Exchange founders
Teams launching spot exchange, broker, OTC, or order-routing models that need a lawful route for onboarding clients and connecting fiat rails.
RUE Global Licensing Hub
Crypto License 2026
A crypto license, crypto exchange license, crypto trading license, or virtual currency license is a commercial umbrella term for the legal permission, registration, or authorization that allows a company to provide crypto-asset services such as exchange, custody, brokerage, transfer, wallet, payment, and token-related activities. In 2026, the correct route depends on your business model, target market, custody design, fiat rails, and whether you need MiCA CASP passporting, a VASP registration, a VATP approval, a MSB registration, or a more specialized regime. RUE helps founders compare jurisdictions, map activities to the right regulatory perimeter, and build a licensing strategy that is not only cheaper on paper, but also bankable and scalable in practice.
20+
routes compared EU
MiCA passporting 4-12 mo
launch horizon
Disclaimer
Scroll to compare exchange, trading, brokerage, Europe, costs, timelines, and bankability.
This page is for general informational purposes only and does not constitute legal, tax, or regulatory advice. Licensing outcomes depend on the exact activity, structure, and target market.
Featured Jurisdictions
These are the jurisdictions most often shortlisted by founders balancing regulatory credibility, speed, cost, banking access, and long-term scaling options.
Europe
Czech Republic
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 18900 EUR
Open jurisdiction
Europe
Estonia
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 19900 EUR
Open jurisdiction
Europe
Lithuania
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 19900 EUR
Open jurisdiction
Europe
Malta
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 23900 EUR
Open jurisdiction
Europe
Poland
- Timeline: From 6 months
- Capital: From 50 000 EUR
- Passporting: Yes
- Price: 18900 EUR
Open jurisdiction
What Is a Crypto License and Why It Matters
If you are comparing a crypto exchange license, crypto trading license, or virtual currency license, the first question is whether the model is exchange, brokerage, custody, or transfer. A crypto license is the legal basis that allows a business to carry out regulated crypto activity in a given jurisdiction. In strict legal terms, that basis may be a license, registration, authorization, or a combination of approvals. The commercial market still uses the phrase crypto license because founders usually care about one practical question: can the company lawfully operate, onboard clients, access banking, and scale into target markets.
That distinction matters. In the EU, the relevant concept is usually CASP authorization under Regulation (EU) 2023/1114 (MiCA). In the UK, many crypto firms deal with FCA registration under the Money Laundering Regulations 2017, which is not the same as a full financial services license. In the US, FinCEN MSB registration is only one layer and often does not replace state-level Money Transmitter Licenses or product-specific analysis under SEC, CFTC, or NYDFS rules.
For founders, the real value of a cryptocurrency license is not the certificate itself. It is the ability to build a compliant operating stack: bank accounts, fiat on-ramp and off-ramp, PSP relationships, institutional counterparties, Travel Rule readiness, governance, and defensible cross-border distribution. A cheap setup that fails bank onboarding or cannot support your actual product is usually more expensive than a stronger route chosen correctly from day one.
At RUE, we treat crypto licensing as a strategic structuring exercise, not a filing exercise. The correct starting point is your activity map, client geography, custody exposure, and growth plan. The jurisdiction comes second.
Regulatory risks
- Enforcement risk: unlicensed or mis-scoped activity can trigger fines, remediation orders, or forced exit from target markets.
- Banking risk: banks and payment institutions often reject structures that are formally legal but commercially weak or poorly supervised.
- Cross-border risk: one local approval rarely gives global marketing rights outside specific frameworks such as EU passporting.
- Product risk: custody, derivatives, stablecoins, and token issuance can pull the business into a stricter perimeter than founders expected.
Who this guide is for
Custody and wallet operators
Businesses holding client crypto-assets or private keys and therefore facing stronger prudential, governance, and security expectations.
Payments and treasury providers
Companies combining crypto conversion, merchant settlement, payroll, treasury, or on-ramp services with banking or EMI relationships.
Tokenization and issuance projects
Teams structuring utility tokens, stablecoin-adjacent models, RWA tokenization, or issuer-side offerings that may fall under MiCA or securities rules.
Not every crypto license is legally a license
Depending on the country, you may need a registration, authorization, approval, or layered structure rather than a single standalone permit.
MiCA changed the European market
Regulation (EU) 2023/1114 created a single EU framework for CASPs, with most provisions applying from 30 December 2024 and passporting as the main scaling mechanism.
Bankability is a separate risk layer
A jurisdiction can be easy to incorporate and still fail in practice because banks, EMIs, merchant acquirers, or institutional partners do not accept the structure.
Post-license burden often exceeds setup cost
AML tooling, MLRO function, audits, sanctions screening, Travel Rule infrastructure, and governance maintenance can exceed the initial filing budget.
MiCA entered into force on 29 June 2023.
ART and EMT provisions applied from 30 June 2024.
Most remaining MiCA provisions applied from 30 December 2024.
TFR Regulation (EU) 2023/1113 operationalized the EU Travel Rule layer for crypto transfers.
