What is the CASP (Crypto Asset Service Provider) Under MiCA Regulation?

What is the CASP?

Starting from December 30, 2024, the Markets in Crypto-Assets Regulation (MiCA) will come into full force across the European Union. This regulation will standardize the requirements and procedures for crypto asset service providers (CASPs) across all member states, effectively replacing any local regulatory regimes that previously governed these services.

Under MiCA, crypto-asset service providers – means a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with relevant authorisation issued by regulatory authority of Member State.

The list of services which can be provided by the CASP:

• providing custody and administration of crypto-assets on behalf of clients;
• operation of a trading platform for crypto-assets;
• exchange of crypto-assets for funds;
• exchange of crypto-assets for other crypto-assets;
• execution of orders for crypto-assets on behalf of clients;
• placing of crypto-assets;
• reception and transmission of orders for crypto-assets on behalf of clients;
• providing advice on crypto-assets;
• providing portfolio management on crypto-assets;
• providing transfer services for crypto-assets on behalf of clients.

From VASP to CASP: EU’s crypto regulation shift

The crypto ecosystem is an ever-evolving arena, and through its rapid maturation came the need for regulations, recommendations and policies. As with all areas, appropriate terminology is required to explain these changes.

The Financial Action Task Force’s (FATF’s) Recommendation 16, commonly known as the Travel Rule, and the Markets in Crypto Assets (MiCA) framework, which falls under the European Commission’s digital finance package, are examples of such changes.

The FATF’s latest update describes businesses that provide virtual asset services for or on behalf of another person as a virtual asset service provider (VASP). In contrast, MiCA refers to these businesses as crypto asset service providers (CASPs).

As defined by the FATF, VASP activities include:

• the exchange between virtual assets and fiat currencies,
• the exchange between one or more forms of virtual assets,
• the transfer of virtual assets,
• the safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets,
• the participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

The FATF’s acronym of choice, VASP, carries a similar meaning to

• crypto exchange service provider (CESP), the term used in Japan,
• crypto asset secondary service providers (CASSPrs), the term used in Australia,
• digital asset exchanges, the term used in the US and,
• crypto asset trading platform (CTP), the term used in Canada.

The FATF’s definition covers the basic activities of an average VASP. However, the definition does not extend to cover crypto advisory services, nor is it as explicit in its terms as the MiCA definition below.

CASP definition: the term CASP first appeared in 2020, when the draft regulation for MiCA was published. This regulation aimed to establish a consistent legal structure for the governance of virtual assets and cryptocurrencies across the European Union.

The term “Virtual Asset Service Provider” (VASP), as defined by the FATF, is more commonly used outside the European Union (EU). Meanwhile, the term “Crypto Asset Service Provider” (CASP) is adopted within the EU under its regulatory framework.

In informal discussions, these terms are often used interchangeably. However, in formal or legal contexts, it is crucial to recognize the distinction: MiCA’s definition of CASP is broader than the FATF’s definition of VASP, encompassing additional elements not included in the FATF framework.

For businesses operating within the EU, any activity categorized as a crypto service under MiCA automatically qualifies the business as a CASP. Conversely, businesses based outside the EU typically adhere to the FATF’s definition of VASP or their own jurisdiction’s equivalent. If your business does not operate within the EU, it is generally appropriate to use the FATF’s VASP definition, even if your activities align with MiCA’s criteria.

The role of CASPs under MiCA regulation and MiCA’s impact on CASPs

From December 30, 2024, the crypto asset services can only be provided in the EU by a firm which has been authorized by a competent authority as a CASP, unless the firm is already regulated as a credit institution, a central securities depository, an investment firm under MiFID, a market operator, an electronic money institution, a management company of UCITS, or an AIFM that is allowed to provide crypto-asset services in accordance with their applicable regulations.

MiCA establishes detailed requirements for the authorization and operation of CASPs. It specifies the application process for authorization, including the necessary content, how applications are assessed, and the powers granted to competent supervisory authorities to withdraw authorizations. MiCA also outlines the operational obligations for authorized CASPs, including requirements related to the disclosure of inside information, as well as the prevention and detection of insider trading and market manipulation. CASPs involved in arranging and executing transactions are required to implement systems, procedures, and controls to identify and monitor potential market abuse.

Key Obligations for CASPs under MiCA:

• Professional Conduct: CASPs must act honestly, fairly, and professionally in the best interests of their clients and prospective clients.
• EU Presence: CASPs must have at least one director residing in the EU and maintain a physical office within the EU.
• Capital Requirements: CASPs are subject to minimum capital requirements based on the type of crypto-asset services offered, starting from €50,000.
• Management Standards: Management members must have a good reputation and possess the necessary knowledge, skills, and experience to fulfill their duties both individually and as a team.
• Ownership Transparency: CASPs must disclose shareholders and beneficial owners. Changes in ownership that surpass regulatory thresholds trigger a change-of-control notification to the competent supervisory authority.
• Policies and Procedures: CASPs must implement policies for identifying, preventing, managing, and disclosing conflicts of interest. Additionally, they are required to maintain a business continuity policy, including plans for ICT continuity.
• Outsourcing Restrictions: While CASPs may outsource certain activities, they remain fully liable for outsourced functions. Third-party service providers, including those offering custody services for crypto-assets, must adhere to EU standards. Cooperation with EU supervisory authorities is mandatory, and EU data protection regulations must be respected.

Transitional period and next steps

MiCA includes a transitional regime for CASPs that offered their services prior to December 30, 2024, granting them until July 1, 2026, to become authorized by their competent authority as a CASP unless the relevant EU member state where the CASP seeks to operate has taken the decision to reduce the transitional period.

Official list of grandfathering periods decided by Member States you can find here.

The EU Commission has also adopted several implementing and delegated regulations specifying technical standards, among other things, on the information to be provided by entities seeking to become authorized CASPs. In addition, ESMA has released several pieces of guidance including on the interpretation of reverse solicitation and the conditions and criteria for the qualification of crypto-assets as financial instruments.