What documents are required to apply for a MiCA licence?

The EU Regulation on Markets in Crypto-assets (MiCA, Regulation (EU) 2023/1114) has established uniform requirements for crypto-asset service providers (CASP) throughout the European Union. To obtain a licence, you must prepare a detailed set of documents that will allow the competent authorities to conduct a comprehensive assessment of the applicant, its corporate governance, reliability, compliance with prudential requirements, and ability to ensure customer protection and the stability of the services provided. Below we have compiled a list of documents required to apply for a MiCA licence in the EU.

Corporate documents and information about the applicant
A key step is the submission of constituent documents: articles of association, memorandum of association, extract from the commercial register and legal entity identifier (LEI). If the applicant plans to operate a trading platform, the trade name used must be indicated. The package of documents must include information about shareholders and participants with qualifying holdings, their reputation and the origin of funds, as well as data on members of the board of directors and key managers confirming their qualifications, absence of criminal records and conflicts of interest.

Activity programme and business plan
In accordance with Article 62(2) of MiCA, the applicant shall provide a programme of operations, which shall describe:

• the organisational structure of the company,
• the service provision strategy and target audience,
• operational capabilities for the next three years,
• marketing channels (websites, mobile applications, online advertising, collaboration with influencers, sponsorship, events, training courses),
• financial forecasts and capital utilisation plan.

The regulator also expects scenario analysis and stress tests that simulate adverse but plausible market conditions to assess the company’s resilience to external shocks.

Management mechanisms and internal control
The applicant is required to describe the corporate governance system, distribution of functions, internal control mechanisms and decision-making processes. This includes procedures for managing operational, legal, cyber and reputational risks, as well as a description of plans to ensure business continuity, minimise downtime and recover from incidents, including cyber attacks and force majeure.

AML/KYC and customer protection measures
Particular attention is paid to mechanisms for combating money laundering and terrorist financing (in accordance with AMLD5 and Regulation (EU) 2023/1113). Internal KYC procedures, transaction monitoring and reporting must be presented. In addition, the application must include a description of measures to segregate customer assets in order to protect them from the risks of loss or misuse.

IT infrastructure and cybersecurity
The package of documents includes a description of ICT systems, information security protocols, human resources allocated to cyber risk management, as well as plans to prevent data leaks and protect against financial losses.

Rules for the operation of trading platforms (for CASPs managing platforms)
If the applicant plans to operate a trading platform, rules for admitting crypto assets to trading, the procedure for verifying their compliance with requirements, a description of the types of crypto assets that will not be admitted, and the reasons for such restrictions must be provided. Additionally, the rules for conducting trades, executing and cancelling orders, ensuring transparency and record keeping, as well as the procedure for settling transactions, including the use of distributed ledger technology (DLT), shall be disclosed.

Financial and accounting data
The competent authorities shall verify that sufficient own funds are available to ensure compliance with prudential requirements (Article 67 MiCA). The applicant shall provide financial statements (if already available), a description of accounting policies and evidence of the required amount of capital (€50,000/€125,000/€150,000 depending on the licence class).

Proof of integrity of management and shareholders
Declarations of no criminal convictions, information on any ongoing investigations or administrative proceedings, and information enabling the regulator to conduct a fit and proper test shall be attached.

Additional requirements for Class 2 and Class 3
For higher-level licences, a description of procedures for preventing and disclosing conflicts of interest, rules for monitoring market abuse, and enhanced cybersecurity measures must be attached.

