Crypto License: VASP, CASP & MiCA Authorisation Across 41 Jurisdictions

What Is Crypto Licensing?

A crypto licence is a regulatory authorisation or registration that permits a legal entity to provide one or more specified crypto-asset services to clients in a specified jurisdiction. The instrument can take three shapes: a registration-only regime that adds anti-money-laundering supervision to an otherwise unlicensed activity, a full authorisation that imposes prudential, conduct and governance requirements alongside AML/CFT obligations, or a hybrid that pairs both layers.

Three terminology systems compete for the same regulatory concept. The Financial Action Task Force (FATF) introduced virtual asset service provider (VASP) in October 2018, framing the activity around AML/CFT supervision and bringing crypto-asset firms inside the global money-laundering perimeter. The European Union built its own term, crypto-asset service provider (CASP), into Regulation (EU) 2023/1114 (MiCA), extending the FATF baseline into a full prudential and conduct regime with passporting rights across all 30 European Economic Area states.^[1][2]

National regulators outside the EU have continued to mint their own labels: Singapore uses DPT service provider under the Payment Services Act 2019 and added DTSP under the Financial Services and Markets Act Part 9 from 30 June 2025; Hong Kong uses VATP (Virtual Asset Trading Platform) under the Securities and Futures Ordinance and AMLO Part 5B; Australia uses DCE (Digital Currency Exchange) under the AML/CTF Act 2006; the United Arab Emirates uses VARA VASP under Dubai Law (4) of 2022.

Crypto licensing sits alongside, not within, the other regulated-finance verticals. Gambling and iGaming licensing, forex broker licensing, EMI and payment institution licensing, fund and investment structuring and prediction market licensing each have their own regulators, statutes and capital thresholds; the boundaries matter because a crypto-native neobank that touches fiat e-money typically needs at least two of the above in parallel.^[3]

The rest of this page covers the FATF and EU concepts in depth (Sections 2 and 3), the cluster of 50 published jurisdiction pages (Section 4), the United States regulatory patchwork (Section 5), MiCA's national implementation across the EEA (Section 6), the requirements that recur across regimes (Section 7), costs and timelines (Section 8), the decision framework (Section 9), and the formation and engagement model that sits behind a Jagelski & Partners-led licensing project (Sections 10 and 11).

VASP vs. CASP: The Two Terms Explained

VASP and CASP describe the same underlying activity (the provision of crypto-asset services on a professional basis) but they originate from different rule-making bodies and carry different regulatory consequences. The FATF VASP definition is the international AML/CFT baseline. The EU CASP definition is a prudential and conduct framework that sits on top of that baseline. Confusing the two is the most common terminological error in the market.

What Is a VASP?

A virtual asset service provider is any natural or legal person who, as a business and not covered elsewhere in the FATF Recommendations, conducts one or more of five activities for or on behalf of another person.^[1] The FATF Glossary defines those five activities precisely: (i) exchange between virtual assets and fiat currencies; (ii) exchange between forms of virtual assets; (iii) transfer of virtual assets; (iv) safekeeping or administration of virtual assets or instruments enabling control over virtual assets; and (v) participation in and provision of financial services related to an issuer's offer or sale of a virtual asset.^[1]

The framework dates to October 2018, when the FATF revised Recommendation 15 (R.15) to bring virtual assets and VASPs inside the global AML/CFT perimeter. The Interpretive Note to R.15 followed in June 2019 and clarified the risk-based approach and the Travel Rule's application to crypto-asset transfers. Both the Glossary definitions and the Interpretative Note remain authoritative; the FATF's June 2025 Targeted Update on virtual assets reconfirmed both and reported that 85 jurisdictions had passed Travel Rule legislation, up from 65 in 2024.^[4]

For an operator, the practical effect is binary: if the business model touches any of the five activities, the jurisdiction's AML/CFT regime applies. Whether that AML supervision is paired with a full prudential licence (as in MiCA, Singapore, Hong Kong and Switzerland) or stops at registration-only (as in the British Virgin Islands, Georgia and most pre-MiCA EU regimes) is a separate question and depends on the jurisdiction's chosen model. The FATF baseline imposes no minimum capital, no governance rules and no passporting rights; everything beyond AML/CFT is layered on by national legislators.

