Step-by-Step Overview of the CASP License Application Process

Step-by-Step Overview of the CASP License Application Process

  1. Application Submission
    The licensing process begins when a company files its CASP license application with the competent authority in its home country. In Poland, this is the Financial Supervision Authority (KNF).
  2. Acknowledgment of Receipt
    Within five business days, the supervisory authority will confirm receipt of the application.
  3. Preliminary Review (Formal Completeness)
    The authority then has 25 working days to verify whether the application is complete.

    • If any documents or information are missing, the applicant will be asked to submit the required additions within a specified timeframe.
    • Failure to meet this deadline may result in the application being rejected.
  4. Substantive Evaluation Begins
    Once the documentation is confirmed as complete, the authority proceeds to review the content and notifies the applicant accordingly.
  5. Request for Additional Information
    Around the midpoint of the evaluation (after approximately 20 business days), the authority may request further clarification or documents. The applicant is given up to 20 business days to respond.

    • The final phase of assessment resumes once the additional materials are received.
  6. Final Decision
    In total, the evaluation process is designed to take a maximum of 40 business days, culminating in either the approval or denial of the license.

Note:
Timelines set out in the MiCA regulation are indicative. Delays due to correspondence exchange and administrative processing may extend the total duration of the procedure.

How Much Does the CASP License Cost?

The anticipated fee for obtaining a CASP license in Poland is set at €4,500 (or the equivalent amount in Polish zloty). As of June 14, 2024, this fee has not yet been formally enacted—it is currently outlined in Article 80(1) of the draft Polish Crypto-Asset Act, which is still under legislative review.

In addition to the initial licensing fee, Article 81(1) of the draft Act introduces an annual supervisory contribution. This annual payment is intended to support the oversight of the crypto-asset market and is calculated based on the applicant’s average crypto-related service revenues over the preceding three fiscal years. The fee may not exceed 0.5% of that average and must be no less than the PLN equivalent of €500.

For newly licensed CASPs, the first annual supervisory fee is payable in the year following the commencement of their crypto-asset service operations.

Overview of Internal Documentation Required for CASP License Applications

To apply for a CASP license under MiCA, applicants must prepare and submit a comprehensive set of internal documents and policies that demonstrate organizational readiness and regulatory compliance. These include:

  • Operational Program
    A detailed description of the scope and structure of the applicant’s planned crypto-asset services.
  • Prudential Safeguards
    Evidence that the applicant meets the prudential requirements outlined in Article 67 of MiCA.
  • Corporate Governance Structure
    An explanation of how the company is governed, including roles, responsibilities, and oversight mechanisms.
  • Management Competency and Reputation
    Documentation proving that board members are reputable and possess the necessary experience, skills, and knowledge to manage a crypto-asset firm.
  • Shareholding Structure
    Identification of all direct or indirect shareholders with qualifying holdings, along with evidence of their good standing.
  • Risk Management and Internal Controls
    A clear outline of policies, systems, and procedures to identify and manage operational, financial, and compliance risks—including anti-money laundering (AML), counter-terrorist financing (CTF), and business continuity planning.
  • ICT and Security Infrastructure
    Technical documentation detailing the firm’s IT and security systems, accompanied by a simplified non-technical description.
  • Client Asset Segregation
    A procedure outlining how client assets and funds will be segregated and protected.
  • Complaints Handling
    A structured process for managing and resolving client complaints effectively.
  • Custody and Administration
    If applicable, an explanation of the firm’s approach to safeguarding and administering clients’ crypto-assets.
  • Trading Platform Operations
    If the company will operate a crypto trading platform, it must include rules of operation, systems for detecting market abuse, and related procedures.
  • Asset Exchange Policies
    For firms exchanging crypto-assets for fiat or other digital assets, a non-discriminatory commercial policy and a pricing methodology for asset valuation must be included.
  • Order Execution Policy
    A detailed description of how client orders will be executed in a fair and transparent manner.
  • Advisory and Portfolio Management Services
    If offering these services, proof must be provided that the individuals responsible possess the relevant expertise and qualifications.
  • Crypto-Asset Transfers
    An outline of how crypto-asset transfer services will be performed on behalf of clients.
  • Specification of Crypto-Assets Covered
    A clear indication of the types of crypto-assets the services will relate to.