In the US, MSB registration does not automatically create nationwide operating permission.
The commercial phrase virtual currency license usually maps to activity-based regimes such as CASP, VASP, MSB, or exchange licensing.
Key Licensing Terminology
CASP
EU / EEACrypto-Asset Service Provider is the MiCA term for firms providing regulated crypto-asset services in the EU. A CASP authorization can support passporting across the EU and EEA after notification.
VASP
FATF / globalVirtual Asset Service Provider is the FATF term used across many non-EU jurisdictions for exchange, transfer, safekeeping, and related virtual asset activities.
Virtual currency license
Commercial search term / globalVirtual currency license is a commercial synonym, not a single universal legal category. Depending on the jurisdiction, the route may be called CASP authorization, VASP registration, MSB registration, VATP approval, or an exchange / brokerage license.
MSB
USA / CanadaMoney Services Business is a registration concept used in North America. It is often a baseline AML registration, not a complete answer to state, securities, or product-specific licensing questions.
MTL
USAMoney Transmitter License is a state-level US licensing concept. Many crypto businesses need to assess MTL exposure state by state in addition to FinCEN registration.
VATP
Hong KongVirtual Asset Trading Platform is the Hong Kong licensing framework supervised by the SFC for qualifying trading platform activity.
MPI
SingaporeMajor Payment Institution is a Payment Services Act category under MAS that can become relevant where digital payment token services and payment flows intersect.
DASP
El SalvadorDigital Asset Service Provider is the term used in El Salvador for regulated digital asset activity under its digital assets framework.
Legal Opinion
Cross-border structuringA legal opinion is not a license. It is a jurisdiction-specific legal analysis used to assess whether a business falls inside or outside a licensing perimeter.
License Types by Business Model
Crypto Exchange License
A crypto exchange license usually covers the operation of a platform or service that converts crypto to fiat, fiat to crypto, or one crypto-asset to another. In serious regimes, the exact scope still depends on whether you execute orders, operate a venue, hold client assets, or merely arrange transactions.
Typical services
Spot exchange, brokerage execution, crypto-fiat conversion, crypto-crypto conversion, order reception and transmission.
Common jurisdictions
Crypto Trading License
A crypto trading license in practice may refer to proprietary trading, agency execution, market making, or portfolio management. These are not the same activity, and regulators often treat them differently from exchange operation or custody.
Typical services
Proprietary trading, agency execution, OTC dealing, market making, order routing, portfolio management.
Common jurisdictions
Cryptocurrency Broker License
Brokerage and agency execution can be lighter than a full exchange, but they still require a perimeter analysis for order routing, client interaction, and market conduct. In some jurisdictions, broker activity is a distinct authorization; in others it sits inside a broader crypto regime.
Typical services
Brokerage, agency execution, referral structures, order introduction, OTC intermediation.
Common jurisdictions
Custody
Custody is one of the most sensitive crypto business models because the firm controls client assets or private keys. It usually triggers stronger scrutiny around governance, segregation, wallet architecture, incident response, and outsourcing.
Typical services
Safekeeping, custodial wallets, institutional custody, key management, settlement support.
Common jurisdictions
Wallet and Transfer Services
Wallet services can be regulated or unregulated depending on whether the provider is custodial. Transfer services are also a core VASP/CASP trigger because they usually sit directly inside AML and Travel Rule scope.
Typical services
Custodial wallet, transfer execution, hosted wallet infrastructure, settlement routing.
Common jurisdictions
Payment Processing
Crypto payments often sit at the boundary between crypto regulation and payment regulation. Once fiat settlement, merchant acquiring, stored value, or payment execution enters the model, a separate EMI, PI, or payments analysis may be required.
Typical services
Merchant settlement, checkout, payroll, treasury conversion, fiat on-ramp and off-ramp, payment orchestration.
Common jurisdictions
Token Issuance and Tokenization
Token issuance does not follow one universal crypto licence route. The legal classification of the token determines whether the project falls under MiCA whitepaper rules, ART or EMT rules, securities law, e-money law, or a case-specific hybrid analysis.
Typical services
Utility token issuance, RWA tokenization, issuer-side distribution, stablecoin structuring, token sale support.
Common jurisdictions
Crypto License Comparison: Exchange, Trading, Europe and Cheapest Routes
Compare the main crypto licensing jurisdictions by market access, regulator model, timeline, capital expectations, local substance, bankability, and the difference between exchange, trading, and brokerage routes.
