. DIFC (Dubai International Financial Centre)

Field	Detail
Regulator	Dubai Financial Services Authority (DFSA)
License type	Recognized Crypto Token — investment token regulation under DFSA
Activities covered	Limited to investment tokens (security-like tokens). Does NOT license general crypto exchanges
Key gotchas	DFSA has been more conservative than VARA — only regulates investment/security tokens. Recognized crypto token list is small (initially: BTC, ETH). Not a full crypto licensing jurisdiction.

---

45. BAHRAIN

Field	Detail
Country	Bahrain (BH)
Regulator	Central Bank of Bahrain (CBB)
License type	Crypto-Asset Service Provider License — Category 1 (Crypto Exchange), Category 2 (Crypto Brokerage), Category 3 (Crypto Custodian), Category 4 (Crypto Advisory); under CBB Rulebook Volume 6 — Crypto-Asset Module
Activities covered	Exchange, brokerage, custody, advisory, portfolio management
Capital requirements	Category 1 (Exchange): BHD 100,000 (~$265,000 USD) minimum capital + BHD 50,000 reserve. Category 2: BHD 25,000. Category 3: BHD 100,000. Category 4: BHD 25,000
Application timeline	3-6 months
Ongoing obligations	CBB prudential returns, AML/CFT compliance, annual audit, cybersecurity assessment, minimum insurance, client asset segregation
Foreign applicants	Must establish Bahrain entity; CBB requires local presence and management
Passporting	None, but CBB license carries regional credibility
Key gotchas	Bahrain was the first MENA jurisdiction with a comprehensive crypto framework (CBB Rulebook Module, 2019). Rain Financial was the first licensed crypto exchange. CBB is pragmatic and accessible. Bahrain is a smaller market but valued as regulatory testbed for the GCC region. Shariah-compliant crypto product guidance available.

---

46. SAUDI ARABIA

Field	Detail
Country	Saudi Arabia (SA)
Regulator	Saudi Central Bank (SAMA); Capital Market Authority (CMA)
License type	None — no formal crypto licensing framework. Crypto trading is not explicitly illegal but is officially warned against (SAMA + CMA joint statement)
Activities covered	N/A
Key gotchas	Saudi Arabia has not banned crypto but strongly discourages it. No licensed exchanges operate domestically. Saudi residents actively use international platforms. CMA is exploring tokenized securities regulation. SAMA is piloting CBDC (Digital Saudi Riyal) in partnership with BIS. Regulatory framework may emerge in 2026-2027, possibly aligned with FATF standards.

---

47. QATAR

Field	Detail
Country	Qatar (QA)
Regulator	Qatar Financial Centre Regulatory Authority (QFCRA); Qatar Central Bank (QCB)
License type	Digital Asset Service Provider License (under QFC Digital Assets Framework, 2024)
Activities covered	Exchange, custody, advisory, transfer of digital assets
Capital requirements	Being determined by QFCRA on case-by-case basis
Application timeline	6-12 months
Key gotchas	Qatar previously banned crypto (QCB circular, 2018) but reversed course for the QFC in 2024. The QFC-only framework is limited to institutional/qualified investors, not retail. Reflects a cautious approach.

---

48. ISRAEL

Field	Detail
Country	Israel (IL)
Regulator	Israel Securities Authority (ISA); Capital Market, Insurance and Savings Authority (CMISA)
License type	Financial Asset Service Provider (FASP) License — covers crypto under the Financial Asset Service Providers Regulation Law (2023, amended)
Activities covered	Exchange, custody, transfer, portfolio management of financial assets including crypto
Capital requirements	ILS 300,000-1,000,000 (~$80K-$270K USD) depending on activity type
Application timeline	6-12 months
Ongoing obligations	ISA/CMISA supervision, AML/CFT compliance (Israel Money Laundering Prohibition Authority), customer asset segregation, annual audit, capital maintenance
Foreign applicants	Must establish Israeli entity
Passporting	None
Key gotchas	Israel's regulatory framework for crypto matured in 2023-2024 after years of uncertainty. The banking sector has been gradually opening to crypto firms after landmark court cases and Bank of Israel guidance. Israel has a strong crypto startup ecosystem but has faced challenges with banking access. Tax authority (ITA) treats crypto as property — taxable at 25% capital gains.

