CASP License

A CASP (Crypto-Asset Service Provider) license is the regulatory authorization required to legally offer crypto-asset services such as custody, exchange, brokerage, and portfolio management. While the term "CASP" originates from the EU's MiCA regulation, equivalent licensing regimes now exist across all major digital asset jurisdictions.

Licensing Requirements by Jurisdiction

The capital, governance, and operational requirements vary significantly depending on where a firm seeks authorization. The table below compares the five most active licensing regimes as of 2026.

Only the EU offers cross-border passporting. All other jurisdictions require a separate license for each market. VARA covers Dubai only (not the wider UAE), and Singapore bans cross-border-only services after June 30, 2025.

EU/MiCA: The CASP License

Under MiCA, any entity providing crypto services to EU clients must obtain CASP authorization from their home Member State's National Competent Authority. Capital requirements depend on the services offered:

• EUR 50,000 - Advisory, order reception/transmission, portfolio management
• EUR 125,000 - Above plus custody, exchange (crypto-to-fiat and crypto-to-crypto)
• EUR 150,000 - Above plus trading platform operation

Once authorized, a CASP can passport services across all 27 EU Member States within 15 calendar days of notification. This is MiCA's most significant structural advantage over every other regime.

Key obligations include mandatory client asset segregation, governance requirements aligned with DORA for IT resilience, and a market abuse regime covering insider dealing and market manipulation.

Important caveat: While passporting grants market access, firms targeting substantial business in specific Member States may face additional local requirements. Italy imposes criminal penalties (up to 4 years imprisonment) for unauthorized CASP services. Poland and Germany require local directors for firms with significant local presence. See our analysis: MiCA's Passport Problem.

Brazil: SPSAV (Three-Tier System)

Brazil's Banco Central introduced a three-tier VASP classification effective February 2, 2026 (Resolutions 519-521), with capital requirements set by Resolução Conjunta nº 14 and Resolução BCB nº 517 (both November 3, 2025):

• Intermediary (Intermediária): R$ 9.2 million+ (~$1.67M) - buy/sell/exchange, portfolio management, staking
• Custodian (Custodiante): R$ 13 million+ (~$2.36M) - safekeeping, asset transfers, dedicated wallets
• Broker (Corretora): R$ 10.8M - 37.2M (~$1.96M - $6.76M) - combined intermediary + custodian; variable based on activity scope

These capital figures follow the same prudential framework applied to traditional National Financial System institutions. Brazil requires a physical headquarters (no coworking), minimum 3 directors (Operations, AML/CFT, Internal Controls), and classifies stablecoin transactions as foreign exchange operations with strict counterparty limits.

Existing operators must file for authorization within 270 days of the February 2026 effective date.

UAE/Dubai: VARA License

VARA operates a Dubai-specific regime with capital requirements that vary based on whether a firm uses a VARA-licensed custodian:

• Exchange with custodian: AED 800,000 (~$218K)
• Exchange without custodian: AED 1,500,000 (~$409K) - nearly double

VARA also requires professional indemnity insurance, directors & officers coverage, and commercial crime insurance for hot wallet operations. The licensing process typically takes 6-12 months across two stages (MVP approval followed by full market product).

Cayman Islands: CIMA VASP License

The Cayman Islands distinguish between licensed activities (custody, trading platforms) and registered activities (transfer, exchange, brokerage) under the Virtual Asset (Service Providers) Act 2020, with Phase 2 effective April 1, 2025.

CIMA does not publish a specific minimum capital amount — applicants must provide evidence of "fully paid-up capital" as part of their application, and CIMA assesses adequacy on a case-by-case basis considering the scope of proposed activities. The authority requires minimum 3 directors (including 1 independent), all beneficial owners (10%+) approved by CIMA, and full FATF Travel Rule compliance. Insurance requirements cover professional liability, theft/loss of custody assets, and cybersecurity incidents.

Singapore: MAS Payment Licenses

Singapore regulates crypto through its Payment Services Act, requiring either a Standard Payment Institution (SPI) or Major Payment Institution (MPI) license:

• SPI: SGD 100,000 (~$75K) - for firms with under SGD 3M monthly volume
• MPI: SGD 250,000 (~$187K) - required for any cross-border activity, regardless of volume

Critical restriction: After June 30, 2025, firms serving only overseas customers without a genuine Singapore presence are banned entirely. Singapore is the most geographically restrictive of the five regimes.

For stablecoin issuance, MAS requires SGD 1 million minimum capital, 100% reserve backing in cash or short-term securities, and monthly reserve attestations.

Key Dates and Deadlines

Common Requirements Across All Jurisdictions

Despite structural differences, every regime requires:

1. Client asset segregation - VASP assets must be separated from client holdings
2. AML/CFT compliance - KYC, transaction monitoring, suspicious activity reporting
3. Governance standards - Fit-and-proper tests for directors and senior management
4. Operational resilience - Business continuity, cybersecurity, and IT risk management
5. Record-keeping and reporting - Ongoing regulatory reporting obligations
6. Insurance or capital buffers - Protection against operational failures and client losses