54 jurisdictions in this table
Scroll horizontally to compare all licensing variables.
| Jurisdiction | Regulator | Price | Period | State fee | Annual fee | Capital | Staff | Office | Audit |
|---|---|---|---|---|---|---|---|---|---|
| Bosnia and Herzegovina | Banking Agency of Republika Srpska (ABRS) | 9900 EUR | From 2 months | No | No annual fee | Not required | Required | Required | Required |
| Georgia | National Bank of Georgia (NBG) | 24700 EUR | From 2 months | No | No annual fee | Not required | No | No | No |
| Gibraltar | Gibraltar Financial Services Commission (GFSC) | 34500 EUR | From 4 months | 10,000 GBP (~EUR 11,535) | 10,000 GBP (~EUR 11,535) | 20 000 GBP (~EUR 23,070) | No | Required | Required |
| Serbia | National Bank of Serbia (NBS) | 16900 EUR | From 2 months | 50,000 RSD (~€430) | 50,000 RSD (~€430) | Not required | Required | Required | Required |
| Switzerland | Swiss Financial Market Supervisory Authority (FINMA) | 19500 EUR | From 8 months | From 1750 EUR | From 3500 EUR | From 300000 EUR | Required | Required | Required |
| Turkey | Sermaye Piyasası Kurulu | 56900 EUR | From 3 months | On an individual basis | On an individual basis | From 1 300 000 EUR | Required | Required | Required |
| United Kingdom | Financial Conduct Authority (FCA) | 44000 EUR | From 9 months | From 2,350 EUR | From 2000 GBP (~EUR 2,307) | Not required | No | No | No |
| Austria | Austrian Financial Market Authority (FMA) | 27900 EUR | From 6 months | From 3,000 EUR | From 3000 EUR | From 50 000 EUR | Required | Required | Required |
| Bulgaria | Financial Supervision Commission (FSC) | 22900 EUR | From 6 months | From 5,000 EUR | No annual fee | From 50 000 EUR | Required | Required | Required |
| Croatia | Croatian Financial Services Supervisory Agency | 23900 EUR | From 6 months | No | No annual fee | From 50 000 EUR | Required | Required | Required |
| Cyprus | Cyprus Securities and Exchange Commission (CySEC) | 18900 EUR | From 6 months | 10,000 EUR | From 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Czech Republic | Czech National Bank (CNB) | 18900 EUR | From 6 months | CZK 20,000 (~€800) | No annual fee | From 50 000 EUR | Required | Required | Required |
| Estonia | Finantsinspektsioon (Estonian Financial Supervision and Resolution Authority, FSA) | 19900 EUR | From 6 months | 10000 EUR | 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Finland | Finanssivalvonta (FIN-FSA) | 21500 EUR | From 6 months | 8220 EUR | From 5000 EUR | From 50 000 EUR | Required | Required | Required |
| France | Autorité des Marchés Financiers (AMF) | 26800 EUR | From 6 months | 10000 EUR | From 5000 EUR | From 50 000 EUR | Required | Required | Required |
| Germany | Federal Financial Supervisory Authority (BaFin) | 29900 EUR | From 6 months | 10750 EUR | From 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Ireland | Central Bank of Ireland (CBI) | 23900 EUR | From 6 months | No | No annual fee | From 50 000 EUR | Required | Required | Required |
| Latvia | Bank of Latvia | 21500 EUR | From 6 months | 2,500 EUR | From 3000 EUR | From 50 000 EUR | Required | Required | Required |
| Liechtenstein | Financial Market Authority Liechtenstein (FMA) | 27900 EUR | From 6 months | 1500 EUR | From 2000 EUR | From 50 000 EUR | Required | Required | Required |
| Lithuania | Bank of Lithuania | 19900 EUR | From 6 months | 2,500 EUR | From 3000 EUR | From 50 000 EUR | Required | Required | Required |
| Luxembourg | Commission de Surveillance du Secteur Financier (CSSF) | 34900 EUR | From 6 months | 15000 EUR | 15000 EUR | From 50 000 EUR | Required | Required | Required |
| Malta | Malta Financial Services Authority (MFSA) | 23900 EUR | From 6 months | From 10,000 EUR | From 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Netherlands | Netherlands Authority for the Financial Markets (AFM) | 28900 EUR | From 6 months | From 6,800 EUR | From 10000 EUR | From 50 000 EUR | Required | Required | Required |
| Poland | Polish Financial Supervision Authority (KNF) | 18900 EUR | From 6 months | 4,500 EUR | No annual fee | From 50 000 EUR | Required | Required | Required |
| Portugal | Bank of Portugal | 21900 EUR | From 6 months | 5000 EUR | No annual fee | From 50 000 EUR | Required | Required | Required |
| Slovakia | National Bank of Slovakia (NBS) | 17900 EUR | From 6 months | From 1000 EUR | No annual fee | From 50 000 EUR | Required | Required | Required |
| Spain | Comisión Nacional del Mercado de Valores (CNMV) | 25900 EUR | From 6 months | No | No annual fee | From 50 000 EUR | Required | Required | Required |
