+372 527 5237
Ask Emma

Banking

Licensing

Formation

Blog About Ask Emma
Book a Consultation
Licensing Last updated:

Licensing for Crypto, Fintech & Regulated Businesses

Jagelski & Partners helps crypto, fintech and high-risk operators obtain the licences and authorisations their business models require, working across six regulated verticals (crypto and e-money, gambling, forex, payments, funds and prediction markets) and coordinating applications across 50 licensing jurisdictions in the EU, offshore and Asia-Pacific. The firm’s licensing partners are engaged by governments to draft national crypto and virtual-asset frameworks.

Book a Licensing Assessment View Crypto Licensing by Jurisdiction

What Licensing Do You Need?

The licence you need depends on three variables: what regulated activity you perform, which markets you sell into, and whether you hold client money or assets. A centralised crypto exchange needs a CASP authorisation under Regulation (EU) 2023/1114 to serve EU users. A payments fintech needs a Payment Institution (PI) or Electronic Money Institution (EMI) licence under PSD2 or EMD2. A sportsbook needs a gambling licence. Most scaled fintechs need more than one.

In short: map your regulated activity to the regulator that supervises it, then pick the jurisdiction that best fits your commercial model, not the cheapest fee schedule.

Activity is the first filter. Custody of private keys, issuance of tokenised e-money, order execution in financial instruments, hosting games of chance, and running a derivatives event-contract venue are each supervised by different authorities under different primary legislation. A business model that sits across two activities triggers two regimes. A euro-denominated stablecoin issuer, for example, is caught by MiCA Title IV as an E-Money Token (EMT) issuer and by Directive 2009/110/EC as an Electronic Money Institution; MiCA Article 48(1) explicitly requires both.[1]

Market access is the second filter. An EU CASP benefits from single-market passporting across all 27 member states from one home regulator. A United States crypto business faces FinCEN plus state-by-state money transmitter licensing plus, for assets that meet the Howey test, SEC oversight. A sportsbook licensed in Malta cannot passport into the United Kingdom, where the UKGC requires its own authorisation under the Gambling Act 2005.

The common mistake is choosing a licence jurisdiction before mapping the activity. We begin the other way round: regulated activity, market, capital, substance, then jurisdiction.

Licensing Categories

Six licensing verticals cover the regulated activities Jagelski & Partners clients most commonly run. Each has its own dedicated page with depth on jurisdictions, capital requirements, timelines and costs. The cards below are routing signposts, not guides.

1

Crypto & Fintech Licensing (VASP / CASP / MiCA)50 jurisdictions

A Crypto-Asset Service Provider (CASP) is a legal person authorised under Article 59 of Regulation (EU) 2023/1114 (MiCA) to provide crypto-asset services in the EU.[2] The regime succeeded the fragmented national VASP registrations built on FATF Recommendation 15 and has been fully applicable since . Minimum own funds range from €50,000 to €150,000 depending on the service class (Article 67, Annex IV). Transitional grandfathering under Article 143(3) closes no later than ; grandfathered firms cannot passport. Jagelski & Partners advises centralised exchanges, custodial wallet providers, brokers and stablecoin issuers across 50 jurisdictions covering the EU, Asia-Pacific, the Gulf and the Caribbean.

See Crypto & Fintech Licensing →

MiCA / CASP authorisation and the 1 July 2026 deadline →

Crypto exchange licence costs and regimes compared →

2

Gambling & iGaming Licensing9 jurisdictions

A gambling licence authorises an operator to offer remote or land-based games of chance to consumers, or to supply core systems to licensed operators, subject to probity, player-protection, AML and technical-standards obligations set in primary legislation. In Europe, authorisations are granted under the UK Gambling Act 2005, Malta’s Gaming Act 2018, Gibraltar’s Gambling Act 2005 and equivalents. Offshore, the Curaçao Landsverordening op de Kansspelen (LOK) entered into force on , replacing the master/sub-licence model with direct licences from the Curaçao Gaming Authority (CGA).[3] Coverage spans 9 jurisdictions across Europe, the Caribbean, Central America and Africa, for both B2C operators and B2B suppliers.

