Georgia has a live regulatory framework for virtual asset service providers, but it is not an EU MiCA passport jurisdiction. The practical question is not just whether a business can register or obtain supervised VASP status, but whether its exact model, AML stack, banking profile, and tax structure fit Georgian rules and market practice.
Georgia has a live regulatory framework for virtual asset service providers, but it is not an EU MiCA passport jurisdiction. The practical question is not just whether a business can register or obtain supervised VASP status, but whether its exact model, AML stack, banking profile, and tax structure fit Georgian rules and market practice.
This page is an informational legal-practical overview, not legal or tax advice. Georgian crypto regulation depends on the exact business model, current National Bank of Georgia rules, AML obligations, and case-specific banking acceptance.
Key regulatory facts, timeline markers, and practical next steps for a fast initial read.
The reform materially changed the prior low-structure environment and moved the market toward supervised AML-heavy operations.
Founders increasingly discovered that legal setup alone does not solve fiat access or compliance tooling.
The key issue is model fit: regulated VASP, FIZ-compatible export structure, or pure technology business outside the regulated perimeter.
Georgia regulates in-scope virtual asset services through a framework centered on the **National Bank of Georgia**, with AML/CFT obligations tied to the **Financial Monitoring Service of Georgia** and broader tax and company-law touchpoints involving the **Revenue Service**, the **Ministry of Finance**, and the **National Agency of Public Registry**. The country remains attractive because of comparatively flexible corporate structuring, a known tax system, and lower operating costs than many EU jurisdictions. The legal advantage, however, is often overstated online. Georgia is not a one-size-fits-all crypto hub, not a substitute for **MiCA**, and not a guarantee of local banking. The correct founder question is narrower: does the business model fall inside the Georgian VASP perimeter, can the team satisfy fit-and-proper and AML expectations, and can the company support a credible fiat and compliance narrative after approval. A second practical distinction matters just as much: **mainland VASP** and **FIZ** are not interchangeable. Mainland Georgia is generally the more relevant route for regulated service models, especially where custody, exchange, resident exposure, or fiat interfaces exist. FIZ may be useful for certain export-oriented, infrastructure, or operationally ring-fenced models, but it is not a regulatory override. The most common mistake in the market is to buy a company setup package before mapping the activity perimeter, Travel Rule obligations, and banking risk.
Georgia moved from a comparatively light and fragmented operating environment to a more formalized VASP framework from **2023** onward. The practical effect is that founders can no longer rely on simple company formation and generic AML templates. The market now expects a real compliance architecture, clearer regulator-facing disclosures, and a more defensible explanation of how client assets, wallets, counterparties, and fiat flows are controlled. One underappreciated change is that the reform shifted the center of gravity from incorporation to supervision: a Georgian entity may exist under company law, but that does not answer whether it may lawfully perform a regulated crypto activity.
| Topic | Legacy Approach | Current Approach |
|---|---|---|
| Market entry logic | Company formation was often treated as the main launch step. | Founders must first analyze whether the model falls within the NBG-supervised VASP perimeter. |
| AML expectations | Basic KYC language was often considered sufficient. | The market expects documented CDD, EDD, sanctions screening, transaction monitoring, STR escalation, and Travel Rule readiness. |
| Banking assumptions | Many providers implied that a local entity would naturally obtain a bank account. | Banks apply their own crypto risk filters, and approval by itself does not guarantee fiat access. |
| Use of the term license | Websites loosely marketed a Georgia crypto license without legal distinction. | A proper analysis distinguishes company registration, VASP status/authorization, and ongoing supervision. |
| Structuring choices | FIZ was often presented as a universal crypto solution. | FIZ is useful only for certain models and does not displace regulation where in-scope VASP services are actually provided. |
The legally correct answer is that founders must verify the current form of **VASP authorization and supervision** under Georgian law rather than rely on the generic sales term “crypto license.” In search behavior, “Georgia crypto license” and “Georgia VASP license” are normal keywords. In legal work, however, the decisive issues are the wording of the applicable Georgian acts, the implementing rules of the **National Bank of Georgia**, the AML framework administered with the **Financial Monitoring Service**, and the actual public status of the entity. This distinction matters because a business can be validly incorporated in Georgia without being entitled to provide a regulated virtual asset service. It also matters because some business lines marketed online as crypto activities may overlap with adjacent regimes such as payment services, securities, investment services, or consumer protection obligations. A second nuance often missed in competitor content is that the legal perimeter is not determined by branding. A company calling itself a software provider may still be in scope if it controls client wallets, executes exchange flows, intermediates transfers, or otherwise performs regulated functions in substance.