| Dubai | Virtual Assets Regulatory Authority (VARA) | 24500 EUR | From 6 months | 100 000 AED (~EUR 23,553) | 200 000 AED (~EUR 47,106) | 100000 AED (~EUR 23,553) | Required | Required | Required |
| Hong Kong | Securities and Futures Commission (SFC) | 29000 EUR | From 6 months | 4740 HKD (~EUR 524) | 2740 HKD (~EUR 303) | Not required | Required | No | Required |
| India | Financial Intelligence Unit | 23900 EUR | From 1 months | No | No annual fee | Not required | Required | Required | Required |
| Indonesia | Otoritas Jasa Keuangan | 98900 EUR | From 3 months | From 500 EUR | 0.1% on each transaction | From 1 450 000 EUR | Required | Required | Required |
| Kazakhstan | Astana Financial Services Authority (AFSA) | 26800 EUR | From 3 months | 2000 USD (~EUR 1,730) | 3000 USD (~EUR 2,595) | 100,000 USD (~EUR 86,498) | Required | Required | Required |
| Philippines | Bangko Sentral ng Pilipinas | 78900 EUR | From 3 months | From 1 600 EUR | On an individual basis | From 800 000 EUR | Required | Required | Required |
| Saudi Arabia | Saudi Central Bank (SAMA) | 45700 EUR | From 9 months | No | No annual fee | 500000 SAR | Required | Required | Required |
| Singapore | Monetary Authority of Singapore (MAS) | 31000 EUR | From 6 months | 1000 SGD (~EUR 675) | 5000 SGD (~EUR 3,376) | Not required | Required | Required | Required |
| Taiwan | Financial Supervisory Commission | 88900 EUR | From 3 months | From 1 400 EUR | On an individual basis | From 1 400 000 EUR | Required | Required | Required |
| Thailand | Securities and Exchange Commission | 39900 EUR | From 3 months | From 52 000 EUR | From 13 000 EUR | From 130 000 EUR | Required | Required | Required |
| Vietnam | Ministry of Finance of Vietnam | 48900 EUR | From 1 months | No | On an individual basis | On an individual basis | Required | Required | Required |
| Bahamas | Securities Commission of The Bahamas (SCB) | 22800 EUR | From 4 months | 10,000 USD (~EUR 8,650) | 25,000 USD (~EUR 21,624) | 50 000 BSD | Required | Required | Required |
| Bermuda | Bermuda Monetary Authority (BMA) | 29000 EUR | From 4 months | 2,266 USD (~EUR 1,960) | 2,266 USD (~EUR 1,960) | 12 000 USD (~EUR 10,380) | No | Required | Required |
| BVI | British Virgin Islands Financial Services Commission (BVI FSC) | 20000 EUR | From 3 months | 10,000 USD (~EUR 8,650) | 10000 USD (~EUR 8,650) | Not required | No | No | Required |
| Cayman Islands | Cayman Islands Monetary Authority (CIMA) | 25900 EUR | From 3 months | 1000 USD (~EUR 865) | 15000 USD (~EUR 12,975) | Not required | No | No | Required |
| Costa Rica | Superintendencia General de Entidades Financieras (SUGEF) | 9900 EUR | From 1 months | No | No annual fee | Not required | No | No | No |
| El Salvador | National Commission of Digital Assets (CNAD) | 19900 EUR | From 3 months | 5,000 USD (~EUR 4,325) | 10,000 USD (~EUR 8,650) | 2,000 USD (~EUR 1,730) | No | Required | Required |
| Labuan | Labuan Financial Services Authority (Labuan FSA) | 21500 EUR | From 3 months | 1500 USD (~EUR 1,297) | 3000 USD (~EUR 2,595) | 500 000 MYR (~EUR 109,601) | Required | Required | Required |
| Mauritius | Financial Services Commission (FSC Mauritius) | 65000 EUR | From 3 months | 10,000 MUR (~EUR 185) | 50,000 MUR (~EUR 923) | Not required | Required | Required | Required |
| Panama | Superintendencia de Bancos de Panamá (SBP) | 14900 EUR | From 3 months | No | No annual fee | 10 000 USD (~EUR 8,650) | No | No | No |
| Saint Lucia | Financial Services Regulatory Authority (FSRA) | 21000 EUR | From 3 months | 1000 USD (~EUR 865) | 5000 USD (~EUR 4,325) | Not required | No | No | Required |
| Seychelles | Financial Services Authority (FSA) | 67000 EUR | From 2 months | 75,000 SCR (~EUR 4,717) | 75,000 SCR (~EUR 4,717) | Not required | No | No | Required |
| SVG Saint Vincent and the Grenadines | Financial Services Authority (SVG FSA) | 39900 EUR | From 3 months | No | No annual fee | Not required | No | Required | No |
| Australia | Australian Securities and Investments Commission (ASIC) | 23400 EUR | From 3 months | No | No annual fee | Not required | No | No | No |
| Brasil | Banco Central do Brasil (BCB) | 17900 EUR | From 6 months | No | No annual fee | Not required | Required | Required | Required |
| Canada | Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) | 22300 EUR | From 2 months | No | No annual fee | Not required | Required | No | No |
| Nigeria | Securities and Exchange Commission | 47900 EUR | From 3 months | From 17 000 EUR | From 5 800 EUR | From 58 000 EUR | Required | Required | Required |
Non-EUR state and annual fees include approximate EUR equivalents based on reference rates used on March 11, 2026.