See Gambling & iGaming Licensing →

3

Forex Broker Licensing10 jurisdictions

Retail and institutional FX and CFD brokers targeting EU clients operate under Directive 2014/65/EU (MiFID II), typically as a Cyprus Investment Firm authorised by CySEC under Law 87(I)/2017. Initial capital is tiered at €75,000, €150,000 or €750,000 depending on whether the firm deals on own account or holds client funds. CySEC authorisation carries EEA passporting and is subject to ESMA’s permanent retail leverage caps, including 30:1 on major FX pairs and 2:1 on cryptocurrencies.[4] Outside the EU, licensing is structured through Gibraltar’s GFSC, the UAE’s three regulatory clusters (the federal CMA, the DFSA in the DIFC and the FSRA in ADGM), the established offshore tier of Belize, the Bahamas, Bermuda and Labuan, and the light-touch tier of SVG, Saint Lucia and Costa Rica. Offshore markets still exist; their banking and PSP relationships are narrower.

See Forex Broker Licensing →

4

EMI & Payment Institution Licensing17 jurisdictions

An Electronic Money Institution (EMI) is authorised under Directive 2009/110/EC (EMD2) to issue electronic money, with minimum initial capital of €350,000 (Article 4).[5] A Payment Institution (PI) is authorised under Directive (EU) 2015/2366 (PSD2) to provide the payment services listed in Annex I, with tiered initial capital of €20,000, €50,000 or €125,000.[6] Both licences carry EEA-wide passporting from a single home regulator. As of , the PSD3/PSR package has moved past its political agreement: the Council published the final compromise texts on , the ECON Committee voted on , and Official Journal publication is expected at the end of Q2 2026; once published, it will fold EMD2 into a single PI regime and index capital thresholds upward. Coverage extends across EMIs, PIs, PISPs and AISPs in 17 jurisdictions.

See EMI & Payment Institution Licensing →

5

Fund & Investment Structuring6 jurisdictions

An Alternative Investment Fund Manager (AIFM) is a legal person authorised under Directive 2011/61/EU (AIFMD) to manage one or more Alternative Investment Funds (AIF). Minimum initial capital under Article 9 is €125,000 for an external AIFM and €300,000 for an internally managed AIF, plus 0.02% of AuM above €250 million (capped at €10 million).[7] Sub-threshold managers below €100 million in leveraged AuM or €500 million in unleveraged closed-ended AuM may register rather than obtain full authorisation. For retail-distributed funds, UCITS V (Directive 2014/91/EU) applies.[8] Jagelski & Partners structures offshore and onshore vehicles across BVI, the Cayman Islands and Panama.

See Fund & Investment Structuring →

6

Prediction Market Licensing8 jurisdictions

Prediction markets occupy a contested regulatory perimeter. In the United States, event-contract exchanges operate as CFTC-designated contract markets under the Commodity Exchange Act, a path reinforced by Kalshi’s 2024 DC Circuit victory and by Polymarket’s Amended Order of Designation issued on .[9] In the United Kingdom, binary options are banned for retail consumers under FCA Policy Statement PS19/11, effective , which pushes event-outcome products toward UKGC gambling authorisation.[10] In the EU, MiCA does not cover prediction markets; treatment defaults to MiFID II for derivatives or to national gambling law. Platforms are advised on CFTC designation pathways, UK perimeter analysis and EU structuring across eight jurisdictions and four regulatory regimes.

See Prediction Market Licensing →

How Jagelski & Partners’ Licensing Service Works

Jagelski & Partners runs every licensing mandate through the same five-stage sequence, scaled to the regulator involved. We do not begin with a jurisdiction recommendation; we begin with the regulated activity and the commercial model.