| Law / Regime | Scope | Applies To | Why It Matters |
|---|---|---|---|
| Georgian VASP framework | Regulates in-scope virtual asset services and places them under the relevant Georgian supervisory architecture. | Businesses providing regulated virtual asset services in or from Georgia, depending on the model and nexus. | This is the core answer to whether a business needs a Georgia crypto license or supervised VASP status. |
| AML/CFT framework | Sets customer due diligence, enhanced due diligence, sanctions, monitoring, recordkeeping and suspicious transaction reporting obligations. | VASP entities and other obliged persons under Georgian AML law. | A VASP filing without a real AML operating model is usually weak both for supervision and for banking. |
| Company law and public registry rules | Governs incorporation, corporate form, governance documents and shareholder registration. | All Georgian legal entities, including crypto businesses. | Incorporation is necessary but not sufficient; it does not replace regulated status. |
| Tax law and Revenue Service practice | Determines corporate tax, dividend treatment, VAT exposure and reporting obligations. | Georgian entities, including VASPs and FIZ structures. | Many founders misunderstand Georgia's distributed-profits taxation model and overgeneralize FIZ benefits. |
| Adjacent financial regulation | May apply where a token, payment, lending or investment structure overlaps with another regulated activity. | Projects involving fiat payment functionality, investment rights, derivatives, or security-like token features. | This is where many online guides become legally unsafe by promising coverage that may require extra analysis. |
The **National Bank of Georgia** is the primary authority founders associate with Georgia crypto regulation, but the real compliance map is multi-agency. The **National Agency of Public Registry (NAPR)** handles company registration. The **Financial Monitoring Service of Georgia** is central to AML/CFT reporting logic. The **Revenue Service** and the **Ministry of Finance** matter for tax characterization and reporting. In practice, a founder should verify three things separately: the company exists in the public registry, the business has the correct regulatory status for its activity, and the AML/tax architecture matches the actual operating model. A useful practical rule is this: never rely solely on a service provider’s marketing statement that a company is “licensed”; always verify the legal status in official sources and reconcile it with the business model actually being operated.
Core regulator and supervisory authority for the Georgian VASP framework.
A business model falls within the regulated virtual asset service perimeter.
Receives suspicious transaction reports and anchors AML/CFT reporting obligations.
An obliged entity detects suspicious activity, sanctions concerns, or other reportable AML events.
Registers Georgian legal entities and maintains corporate registry records.
Company incorporation, shareholder changes, governance updates, and public registry verification.
Administers tax reporting and practical tax treatment issues.
Corporate tax, dividend distributions, VAT analysis, payroll, accounting and tax filings.
Administers zone-level structuring where a Free Industrial Zone model is used.
A founder chooses a Free Industrial Zone structure for a qualifying business model.
