Crypto-Asset Service Provider

The Markets in Crypto-Assets Regulation (MiCA, Regulation 2023/1114) defines a crypto-asset service provider (CASP) as any legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis. MiCA identifies ten categories of crypto-asset services: custody and administration of crypto-assets on behalf of clients, operation of a trading platform for crypto-assets, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of orders for crypto-assets on behalf of clients, placing of crypto-assets, reception and transmission of orders on behalf of clients, providing advice on crypto-assets, providing portfolio management on crypto-assets, and providing transfer services for crypto-assets on behalf of clients.

CASPs must obtain authorisation from the competent authority of their home Member State before providing services. The authorisation process requires CASPs to demonstrate that they meet organisational requirements, including having appropriate governance arrangements, adequate internal control mechanisms, effective risk assessment procedures, business continuity policies, and sufficient own funds. CASPs must also comply with conduct of business rules including acting honestly, fairly, and professionally in the best interest of clients.

Authorised CASPs benefit from a passporting mechanism that allows them to provide services across the entire EU based on their home-state authorisation, either through the freedom to provide services or by establishing a branch. This passporting regime is one of the key innovations of MiCA, replacing the patchwork of national licensing regimes that previously existed.

CASPs are subject to ongoing obligations including prudential requirements, safeguarding requirements for clients' crypto-assets and funds, complaint handling procedures, conflict of interest management, and outsourcing policies. Competent authorities have comprehensive supervisory powers over CASPs, including the ability to withdraw authorisation, and can impose administrative penalties for non-compliance.