What Is a CASP?

A crypto-asset service provider is, per Article 3(1)(15) of Regulation (EU) 2023/1114, "a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59".^[2] MiCA's Article 3(1)(16) lists 10 such services, materially broader than the FATF's five VASP activities: (a) custody and administration; (b) operation of a trading platform; (c) exchange of crypto-assets for funds; (d) exchange of crypto-assets for other crypto-assets; (e) execution of orders; (f) placing of crypto-assets; (g) reception and transmission of orders; (h) providing advice; (i) providing portfolio management; (j) providing transfer services.^[2]

Authorisation is granted by a national competent authority (NCA) under MiCA Article 63 and passports automatically across the 27 EU Member States plus Iceland, Liechtenstein and Norway via the European Economic Area (EEA) Agreement. The Article 3(1)(16) services map to three capital classes in MiCA Annex IV, and the prudential floor must be met by Common Equity Tier 1 own funds or by an equivalent insurance arrangement under Articles 67(5)–67(6).^[2] The complete deep dive on MiCA, including the Annex IV mapping, sits in Section 3 below.

Key Differences

Where the two regimes diverge matters operationally, not academically. A VASP registration in the BVI does not give a Singapore-incorporated stablecoin issuer the right to onboard Italian retail clients; only a MiCA CASP authorisation issued by an EU NCA grants that right, and even then only within the scope of the 10 Article 3(1)(16) services that the authorisation explicitly covers.^[5]

MiCA: The EU Crypto Regulatory Framework

MiCA is the most consequential single piece of crypto regulation enacted to date. It replaced 27 fragmented national VASP regimes with a single authorisation regime, introduced statutory prudential and conduct standards, and created a passport that allows one CASP authorisation to serve clients in 30 EEA states. The political process behind it took five years; the operational reality of CASP authorisation is now reshaping where crypto-asset businesses incorporate.

What Is MiCA?

MiCA stands for Markets in Crypto-Assets, the short title of Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937.^[2] The regulation was adopted on 31 May 2023, published in the Official Journal of the European Union on 9 June 2023 (OJ L 150) and entered into force on 29 June 2023.^[2]

Phased application split the regulation into two tranches. Titles III and IV, governing asset-referenced tokens (ARTs, MiCA Article 3(1)(6)) and e-money tokens (EMTs, Article 3(1)(7)), became applicable on 30 June 2024. Title V, governing the authorisation and conduct of crypto-asset service providers, became applicable on 30 December 2024.^[2] A third category, "other crypto-assets" (Article 3(1)(5)), covers everything that is neither an ART nor an EMT, with utility tokens called out separately at Article 3(1)(9).

The Article 143(3) transitional regime allowed Member States to grant up to 18 months of grandfathering relief to pre-30 December 2024 incumbents, anchored to the EU-wide outer deadline of 1 July 2026. ESMA's most recent statement on the matter, dated 17 April 2026 (reference ESMA75-113276571-1679), confirmed that the deadline has not been extended and that unauthorised CASPs must "implement orderly wind-down plans" by that date; penalties of up to EUR 5 million or 5% of annual turnover apply post-expiry.^[6] Per-Member-State windows are not uniform: several already lapsed in 2025 (Section 6 carries the full breakdown).

CASP Authorisation Requirements

CASP authorisation under MiCA Title V is a substantive prudential licence, not a registration. Article 68 sets a non-derogable set of governance, capital adequacy, AML/CFT, custody, conflict-of-interest, complaints, ICT-security and business-continuity requirements; each carries Level 2 detail in Commission Delegated Regulations and ESMA Regulatory Technical Standards (RTS). Outsourcing of any MiCA service is permitted under Article 73 but the CASP retains full residual liability.