The correct answer is activity-specific. Core VASP activities such as **exchange, brokerage-like intermediation, OTC dealing, and custody or wallet control** are the first place to test against the Georgian regulated perimeter. By contrast, **non-custodial software**, pure infrastructure, code development, analytics, and some mining-related models may sit outside the licensing need, depending on how the service is delivered in practice. The crucial distinction is control and intermediation. If the business controls client private keys, executes transfers on behalf of clients, receives or transmits value, or operates a platform that functionally provides exchange or custodial services, the case for VASP treatment becomes much stronger. If the company only licenses software, provides APIs, audits smart contracts, or offers self-custody tools without taking possession or control, the analysis may point outside the regulated perimeter. Another nuance usually missed in generic guides is that token issuance, lending, and payment-like products are not safely answered by the label “crypto” alone. A token can be utility-like, payment-like, or security-like. A lending product can raise consumer, investment, or prudential issues. A fiat-linked remittance flow can trigger adjacent payment-services analysis even where virtual assets are used in the settlement chain.
Custodial wallet or safekeeping of client virtual assets or keys
Usually requires authorisation
Crypto-to-crypto exchange platform
Usually requires authorisation
Crypto-to-fiat exchange activity
Usually requires authorisation
OTC desk executing trades for clients
Usually requires authorisation
Pure non-custodial wallet software
Needs case-by-case analysis
Blockchain analytics or compliance SaaS
Needs case-by-case analysis
Mining for own account
Needs case-by-case analysis
Token issuance with payment or securities features
Usually requires authorisation
| Business Model | MiCA Relevance | Adjacent Regimes | Practical Answer |
|---|---|---|---|
| Custodial exchange with fiat on/off-ramp | No Georgian MiCA passporting; separate EU strategy needed if targeting the EEA. | Banking, payment-services and sanctions controls become more important. | Usually analyze as a mainland Georgia VASP model with strong banking and AML preparation. |
| Crypto-only exchange without client fiat handling | Still no MiCA passporting, but may suit non-EU regional operations. | Consumer, AML and custody issues remain central. | Often still within the Georgian VASP perimeter if exchange or custody functions are present. |
| Non-custodial wallet app | Depends on target markets, not on Georgia alone. | Data protection, app-store, consumer and sanctions exposure may still matter. | May fall outside VASP scope if the provider does not control client assets or execute transfers. |
| Token issuance with investment rights or revenue share | Potentially relevant for broader EU product planning, but not solved by Georgia. | Securities, investment or public offering analysis may be triggered. | Requires case-by-case legal classification; do not assume standard VASP treatment is enough. |
| B2B blockchain infrastructure or API provider | Depends on customer geography and whether the product becomes customer-facing. | Technology contracting and data governance are more relevant than VASP rules if no in-scope service is performed. | Often best structured as a pure tech model rather than a regulated crypto operator. |
| Mining or validator infrastructure for own account | Usually low direct MiCA relevance unless bundled with customer services. | Energy, tax, customs and equipment import issues may matter more. | Often outside VASP scope unless the business also provides in-scope client services. |
A token is not regulated by its marketing label; it is regulated by its legal and economic function. In Georgia, as elsewhere, founders should separate at least three questions: does the project provide a regulated **virtual asset service**, does the token create rights that resemble a **security or investment instrument**, and does the operating flow overlap with **payment services** or remittance. This matters because many commercial guides oversimplify token issuance as a standard crypto activity. That is unsafe. A utility token used only for access to a platform is not analyzed the same way as a token promising profit participation, redemption, or pooled investment exposure. A second underused classification tool is the custody lens: if the issuer or platform also holds client assets, manages treasury flows for users, or controls transfer execution, the project may combine token issues with VASP obligations. A third nuance is lending. “Crypto lending” is not one homogeneous category. Own-account treasury activity, bilateral institutional lending, retail yield products, and deposit-like structures create very different legal risk profiles.
| Category | Core Feature | Typical Trigger |
|---|---|---|
| Utility-style token | Access, usage or participation in a platform without obvious investment rights. | Needs deeper review if bundled with custody, exchange, resale promises or profit expectations. |
| Payment-like token model | Used as a settlement or transfer instrument in a payment or remittance flow. | May require analysis beyond standard VASP rules if the model overlaps with payment services. |
| Investment or security-like token | Confers profit share, debt-like rights, governance tied to financial return, or pooled investment exposure. | May trigger securities or investment-services analysis in addition to crypto regulation. |
| Custodial platform token | Token sits inside a platform that controls user wallets or transfer execution. | Raises direct VASP and AML implications even if the token itself is framed as utility. |
| Infrastructure token | Used primarily for protocol access, gas, staking utility or machine-to-machine functionality. | Still needs review if the issuer or operator intermediates customer transactions or controls assets. |
Yes: Start with a VASP perimeter analysis.
