How to Obtain a Crypto & Payment Licence in Liechtenstein (2026): Step‑by‑step for Vasps, Emis & Payment Firms

Obtaining a crypto license in Liechtenstein has become both more structured and more urgent in 2026, as three overlapping regulatory frameworks, the Markets in Crypto-Assets Regulation (MiCA), the forthcoming Payment Services Directive III (PSD III) and the Crypto-Asset Reporting Framework (CARF), converge on virtual-asset service providers, electronic-money institutions and payment firms operating from or into the EEA. Liechtenstein remains one of the most attractive jurisdictions for digital-asset businesses thanks to its pioneering Token and Trustworthy Technologies Act (TVTG), its proactive financial-market authority (FMA) and its full EEA-passporting capability.

This practical guide maps every step from initial decision-making through post-licence compliance, giving fintech founders, in-house counsel and compliance officers a concrete playbook aligned with the regulatory calendar as it stands in mid-2026.

Executive Summary & Decision Checklist for a Crypto Licence in Liechtenstein

Is crypto legal in Liechtenstein? Yes. Liechtenstein was one of the first countries in the world to create a bespoke legal framework for blockchain-based business models when the TVTG entered into force on 1 January 2020. Since 30 December 2024, Regulation (EU) 2023/1114, MiCA, has been fully applicable in Liechtenstein through the EEA Agreement, and the FMA now supervises crypto-asset service providers (CASPs) under that regulation.

Before engaging advisers or the regulator, every applicant should answer three threshold questions:

• Do you provide crypto-asset services as defined by MiCA (custody, exchange, transfer, advice, portfolio management, placing)? If yes, you need a CASP authorisation under MiCA (Regulation (EU) 2023/1114, Title V).
• Do you issue, transfer or safeguard tokens that qualify as “trustworthy technology” services under Liechtenstein’s TVTG but fall outside MiCA’s scope? If yes, you may still require an FMA registration under the TVTG.
• Do you provide payment services or issue electronic money alongside, or instead of, crypto-asset services? If yes, you need a payment institution or e-money institution licence, soon to be reshaped by PSD III and the Payment Services Regulation (PSR).

Three immediate actions for 2026 applicants:

1. Conduct a regulatory perimeter assessment to determine which licence(s) your business model requires.
2. Address governance gaps now, appoint a compliance officer, draft AML/CFT policies and prepare a fit-and-proper file for each qualifying holder and director.
3. Contact the FMA for an informal pre-application meeting; early regulator engagement materially shortens review timelines.

Regulatory Landscape: MiCA, TVTG, PSD III and CARF in Liechtenstein

The crypto licence Liechtenstein framework in 2026 sits at the intersection of four regulatory instruments. Understanding how they layer is essential for scoping an application correctly.

MiCA & CASP Authorisation

Regulation (EU) 2023/1114 (MiCA) became fully applicable across the EU on 30 December 2024. Liechtenstein incorporated MiCA into EEA law through the EWR-MiCA-Durchführungsgesetz (EWR-MiCA-DG), which entered into force on 1 February 2025. The FMA is the designated competent authority for CASP authorisation under MiCA in Liechtenstein. Any firm wishing to provide crypto-asset services within the EEA, including custody, operation of a trading platform, exchange, transfer, advice, portfolio management or placing, must hold a CASP authorisation granted by the FMA or passport one from another EEA state.

TVTG Crosswalk

Liechtenstein’s TVTG (Token- und Vertrauenswürdige-Technologien-Gesetz, in force since 1 January 2020) created a registration-based regime for VASPs and token-service providers. With MiCA now applicable, activities that overlap with MiCA’s scope are migrating to the CASP authorisation pathway. Industry observers expect that TVTG registrations for services falling squarely within MiCA’s definitions will be progressively superseded; however, activities that remain outside MiCA’s perimeter, such as certain tokenisation services or physical-validator operations, may still require a TVTG registration. Applicants should map each planned service against both the TVTG service catalogue and MiCA’s Annex to confirm the correct route.