DORA matters in practice because the Level 2 measures are dense and operational. The Register of Information template under Commission Implementing Regulation (EU) 2024/2956 has triggered material first-year compliance work for every CASP; the obligation to test ICT third-party risk and, for significant firms, complete threat-led penetration tests (TLPT) materially raises the operational floor compared with pre-MiCA national regimes.^[7]

MiCA Service Categories and Capital Requirements

MiCA Annex IV maps the 10 Article 3(1)(16) services to three minimum-capital classes. The applicant's permitted services determine the class; a CASP authorised for trading-platform operation is automatically subject to the Class 3 floor even where its other services would otherwise sit in Class 1 or Class 2. These figures sit at the centre of every jurisdictional cost discussion.

Two practitioner observations sit alongside these figures. The "one-quarter of fixed overheads" floor at Article 67(1)(b) often bites harder than the headline capital figure for any CASP with serious operating costs: a Class 2 CASP running EUR 2 million of annual fixed overhead carries a EUR 500,000 own-funds floor, not EUR 125,000. And the Annex IV figures govern the minimum at authorisation; NCAs routinely require materially higher buffers as a pre-condition for issuance, particularly for trading-platform applicants and for stablecoin-adjacent firms that need to demonstrate orderly wind-down funding.

Crypto Licensing by Jurisdiction

The tables below cover all 50 published jurisdiction guides. Jagelski & Partners delivers across all 50 end-to-end, through its partner network: entity, authorisation, banking and ongoing compliance in each one.^[8] Click any jurisdiction to open its dedicated page.

Compare jurisdictions interactively. Use the crypto licensing jurisdiction explorer to filter the field by budget, market access, tax, capital and substance, then jump straight to the jurisdictions that fit.

European Economic Area (17)

The EEA cluster is the only block where a single CASP authorisation under MiCA Article 59 passports across multiple states. Liechtenstein additionally maintains its TVTG token framework (parallel to its CASP scope); Poland's implementing law is currently vetoed, so the national CASP regime is not yet operational. MiCA-implementation status (transitional, lapsed, fully applicable) varies considerably across the remaining fifteen jurisdictions; Section 6 below carries the per-Member-State breakdown.

Other Regulated (18)

Major non-EU regulated regimes and emerging-market frameworks. Capital floors and prudential models vary far more than within the MiCA bloc.

Offshore International Finance Centres (12)

IFC regimes range from registration-only (BVI, Marshall Islands) to full authorisation (Bermuda, Cayman Phase 2). FATF status varies; BVI was added to the FATF grey list on 13 June 2025 and to the EU AML high-risk list in December 2025.^[9]

The figures are date-stamped to May 2026. Currency, tax rate and timeline ranges are sourced from each jurisdiction's regulator publications, primary statute, and the cited tier-1 legal briefings; the specific application cost in any one mandate depends on capital strategy, applicant complexity, and the regulator's queue at the time of filing. The detailed cost breakdown sits on the jurisdiction page in each case.

Crypto Licensing in the United States: MSB, State Licences and the BitLicense

The United States is the largest crypto market without a single national crypto licence. Its regulatory perimeter is assembled from three cumulative layers: a federal AML registration, a state-by-state money-transmission patchwork, and a securities/commodities split between two federal market regulators. That structure is why the US appears in none of the comparison tables above; there is no one authorisation to put in a row.

Federal Layer: FinCEN MSB Registration and the SEC/CFTC Split

Exchangers and administrators of convertible virtual currency are money transmitters under the Bank Secrecy Act and must register with FinCEN as a money services business (MSB) under 31 CFR 1010.100(ff), per FinCEN's 2019 consolidated guidance.^[20] Registration is an AML/CFT baseline, not a licence: it carries programme, reporting and Travel Rule obligations but no capital requirement, no fit-and-proper test and no authorisation decision. Market oversight then splits by asset: the SEC asserts jurisdiction where a token is offered as a security, while the CFTC supervises derivatives and polices fraud in spot markets, treating bitcoin and ether as commodities.