---

49. SOUTH AFRICA

Field	Detail
Country	South Africa (ZA)
Regulator	Financial Sector Conduct Authority (FSCA); South African Reserve Bank (SARB) — through Prudential Authority
License type	Financial Service Provider (FSP) License — crypto assets declared as financial products under FAIS (Financial Advisory and Intermediary Services Act) effective November 2022; CASP category
Activities covered	Providing advice, intermediary services, and dealing in crypto assets as financial products
Capital requirements	Varies by category; FSP requirements apply (typically ZAR 150,000-1,000,000+)
Application timeline	6-12 months
Ongoing obligations	FSCA reporting, FAIS compliance, annual compliance reports, annual financial statements, AML/CFT under FIC Act, complaint resolution mechanism
Foreign applicants	Must register as FSP; local key individual and compliance officer required
Passporting	None
Key gotchas	South Africa was the first African country to formally regulate crypto as a financial product. FSCA has been processing license applications from existing operators (transition period). Major local platform: Luno (acquired by DCG). SARB has been exploring CBDC (Project Khokha). South Africa was briefly on FATF gray list (removed 2025). Crypto fraud has been a major issue (Africrypt scandal — $3.6B). Exchange control regulations (capital flow restrictions) apply to crypto as well.

---

50. NIGERIA

Field	Detail
Country	Nigeria (NG)
Regulator	Securities and Exchange Commission Nigeria (SEC Nigeria); Central Bank of Nigeria (CBN)
License type	Virtual Asset Service Provider (VASP) License (under SEC Nigeria Rules on Virtual Assets, 2024); Digital Asset Exchange License; Digital Asset Offering Platform License
Activities covered	Exchange, issuance, custody, transfer of virtual assets
Capital requirements	Exchange: NGN 500M (~$320K USD). Offering Platform: NGN 100M. Custody: NGN 2B. Broker-Dealer: NGN 100M
Application timeline	3-6 months
Ongoing obligations	SEC Nigeria reporting, AML compliance (NFIU/SCUML), annual audit, capital maintenance, investor protection fund
Foreign applicants	Must establish Nigerian entity
Passporting	None
Key gotchas	Nigeria has the highest crypto adoption rate in Africa. CBN banned banks from servicing crypto in February 2021, then partially reversed in December 2023. SEC Nigeria stepped in as crypto regulator. Naira volatility and foreign exchange controls drive massive P2P trading volumes. The SEC framework is new and enforcement capacity is limited. CBN launched eNaira (CBDC) partly as an alternative to crypto.

---

51. KENYA

Field	Detail
Country	Kenya (KE)
Regulator	Capital Markets Authority (CMA Kenya); Central Bank of Kenya (CBK)
License type	No formal crypto licensing yet; CMA has issued guidance and is developing a framework
Key gotchas	Kenya has high crypto adoption (peer-to-peer) but no formal regulatory framework. CMA held industry consultations in 2023-2024. CBK has been cautious but not prohibitive. M-Pesa (mobile money) ecosystem coexists with crypto — integration could be significant.

---

52. MAURITIUS

Field	Detail
Country	Mauritius (MU)
Regulator	Financial Services Commission (FSC Mauritius)
License type	VASP License (under the Virtual Asset and Initial Token Offering Services Act, 2021)
Activities covered	Exchange, transfer, custody, advisory, portfolio management of virtual assets
Capital requirements	MUR 2.5M-10M (~$55K-$220K USD) depending on class
Application timeline	3-6 months
Ongoing obligations	FSC reporting, AML/CFT compliance, annual audit, capital maintenance
Foreign applicants	Can apply; Global Business License structure available
Passporting	None
Key gotchas	Mauritius positions itself as a fintech hub for Africa and Asia. FSC has issued a handful of VASP licenses. Sandbox licensing available for innovation. Competitive tax regime (15% corporate tax, various incentives). FATF had concerns about Mauritius' AML framework (gray-listed 2020, removed 2021).

---

53. RWANDA

Field	Detail
Country	Rwanda (RW)
Regulator	National Bank of Rwanda (BNR); Rwanda Utilities Regulatory Authority (RURA)
License type	VASP License (under Virtual Assets and Virtual Asset Service Providers Law, 2023)
Activities covered	Exchange, transfer, custody, advisory
Capital requirements	Being set by BNR in implementing regulations
Application timeline	3-6 months
Key gotchas	Rwanda is one of the first sub-Saharan African countries to pass comprehensive crypto legislation. Part of the country's strategy to become an African tech hub. Framework still being operationalized.