No: Move to the next question on token rights and payment functionality.
Yes: Assess possible securities or investment-services overlap.
No: Continue with payment and utility analysis.
Yes: Assess payment-services overlap and AML implications.
No: The model may remain within utility or infrastructure analysis, subject to facts.
Yes: A non-regulated tech structure may be possible.
No: Regulated status is more likely.
The short answer is that **mainland VASP** and **FIZ** solve different problems. Mainland Georgia is generally the correct route where the business itself performs regulated virtual asset services, especially if the model includes custody, exchange, resident exposure, or fiat touchpoints. FIZ can be commercially efficient for certain export-oriented, ring-fenced, infrastructure or operational models, but it is not a substitute for regulatory authorization where an in-scope VASP activity is being carried on. The third option, often ignored by commercial competitors, is a pure technology company that does not provide a regulated virtual asset service at all. That option can be the cleanest structure for blockchain software, analytics, node infrastructure, smart-contract development, or non-custodial tooling. The most common founder error is to choose FIZ first because of tax marketing and only later discover that the actual operating model still requires a regulated mainland analysis.
Many founders still rely on outdated assumptions that no longer reflect the supervised environment.
Structuring now begins with activity mapping rather than simple incorporation.
The right structure is now the one that survives both regulator and bank scrutiny.
Founders reviewing older Georgian crypto guides should treat any pre-**2023** assumptions as potentially obsolete unless cross-checked against current **NBG**, **FMS**, tax and registry practice.
The real process starts with business-model mapping, not with filing forms. A credible Georgia VASP project usually moves through five layers: perimeter analysis, company setup, governance and AML drafting, regulatory submission and follow-up, then post-approval operationalization including banking, vendor onboarding and reporting controls. The legal timeline and the operational timeline are different. In many cases, the legal work can progress faster than the opening of a usable fiat account or the completion of Travel Rule and KYT integrations.
Define whether the business performs exchange, custody, OTC, transfer intermediation, token issuance with regulated features, or only software/infrastructure services. This is where mainland VASP, FIZ and pure-tech routes are separated.
Incorporate the Georgian entity, prepare constitutional documents, confirm shareholding, UBO disclosures, management appointments and the operating narrative that matches the actual business model.
Prepare AML/CFT policies, sanctions controls, customer risk methodology, transaction monitoring logic, Travel Rule approach, internal reporting lines, outsourcing map, IT/security controls and business plan materials.
File the package, respond to requests for clarification, align the narrative across legal, AML, governance and operational documents, and correct any mismatch between the paper model and the real product flow.
Open or finalize banking and EMI relationships, complete KYT and Travel Rule vendor implementation, train staff, test STR escalation, and align accounting and tax reporting before launch.
The file should read like one operating model, not like disconnected policy appendices.
| Document | Purpose | Owner |
|---|---|---|
| Corporate formation documents | Evidence of legal existence, governance structure and shareholder arrangements. | Legal / corporate secretary |
| UBO and management file | Supports fit-and-proper review, source-of-wealth analysis and sanctions screening. | Founders / compliance |
| Business plan and service description | Explains what the company actually does, who the clients are, and where the revenue comes from. | Founders / strategy |
| AML/CFT manual | Documents CDD, EDD, monitoring, STR escalation, sanctions and governance controls. | MLRO / compliance |
| Risk assessment | Shows how the firm classifies customer, geographic, product, delivery-channel and transaction risks. | Compliance / risk |
| IT and security policies | Covers wallet security, access control, logging, incident response, outsourcing and data handling. | CTO / security lead |
| Office and substance evidence | Supports the firm's operational credibility and practical local presence narrative. | Operations |
| Financial forecast and transaction-flow map | Helps both regulator and bank understand expected volumes, counterparties and fiat exposure. | Finance / founders |
The largest hidden cost in Georgia crypto regulation is not always the filing itself; it is the ongoing compliance and operational stack required to stay bankable and defensible. A realistic budget should separate government and filing costs from recurring controls such as AML staffing, transaction monitoring, sanctions screening, blockchain analytics, Travel Rule messaging, accounting, and legal updates. Another common mistake is to compare Georgia only to EU licensing fees. The more useful comparison is total cost to operational readiness.