Detailed information about the crypto project that must be provided in the MiCA licence application

A company applying for a crypto-asset service provider (CASP) licence in accordance with Article 62 of Regulation (EU) 2023/1114 is required to include the following set of information and documents in its application:

• the official legal name of the company, its telephone number and email address;
• the commercial or trade name used or planned to be used;
• legal entity identifier (LEI);
• full name, position, contact telephone number and email address of the designated contact person responsible for interacting with the regulator;
• the legal form of the company (indicating whether it is a legal entity or other enterprise), national identification number and confirmation of registration in the national register of companies;
• date of establishment of the company and the EU Member State in which it is registered;
• the founding documents and articles of association, as well as internal by-laws (if applicable);
• the address of the company’s head office and the address of its registered office, if different;
• information about branches that will operate in other EU countries, including their legal entity identifiers (LEIs), if any;
• domain names of all websites that the company uses to provide services, as well as links to the company’s official social media accounts;
• if the applicant does not have legal entity status, documents confirming:
  • a level of legal protection for customers and third parties equivalent to that provided to legal entities, including in cases of bankruptcy;
  • the applicant’s compliance with prudential supervision appropriate to its organisational and legal form;
• if the company intends to operate a trading platform for crypto assets:
  • the physical address, telephone number and email address of the trading platform;
  • the commercial name under which the platform will operate.

This information allows the regulator to identify the applicant, assess its legal status, structure and readiness to provide services, and verify compliance with the basic requirements of MiCA before moving on to the assessment of the business model and internal processes.

1) General information to be provided when applying for a MiCA licence

A legal entity applying for authorisation as a crypto-asset service provider (CASP) under Article 62 of Regulation (EU) 2023/1114 must submit an application to the supervisory authority containing a comprehensive set of information and supporting documents necessary for consideration and decision-making on the granting of authorisation:

• the legal name of the company, its contact telephone number and email address;
• the commercial/trade name used or planned;
• legal entity identifier (LEI);
• name, position, telephone number and e-mail address of the designated contact person authorised to interact with the regulator;
• the legal form of the company (legal entity or other enterprise), national identification number and proof of registration in the national register of companies;
• date of establishment and EU Member State in which the company was established;
• constitutive documents, articles of association and subordinate legislation, if applicable;
• the address of the head office and, if different, the registered office;
• information about branches that will operate in other jurisdictions, including their LEIs;
• domain names of all websites through which services are provided, as well as the company’s official social media accounts;
• if the company does not have legal entity status, documents confirming:
  • the level of protection of the rights of customers and third parties, including protection in the event of bankruptcy, comparable to the protection provided by a legal entity;
  • subjection to prudential supervision appropriate to its organisational and legal form;
• if the company intends to operate a trading platform:
  • the physical address, contact telephone number and e-mail address of the trading platform;
  • the commercial name under which the platform will operate.

This information allows the regulator to identify the applicant, assess its legal status and organisational structure, and verify that it has the necessary resources and infrastructure to provide services on a legal basis.

2) Company activity programme

A company applying for a crypto asset service provider (CASP) licence is required to submit a detailed programme of activities for three years after obtaining the licence, which must include:

• a description of the applicant’s place in the group of companies (if it belongs to a group) and an explanation of how its activities correspond to the group’s strategy and interact with other companies in the group;
• an analysis of the impact of affiliated organisations (including regulated ones) on the applicant’s business;
• a complete list of crypto-asset-related services that are planned to be provided, indicating the types of crypto-assets to which they relate;
• a description of other activities (regulated or unregulated) that the company intends to carry out in addition to CASP services;
• an indication of whether the applicant will offer crypto assets to the public or seek their admission to trading, specifying the types of such crypto assets;
• a list of EU and third-country jurisdictions in which the services will be provided, with a forecast of the number of clients by geographical area;
• characteristics of the types of clients targeted by the services (retail, professional investors, etc.);
• a description of the channels through which clients access the services, including:
  • domain names of websites and applications through which services are provided, interface languages, types of services and countries where they are available;
  • names of mobile and web applications, interface languages, and a list of services available through them;
• marketing and advertising plan:
  • promotion channels used (online advertising, social networks, events, press releases, etc.);
  • methods of identifying the company in communications with customers;
  • description of the target audience and types of crypto assets targeted by the campaigns;
  • languages used in advertising materials;
• description of human, financial and ICT resources allocated to the implementation of planned services, indicating their geographical location;
• outsourcing policy and a detailed description of planned contracts, including intra-group agreements, the procedure for complying with the requirements of Article 73 of MiCA, information about service providers, their location and outsourced functions, as well as a description of the processes for monitoring and assessing outsourcing risks;
• a projected accounting plan, including stress scenarios that take into account intra-group loans and financial flows;
• a description of any exchange transactions (fiat on-/off-ramp), including interaction with decentralised applications (DeFi) that are planned to be used on behalf of the company.