Government and Regulator Fees
Official fees can range from modest registration charges to substantial authorization fees in stricter jurisdictions. They are rarely the main cost driver.
Legal Structuring and Application Drafting
A serious application requires tailored legal analysis, business model scoping, policy drafting, governance documents, and regulator-facing explanations. Recycled templates are a common cause of remediation rounds.
Minimum Capital and Capital Lock-Up
Capital is not always an expense, but it affects liquidity. Under MiCA, common own-funds bands often referenced are EUR 50,000, EUR 125,000, and EUR 150,000 depending on the crypto-asset services provided.
Substance and Local Presence
Office, resident management logic, local directors, compliance presence, and board governance can materially change the budget. Some cheap jurisdictions become expensive once real substance is added.
Compliance Team and Technology Stack
MLRO or AML officer support, KYC/KYB, sanctions screening, blockchain analytics, Travel Rule infrastructure, case management, and training are core operating costs.
Annual Compliance Run Rate
The recurring budget often includes audit, reporting, policy updates, penetration testing, incident handling, legal review, and outsourced control functions. This is where many founders underbudget.
Find the Right Crypto License Jurisdiction
Use the selector to narrow the field by exchange, trading, brokerage, custody, budget, timeline, bankability requirements, and whether you need EU passporting or a non-EU operating hub.
Crypto License in Europe: MiCA, CASP and EU Passporting
For most founders targeting the EU, the commercially relevant answer to a crypto license in Europe is CASP authorization under MiCA, not the old patchwork of national VASP-style regimes.
MiCA is the core framework for a crypto license in Europe. The legal basis is Regulation (EU) 2023/1114, published in the Official Journal on 9 June 2023 and in force from 29 June 2023. The rules for asset-referenced tokens (ARTs) and e-money tokens (EMTs) applied from 30 June 2024, while most of the remaining MiCA framework became applicable from 30 December 2024.
MiCA matters because it replaced fragmented national approaches with a single authorization logic for Crypto-Asset Service Providers (CASPs). Once a CASP is authorized in one EU home state and the notification process is completed, the firm can generally passport relevant services into other EU and EEA markets. That is the main reason many founders search for a crypto license in Europe rather than a standalone local registration.
MiCA is broader than many competitor pages suggest. It does not only regulate service providers. It also creates separate rules for crypto-assets admitted to trading, issuer disclosures, whitepapers, market abuse involving crypto-assets, and the special treatment of ARTs and EMTs. A founder launching a token, a custody product, and an exchange interface may therefore face several overlapping workstreams rather than one single filing.
MiCA is also not the whole compliance perimeter. EU crypto businesses must assess Transfer of Funds Regulation (EU) 2023/1113 for Travel Rule obligations and, depending on the structure, the operational resilience perimeter shaped by Regulation (EU) 2022/2554 (DORA). In practice, a viable EU setup is a three-layer exercise: authorization under MiCA, AML data exchange under TFR, and ICT resilience under DORA-related expectations.
RUE usually advises founders to start with the service map first: exchange, custody, order execution, transfer, placement, advisory, or token issuance. Only after that should you compare Lithuania, Poland, the Czech Republic, Cyprus, Germany, France, Malta, or other EU routes. The best CASP jurisdiction is not the one with the lowest filing cost. It is the one that fits your product, timeline, governance capacity, and post-license operating model.
Best fit
Best for businesses targeting EU retail or institutional clients, needing credible market access, planning fiat integrations, or wanting a scalable route through passporting under a recognizable framework.
Less suitable for
Less suitable for teams seeking minimal substance, purely offshore positioning, or a low-friction structure with no intention to serve regulated European markets.
MiCA dates
29 June 2023 entry into force, 30 June 2024 application for ART and EMT provisions, and 30 December 2024 for most remaining provisions.
Passporting
A CASP authorized in one EU home state can generally notify into the wider EU and EEA rather than rebuild licensing country by country.
MiCA is not only about CASPs
The framework also covers issuer-side obligations, crypto-asset whitepapers, ARTs, EMTs, and market abuse rules.
TFR and DORA matter
EU crypto compliance in 2026 should be assessed through the combined lens of MiCA + TFR + DORA, not MiCA alone.
Cheapest Crypto License vs Total Cost of Ownership
The cheapest crypto license on paper is often not the cheapest operating structure. Founders who budget only for incorporation and filing fees usually underprice the project.
Government and Regulator Fees
Official fees can range from modest registration charges to substantial authorization fees in stricter jurisdictions. They are rarely the main cost driver.
Legal Structuring and Application Drafting
A serious application requires tailored legal analysis, business model scoping, policy drafting, governance documents, and regulator-facing explanations. Recycled templates are a common cause of remediation rounds.
Minimum Capital and Capital Lock-Up
Capital is not always an expense, but it affects liquidity. Under MiCA, common own-funds bands often referenced are EUR 50,000, EUR 125,000, and EUR 150,000 depending on the crypto-asset services provided.