| Cost Bucket | Low Estimate | High Estimate | What Drives Cost |
|---|---|---|---|
| Entity formation and legal structuring | Case-specific | Case-specific | Depends on translations, apostilles, complexity of ownership and whether mainland or FIZ analysis is needed. |
| Regulatory filing and policy drafting | Case-specific | Case-specific | The cost rises sharply if the business model includes custody, fiat exposure, or token complexity. |
| AML tooling | Recurring vendor cost | Recurring vendor cost | Usually includes sanctions screening, PEP screening, KYT and case management. |
| Travel Rule implementation | Recurring vendor cost | Recurring vendor cost | Often overlooked at planning stage; may require IVMS101-compatible messaging or vendor integration. |
| Security and wallet controls | Depends on architecture | Depends on architecture | Custodial businesses may need stronger key management, segregation, logging and incident response capabilities. |
| Accounting and tax support | Recurring local support | Recurring local support | Important because Georgia's distributed-profits tax logic is often misunderstood by foreign founders. |
| Banking and payment onboarding | Indirect cost | Indirect cost | The main cost is often time, repeated due diligence, and restructuring transaction flows to satisfy counterparties. |
The biggest misconception is that Georgia is “cheap” simply because incorporation is relatively straightforward. For a real VASP, the decisive budget line is the **ongoing compliance and banking-readiness stack**, not the company registration fee.
AML is the operational core of the Georgian VASP regime. A Georgian crypto business should assume that a defensible compliance program must cover at least **customer due diligence (CDD), enhanced due diligence (EDD), sanctions screening, politically exposed person screening, transaction monitoring, suspicious transaction reporting, recordkeeping, governance, staff training, and Travel Rule controls** where applicable. The **Financial Monitoring Service of Georgia** is central to the reporting chain, while the **National Bank of Georgia** remains critical to the supervisory environment. The practical standard is no longer “do KYC”; it is to show how the firm identifies the customer, verifies beneficial ownership, understands expected activity, screens the wallet and counterparties, monitors deviations, escalates alerts, and stores evidence in a retrievable audit trail. A strong 2026 program should also address blockchain-specific controls that many generic AML manuals omit: wallet exposure scoring, sanctions-linked address screening, mixer and darknet risk indicators, chain-hopping patterns, and the treatment of self-hosted wallet interactions. Another underused but increasingly important control is governance over outsourced compliance vendors. If a Georgian VASP uses third-party onboarding, KYT, sanctions, or Travel Rule providers, the firm still retains responsibility for the control environment.