This set of documents ensures regulatory transparency and helps supervisory authorities evaluate the applicant’s readiness to responsibly provide crypto-asset services.

Requirements for CASP Licensing—Focus on Management Board Members

According to Article 68(1) of the MiCA Regulation, individuals appointed to the management board of a Crypto Asset Service Provider (CASP) must demonstrate integrity and possess the necessary qualifications, expertise, and experience—both on an individual level and collectively as a governing body—to effectively carry out their responsibilities.

Supporting Documentation for CASP License Applications
As part of the licensing process, the following documents must typically be submitted to meet regulatory technical standards (RTS) and supervisory expectations:

  • Certificate of Good Conduct
    Proof of a clean criminal record from relevant authorities.
  • Legal Compliance Statement
    A declaration confirming that the individual has not been subject to penalties under commercial, insolvency, financial services, anti-money laundering, anti-terrorism financing, fraud, or professional liability laws.
  • Comprehensive CV (Last 10 Years)
    A detailed curriculum vitae outlining educational background, professional qualifications, and work experience over the past decade. This should include:

    • Names and types of organizations previously worked for
    • Roles held and responsibilities undertaken
    • Specific powers and areas of oversight relevant to the intended CASP position
  • Time Commitment Declaration
    A formal statement specifying how much time the individual will dedicate to fulfilling their duties.
  • Personal Identification Details
    Full name, date and place of birth, current address, and intended role (including whether executive or non-executive), along with start date, term of office (if applicable), and key responsibilities.
  • Regulatory History Statement
    Disclosure of any past rejections of authorizations, licenses, or memberships by regulatory or professional bodies, as well as any expulsions or removals from such roles.
  • Dismissal Disclosure
    Statement on any prior dismissals from employment or fiduciary positions of trust.
  • Conflict of Interest Disclosure
    A description of any financial or non-financial relationships involving the board member or their close relatives that may relate to other executives, shareholders, or affiliates. This includes:

    • Ownership of crypto or digital assets
    • Loans, guarantees, or securities (granted or received)
    • Business affiliations, legal disputes, or roles of political influence held within the last two years

Additionally, recent guidance from ESMA, published in coordination with other EU Member States, aims to harmonize the evaluation of CASP license applications and reinforce transparency and consistency in supervisory practices.

ESMA’s Key Recommendations for CASP Management Boards

The European Securities and Markets Authority (ESMA) emphasizes that the structure and size of a CASP’s management board should align with the company’s scale and the complexity of its crypto-asset services. A minimum of two board members is required, but larger or more systemically important CASPs are expected to have proportionally broader and more robust governance structures.

Competency Expectations at the Application Stage
CASP applicants should be able to demonstrate that board members possess adequate expertise, particularly in the following areas:

  • National and EU-level regulatory frameworks
  • The Polish cryptocurrency market or, alternatively, regulated financial markets
  • Technical knowledge relevant to the crypto assets the company plans to offer

For CASPs with a significant market presence or impact, ESMA recommends elevated standards, particularly regarding board members’ professional backgrounds and education.

Functional Expectations for Board Composition
The management board should operate as an effective, collaborative team, with adequate time dedicated by each member to their responsibilities. Oversight should not depend on a single individual.