Substance and Local Presence
Office, resident management logic, local directors, compliance presence, and board governance can materially change the budget. Some cheap jurisdictions become expensive once real substance is added.
Compliance Team and Technology Stack
MLRO or AML officer support, KYC/KYB, sanctions screening, blockchain analytics, Travel Rule infrastructure, case management, and training are core operating costs.
Annual Compliance Run Rate
The recurring budget often includes audit, reporting, policy updates, penetration testing, incident handling, legal review, and outsourced control functions. This is where many founders underbudget.
Documents and Infrastructure Usually Required
A successful crypto license application is a coherent operating file. Regulators expect documents that match the actual business model, not a generic policy bundle.
Compliance documents
1
Compliance Policies
Core internal compliance rulebook aligned with MiCA duties, governance standards, and supervisory expectations.
2
Internal Awareness Procedures
Procedures for staff awareness, periodic training, and internal communication of regulatory obligations.
3
Whistleblowing Procedures (Article 116)
Confidential reporting framework, escalation channels, and protection logic for internal misconduct reports.
4
Conflicts of Interest Management
Practical controls to identify, document, and mitigate conflicts across business lines and decision makers.
5
Conflicts of Interest Policy
Formal policy defining conflict types, disclosure duties, approval paths, and corrective measures.
6
Compliance with Delegated Regulation
Mapping of internal controls and procedures to applicable delegated and implementing EU acts.
7
Recordkeeping of Conflicts
Register format and retention process for conflict events, disclosures, and remediation actions.
8
Detection and Prevention of Money Laundering and Terrorist Financing
End-to-end AML/CTF control model covering onboarding, monitoring, alert handling, and reporting.
9
Assessment of Inherent and Residual AML/CTF Risks
Documented risk scoring before and after controls for customers, products, channels, and geographies.
10
Risk Mitigation Measures and Compliance Framework
Catalog of mitigating controls, ownership model, and periodic effectiveness review cycle.
11
Adequacy and Proportionality of Internal Controls
Assessment proving controls are proportionate to the size, complexity, and risk profile of operations.
12
AML/CTF Policy Documents
Integrated policy package for customer due diligence, sanctions, escalation, and regulatory reporting.
13
Assessment and Review of Internal Controls
Periodic review methodology, testing plans, and remediation workflow for control deficiencies.
14
Conflict Mitigation Measures
Targeted mitigation matrix with decision rights, monitoring indicators, and follow-up actions.
15
Suitability Assessments
Framework for assessing product appropriateness and client suitability where required.
16
Forecast Accounting Plan for 3 years
Three-year projected financial statements with assumptions tied to business model and growth plan.
17
Forecast Calculations and Own Funds Planning
Capital and own-funds planning model showing prudential coverage under baseline and stress cases.
18
Proof of Meeting Prudential Safeguards
Evidence package confirming prudential safeguards, buffers, and regulatory threshold compliance.
19
Company Structure
Organizational chart, ownership chain, management responsibilities, and governance hierarchy.
20
Prudential Requirements
Statement of applicable prudential obligations and internal process for continuous compliance.
21
Information about Governance Arrangements, Internal Control Mechanisms, and Conflict of Interests
Consolidated governance narrative covering committees, controls, accountability, and conflict handling.
22
Execution Policy
Rules for order handling and execution quality, including fairness, transparency, and client disclosure.
23
Provision of Advice on Crypto-Assets or Portfolio Management of Crypto-Assets
Policy framework for advisory and portfolio services, including suitability, disclosures, and controls.
Technical and control documents
1
Technical Documentation of ICT Systems, DLT Infrastructure and Security Arrangements
Architecture-level documentation of systems, DLT components, security design, and control boundaries.
2
Identification of Critical ICT Services
Inventory of critical ICT services with dependency mapping, ownership, and resilience requirements.
3
Security and Incident Management
Incident response, escalation matrix, investigation workflow, and post-incident corrective process.
4
Custody and Administration Policy and Operational Risk Management
Custody operating model with safeguards, reconciliations, key controls, and operational risk treatment.
5
Market Abuse Detection and Prevention Measures
Monitoring controls and alert scenarios for abuse patterns, with investigation and escalation procedures.
6
Segregation and Safekeeping of Clients’ Crypto-Assets and Funds
Controls for client asset segregation, safeguarding logic, access rights, and reconciliation evidence.
7
Outsourcing Policy and Arrangements
Outsourcing governance with due diligence, contract controls, service monitoring, and exit planning.
8
ICT Systems and Related Security Arrangements
Detailed overview of systems landscape, access control model, and technical security arrangements.
9
Custody and Administration Policy
Documented custody workflows, control checks, and accountability for administration processes.
10
Operating Rules of the Trading Platform and Market Abuse Detection
Trading venue rules, participant controls, and embedded market abuse monitoring logic.
Legal, Compliance and Substance Requirements
The core requirements for a cryptocurrency license are governance, AML/CFT, internal controls, fit-and-proper management, capital, and technical resilience. In 2026, regulators also expect evidence that these controls can operate day to day, not only exist on paper.