| Workflow Step | Control | Owner |
|---|---|---|
| Customer onboarding | Identity verification, UBO identification, sanctions/PEP screening, risk scoring and expected activity profile. | Compliance / onboarding team |
| Wallet and counterparty assessment | Blockchain analytics screening, exposure review, source-of-funds context and high-risk typology checks. | Compliance / KYT analyst |
| Ongoing monitoring | Rules-based and risk-based transaction monitoring, behavior deviation alerts and periodic refresh of customer files. | Compliance operations |
| Travel Rule handling | Collection and transmission of originator and beneficiary data using a structured messaging process where required. | Compliance / operations / product |
| Suspicion escalation | Internal case review, decision log, freezing or restriction logic where relevant, and STR preparation. | MLRO / senior compliance |
| Regulatory evidence | Retention of customer files, alert logs, screening results, approvals and decision trails. | Compliance / legal / IT |
Yes, a Georgian crypto structure can be used for cross-border business, but cross-border capability is not the same as cross-border permission. Georgia can work well for businesses serving non-EU regional or international clients, especially where the company does not need EEA passporting. The legal question is always two-sided: what Georgia permits, and what the target market requires. A Georgian VASP may be lawful in Georgia and still need foreign registration, local advice, or geoblocking in another jurisdiction. This is especially important for EU-facing distribution after **MiCA**, and for markets where local money transmission, securities, or consumer-finance rules bite even if the backend operator is offshore. A second practical limit is banking geography. Some counterparties, correspondent banks, card acquirers, or stablecoin partners may apply their own jurisdictional filters regardless of Georgian legality.
Founders should be careful with any strategy based on informal inbound demand or reverse solicitation theories. In crypto, regulators and banks usually look at the real distribution footprint, language, onboarding flow, and payment rails rather than website disclaimers alone.
Most failures come from mismatch, not from missing forms. The regulator, the bank, and sophisticated counterparties all test whether the legal narrative, the product flow, the AML controls, and the ownership profile point in the same direction. If the company says it is a software provider but in fact controls wallets, or says it is low-risk but cannot explain source of wealth, the file weakens quickly. Another recurring risk is overreliance on commercial summaries that flatten important distinctions between VASP, FIZ, payments, securities, and tax treatment.
Legal risk: The firm may actually fall within the regulated VASP perimeter and be operating on the wrong legal basis.
Mitigation: Map technical control rights, wallet architecture and transaction authority before choosing the structure.
Legal risk: Fit-and-proper concerns can affect both regulatory comfort and bank onboarding.
Mitigation: Prepare a bank-grade UBO dossier with sanctions checks, wealth narrative and supporting evidence.
Legal risk: The compliance framework appears non-operational and may not satisfy supervisory expectations.
Mitigation: Draft product-specific CDD, KYT, Travel Rule and escalation workflows tied to real transaction patterns.
Legal risk: The company may still require mainland regulated status for in-scope services.
Mitigation: Separate tax structuring from regulatory perimeter analysis at the start.
Legal risk: The model may trigger securities or investment-services analysis beyond standard crypto rules.
Mitigation: Perform a rights-based token classification and review offering language, not just token labels.
Legal risk: The company becomes legally formed but commercially unusable due to lack of fiat rails.
Mitigation: Run banking pre-screens in parallel with the legal process and prepare transaction-flow documentation early.
Legal risk: Cross-border counterparties and compliance reviewers may treat the AML stack as incomplete.
Mitigation: Define originator/beneficiary data handling, IVMS101-compatible logic and self-hosted wallet risk treatment.
The first point is simple: Georgia’s corporate tax logic is not a tax on every profitable transaction. The standard corporate tax framework is built around **distributed profits**, with the well-known **15%** Georgian corporate tax rate applying under the Estonian-style model when profits are distributed rather than merely earned and retained. That distinction matters for crypto businesses because treasury management, inventory turnover, and realized trading gains do not automatically create the same tax event as a dividend or other distribution. The second point is that dividend, payroll, VAT and cross-border service analysis still matter. The third point is that **FIZ** tax benefits are conditional and should not be copied from marketing pages without checking whether the actual business activity, client location, and transaction structure fit the relevant rules. A further nuance often missed in crypto tax summaries is the difference between entity-level taxation and founder-level taxation. A Georgian company may have one tax treatment, while a founder’s personal tax exposure depends on residence, source rules, treaty position, and whether value is extracted as salary, service fees, or dividends.