In short: every mandate runs through five stages: regulated-activity assessment, jurisdiction recommendation, entity formation and substance, application preparation, and post-licensing compliance. The sequence is the same across verticals; the pressure points differ by regulator.
  1. Regulated activity assessment. The client’s products and markets are mapped onto regulated activities, with every licensing trigger the business touches identified. For a multi-product fintech this is rarely a single licence. The output is a written scope statement that the client’s counsel and board can sign off before any application work begins.
  2. Jurisdiction recommendation. Two to four realistic jurisdictions are compared against six criteria: market access, capital efficiency, timeline, tax model, substance cost and, decisively, banking access. The real constraint at this stage is not the regulatory fee schedule. It is whether a correspondent bank or payment institution will open the operating account once the licence is granted. See Banking for Regulated Businesses for how that decision is de-risked up-front.
  3. Entity formation and substance. The licensed entity is almost always a new incorporation, with the share capital, governance, management locus and local office calibrated to the target regulator’s expectations. Formation happens in parallel with policy drafting, not sequentially. See Company Formation.
  4. Application preparation and submission. Policies, financials, governance documentation, fit-and-proper packs for directors and key function holders, IT security and operational resilience documentation, and the structured application itself. Experienced applicants front-load the documentation burden; delays at this stage compound through the rest of the regulator’s timeline.
  5. Post-licensing compliance. Authorisation is not the end of the work. Reporting, audit, ongoing capital monitoring, AML effectiveness testing, and, for EU licences, DORA ICT-risk obligations run continuously once the licence is live.

The sequence is the same across verticals. The pressure points differ: capital and cyber-resilience dominate EMI files, fit-and-proper and AML dominate gambling files, substance and own funds dominate MiCA CASP files.

Frequently Asked Questions

A VASP licence authorises crypto-asset services (exchange, custody, transfer) under FATF Recommendation 15-aligned national regimes. In the EU, VASP registrations have been replaced by the MiCA CASP authorisation under Regulation (EU) 2023/1114, with tiered initial capital of €50,000 to €150,000 by class. An EMI licence authorises the issuance of electronic money and the provision of payment services under Directive 2009/110/EC (EMD2) and PSD2, with minimum initial capital of €350,000. The regimes overlap for stablecoin issuers: MiCA Article 48(1) requires E-Money Token issuers to be authorised as a credit institution or an EMI. As of , a euro-denominated stablecoin issuer therefore needs both EMI authorisation and MiCA EMT compliance.

Yes, in every major jurisdiction. In the EU, MiCA (Regulation (EU) 2023/1114) requires CASP authorisation from a national competent authority, with EU-wide passporting; it has been fully applicable since . In the United States, exchanges must register federally with FinCEN as a Money Services Business (MSB) and hold state Money Transmitter Licences (MTLs), with additional BitLicense obligations in New York and potential SEC or CFTC oversight depending on assets traded. In the United Kingdom, firms must register with the FCA under the Money Laundering Regulations 2017; a broader FSMA authorisation regime will commence on under The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, with the authorisation gateway open from to .[13]

As of , the lowest headline fees sit in El Salvador’s Digital Asset Service Provider regime, followed by Panama, BVI, Seychelles, Mauritius and St. Vincent (SVG), with total set-up costs typically ranging from USD 15,000 to USD 100,000 plus capital and ongoing compliance. “Cheapest” is usually the wrong question. Offshore licences frequently come with restricted banking access, counterparty trust issues and, in several cases, FATF grey-listing exposure, none of which are solved by a low application fee. Total cost of ownership (banking, external audits, substance, MLRO and compliance hires, ongoing supervisory fees) determines viability more accurately than the government fee schedule alone.

Timelines vary materially by vertical. MiCA CASP authorisation takes 3 to 6 months for well-prepared applications under the Article 63 statutory 25+40 working-day clock, 6 to 12 months where the regulator raises supplementary questions. EMI authorisation under EMD2 realistically takes 12 to 27 months in the EU and 9 to 16 months in the UK, including pre-application preparation; the FCA targets 3 months for complete applications, but end-to-end timelines run far longer. MGA gambling authorisation runs 4 to 6 months to a temporary licence and 6 to 12 months end-to-end. CySEC CIF authorisation typically takes 6 to 12 months. Offshore forex licences typically run 2 to 4 months in practitioner experience, though no regulator publishes an official service level for these timelines. Experienced applicants add 2 to 4 months of pre-application preparation before filing.