01
AML/KYC and Risk-Based Onboarding
Customer due diligence is a baseline requirement in every serious regime. Regulators expect identity verification, UBO analysis, sanctions screening, source-of-funds logic, and risk scoring that reflects the actual customer base.
02
Sanctions Screening and Blockchain Analytics
Crypto businesses are expected to screen counterparties and wallets against sanctions and adverse-risk indicators. In practice this often means combining KYC tools with blockchain analytics and KYT-style transaction monitoring.
03
Travel Rule Operations
Travel Rule compliance is no longer a theoretical obligation. CASPs and VASPs increasingly need operational data exchange for originator and beneficiary information, often using standards such as IVMS101 and vendor or protocol-based connectivity.
04
Governance, Fit and Proper, and Substance
Serious regulators assess whether management understands the product, risk profile, outsourcing, and control framework. Local presence, decision-making logic, and management competence matter more than nominee structures.
05
Safeguarding, Custody Controls and Operational Resilience
Where client assets or keys are held, regulators expect segregation logic, wallet governance, access control, incident response, and resilience planning. Controls such as MPC, HSM, cold storage, key ceremony procedures, and privileged access logging are increasingly relevant.
06
Ongoing Compliance and Reporting
After approval, the company usually enters a live supervision cycle: suspicious activity reporting, annual or periodic reviews, governance maintenance, training, incident reporting, audit, and policy updates.
Who Issues Crypto Licenses Worldwide
There is no single global crypto regulator. The market is split between registration-based AML regimes, full authorization models, and layered systems where crypto, payments, securities, derivatives, and sanctions law overlap.
Regulator
EU National Competent Authorities, ESMA and EBA
In the EU, CASP authorization is granted by the home-state national competent authority under MiCA, while ESMA and EBA shape technical standards, supervisory convergence, and prudential interpretation around the regime.
Key takeaway: The EU route offers the strongest passporting logic, but regulator posture, review style, and practical readiness still differ by member state.
Official source Regulator
FCA in the United Kingdom
The Financial Conduct Authority supervises cryptoasset business registration under the UK Money Laundering Regulations. This is a high-scrutiny AML registration route, not a universal UK crypto exchange license in the continental sense.
Key takeaway: The UK is credibility-heavy and demanding, but it should be assessed as a standalone route outside MiCA passporting.
Official source Regulator
FinCEN, NYDFS, SEC and CFTC in the United States
The US framework is layered. FinCEN handles federal MSB registration and BSA obligations; state regulators handle money transmission; NYDFS applies the BitLicense regime in New York; and SEC or CFTC exposure depends on the product and token characterization.
Key takeaway: A US crypto license analysis is never complete if it stops at FinCEN registration.
Official source Regulator
VARA, ADGM and DFSA in the UAE
The UAE offers several distinct regulatory centers, including VARA in Dubai, ADGM FSRA in Abu Dhabi Global Market, and DFSA in DIFC for relevant financial activities. These are different regimes, not interchangeable labels.
Key takeaway: The UAE combines strong branding and regional growth potential with meaningful scrutiny on governance, substance, and business model clarity.
Official source Regulator
SFC in Hong Kong and MAS in Singapore
Hong Kong's SFC supervises the VATP regime, while MAS in Singapore applies the Payment Services Act framework and related financial services perimeter analysis. Both are high-credibility Asian hubs with demanding review standards.
Key takeaway: These jurisdictions are usually chosen for quality and regional positioning, not for the cheapest setup.
Official source Regulator
FINMA, FINTRAC and Other Specialist Regulators
FINMA in Switzerland, FINTRAC in Canada, AUSTRAC in Australia, and other national authorities each apply their own mix of AML, licensing, and product-perimeter analysis.
Key takeaway: Terminology can be misleading across jurisdictions. Similar labels often describe very different legal consequences.
Official source Banking, Fiat On/Off-Ramps and Why Licensed Does Not Always Mean Bankable
A crypto company becomes commercially usable only when licensing, banking, and payment connectivity work together. Many founders discover too late that a formally valid structure is still unattractive to banks, EMIs, merchant acquirers, or institutional counterparties.
1
Bankability Depends on More Than the License
Banks assess jurisdiction quality, ownership transparency, source of funds, customer profile, transaction typology, sanctions exposure, and whether management can explain the control environment.
2
Cheap Jurisdictions Often Create Banking Friction
The cheapest crypto license may fail later because banks or PSPs treat the jurisdiction as weak, unfamiliar, or operationally high-risk.
3
Parallel Banking Workstreams Save Time
Where possible, bank and EMI onboarding should begin during the licensing process. Waiting for formal approval can add months to launch.
4
Fiat Rails Need Product-Perimeter Alignment
If the business handles merchant settlement, client money, stored value, or payment execution, a crypto license alone may not satisfy banking or payments counterparties.