| Topic | Why It Matters | Responsible Team |
|---|---|---|
| Corporate income tax on distributed profits | This is the core of Georgia's tax appeal and the source of many misunderstandings in crypto planning. | Finance / tax |
| Dividend distributions and withholding analysis | Founders need to model how value leaves the company, not just how it is earned. | Finance / tax / legal |
| VAT by service line | VAT treatment can differ between exchange-like services, consulting, software, and ancillary revenue streams. | Tax / accounting |
| FIZ eligibility and conditions | Zero-tax marketing claims can be misleading if the real business model falls outside the intended structure. | Tax / legal / operations |
| Accounting treatment of crypto assets and treasury flows | Accurate books are essential for tax reporting, audit readiness and bank explanations. | Accounting / finance |
| Cross-border founder tax exposure | UBOs and executives must assess personal tax residence, treaty relief, and CRS transparency implications. | Founders / personal tax advisers |
Pre-launch self-assessment
Sequence these after the core perimeter, governance, and launch-control decisions are stable.
Open the key issues founders, compliance teams and legal leads usually need to confirm before launch.
Not always. The answer depends on whether the provider merely supplies software or actually controls client assets, authorizes transfers, or intermediates transactions. A genuinely **non-custodial** wallet provider may sit outside the Georgian VASP perimeter, but the analysis must be based on technical control, not branding.
Founders should not rely on blanket yes/no statements. The practical analysis has three layers: what Georgian law expressly requires, what the **NBG** expects for a credible operating setup, and what banks or payment counterparties want to see. In practice, a stronger substance profile usually improves both regulatory and banking outcomes.
The phrase **Georgia crypto license** is often a market shorthand. The legally relevant issue is the current Georgian framework for VASP authorization, registration and supervision. Founders should verify the exact legal status required for their activity under current **2026** rules rather than rely on sales terminology.
Potentially yes, but resident-facing activity usually makes the mainland regulated analysis more important. It also increases the need to align consumer-facing operations, AML controls and banking arrangements with local expectations. FIZ structures are not automatically the right answer for resident-facing regulated services.
No. Georgia is **not** an EU or EEA MiCA passport jurisdiction. A Georgian VASP can be useful for regional or international operations, but it does not grant passporting rights into the EEA.
Operational readiness usually takes longer than legal setup. The timeline includes company formation, perimeter analysis, policy drafting, filing, regulator follow-up, bank onboarding, vendor integration and internal testing. The most common delay is not incorporation; it is **banking and compliance implementation**.
Founders should verify this point directly against current Georgian legal sources and regulator guidance. Online materials often confuse company-law share capital, prudential expectations and bank onboarding preferences. The safe approach is to separate **legal minimum capital**, if any, from the practical capital level needed to support a credible business plan.
Sometimes, but not on a blanket basis. Token issuance and lending can overlap with securities, investment, payment or consumer-finance analysis depending on the rights offered and the transaction structure. These models require a product-specific legal review.
At minimum, expect **CDD, EDD, sanctions screening, PEP screening, transaction monitoring, suspicious transaction escalation, recordkeeping, staff training and Travel Rule readiness** where applicable. For higher-risk models, blockchain analytics and wallet screening are effectively part of market-standard compliance.
No. A regulated or approved status can help, but banks apply their own risk appetite, source-of-funds review, counterparty analysis and sanctions standards. Many crypto businesses discover that **bank onboarding is a separate diligence process**.
Mining for own account is often analyzed differently from customer-facing exchange or custody services. If the business only mines or validates for itself and does not provide in-scope client services, it may sit outside the standard VASP perimeter. The answer changes if the model includes custody, brokerage, hosted wallets or client fund handling.
The key feature is the **Estonian-style corporate tax model**, under which the standard **15%** corporate tax logic is tied to distributed profits rather than simple retention of earnings. That advantage should be modeled together with dividend, VAT, payroll and cross-border founder tax issues.
The right Georgian structure depends on the real operating model, not on a generic "crypto license" package. A proper review should test the VASP perimeter, FIZ suitability, Travel Rule readiness, banking viability and tax consequences before launch.