Additionally:

• if the applicant intends to provide a service for receiving and transmitting client orders for crypto assets, submit procedures and measures to comply with Article 80 of MiCA;
• if the applicant plans to engage in the placement of crypto assets, provide procedures for identifying, preventing and disclosing conflicts of interest, as well as a description of measures corresponding to Article 79 of MiCA and technical standards adopted in accordance with Article 72(5).

Such a programme allows the regulator to assess the company’s strategy, the sustainability of its business model, its resources and its readiness to comply with regulatory requirements throughout its entire period of operation.

3) Prudential requirements

A company applying for a CASP licence must prepare and submit to the regulator a complete set of information confirming compliance with the prudential requirements set out in Article 67 of Regulation (EU) 2023/1114.

The application must specify:

• Description of prudential safeguards:
  • the amount of own funds (capital) as at the date of application and the methodology for their calculation;
  • the amount of prudential guarantees covered by own funds (if applicable);
  • the amount of guarantees covered by an insurance policy or comparable financial guarantee (if applicable).
• Forecast calculations and plans:
  • capital and prudential safeguards forecast for the first 3 years of operation after obtaining the licence;
  • key assumptions used in planning, including stress scenarios;
  • expected number of clients, volume of orders and transactions, and volume of crypto assets held in custody.
• Financial statements (if the company is already operating):
  • approved financial statements for the last three years;
  • if the reports have not been audited, confirmation from the national supervisory authority of the amount of own funds.
• Capital planning and monitoring procedures:
  • description of the internal control and monitoring system for prudential safeguards.
• Evidence of compliance with prudential requirements:
  • documents confirming the calculation of own funds in accordance with MiCA;
  • for newly established companies, a bank statement confirming the transfer of authorised capital to the account;
  • if an insurance policy or comparable guarantee is used:
    • information about the insurance company (name, date and country of registration, address of the head and registered office, contact details);
    • a copy of the signed insurance policy or insurance contract in accordance with Articles 67(5) and 67(6) of MiCA.

This set of documents confirms the company’s financial stability, sufficient capital to cover operational and market risks, and the ability to protect clients in the event of unforeseen events.

4) Governance mechanisms, internal control and conflict of interest policy

The application must describe the organisational structure, including the group of companies (if the applicant is part of it), the distribution of functions and powers, lines of authority and existing internal control mechanisms. It is important to identify the heads of key internal functions, provide their biographies with a description of their education, qualifications and professional experience, and confirm that they have the necessary knowledge and skills to perform their duties.

The regulator requires a description of the internal policies and procedures that ensure compliance with MiCA, as well as the mechanisms for communicating these procedures to employees. Particular attention is paid to the existence of an internal whistleblowing system that allows employees to inform management of non-compliance with regulatory requirements. The applicant is required to describe the procedure for maintaining records and storing documentation in accordance with the technical standards established by the European Commission, as well as to demonstrate the existence of a system for monitoring and regularly reviewing the effectiveness of the policies and procedures implemented.

The company’s management body must be able to receive regular reports from internal control functions, confirming the independence of these functions and their right to report directly, including when significant risks of non-compliance with regulatory requirements are identified. The application shall describe the ICT systems, control tools and backup solutions that ensure the stability of processes, as well as measures to prevent market abuse if the applicant carries out activities that are subject to such risks.

In addition, it is necessary to indicate whether an external auditor has been appointed, provide their contact details, and describe the accounting policies and reporting periods applied.