Generally, no. Issuing e-money without prior authorisation is prohibited under Article 10 EMD2. Operating an unlicensed gambling business is a criminal offence in the UK and Malta. Providing MiFID investment services without authorisation breaches Article 5 of MiFID II. Crypto is the partial exception: MiCA Article 143(3) grants transitional relief for CASPs that lawfully provided services under national law before , allowing them to continue until or until the national regulator decides their CASP application. Member-state windows vary from 6 to 18 months under ESMA’s published list.[11] Grandfathered firms cannot passport during the transition.

“Fintech licensing” is an umbrella term covering every non-bank financial authorisation: payment institutions and e-money institutions under PSD2 and EMD2, MiFID II investment firms, AIFMD fund managers, credit institutions (banking licences under CRD/CRR) and, increasingly, crypto.[12] “Crypto licensing” specifically denotes VASP, CASP, DPT or MSB-for-crypto regimes. In the EU, this is the MiCA CASP authorisation under Regulation (EU) 2023/1114. In Singapore, it is DPT or DTSP authorisation under the Payment Services Act 2019. In the US, it is FinCEN MSB plus state MTLs. The regimes overlap where a crypto business needs fiat rails: a CASP typically cannot issue E-Money Tokens without an accompanying EMI authorisation (MiCA Article 48).

Typically yes. A crypto-native neobank offering spot trading, euro e-money wallets, equities brokerage and a euro stablecoin needs three to four authorisations: a MiCA CASP authorisation for trading and custody, an EMI authorisation under EMD2 for the wallet and for EMT issuance (MiCA Article 48), and a MiFID II investment firm authorisation for equities brokerage. Under the EU single market, each authorisation passports across all 27 member states from a single home regulator, which materially reduces marginal cost. US expansion, by contrast, requires state-by-state money transmitter licences in most states plus FinCEN MSB, with FINRA or SEC authorisation for securities and a CFTC footprint where derivatives apply.

Yes. Jagelski & Partners covers six licensing verticals: crypto and fintech (CASP, VASP, MiCA), gambling and iGaming, forex broker authorisation, EMI and payment institution licensing, fund and investment vehicle structuring, and prediction markets. Jurisdictional coverage is deepest in crypto (50 jurisdictions). Gambling coverage spans Europe, the Caribbean, Central America and Africa, and forex coverage spans Gibraltar, Cyprus, the UAE, Labuan and offshore Caribbean options. We work across all six verticals with the same five-stage mandate structure, coordinating with banking and formation in parallel where a single business needs multiple licences.

Book a Licensing Assessment

Tell us your business model and target markets. We will map the regulated activities, identify every licensing trigger, and recommend two to four viable jurisdictions with realistic timelines, capital and total-cost figures.

Book a Licensing Assessment View Crypto Licensing by Jurisdiction

Related Services

References

Show all references
  1. European Union, Regulation (EU) 2023/1114 (MiCA), Article 48, eur-lex.europa.eu, accessed .
  2. European Union, Regulation (EU) 2023/1114 (MiCA), Articles 59 and 67 and Annex IV, eur-lex.europa.eu, accessed .
  3. Curaçao Gaming Authority, Landsverordening op de Kansspelen (LOK), cga.cw, accessed .
  4. European Securities and Markets Authority, Product intervention measures on CFDs, esma.europa.eu, accessed .
  5. European Union, Directive 2009/110/EC (EMD2), Article 4, eur-lex.europa.eu, accessed .
  6. European Union, Directive (EU) 2015/2366 (PSD2), Article 7 and Annex I, eur-lex.europa.eu, accessed .
  7. European Union, Directive 2011/61/EU (AIFMD), Article 9, eur-lex.europa.eu, accessed .
  8. European Union, Directive 2014/91/EU (UCITS V), eur-lex.europa.eu, accessed .
  9. US Court of Appeals DC Circuit, KalshiEX LLC v. CFTC, Order of , cadc.uscourts.gov, accessed .
  10. Financial Conduct Authority, PS19/11: Product intervention measures for retail binary options, fca.org.uk, accessed .
  11. European Securities and Markets Authority, List of MiCA grandfathering periods (Article 143(3)), esma.europa.eu, accessed .
  12. European Union, Directive 2014/65/EU (MiFID II), eur-lex.europa.eu, accessed .
  13. Financial Conduct Authority, A new regime for cryptoasset regulation, fca.org.uk, accessed .