Federal legislation is partially landed. The GENIUS Act (Public Law 119-27, enacted 18 July 2025) created the first federal regime for payment-stablecoin issuers, with implementing rules still at the proposal stage through the first half of 2026.^[22] The market-structure bill, the Digital Asset Market Clarity Act (H.R. 3633), passed the House 294–134 on 17 July 2025 and cleared the Senate Banking Committee 15–9 in May 2026, but had not been enacted as of June 2026; the SEC/CFTC boundary therefore remains enforcement- and case-law-driven.^[22]

State Layer: Money Transmitter Licences and the NYDFS BitLicense

Below the federal floor sits a patchwork of roughly 50 state and territory money-transmission regimes, most of which capture crypto exchange and custody. Each state licenses separately, with its own surety bond, net-worth minimum, fees and examinations; the Money Transmission Modernization Act model law and the NMLS filing platform harmonise standards and centralise applications, but there is no passporting between states. New York adds the best-known state-specific regime: the NYDFS BitLicense (23 NYCRR Part 200, adopted June 2015), required for virtual currency business activity involving New York or its residents and held by only a few dozen firms a decade after adoption.^[21] A nationwide US licensing build-out routinely takes 1–3 years end to end.

Jagelski & Partners does not provide services to US persons; this section is informational only. Operators weighing the US patchwork against single-authorisation regimes can use the licensable routes covered on this page, and the exchange-specific comparison, including how the US federal and state layers map against MiCA, VARA and the APAC regimes, sits in the crypto exchange licensing guide.

MiCA Implementation Across EU Member States

A single MiCA regulation does not produce a single national experience. Each EEA state legislated its own implementing law and chose its own Article 143(3) transitional window. The aggregate EU outer deadline is 1 July 2026, confirmed by ESMA on 17 April 2026; per-state windows range from already-lapsed (Latvia, Netherlands closed on 30 June 2025; Germany, Ireland, Lithuania, Slovakia closed on 30 December 2025) to the full 18-month window (Cyprus, Czech Republic, Estonia, France, Italy, Liechtenstein, Malta, Portugal, Romania, Spain).^[6]

The European Securities and Markets Authority (ESMA) maintains the central interim CASP register. As of 22 May 2026, the register contains approximately 204–210 authorised CASPs across 23 member states, with Germany hosting the largest single pool (~53 authorisations, dominated by Volksbanken/VR-Banken cluster registrations plus tier-1 exchange authorisations), followed by the Netherlands (~25), France and Norway (~13 each), Malta (12) and Spain (~11). Notable zeros: Portugal, Poland and Romania.^[10] Polish operators are particularly exposed; the implementing law was twice vetoed by the President (1 December 2025 and 12 February 2026), and KNF has not been designated as the formal MiCA NCA. Polish-based crypto activity is migrating to Vienna, Prague, Vilnius and Nicosia.

The pattern matters. Lapsed jurisdictions (Germany, Ireland, Latvia, Lithuania, Netherlands, Slovakia) now require MiCA authorisation for any crypto-asset service to EU clients; legacy national regimes are closed. Active-transitional jurisdictions still allow incumbents to operate under national law until 1 July 2026, but new applications go directly through MiCA. Where it matters most for jurisdiction selection: an applicant ready to file in May 2026 is on a tighter clock in slow-NCA jurisdictions (BaFin, Central Bank of Ireland) than in faster NCAs (MFSA Malta, Lietuvos bankas, CySEC).^[11]

Common Requirements Across Jurisdictions

A small number of requirements recur across virtually every VASP and CASP regime worldwide. They sit at the FATF baseline and are extended (rather than replaced) by national prudential overlays. Operators planning multi-jurisdictional structures should treat these as the irreducible minimum.

AML/CFT programme. A documented anti-money-laundering and counter-terrorist-financing programme is universal: written policies, designated MLRO/AML officer, customer due diligence (CDD), enhanced due diligence for higher-risk customers, ongoing monitoring, sanctions screening, suspicious-activity reporting, training and independent testing. Programmes must be risk-based per FATF Recommendation 10 and operationalised through a transaction-monitoring tool (typically a third-party blockchain analytics platform) with sanctions and PEP screening overlays.