Conflict of interest management is of particular importance. The application must include a copy of the relevant policy describing how the company identifies, prevents and discloses conflicts of interest in accordance with Article 72 of MiCA. The document must take into account the scale and nature of the applicant’s activities and ensure that the remuneration system does not create conflicts between the interests of the company and its clients. The applicant is also required to describe the control systems in place to monitor the effectiveness of the policy, record each case of conflict of interest, record its resolution and the fact that the information has been disclosed to the client.

Such comprehensive information allows the competent authority to verify that the applicant has established a robust corporate governance system, has independent internal control functions, and applies effective measures to prevent and resolve conflicts of interest, which is a prerequisite for the issuance of a MiCA licence.

5) Business continuity plan

This plan is a mandatory part of the application and demonstrates that the company is capable of maintaining regular operations even in the event of disruptions to key systems or infrastructure.

The description must confirm that the plan complies with the requirements of Regulation (EU) 2023/1114, is regularly updated and tested in practice. The document should outline the actions that the company will take to maintain operations in the event of unforeseen events, including IT system failures, force majeure circumstances, or cybersecurity incidents.

If critical functions are outsourced to third-party service providers, the document should specify how business continuity will be ensured in the event of a sharp decline in the quality of their services or the termination of their provision. It is also necessary to describe the action plan in case of the loss of a key employee or decision-maker and, if necessary, assess the political risks in the jurisdiction where the main service providers are located.

Submitting such a plan allows the regulator to verify that the company is prepared for potential crisis situations and can minimise the impact of any disruptions while maintaining customer confidence and business stability.

6) Anti-money laundering and counter-terrorist financing (AML/CFT) measures

A company applying for a MiCA licence is required to confirm that it has an effective anti-money laundering and counter-terrorist financing (AML/CFT) system in place that complies with Directive (EU) 2015/849 and Regulation (EU) 2023/1113.

The application must describe the approach to managing AML/CFT risks, starting with their identification and assessment. The company must provide an analysis of the inherent and residual risks associated with the nature of its customer base, the types of services provided, the distribution channels used, and the geographical regions where it operates.

It is important for the regulator to see specific measures that the organisation has already implemented or plans to implement to prevent identified risks: risk assessment procedures, rules for conducting KYC and customer due diligence, procedures for identifying suspicious transactions and reporting them to the competent authorities in a timely manner. It is necessary to demonstrate that internal policies and procedures are commensurate with the scale of the business, the complexity of the model, the range of services provided, and the level of inherent risk.

The applicant must designate a person responsible for compliance with AML/CFT requirements and confirm their qualifications and experience. The human and financial resources allocated to implement these procedures should also be described, and it should be confirmed that staff receive regular training on anti-money laundering issues, including training on the specific risks associated with crypto assets.

The application must be accompanied by copies of all internal AML/CFT policies, procedures and systems, as well as information on the frequency of reviews of their effectiveness and the functions responsible for conducting such assessments.

This package of data demonstrates to the regulator that the company complies with its obligations to combat money laundering and terrorist financing, minimises the risks of abuse and is prepared to comply with European legislation when providing services related to crypto assets.

7) Identification, reputation check and assessment of the qualifications of members of the company’s management body

The applicant company is required to provide detailed information about each member of its management body, confirming their identity, business reputation, qualifications and willingness to devote sufficient time to their duties.

The application must include the full personal details of each member, including their name, place and date of birth, current and previous addresses for the last 10 years, citizenship, national identification number, and a copy of their identity document. In addition, the position held or planned to be held shall be described, indicating its nature (executive or non-executive), the start date of the term of office and key responsibilities.

The company must provide a CV for each member of the management body, detailing their education, professional training, work experience over the last 10 years, indicating all organisations, positions, the nature of their duties, as well as experience in the areas of financial services, crypto assets, digital technologies, cybersecurity and innovation. Letters of recommendation and contact details of referees must be attached, as well as official documents confirming an impeccable reputation.

