Guide to the Crypto-Asset Service Provider (CASP/MICA) authorisation application form

The application form for authorisation as a Crypto-Asset Service Provider (CASP) under Article 62 of Regulation (EU) 2023/1114, is an essential document for entities seeking to operate within the European Union’s regulatory framework. This form ensures that applicants meet the rigorous requirements to safely and compliantly provide crypto-asset services.

Main Findings

1. General information:  The form starts with the basic information required, including name, address, and contact information. It is straightforward but sets the stage for the more detailed sections ahead.
2. Programme of operations: Outline the business model and operational plan. This is an important section as it paints a clearer picture for regulators of what services the applicant intends to provide and how they plan to do it.
3. Prudential requirements: Focuses on the financial stability of the applicant. The applicant must provide details on financial resources, capital requirements, and risk management strategies. This is for applicants to prove they have the financial stability to operate safely.
4. Governance arrangements and internal control mechanisms: Applicants must provide details on their organisational structure and internal controls, including information on the roles and responsibilities of the management team and the measures in place to ensure compliance and security.
5. Business continuity and disaster recovery: Provide details of a wind-down plan to show plans to keep the business running smoothly in case of disruptions and protect client assets.
6. Detection and Prevention of Money Laundering and Terrorist Financing: For registered VASPs in Ireland, firms must confirm that there have been no changes to their business model or AML/ CFT framework since registration. If changes have occurred, they must explain the rationale and complete the relevant risk evaluation questionnaire. New applicants not registered as VASPs in Ireland must also complete this risk evaluation questionnaire.
7. Management body and shareholders: Applicants must provide information about the management team’s qualifications and experience and details about significant shareholders. This is to ensure that qualified and responsible individuals are in charge of managing a crypto-asset service provider.
8. ICT systems and security arrangements: In this section, applicants must detail their ICT systems and security measures, including how they protect client data and assets from cyber threats. Compliance with the Digital Operational Resilience Act (DORA) and Regulation (EU) 2023/1114 is mandatory. The Central Bank uses an IT Risk Questionnaire to assess compliance during the authorisation process to facilitate this.
9. Client asset segregation: The applicant must provide policies for keeping clients’ crypto assets separate from the firm’s assets. This step protects the client’s assets in case the firm faces financial difficulties.
10. Complaints handling: Applicants must provide adequate procedures for handling client complaints. This ensures that clients have a clear and fair process for resolving issues.
11. Custody and administration policy: Applicants must detail their policies for the custody and administration of crypto assets. This includes how they safeguard and manage these assets on behalf of clients.
12. Operating rules of the trading platforms: If the applicant operates a trading platform, they must provide the operating rules and measures to detect and prevent market abuse. They must outline any category of crypto assets that will not be admitted to trading and a reason for this exclusion. This ensures a fair and transparent trading environment.
13. Exchange of crypto-assets for funds or other crypto-assets: This section requires applicants to describe how they will handle the exchange of crypto-assets for funds or other crypto-assets. It includes details on the processes and safeguards in place to ensure secure and compliant transactions.
14. Execution policy: Applicants must outline how they will execute orders on behalf of clients. This includes ensuring best execution practices and transparency in order handling.
15. Provision of advice or portfolio management on crypto-assets: This section covers providing advice or portfolio management services related to crypto-assets. Applicants must demonstrate their ability to provide suitable recommendations and make informed investment decisions on behalf of clients.
16. Transfer services: Applicants must describe their transfer services, including the procedures and policies for transferring crypto assets. They should also include information on deployed ICT and human resources to address risks promptly. This ensures that the client’s assets are transferred securely and efficiently.
17. Cross-border provision of crypto-asset services: This section addresses the provision of crypto-asset services across different jurisdictions. Applicants must provide information on how they will comply with regulatory requirements in various countries.

The application form for authorisation as a Crypto-Asset Service Provider under Article 62 of Regulation (EU) 2023/1114 covers everything from financial stability to client protection. By thoroughly completing each section, applicants can demonstrate their readiness to operate within the EU’s regulatory framework, contributing to a safer and more stable crypto-asset market. This form is an essential step in ensuring the integrity and security of the crypto-asset industry.

How can we help?

Our Prudential Risk experts recognise that regulations remain a pivotal driver for the strategic priorities of financial institutions. Our team excels at helping financial service clients navigate the intricate web of regulations. We work with our clients to identify their regulatory responsibilities and develop strategies for full compliance.