---

PART V: SPECIAL TOPICS

---

A. VASP Registration vs. Licensing — Global Comparison

Regime Type	Description	Countries
Full Licensing (authorization required, substantive prudential requirements)	Comprehensive regulation with capital, conduct, governance requirements	EU (MiCA), Japan, Singapore, Hong Kong, UAE (VARA/ADGM), Bahrain, UK (proposed), South Korea, Thailand, Bermuda
Registration + Conduct Rules (lighter than licensing but with substantive obligations)	Registration mandatory; AML + some conduct/prudential rules	US (FinCEN MSB + state MTL), Canada (FINTRAC), South Africa, Germany (pre-MiCA), Australia (DCE), Brazil
Registration Only (primarily AML)	Registration for AML/CFT purposes with minimal prudential requirements	India (FIU-IND), Estonia (pre-2022), pre-MiCA EU states without enhanced regimes
No Framework (but not banned)	Crypto activities occur in regulatory gray zone	Saudi Arabia, Vietnam, Kenya, most of sub-Saharan Africa, much of Central Asia
Banned or severely restricted	Crypto trading/mining prohibited	China, Algeria, Morocco (partially), Bangladesh, Nepal, Bolivia (historical, evolving)

---

B. MSB / Money Services Business Requirements — Comparative

Country	MSB Equivalent	Regulator	Registration/License	Crypto Covered
United States	MSB	FinCEN	Registration (Form 107)	Yes — convertible virtual currency exchangers are MSBs
Canada	MSB	FINTRAC	Registration	Yes — since June 2020 amendments
Australia	Designated remittance service (now DCE)	AUSTRAC	Registration	Yes
UK	MSB equivalent (payment services)	HMRC (MLR) / FCA	Registration	Yes (MLR Part 11)
EU	N/A (replaced by MiCA/PSD2)	NCAs	Authorization	Via CASP/payment institution path
Japan	Funds transfer service	FSA/JFSA	Registration	Separate crypto category (CAESP)
Singapore	Money-changing / remittance	MAS (PSA)	MPI/SPI License	DPT services under PSA

---

C. US Money Transmitter License (MTL) — Comprehensive State Matrix

Key parameters vary by state. Below is a summary of critical differentiators:

State	Crypto-Specific Statute	Bond Minimum	Net Worth Minimum	Processing Time	Notable
New York	BitLicense (23 NYCRR 200)	Case-by-case	Case-by-case	12-24+ months	Most rigorous
California	DFAL (eff. July 2025)	$5M	Varies	6-12 months	New dedicated crypto law
Wyoming	MSB exemption for certain crypto activities + SPDI Charter	Varies	$5M (SPDI)	3-6 months	Most crypto-friendly
Texas	MTL (no crypto-specific statute; guidance-based)	$300K	Varies	3-6 months	Crypto mining-friendly
Florida	MTL + Part III (virtual currency)	$500K-$2M	Varies	3-9 months	Explicit virtual currency provisions
Washington	MTL	Permissible investments	Varies	6-12 months	Third-party security audit required
Nebraska	Financial Innovation Act (2021) — digital asset depository charter	Varies	$10M (depository)	6-12 months	Novel charter type
Montana	NO MTL REQUIRED	N/A	N/A	N/A	Only state without MTL requirement
Illinois	TOMA license	$100K	Varies	3-6 months	Large market, standard process
Georgia	MTL	$150K+	$100K+	3-6 months	Standard
Pennsylvania	MTL	$1M	Varies	6-9 months	Guidance treats crypto as money
Ohio	MTL	$200K+	Varies	3-6 months	Standard
Colorado	MTL (+ state digital token exemption for certain utility tokens)	$150K+	Varies	3-6 months	Utility token exemption
Hawaii	MTL	$1K per licensee	Varies	3-6 months	Previously required 1:1 fiat reserve for all crypto (killed market); digital currency innovation lab (sandbox) expired; new legislation pending
Connecticut	MTL with virtual currency endorsement	Varies	$250K	6-12 months	Specific virtual currency provisions
Louisiana	Virtual Currency Business Act (Act 340, 2020)	$100K	Varies	3-6 months	Dedicated crypto statute

---

D. CASP Authorization Under MiCA — Detailed Process

Step-by-Step Application Process:

1. Pre-Application Engagement: Contact the NCA in your chosen home member state. Many NCAs offer informal pre-application discussions.