An important part of the package is information about the absence of a criminal record, any ongoing criminal or administrative investigations, disciplinary measures, bankruptcy proceedings, licence revocations or refusals, expulsions from professional organisations, as well as information about reputation assessments conducted by government or regulatory authorities.

The applicant is required to disclose any financial or non-financial interests of members of management and their immediate family members that could lead to a conflict of interest, including participation in the group’s capital, the existence of loans, guarantees provided or legal disputes. If a significant conflict of interest is identified, must describe the measures taken to eliminate or mitigate it, referring to the internal policy on conflicts of interest.

The regulator is provided with information on the estimated time that each member of the management body will devote to the company’s work: the minimum number of hours per month and per year, a list of all other positions (executive and non-executive) they hold, with a description of the size of the companies where they work, the volume of assets and the number of employees, as well as a list of additional responsibilities, such as participation in committees or chairmanship.

The application must be accompanied by the results of an individual assessment of the suitability of each member of the management body, as well as an assessment of the collective suitability of the board of directors, including a report or documents confirming that the composition of the management body complies with MiCA requirements. All official documents and certificates confirming information about reputation and the absence of impediments to holding office must be issued no earlier than three months prior to the submission of the application.

The provision of such information allows the regulator to verify that the company’s management has the necessary knowledge, experience and reputation, and is capable of effectively managing a crypto-asset service provider in accordance with the requirements of Regulation (EU) 2023/1114.

8) Information on shareholders and participants with significant holdings

The application for a MiCA licence must disclose full information about shareholders or participants with significant holdings so that the regulator can assess their integrity, financial soundness and influence on the management of the business.

The applicant must submit a detailed organisational chart of its corporate and holding structure, indicating the distribution of capital and voting rights. The chart must identify all shareholders and participants holding qualifying holdings and provide their identification details.

For each owner of a direct or indirect significant shareholding, the documents and information specified in Articles 1–4 of Commission Delegated Regulation (EU) 2025/414 must be provided. It is also necessary to indicate the members of the management body who will be appointed by these shareholders or on their recommendation and who will participate in the management of the company’s business.

The application shall specify the number and type of shares subscribed by each shareholder, their nominal value, premiums paid or payable, and any encumbrances, pledges and other security interests, indicating the parties in whose favour they are established.

In addition, the information provided for in Article 6 (points b, d, e) and Article 8 of Commission Delegated Regulation (EU) 2025/414 shall be provided, including documents confirming the reputation, origin of funds and financial transparency of the shareholders.

This package of information allows the competent authority to verify that the owners of the company comply with MiCA requirements, do not pose risks to sound management and are capable of supporting the applicant’s financial stability.

9) ICT systems and cybersecurity measures

A company applying for a MiCA licence must confirm that it has a reliable IT infrastructure and cyber security system that complies with the requirements of Regulation (EU) 2022/2554 (DORA) and Regulation (EU) 2016/679 (GDPR). The application must include technical documentation on ICT systems and, if used, DLT infrastructure, as well as a description of security measures that ensure data resilience, integrity and confidentiality.

The regulator must be provided with a description of the ICT risk management architecture as part of the company’s overall risk management system, indicating the systems, protocols and tools used. The application should explain how the company’s policies and procedures ensure data protection, availability and authenticity, as well as compliance with DORA and GDPR.

All critical ICT services supported within the company, as well as services provided by external suppliers, should be listed. The identification and location of providers, a description of outsourcing relationships and copies of contracts confirming compliance with Article 73 of MiCA and Chapter V of DORA must be provided.

An important part is the description of incident management procedures, cybersecurity measures, attack response plans, and disaster recovery plans. If external audits or penetration tests have been conducted, the applicant must attach their results or cybersecurity reports. It is useful for the regulator to see that the audit covered organisational and physical security, the software development lifecycle, vulnerability scanning, assessment of critical ICT asset configurations, and black, grey, and white box tests to verify different levels of access.

If the company uses or develops smart contracts, an overview of their source code from a cybersecurity perspective must be attached. Additionally, information on previous audits of ICT systems, including DLT infrastructure and implemented security measures, should be provided.