PSD III Implications

The European Commission’s PSD III proposal (together with the Payment Services Regulation) is set to replace PSD II. For Liechtenstein, PSD III alignment will be implemented through national transposition following EEA-committee adoption. The likely practical effect for payment institution licence Liechtenstein applicants will be enhanced requirements around strong customer authentication, open-banking obligations, fraud-liability rules and operational resilience standards. Firms planning to combine crypto-asset services with fiat payment rails, a common model for exchanges and on-ramp providers, should prepare for dual-licensing requirements.

CARF Reporting Changes

The OECD’s Crypto-Asset Reporting Framework (CARF) extends automatic exchange-of-information principles to crypto-asset transactions. The EU implemented CARF through amendments to the Directive on Administrative Cooperation (DAC8). Industry commentary signals that Liechtenstein’s TVTG-registered VASPs should prepare for a 30 June 2026 cut-off date as a key milestone for CARF readiness, including the capture and reporting of transaction-level data to the Liechtenstein tax authority for onward exchange with treaty partners.

Key dates at a glance:

• 1 January 2020: TVTG enters into force.
• 30 December 2024: MiCA fully applicable in the EU.
• 1 February 2025: EWR-MiCA-DG enters into force in Liechtenstein.
• 2026: CARF/CRS reporting obligations take effect; PSD III legislative process advancing.

Which Crypto Licence Fits Your Business Model? Decision Matrix

Not every digital-asset business requires the same authorisation. The table below maps common business activities to the licence pathway most likely to apply in Liechtenstein.

VASP / CASP Triggers

If any of your planned services fall within the MiCA Annex definitions of crypto-asset services, you trigger the CASP authorisation requirement. This is the case even if the activity was previously covered by a TVTG registration alone.

Payment Institution Triggers

Operating fiat-denominated payment accounts, executing payment transactions, or providing payment-initiation or account-information services will require a separate PI or EMI licence under the current PSD II framework and, once transposed, PSD III.

When Both Licences Are Needed

Exchanges that offer both crypto trading and fiat deposit/withdrawal rails, as well as stablecoin issuers providing redemption at par, will typically need to hold both a CASP authorisation and a payment institution or e-money institution licence. Applicants in this position should prepare a single coordinated application package to avoid duplicating governance documentation and to streamline the FMA’s review.

Step‑by‑Step Application Process for a VASP Licence / CASP Authorisation (MiCA)

To obtain a crypto license in Liechtenstein as a CASP under MiCA, applicants follow a structured process overseen by the FMA. The FMA’s own MiCAR guidance pages outline the procedural framework, which aligns with Article 63 of Regulation (EU) 2023/1114.

Pre-Application: Documentation & FMA Meetings

The FMA encourages applicants to request an informal pre-application meeting before submitting a formal dossier. During this meeting, the regulator will assess the business model at a high level, flag obvious gaps and confirm which authorisation pathway applies. Applicants should prepare:

• Business plan. A detailed description of the intended crypto-asset services, target markets, revenue model and three-year financial projections.
• Governance structure. An organisational chart, draft articles of association and proposed board composition with CVs and fit-and-proper questionnaires for each director, qualifying shareholder and compliance officer.
• AML/CFT programme. A risk assessment, customer-due-diligence procedures, transaction-monitoring approach and suspicious-activity reporting workflows.
• IT security and operational resilience. System architecture, penetration-testing plans, business-continuity and disaster-recovery procedures and, where applicable, ICT risk-management documentation aligned with the Digital Operational Resilience Act (DORA).
• Custody arrangements. Details on how client crypto-assets will be segregated, stored and protected, including cold/hot wallet architecture and insurance or reserve arrangements.

Submission & Fees

Once the pre-application review is complete and all documentation is assembled, the applicant submits the formal authorisation request to the FMA together with the prescribed application fee. The FMA publishes its fee schedules on its website; applicants should budget for the regulator’s processing fee as well as professional advisory costs for legal, compliance and IT reviews.

Typical FMA Queries & Remediation

After submission, the FMA conducts a completeness check and then a substantive review. Common areas of regulator follow-up include:

• Insufficient detail in the AML/CFT risk assessment, particularly for firms serving cross-border or high-risk-jurisdiction clients.
• Gaps in the fit-and-proper files of proposed directors or qualifying holders.
• Lack of specificity in custody segregation arrangements or absence of third-party audit commitments.
• Unclear passporting intentions or missing home/host-state coordination plans.