2. Entity Establishment: Incorporate a legal entity in the chosen EU member state. Must have registered office and effective place of management in the EU.

3. Application Submission (required documentation):

   • Programme of operations (detailed business plan)
   • Description of governance arrangements (management body members, fit-and-proper documentation)
   • Internal control mechanisms (AML/CFT, market abuse, complaints)
   • ICT security policies (must comply with DORA — Digital Operational Resilience Act)
   • Business continuity plan
   • Description of outsourcing arrangements
   • Description of custody and administration procedures (for custody CASPs)
   • Proof of capital requirements
   • Description of clients' complaint handling procedures
   • Evidence of good repute of shareholders/members with qualifying holdings (10%+)

4. NCA Assessment:

   • 25 business days for completeness check (acknowledgment)
   • 40 business days for substantive assessment (extendable by 20 business days)
   • NCA may request additional information (clock-stops)
   • NCA consults home member state AML authority

5. Authorization Decision: Granted or refused with reasons. Registered in ESMA register.

6. Passporting: Notify home NCA of intention to provide services in other member states. Home NCA notifies host NCA(s) within 20 business days. No additional authorization needed.

Key MiCA CASP Obligations Post-Authorization:

Obligation	Detail
Prudential requirements	Maintain own funds at higher of: (a) permanent minimum capital, (b) 1/4 of prior year fixed overheads
Client asset segregation	Customer crypto-assets and funds must be segregated from CASP's own assets; custody on behalf of clients via separate legal arrangements
Conflicts of interest	Written policy; prohibition on proprietary trading that conflicts with client interests
Outsourcing	Must maintain full responsibility; critical outsourcing requires NCA notification; outsourcing outside EU requires additional safeguards
Market abuse	Insider dealing, market manipulation, and unlawful disclosure of inside information prohibited for crypto-assets admitted to trading
White paper	Any new crypto-asset offered must have an approved crypto-asset white paper (exempt for tokens freely provided, tokens given for mining/validation, unique NFTs, and some others)
DORA compliance	Mandatory ICT risk management framework, incident reporting, testing requirements
Travel Rule	TFR (Transfer of Funds Regulation recast) requires originator/beneficiary information for all crypto transfers (no de minimis threshold in EU)

---

E. Payment Institution Licensing for Crypto Card Programs

Crypto debit/prepaid cards require licensing as a payment institution (or e-money institution) in most jurisdictions.

Jurisdiction	License Required	Regulator	Minimum Capital	Notes
EU/EEA	Payment Institution (PI) under PSD2 OR EMI under EMD2	NCAs (e.g., CBI, CSSF, BaFin)	PI: EUR 20,000-125,000. EMI: EUR 350,000	MiCA CASP does NOT cover payment services — need separate PI/EMI license. Card issuers typically need EMI license. Crypto-to-fiat conversion at point of sale requires CASP + PI/EMI
UK	PI or EMI under PSRs 2017 / EMRs 2011	FCA	PI: GBP 20,000-125,000. EMI: GBP 350,000	FCA requires detailed business models; crypto-funded cards under increased scrutiny
Singapore	MPI License (payment service)	MAS	SGD 250,000	DPT + e-money + payment account services under single PSA license
US	State MTL + federal MSB + potential bank partnership	State regulators + FinCEN	Varies by state	Most crypto card programs partner with issuing banks (Visa/Mastercard BIN sponsors). The card issuer needs MSB registration; the bank partner holds the charter
UAE	Payment Service Provider License	CBUAE	AED 10M-50M	CBUAE Stored Value Facility regulations apply to prepaid instruments

---

F. E-Money Institution Licensing for Stablecoin Issuers

Under MiCA, fiat-referenced stablecoins (E-Money Tokens / EMTs) require the issuer to be either a credit institution (bank) or an authorized Electronic Money Institution (EMI).