Specific ESMA Guidance Includes:

a) The Chief Executive Officer (or in Poland, typically the chairman of the management board) should commit 100% of their time to CASP operations
b) At least one board member must reside in the EU Member State where the CASP is licensed
c) Board members must be employed and physically present in the licensing country and remain accessible to the local regulator (e.g., PFSA/KNF in Poland)
d) Each member should allocate at least 50% of their working time to CASP duties
e) Dual roles are permitted, provided they do not impair a member’s ability to fulfill CASP obligations
f) The board must exert genuine influence over group-level decisions, especially where affiliated entities are based outside the EU
g) While a clean criminal record is generally required, pending investigations or past infractions do not automatically disqualify a candidate; suitability is assessed individually by the regulator

Regulatory Sensitivities in Poland
The Polish Financial Supervision Authority (KNF) issued a resolution on April 14, 2022, which remains relevant for CASPs. According to the resolution, individuals with ties to Russia or Belarus—whether by citizenship, significant business activity, or personal/professional connections—may raise concerns regarding the integrity and stability of the licensed business. Such ties may be grounds for additional scrutiny or rejection of the application.

 

Additional Governance Recommendations from ESMA for CASP Boards

ESMA has issued further guidance to ensure strong, EU-based management for CASPs. The recommendations focus on maintaining effective oversight and decision-making within the European regulatory framework. Key points include:

a) Local Presence of Senior Management
Executives and senior managers should reside and work in the Member State where the CASP is authorized. Their physical presence must reflect the nature and importance of their responsibilities, ensuring they can fulfill their roles efficiently.

b) EU-Based Decision-Making
Key personnel must remain accessible to national supervisory authorities—such as the Polish Financial Supervision Authority (KNF). For CASPs that are part of a broader international group, strategic and operational decisions affecting EU activities should be made within the European Union.

c) Autonomy in EU Operations
CASPs must retain adequate high-level personnel in the EU to ensure that independent and effective decisions can be made locally. While coordination with the group’s global structure is permissible, it should not result in the delegation of control or governance outside the EU jurisdiction.

Requirements for CASP Shareholders

Any shareholder or member holding a qualifying stake in a crypto-asset service provider must also meet strict reputation standards. Specifically, individuals must not have been convicted of crimes related to money laundering, terrorist financing, or other serious offenses that would question their professional integrity.

Document Checklist for Shareholders:

  • Criminal Record Certificate
    Confirmation of no prior convictions
  • Legal Compliance Declaration
    A signed statement confirming that the individual has not been sanctioned under commercial, insolvency, financial services, AML/CFT, fraud, or professional liability laws
  • Ownership Structure Diagram
    A detailed chart outlining the applicant’s shareholding structure, including names of shareholders with qualifying holdings and the breakdown of capital and voting rights

These requirements help ensure that both the management and ownership of CASPs meet the high standards expected under MiCA, reinforcing confidence in the integrity of licensed crypto-asset service providers.

 

Employee Requirements for CASP License Holders

According to Article 68(5) of the MiCA Regulation, crypto-asset service providers (CASPs) are required to employ personnel who possess the necessary expertise, experience, and skills to competently fulfill their responsibilities. Staffing decisions must take into account the size, complexity, and nature of the crypto services offered.

Polish Regulatory Framework
In Poland, additional employment criteria will be introduced through a dedicated regulation issued by the minister responsible for financial oversight, as outlined in the draft version of the Polish Crypto-Asset Act.

ESMA’s Recommendations on Internal Structure and Personnel
The European Securities and Markets Authority (ESMA), in a supervisory briefing, also outlined best practices for CASP organizational structure and key roles. At a minimum, CASPs should have distinct departments dedicated to:

  • Risk Management
  • Compliance, including Anti-Money Laundering (AML)
  • Internal Audit
  • Information Technology (IT)
  • Incident Response and Crisis Management

Each of these departments should be led by a qualified individual with relevant knowledge and professional experience. During the application review process, regulators must be confident in the competency and suitability of these senior personnel.

Location of Key Functions
Where feasible, ESMA advises that department heads should be based in the same EU Member State where the CASP is licensed, to ensure availability to the local supervisory authority (e.g., KNF in Poland).

Oversight of Outsourced Activities
If a CASP outsources any of its core functions, it is recommended that a designated in-house employee be assigned responsibility for monitoring and overseeing the performance of the external provider. This ensures accountability and regulatory compliance across all operational areas.