Finally, the applicant must provide a brief description of all these measures in non-technical language so that the regulator can get a comprehensive picture of the cybersecurity system and the reliability of the ICT infrastructure without having to analyse the original technical documents.

10) Segregation and secure storage of crypto assets and client funds

A company intending to provide services for the storage of crypto assets or client funds (except for electronic money tokens) must submit a detailed description of its procedures for segregating and protecting client assets in its MiCA licence application.

The document must explain how the organisation ensures that client funds and crypto assets are not used for the company’s own interests. It should confirm that the wallets in which client assets are stored are separate from the applicant’s corporate wallets and that each client’s funds can be identified even when using omnibus accounts containing the assets of several clients.

Particular attention is paid to the system for managing and protecting cryptographic keys, including a description of the procedures for creating and storing keys, the use of multi-signatures, and measures to ensure their confidentiality and resistance to compromise.

The applicant is required to describe the procedure for processing client funds: funds must be credited to an account with a central bank or credit institution no later than the end of the business day following their receipt and must be kept separate from the company’s own funds. If there are no plans to deposit funds with a central bank, the criteria for selecting credit institutions, the diversification policy and the frequency of reviewing such decisions must be disclosed.

An important part of the application is a description of how clients are informed about the mechanisms for protecting their assets, including an explanation of the principles of segregation, fund storage policy and security procedures in a simple and understandable form, excluding unnecessary technical terms.

Such information confirms that the applicant complies with Article 70 of MiCA, protects the property rights of clients and minimises the risk of their losses even in the event of financial difficulties or bankruptcy of the company.

11) Complaint handling procedures

The company must confirm that it has a transparent and effective system for handling customer complaints. The application should describe the resources, both human and technical, allocated to handling complaints and identify the person responsible for managing this process. The regulator expects a summary of this employee’s education, professional training and experience to be provided, demonstrating their ability to perform the assigned functions.

The applicant must demonstrate that its procedures comply with the technical standards established by the European Commission on the basis of Article 71(5) of MiCA and that customers have the opportunity to submit a complaint free of charge. It is important to describe how the organisation informs customers about this opportunity, including the placement of information on the website or other digital channels through which services are provided.

It is necessary to explain the procedure for recording complaints, the time limits for their consideration, investigation and response to the customer, as well as the mechanisms for informing customers about the available legal remedies. The application describes the main procedural steps in the consideration of a complaint, including the method and form of communicating the decision to the customer or potential customer who filed the complaint.

Such a description demonstrates to the regulator that the applicant provides adequate protection of customer rights, operates transparently, and has mechanisms in place for the prompt resolution of conflicts, which is a key element of trust in a crypto asset service provider.

12) Custody and administration policy

The crypto asset custody and administration policy is a mandatory element of the package of documents provided by the applicant under Article 62(2)(m) of Regulation (EU) 2023/1114. Companies planning to provide crypto asset custody and administration services on behalf of clients must submit to the supervisory authority a full description of the custody solutions offered to clients, including the types of custody, a copy of the standard service agreement and a summary of the custody policy communicated to clients in accordance with Articles 75(1) and 75(3) of the Regulation.

The applicant is required to submit an internal storage and administration policy, which must identify the operational and ICT risks associated with the storage and management of crypto assets or means of access to them. The policy must contain a description of the procedures and measures for complying with the requirements of Article 75(8) of the Regulation, a description of internal control and risk management systems, including provisions on the outsourcing of storage functions, rules and procedures ensuring the exercise of customer rights, and procedures guaranteeing the return of crypto assets or means of access.

In addition, it is necessary to describe the mechanisms for identifying crypto assets and means of access to them, as well as measures to minimise the risk of their loss. In cases where storage and administration services are outsourced to a third party, the applicant must provide information about the identity of the outsourcer, its status in accordance with Articles 59 and 60 of the Regulation, a description of the delegated functions, a list of delegates and sub-delegates, as well as potential conflicts of interest that may arise in connection with such delegation. A description of the system for controlling and monitoring the performance of the delegated functions is also required.