EMI Requirements Under MiCA for EMT Issuance:

Requirement	Detail
Authorization	Must be authorized as EMI under EMD2 (Directive 2009/110/EC)
Initial capital	EUR 350,000
Own funds	Higher of: EUR 350,000, or 2% of average outstanding e-money
Reserve requirements	100% of outstanding EMTs in secure, low-risk assets. At least 30% in credit institution deposits. Segregated and bankruptcy-remote
Redemption right	EMT holders must have right to redeem at par value at any time
White paper	EMT-specific white paper required (ESMA template)
Significant EMTs	If EMT crosses significance thresholds (>10M holders OR >EUR 5B outstanding), falls under EBA direct supervision. Additional 2-3% own funds buffer
Investment of reserves	Cannot invest reserves in high-risk assets; specific investment rules in MiCA RTS

Notable Stablecoin Licensing Examples:

Issuer	Token	Jurisdiction	License/Status
Circle (USDC)	USDC	France	EMI license (AMF); authorized under MiCA
Societe Generale FORGE	EUR CoinVertible (EURCV)	France	Credit institution (banking license)
Tether (USDT)	USDT	El Salvador / BVI	No EU MiCA authorization — faces EU distribution restrictions
PayPal (PYUSD)	PYUSD	US	State money transmitter (PayPal) + Paxos (NY Trust Company) as issuer
Paxos	USDP, BUSD (discontinued)	US / UAE	NY Trust Company charter; ADGM-regulated entity

---

G. Additional Notable Jurisdictions

54. PAKISTAN

No formal crypto framework. State Bank of Pakistan (SBP) has issued warnings but not banned. Ministry of Finance exploring regulatory options.

55. BANGLADESH

Crypto transactions effectively banned. Bangladesh Bank has warned against use of crypto and considers it illegal under foreign exchange regulations.

56. SRI LANKA

No crypto-specific regulation. Central Bank has issued warnings. Blockchain-related fintech sandbox being explored.

57. KAZAKHSTAN

Field	Detail
Country	Kazakhstan (KZ)
Regulator	Astana Financial Services Authority (AFSA) — within AIFC (Astana International Financial Centre)
License type	Digital Asset Trading Facility (DATF) License; Digital Asset Custodian License
Capital requirements	Varies; AFSA determines based on activity
Key gotchas	Kazakhstan hosted significant crypto mining (post-China ban) until energy concerns led to restrictions. AIFC framework is limited to the Astana free zone. General crypto activities outside AIFC remain in gray zone.

58. GEORGIA (country)

No formal licensing, but crypto-friendly tax regime (0% tax on crypto gains for individuals). National Bank of Georgia exploring regulatory framework.

59. UKRAINE

Passed "On Virtual Assets" law (2022) but implementation delayed due to war. National Securities and Stock Market Commission (NSSMC) designated as regulator. Framework not operational.

60. POLAND

Follows MiCA. Pre-MiCA VASP registration with tax authority (Izba Administracji Skarbowej). KNF (Polish Financial Supervision Authority) becomes NCA under MiCA.

61. CZECH REPUBLIC

Follows MiCA. Czech National Bank (CNB) as NCA. Pre-MiCA: Trade License Act registration for crypto activities.

62. AUSTRIA

Follows MiCA. FMA Austria as NCA. Pre-MiCA: VASP registration under FM-GwG (Financial Markets Anti-Money Laundering Act).

63. DENMARK

Follows MiCA. Finanstilsynet (Danish FSA) as NCA. Conservative approach — few crypto firms based in Denmark.

64. SWEDEN

Follows MiCA. Finansinspektionen as NCA. Pre-MiCA VASP registration. Sweden has been notably skeptical about crypto mining (environmental concerns). Riksbank exploring e-krona CBDC.

65. FINLAND

Follows MiCA. FIN-FSA (Finanssivalvonta) as NCA. Pre-MiCA: VASP registration with FIN-FSA. Relatively strict — required operator qualification assessments.

---

PART VI: GLOBAL COMPARISON TABLES

---

Capital Requirements Comparison (Top 30 Jurisdictions — USD Equivalent)

Jurisdiction	License Type	Minimum Capital (USD)
Hong Kong	VATP License	$640,000
UAE (VARA)	Exchange	$4,100,000
UAE (ADGM)	Exchange	$2,000,000
Singapore	MPI License	$185,000
Japan	CAESP	$70,000
South Korea	VASP (VAUPA)	$2,200,000
Thailand	Exchange	$1,400,000
EU (MiCA)	CASP — Exchange	$163,000 (EUR 150K)
EU (MiCA)	CASP — Custody	$54,000 (EUR 50K)
EU (MiCA)	ART Issuer	$380,000 (EUR 350K)
EU (MiCA)	EMI (for EMT)	$380,000 (EUR 350K)
UK (FCA)	Crypto Registration	Case-by-case
US (New York)	BitLicense	$1,000,000+ (de facto)
US (Wyoming)	SPDI Charter	$5,000,000
US (California)	DFAL License	$5,000,000 bond
Switzerland	FinTech License	$300,000 (CHF 300K)
Switzerland	Banking License	$10,000,000+
Bermuda	DAB License (Class F)	$100,000+
Bahrain	Exchange	$265,000
Australia	DCE Registration	None (AML only)
Canada	MSB Registration	None (AML only)
India	FIU Registration	None
South Africa	FSP License	$8,000-$55,000
Brazil	VASP Authorization	$200,000-$1,000,000
Nigeria	Exchange	$320,000
Philippines	VASP License	$900,000
Indonesia	VASP License	$3,200,000
Malaysia	DAX Registration	$1,100,000
Mauritius	VASP License	$55,000-$220,000
Liechtenstein	TVTG Registration	$33,000-$109,000