Travel Rule (FATF R.15(b) / R.16). Originator and beneficiary information must accompany crypto-asset transfers. The EU Transfer of Funds Regulation (Regulation (EU) 2023/1113) imposes no de minimis for CASP-to-CASP transfers; the EUR 1,000 threshold triggers only the additional self-hosted-wallet verification obligation under Articles 14(5) and 16(2).^[12] The EBA Travel Rule Guidelines (EBA/GL/2024/11) operationalise these information-accompaniment obligations across the CASP and ICASP populations.^[13] Comparable rules now apply in 85+ jurisdictions per the FATF June 2025 Targeted Update.^[4]

Fit-and-proper testing. Directors, senior managers, UBOs and significant shareholders are typically subject to clean-criminal-record requirements, financial-soundness checks, prior-regulatory-history disclosure and minimum experience standards (typically three to five years in a relevant role). MiCA codifies this at Article 68 with the qualifying-holdings threshold of 10% at Article 84; comparable thresholds apply elsewhere.

Custody segregation. Client crypto-assets must be segregated from CASP proprietary assets, individually accounted for at the client level, and protected from CASP insolvency. MiCA Article 70 imposes strict liability for loss except where the CASP can prove the event was beyond reasonable control. Hong Kong's SFC requires ≥98% cold storage with approved insurance for VATPs; the UAE's VARA requires 100% one-to-one like-kind reserve assets with daily reconciliation.

Operational substance. Mailbox-only structures are now effectively extinct in any FATF-compliant jurisdiction. Singapore requires a Singapore-resident executive director and compliance officer; Hong Kong requires at least one HK-resident Responsible Officer; the UAE VARA requires two UAE-resident Responsible Individuals; MiCA Member States require an effective head office in the authorising state with a locally-resident management body. Even BVI and Cayman now require local Authorised Representatives and AML officers.

Cybersecurity and operational resilience. EU CASPs face DORA (Regulation (EU) 2022/2554), in force from 17 January 2025, which sets ICT risk-management, incident reporting, threat-led penetration testing and ICT third-party risk obligations.^[7] Outside the EU, Singapore's MAS TRM Guidelines, Hong Kong's SFC technology standards, the UAE's VARA Technology Rulebook, and the international counterparty-driven benchmarks (NIST CSF 2.0, SOC 2 Type II, ISO/IEC 27001:2022) operate as the de-facto floor.

Reporting and audit. Annual audited financials (typically IFRS), periodic prudential and AML returns, material-change notifications and SAR/STR reporting are universal. EU CASPs additionally face DORA supervisory reporting and the MiCA Article 88 disclosure regime. Hong Kong SFC monthly FRR returns and Singapore MAS half-yearly returns are the most demanding cadences in the major jurisdictions.

What Crypto Licensing Costs

Crypto licensing costs cluster into four buckets: regulator fees, professional advisory, capital and operating substance, and ongoing compliance infrastructure. The headline figure is rarely the binding constraint; the operating substance and ongoing compliance load typically exceed government fees by an order of magnitude in the first year. All figures below are date-stamped to May 2026.

Regulator fees. Offshore application fees sit between USD 5,000 and USD 25,000 (BVI FSC: USD 5,000 general / USD 10,000 custody-or-exchange; Cayman CIMA Phase 2: CI$15,000 application + per-class annual). MiCA NCA fees range from EUR 5,000 to EUR 50,000 initial plus an annual supervisory fee structured per service category (CySEC: fixed components EUR 5,000–EUR 20,000 per service per year). Singapore MAS fees run SGD 5,000–10,000 annual.^[16] Hong Kong SFC's HKD 50,000 application fee for a Type 1+7 VATP is a fraction of total cost.^[17] UAE VARA fees are heavier (AED 40,000–100,000 application + AED 100,000–700,000+ annual supervision).^[18]

Capital lockup. Minimum capital is not paid to the regulator; it sits in the licensed entity, often in a regulated bank or in liquid assets, and cannot be deployed for operations. MiCA Class 1 EUR 50,000, Class 2 EUR 125,000, Class 3 EUR 150,000 (Annex IV).^[2] Singapore MPI SGD 250,000 + SGD 100,000–200,000 security deposit. Hong Kong VATP HKD 5,000,000 paid-up + HKD 3,000,000 liquid capital + 12 months of operating expenses pre-issuance. The "one-quarter of fixed overheads" floor in MiCA Article 67(1)(b) typically bites harder than the headline number.