Applicants should respond to FMA queries promptly and comprehensively; incomplete responses reset the review clock and extend timelines significantly.

Grant & Registration

Upon successful review, the FMA grants the CASP authorisation and enters the firm in the public register. The authorised CASP may then passport its services across the EEA by notifying the FMA of its intention to operate in other member states, either through a branch or on a cross-border services basis. Industry observers note that firms such as Sygnum have obtained a crypto licence in Liechtenstein specifically to leverage this EEA passporting capability for EU market expansion.

Step‑by‑Step Application for Payment Institutions (PSD III / PI Licence)

Firms requiring a payment institution licence in Liechtenstein follow a parallel but distinct process under the current PSD II-transposing legislation, with PSD III alignment on the horizon.

Capital & Prudential Requirements

Payment institutions must meet minimum initial-capital thresholds that vary by service type: payment execution, payment initiation and account-information services each attract different capital requirements. E-money institutions face a separate, generally higher, minimum-capital floor. Ongoing own-funds requirements are calculated using one of three prescribed methods (fixed-overheads, payment-volume or income-based), and the FMA expects applicants to demonstrate sufficient capital headroom beyond the regulatory minimum.

Safeguarding & Client Funds

Client-fund safeguarding is a core supervisory concern. Applicants must demonstrate that user funds are either deposited in a segregated account at a credit institution or covered by an insurance policy or comparable guarantee. Under the anticipated PSD III framework, safeguarding requirements are expected to tighten further, with shorter reconciliation cycles and more granular reporting to the FMA.

Outsourcing & Cloud

Where payment institutions outsource critical or important functions, including cloud hosting, transaction processing or KYC verification, the FMA requires a detailed outsourcing register, contractual provisions for audit rights and exit strategies, and a clear allocation of supervisory responsibility. Applicants should prepare an outsourcing policy that meets EBA outsourcing guidelines and aligns with DORA requirements for ICT third-party risk management.

Ongoing Supervision

Once authorised, PIs are subject to ongoing prudential reporting (own-funds calculations, safeguarding returns), annual audits, AML/CFT compliance reviews and incident-notification obligations. The FMA conducts periodic on-site inspections and expects proactive notification of material changes to governance, ownership or business model.

Compliance & Reporting in 2026: CARF, CRS, AML/CFT & Tax

The 2026 compliance landscape for Liechtenstein-licensed crypto and payment firms is defined by overlapping reporting obligations. The table below summarises key duties by entity type.

CARF Basics & Dates

The Crypto-Asset Reporting Framework, developed by the OECD and implemented in the EU through DAC8, requires reporting crypto-asset service providers to collect and report information about users’ crypto-asset transactions to their home tax authority. For CARF Liechtenstein purposes, the Liechtenstein tax authority (Steuerverwaltung) will exchange this data automatically with partner jurisdictions. Industry commentary indicates that VASPs currently holding TVTG registrations should treat 30 June 2026 as a key operational readiness cut-off for CARF data-capture systems.

AML/CFT Practical Steps

Is Liechtenstein a high-risk AML country? No. Liechtenstein is not listed on the FATF grey or black lists and has a well-established AML/CFT supervisory regime enforced by the FMA. However, the jurisdiction’s attractiveness to cross-border financial services means that the FMA applies a rigorous, risk-based approach to AML supervision. Applicants and licensed firms should expect:

• A comprehensive enterprise-wide risk assessment updated at least annually.
• Enhanced due diligence for clients connected to higher-risk jurisdictions or activities.
• Ongoing transaction monitoring with clear alert-escalation procedures.
• Regular independent AML audits (typically annual for CASPs and PIs).
• Staff training programmes covering typologies relevant to crypto-asset and payment-service money-laundering risks.

Tax Transparency & CRS

Liechtenstein participates in the OECD Common Reporting Standard (CRS) and exchanges financial-account information automatically with over 100 jurisdictions. Licensed firms that hold or manage client assets, whether fiat or crypto, must implement CRS due-diligence and reporting procedures. The addition of CARF means that crypto-specific transaction data now sits alongside traditional CRS reporting, requiring firms to build or upgrade data infrastructure capable of handling both streams without duplication.