---

Application Timeline Comparison

Timeline	Jurisdictions
1-3 months	Canada (FINTRAC MSB), Australia (DCE), India (FIU), NZ, Estonia (post-reform)
3-6 months	Bahrain, Bermuda, Lithuania, Liechtenstein, France (MiCA), UAE (VARA fast track), Mauritius
6-12 months	Singapore, UK, Germany, Ireland, Netherlands, South Korea, Thailand, Japan, Malaysia, South Africa, Brazil, UAE (ADGM full), US (most states)
12-18 months	Hong Kong, Japan (complex cases), US (New York BitLicense), Switzerland (banking)
18-24+ months	US (multi-state full coverage), New York (BitLicense worst case), Germany (BaFin complex cases)

---

Passporting Availability

Jurisdiction	Passporting?	Scope
EU/EEA (MiCA)	YES	27 EU + 3 EEA states
Liechtenstein	YES (via EEA)	EU/EEA via MiCA transition
All others	NO	License covers domestic jurisdiction only

This is the single most important strategic differentiator in global crypto licensing. An EU MiCA authorization provides access to ~450M consumers across 30 countries from a single license. No other jurisdiction offers comparable passporting.

---

PART VII: STRATEGIC RECOMMENDATIONS

Optimal Licensing Strategy by Business Model

Business Model	Recommended Primary License	Secondary/Supporting	Rationale
Global crypto exchange	EU MiCA CASP (via France or Ireland) + Dubai VARA + Singapore MPI + US state MTLs	Hong Kong VATP, Japan CAESP	MiCA for Europe passporting; VARA for MENA; MPI for APAC; US for world's largest market
Stablecoin issuer	EU EMI (MiCA EMT) + US state trust/banking charter	Singapore stablecoin framework, UK (pending)	EMI gives EU-wide issuance; US charter gives dollar-denominated credibility
Crypto custody	EU MiCA CASP (custody) + US qualified custodian	Switzerland, Singapore	Institutional clients require recognized custody frameworks
Crypto card program	EU EMI + CASP + US bank partnership	UK PI + crypto registration	Card issuance requires payment institution + crypto authorization
DeFi protocol (centralized components)	EU MiCA CASP where applicable + monitor FATF guidance	Consult per jurisdiction	DeFi remains largely unregulated but enforcement trend is toward regulating centralized elements

---

KEY ENFORCEMENT TRENDS (2024-2026)

1. US SEC/DOJ — Continued aggressive enforcement against unregistered platforms and token issuers. Criminal charges for willful non-registration. Kraken, Coinbase, Binance settlements/ongoing litigation shape the landscape.

2. EU ESMA/NCAs — Transition period enforcement: operating without MiCA authorization after grandfathering period expires will trigger penalties. ESMA coordinating supervisory convergence.

3. FCA (UK) — Crypto marketing enforcement a priority. Fines for non-compliant financial promotions. Continued high bar for registration.

4. MAS (Singapore) — Focus on retail investor protection restrictions. Enforcement against unlicensed DPT services.

5. Global Travel Rule enforcement — FATF mutual evaluations increasingly testing virtual asset compliance. Sunrise period issues (not all jurisdictions enforce Travel Rule simultaneously) creating compliance gaps.

6. Sanctions enforcement — OFAC (US), EU sanctions compliance for crypto transactions is a growing enforcement priority, particularly regarding Russia-related activity.

---

This analysis reflects the regulatory landscape as understood through early 2026. Crypto regulation is evolving rapidly — specific requirements, capital thresholds, and timelines should be verified with local counsel before reliance. This document is for research and informational purposes and does not constitute legal advice.