Professional advisory. Legal and licensing-consultancy fees for application preparation typically run USD 25,000 to USD 200,000+ depending on jurisdiction, applicant complexity and policy-framework maturity. AML programme design (policies, KYC/CDD platform, transaction monitoring, training) adds USD 15,000 to USD 100,000 in Year 1. Local director appointments and senior compliance hires range from USD 20,000–80,000 p.a. offshore to USD 80,000–250,000+ p.a. in MiCA, Singapore, Hong Kong, Switzerland and Dubai.

Ongoing compliance infrastructure. Blockchain analytics platform subscriptions (referenced by institution type rather than by name) run USD 15,000 entry-tier to USD 150,000+ enterprise per year, with the largest exchanges paying USD 500,000+ for combined sanctions, KYT and investigation stacks. SOC 2 Type II audits cost USD 25,000–80,000 initial with recurring 50–75%. ISO/IEC 27001 certification adds USD 30,000–80,000 initial plus surveillance and three-yearly recertification.

We sequence licensing budgets so that capital, banking and substance hires land in the order the regulator expects to see them: getting a regulator past completeness review at the second filing rather than the fifth is the single biggest cost saver, and it depends almost entirely on pre-filing preparation rather than on the application fee.

How to Choose the Right Jurisdiction

Jurisdiction selection is rarely a one-variable decision. The five most decision-relevant axes are EU market access, total cost of ownership, banking accessibility, applicant timeline tolerance and the regulator's substance expectations. Each axis pushes toward a different short-list.

If EU market access is the requirement. Authorisation must be obtained from an EU/EEA NCA under MiCA; nothing else passports. Faster NCAs include MFSA in Malta (4–8 months, including the Article 143(6) simplified procedure for VFA Category A incumbents), CySEC in Cyprus (5–8 months), and Lietuvos bankas (4–7 months). Slower NCAs include BaFin in Germany and the Central Bank of Ireland, though their authorisations carry a credibility premium with institutional counterparties.

If cost is the binding constraint and EU passporting is not required. Estonia, Lithuania and the Czech Republic sit at the lower end of the MiCA cost spectrum. BVI, Cayman Islands and Bermuda are the institutional-grade offshore options; Seychelles, Saint Kitts and Saint Lucia sit in the mid-tier offshore band.

If timeline pressure dominates. Georgia (2–4 months) and Comoros / Anjouan (2–4 months) are the fastest; counsel-caution applies to the AOFA framework, which is not recognised at the Union Government of the Comoros level. Lithuania, Marshall Islands and Costa Rica (no bespoke regime; light AML supervision) sit at the 1–4 month band.

If tax efficiency matters most. BVI, Cayman, Bermuda (0% corporate income tax, with the 15% Pillar Two top-up for in-scope multinationals from 2024–2025), Estonia (0% on retained earnings, 22% only on distributions), and Marshall Islands (0% but note the EU non-cooperative tax jurisdictions list) sit at the favourable end. Always read the tax position alongside FATF and EU AML high-risk status: BVI's June 2025 FATF grey-listing and EU listing as a high-risk third country under Commission Delegated Regulation (EU) 2026/83 (adopted 4 December 2025, OJ L published 9 January 2026) materially affect counterparty banking access.^[9]

If banking access is the dealbreaker. Banking access is downstream of jurisdiction, not independent of it. Tier-1 banking is more accessible from Cyprus, Malta, Lithuania, Switzerland and UAE / Dubai than from grey-listed or counterparty-flagged jurisdictions; we cover the institution-archetype mapping on the Banking Hub and the high-risk-specific specialisation on the High-Risk Business Accounts page.