5
Counterparty Readiness Is a Hidden Scaling Gate
Liquidity providers, custodians, market makers, and B2B clients often ask for licensing evidence, AML architecture, Travel Rule readiness, and sanctions controls before onboarding.
How to Get a Crypto License: Step-by-Step Process
The licensing path is a sequence of legal, operational, and compliance workstreams. In most credible jurisdictions, the regulator is testing whether the business can operate safely after approval, not whether it can file a nice application.
1
1-2 weeks
Activity Mapping and Jurisdiction Selection
Define the exact services: exchange, custody, transfer, brokerage, payments, token issuance, staking, or advisory. Match those services to target markets and shortlist only the jurisdictions that fit the real perimeter.
2
1-3 weeks
Company Formation and Ownership Structuring
Incorporate the entity, disclose UBOs, set governance, prepare constitutional documents, and align ownership with fit-and-proper expectations and banking reality.
3
1-4 weeks
Capital and Substance Planning
Confirm share capital, prudential funding, local office logic, management presence, and whether the jurisdiction expects internal staff or accepts some outsourcing.
4
3-8 weeks
Document Package Preparation
Prepare the business plan, AML/CFT framework, KYC procedures, risk assessment, safeguarding logic, IT security package, outsourcing controls, complaints handling, and financial projections.
5
2-6 weeks
Compliance Stack Implementation
Select onboarding vendors, sanctions screening, blockchain analytics, Travel Rule tooling, case management, and internal escalation workflows before filing or during review where permitted.
6
3-8+ months
Application Filing and Regulator Dialogue
Submit the file to the competent authority, answer Q&A, remediate scope issues, and demonstrate that management understands the business and control environment.
7
2-6+ months
Banking and Payment Onboarding
Run bank and EMI onboarding in parallel where possible. In many cases, payment connectivity takes as long as or longer than the licensing review itself.
8
2-6 weeks
Authorization, Notification, and Launch
After approval, finalize passporting where relevant, complete operational testing, train staff, and move into the ongoing compliance cycle with reporting and governance controls live.
About Our Company
Why Regulated United Europe?
Regulated United Europe OÜ (RUE) is a European legal consulting firm specializing in financial licensing, company formation, and regulatory compliance. Since 2016, we have helped hundreds of businesses obtain crypto, gambling, forex, and EMI/PSP licenses across 35+ jurisdictions.
With offices in four EU countries and a team of experienced lawyers, we provide end-to-end support — from initial consultation and company registration to license acquisition and ongoing compliance management.
500+
Clients Served
35+
Jurisdictions
Since 2016
Years in Business
4
EU Offices
Licensed Legal Practice
Fully registered and regulated EU company with partnerships across major financial centers.
Multilingual Team
Our experts speak English, German, Russian, Chinese, and 12+ other languages for global client support.
Turnkey Solutions
From company registration to license acquisition and compliance — we handle the entire process end-to-end.
Dedicated Support
Personal consultant assigned to each client. Direct communication channels, no call centers.
🇪🇪 Tallinn, Estonia
🇱🇹 Vilnius, Lithuania
🇨🇿 Prague, Czech Rep.
🇵🇱 Warsaw, Poland
Taxation of Crypto-Licensed Companies
Tax should be assessed as part of the operating model, not as a headline rate on a comparison table. For crypto businesses, the relevant questions usually include corporate income tax, VAT treatment, withholding, permanent establishment risk, transfer pricing, and how substance aligns with management reality.
Substance note
A low-tax structure without workable substance can create tax, banking, and regulatory fragility at the same time. In practice, tax planning for a crypto-licensed company should be tested against where management decisions are made, where staff sit, where key contracts are performed, and where the regulator expects real control.
Corporate Income Tax Is Only One Variable
Corporate Income Tax Is Only One Variable
A low CIT rate can be outweighed by higher substance cost, weaker treaty access, or difficulty opening and maintaining operational accounts.
VAT Treatment Is Activity-Specific
VAT Treatment Is Activity-Specific
In the EU, exchange-related services may benefit from VAT treatment influenced by the CJEU Hedqvist line of reasoning, but ancillary services, software, consulting, and some token-related services may be treated differently.
Permanent Establishment Risk Matters
Permanent Establishment Risk Matters
If management, development, sales, or treasury decisions are effectively made in another country, the tax outcome may not follow the incorporation jurisdiction alone.
Transfer Pricing and Group Structuring
Transfer Pricing and Group Structuring
Groups using separate IP, technology, treasury, and operating entities should document intercompany pricing carefully, especially where licensing, custody, or exchange functions are split.
Token Models Can Create Separate Tax Questions
Token Models Can Create Separate Tax Questions
Issuer-side tokenization, treasury token holdings, staking revenue, and fee models may each produce different accounting and tax treatment requiring jurisdiction-specific analysis.
Effective Tax Rate Beats Headline Tax Rate
Effective Tax Rate Beats Headline Tax Rate
The correct comparison is total after-tax operating outcome over time, including compliance cost, banking friction, and substance burn, not just the nominal corporate rate.