This approach allows the regulator to assess the applicant’s ability to ensure a high level of protection of clients’ rights and interests, proper organisation of storage processes, management of operational and technological risks, and compliance with European regulatory requirements.

13) Trading platform operating rules and market abuse detection

Applicants who plan to operate a trading platform for crypto-assets are required, in accordance with Article 62(2)(n) of Regulation (EU) 2023/1114, to provide the supervisory authority with a full description of the platform’s operating rules and mechanisms for preventing market abuse. The materials submitted must include a description of the rules for admitting crypto assets to trading and the procedure for their approval, including customer verification in accordance with Directive (EU) 2015/849, as well as a list of categories of crypto assets excluded from trading, indicating the reasons for such exclusion. The policies, procedures and fees associated with admission to trading must be disclosed, as well as a description of the conditions of membership, discounts and related provisions.

The applicant is required to set out the rules for executing orders, the procedure for cancelling them and the mechanism for notifying market participants of cancelled transactions. The procedures and methods used to assess the suitability of crypto assets for trading, as well as the systems and arrangements in place to ensure compliance with Article 76 of the Regulation, should be described. The documents must disclose the procedure for publishing bid and ask prices, market depth data , as well as the prices, volumes and times of concluded transactions to ensure the transparency of the trading process.

A justification of the fee structure and confirmation of its compliance with Article 76(13) of the Regulation is also required, as well as a description of the systems and procedures for storing data on all orders placed and the mechanisms for providing the supervisory authority with access to the order book and other trading information. With regard to the settlement of transactions, the applicant must indicate whether the final settlement is made in a distributed ledger or outside it, the time frame for the start and completion of settlements, the methods for verifying the availability of funds and crypto assets, the procedure for confirming transaction data, and the moment when the settlement becomes final.

Particular attention should be paid to describing the policies, procedures, and technical systems used to detect, prevent, and report market abuse. In addition to the descriptive part, the applicant is required to provide the supervisory authority with a copy of the trading platform’s operating rules and internal procedures aimed at preventing manipulation and other violations of market integrity.

14) Exchange of crypto assets for cash or other crypto assets

Applicants who plan to exchange crypto assets for cash or other crypto assets are required, in accordance with Article 62(2)(o) of Regulation (EU) 2023/1114, to provide the supervisory authority with a full description of their commercial policy developed in accordance with Article 77(1) of the Regulation. In addition, the methodology for determining the price of crypto assets to be exchanged must be disclosed, explaining how market volume and volatility of the relevant assets are taken into account in the calculations. Such disclosure allows the regulator to assess the transparency of pricing, the protection of customer interests, and the applicant’s compliance with the requirements of good business practice in the field of crypto asset exchange.

 15) Execution policy

Companies that intend to execute orders for crypto assets on behalf of clients are required, in accordance with Article 62(2)(p) of Regulation (EU) 2023/1114, to submit to the supervisory authority their own execution policy reflecting the key principles and procedures for organising this process. The policy must contain arrangements confirming that the client has agreed to the terms of execution before the order is placed or executed. A list of trading platforms for crypto assets that the applicant will rely on when executing orders must be provided, as well as the criteria for selecting execution venues, formed in accordance with Article 78(6) of the Regulation.

The documentation specifies the trading platforms used for each type of crypto asset and confirms that the applicant has no financial or non-financial benefit for sending orders to a particular platform. The applicant is required to describe how price, costs, speed and likelihood of execution and settlement, order size and nature, crypto asset storage conditions and other factors are taken into account in order to achieve the best possible result for the client.

The procedure for informing clients of the intention to execute their orders outside the trading platform and the mechanism for obtaining their prior consent must be disclosed, and an explanation must be provided of how the client is notified that their specific instructions may limit the applicant’s ability to achieve the best possible result. The execution policy describes the procedures for selecting trading venues, the execution strategies used, the methods for analysing the quality of execution, and the internal control mechanisms that ensure compliance with results that can be considered optimal for clients.