A good way to read the matrix: pick two of the five axes that are decision-relevant, then narrow to the three jurisdictions that score on both. Selection on a single axis (typically cost) is the most common mistake we see in pre-filing assessments.

Entity Requirements

Every VASP and CASP regime requires the applicant to be a legal entity registered or authorised in the relevant jurisdiction. The form, capital structure and governance of that entity must align with the licence; we plan formation backward from the licence specification rather than forward from a "favourite" structure.

For MiCA CASP applicants, the entity must be a legal person established in an EU Member State (or EEA state via the Agreement), with its central administration in that state. Article 59 prohibits authorisation of pure-paper entities; ESMA's Q&A repeatedly emphasises that the principal place of business must align with the authorising state, not with a parent group's preferred jurisdiction.^[2] See European Company Formation for the EU formation deep dive and the regional decision framework.

For offshore VASP applicants, local incorporation is universal. BVI requires a BC (Business Company) under the BVI Business Companies Act 2004, with an Authorised Representative and registered office locally. Cayman uses the Exempted Company or LLC under the Companies Act. Bermuda uses the Exempted Company. The Marshall Islands offers the DAO LLC under the Marshall Islands DAO Act 2022, which is a corporate vehicle rather than a financial licence. See Offshore Company Formation for the offshore decision matrix.

For non-EU regulated regimes, entity formation rules are typically prescriptive. Singapore requires a Singapore-incorporated company (Pte Ltd) with a Singapore-resident director. Hong Kong requires an HK Limited company with at least one HK-resident director under the Companies Ordinance. UAE VARA requires a Dubai mainland or DIFC/ADGM entity depending on the free zone strategy. The Company Formation Hub carries the cross-jurisdictional formation matrix and the decision framework for entity-licence alignment.

How Jagelski & Partners' Licensing Service Works

Jagelski & Partners coordinates crypto licensing as a five-stage process that runs entity, licence and banking workstreams in parallel rather than in series. Our team brings 16+ years of regulatory advisory experience and 50+ legal, regulatory and compliance specialists; the same partner network has been engaged by governments to draft national crypto and virtual-asset frameworks, which gives us an unusually direct view of how regulators read applications.

Stage 1: Pre-filing assessment. We scope the business model, map the activities to the FATF five-activity list and the MiCA Article 3(1)(16) services, and shortlist 2–3 jurisdictions that match the operational profile. The output is a written assessment, not a marketing deck.

Stage 2: Jurisdiction selection. We compare the shortlist on capital, timeline, banking realism, substance, ongoing supervisory cost and the regulator's recent behaviour with applicants of a similar profile. The selection memo is co-signed before any incorporation work begins; reversing a wrong jurisdiction at month 6 is the most expensive mistake in the lifecycle.

Stage 3: Entity formation and substance. We coordinate the incorporation, the appointment of local directors and senior compliance hires, and the substantive setup (office, MLRO/AML officer, IT infrastructure, blockchain analytics tooling). For EU applicants, the entity is established and operational ahead of the MiCA filing rather than as part of it; the timing affects the regulator's read on substance.

Stage 4: Application preparation and submission. We draft the regulatory business plan, AML policies, ICT and DORA documentation, governance arrangements and the prudential and operational annexes. Submission is timed to the regulator's queue; we have visibility into the active completeness backlog at most MiCA NCAs and at the major non-EU regulators.

Stage 5: Banking and post-authorisation compliance. Banking access is pre-qualified through our partner network. The same network supported EUR 14 billion of client turnover in 2025 across 90+ banking and payment institutions, with no markup and no onboarding fee. Post-authorisation, we coordinate the first-year compliance cadence (periodic reporting, DORA Register of Information, AML programme reviews) to keep the licence in good standing. The High-Risk Business Accounts page covers the specific archetype mapping for crypto operators.

The end-to-end mandate typically runs 6–12 months for MiCA and 4–8 months for offshore. The decision of when to start is a function of the regulator's queue, not of the applicant's readiness alone.

Frequently Asked Questions

References