Practical Governance & Operations Checklist

Meeting the FMA’s governance expectations is often the most time-consuming part of the application. The checklist below outlines the core items every applicant must prepare.

Policies & Manuals

• AML/CFT policy manual. Customer acceptance, CDD/EDD procedures, PEP screening, sanctions screening, STR processes.
• Custody and asset-segregation policy. Wallet management, key-management procedures, reconciliation frequency.
• Incident-response and business-continuity plan. Cyber-incident classification, escalation matrix, regulator-notification triggers, recovery-time objectives.
• Conflicts-of-interest policy. Particularly important for firms offering advisory, portfolio management or market-making services.
• Complaints-handling procedure. Required under MiCA Article 71 for all CASPs.

Staff & Training

• Appoint a compliance officer who is resident in Liechtenstein or can demonstrate adequate proximity and availability.
• Ensure the board collectively possesses expertise in financial regulation, technology, risk management and AML/CFT.
• Implement a documented training programme with annual refresher sessions and records of attendance.

IT & Security Standards

• Annual penetration testing by an independent third party.
• Encryption standards for data at rest and in transit.
• Multi-signature or hardware-security-module (HSM) key management for custodial wallets.
• DORA-aligned ICT risk-management framework, including third-party provider oversight.

Application Costs, Typical Timelines & Professional Fees for a Crypto License in Liechtenstein

These figures represent broad market estimates. Actual costs will depend on the business model’s complexity, the number of services sought and the state of the applicant’s existing governance infrastructure.

Post‑Licence Obligations & Ongoing Supervision Calendar

Receiving a crypto licence in Liechtenstein is the beginning, not the end, of the compliance journey. The following 12-month calendar outlines typical post-licence milestones.

• Month 1–3: Operationalise all policies submitted during the application. Complete staff onboarding training. Notify the FMA of the formal launch date and any passporting activations.
• Month 3–6: Conduct first internal AML/CFT review. Submit initial prudential returns (PIs). Ensure CARF data-capture systems are producing test outputs.
• Month 6–9: Prepare for first CRS/CARF reporting window. Conduct mid-year board review of risk appetite and compliance dashboard. Update enterprise-wide risk assessment if business model has evolved.
• Month 9–12: Commission annual external AML audit. Prepare annual financial statements and engage statutory auditor. Submit annual prudential and supervisory returns to FMA. File CARF/CRS reports with the Steuerverwaltung. Update fit-and-proper files for any new directors or qualifying holders.

The FMA expects proactive notification of any material changes, including changes to directors, shareholders, outsourcing arrangements, IT systems or target markets, within prescribed timeframes. Failure to notify promptly can result in supervisory measures.

Next Steps

The decision to obtain a crypto license in Liechtenstein in 2026 requires careful regulatory mapping, thorough document preparation and proactive engagement with the FMA. The convergence of MiCA, PSD III and CARF means that firms acting now will be best positioned to secure authorisation before compliance deadlines tighten further. Start with a regulatory-perimeter assessment, address governance and policy gaps, and schedule a pre-application meeting with the FMA as early as possible. Specialist legal counsel with direct FMA-liaison experience can materially accelerate the process and reduce the risk of costly remediation cycles.

Sources

1. Finanzmarktaufsicht Liechtenstein, Crypto-asset service providers (MiCAR guidance)
2. Finanzmarktaufsicht Liechtenstein, MiCAR / Fintech
3. Regulation (EU) 2023/1114, Markets in Crypto-Assets Regulation (EUR-Lex)
4. Liechtenstein TVTG, Token and Trustworthy Technologies Act (official statutes)
5. Legal 500, MiCAR Transition Watch: Liechtenstein TVTG VASPs and the 30 June 2026 Cut-Off
6. CMS Expert Guide, Crypto Regulation in Liechtenstein
7. Sygnum, Obtains Crypto Licence in Liechtenstein
8. Global Legal Insights, Blockchain & Cryptocurrency Laws: Liechtenstein