The applicant is required to present measures to prevent the misuse of client order information by employees, the procedure for disclosing information about the execution policy to clients and notifying them of any significant changes to it, and describe how the organisation is prepared to confirm compliance with the requirements of Article 78 of the Regulation at the request of the supervisory authority.

 16) Provision of advice on crypto assets or management of crypto asset portfolios

Applicants who plan to provide advice on crypto assets or manage a portfolio of crypto assets are required, in accordance with Article 62(2)(q) of Regulation (EU) 2023/1114, to provide the supervisory authority with a detailed description of the measures taken to ensure compliance with Article 81(7) of the Regulation. The materials submitted must disclose the mechanisms for effectively monitoring, assessing and maintaining the knowledge and experience of staff involved in providing advice or managing portfolios, as well as measures to ensure that such staff know, understand and apply the applicant’s internal policies and procedures designed to comply with the requirements of Regulation (EU) 2023/1114 and Directive (EU) 2015/849.

In addition, the applicant is required to specify the amount of human and financial resources that are planned to be allocated annually for the professional development and training of personnel involved in providing advice or managing crypto-asset portfolios. The documentation must describe the mechanisms for monitoring and assessing the competence of employees to ensure that individuals providing advice on behalf of the applicant have the necessary knowledge and qualifications in accordance with national criteria and are capable of assessing the suitability of clients in accordance with Article 81(1) of the Regulation.

Such information allows the regulator to verify that the organisation has sufficient procedures in place to maintain a high level of professionalism and compliance with customer protection requirements when providing advisory services and managing crypto assets.

17) Transfer services

Applicants who plan to provide crypto asset transfer services on behalf of clients are required, in accordance with Article 62(2)(r) of Regulation (EU) 2023/1114, provide the supervisory authority with information on the types of crypto-assets for which such services are to be provided, as well as a detailed description of the measures ensuring compliance with Article 82 of the Regulation. The information provided must disclose the procedures and resources, both technical and human, aimed at the prompt and effective elimination of risks in the execution of transfers, including mechanisms for responding to potential operational failures and cyber threats.

If an insurance policy is in place, the applicant must describe its content, specifying the extent of coverage for damage to clients’ crypto assets that may arise as a result of cybersecurity incidents. In addition, it is necessary to explain how customers are informed about the internal policies, procedures and agreements applied when providing crypto asset transfer services to ensure transparency and understanding of the risks on the part of users.

MiCA application review

The application for a licence under Regulation (EU) 2023/1114 (MiCA) is a formalised procedure aimed at ensuring uniform standards for companies to provide crypto-asset services in the European Union. Regulation (EU) 2025/306 establishes uniform forms and procedures for submitting documents, as well as procedures for interaction between the applicant and the competent authority. After the application is submitted, the competent authority is required to confirm its receipt and begin verifying the completeness of the information provided. In accordance with Article 63(2) of the MiCA Regulation, the deadline for such verification may not exceed 25 working days from the date of receipt of the application and payment of the administrative fee. If deficiencies are found or mandatory information is missing, the regulator shall notify the applicant of the need to remedy them. Corrected or supplemented data must be submitted within the established time limits, and the review period shall start again from the date of receipt.

Particular attention is paid to the language of the documents submitted. According to Part 1 of Article 16 of the Civil Procedure Code of the state in which the application is submitted, all materials must be written in the official language of the relevant jurisdiction. This rule applies both to the text of the application itself and to the accompanying documents, including activity programmes, internal policies, financial reports and other information. Thus, the successful submission of an application for a MiCA licence requires compliance with formal procedures, timely payment of fees, correct preparation of documents and their compliance with language requirements. Preparing an application with these conditions in mind ensures a more predictable process of interaction with the regulator and minimises the risk of delays at the stage of verifying the completeness of the information.