FAQs - Crypto-asset service providers (CASPs)

The following FAQs are intended to help CASPs understand how the licensing process works. This section contains FAQs on licensing applications for crypto-asset service providers.

Is there a transitional regime for virtual asset service providers (VASPs) entered in the special section of the Italian Agents and Brokers Organization (OAM) register?

Yes, Decree-Law No. 95/2025, amending Article 45 of Legislative Decree 129/2024, extended the national transitional regime for VASPs (Virtual Asset Service Providers) registered in the special section of OAM's currency exchange register. Operators already benefiting from the transitional regime may continue to operate for an additional six months - until 30 December 2025 - under the rules set out in Legislative Decree 141/2010 and its implementing provisions. Furthermore, these same operators may continue to operate during the licensing process until the authorization is either granted or denied, but in any case no later than 30 June 2026, provided that: (i) they submit an application for authorization in Italy or another EU Member State by 30 December 2025, as CASPs under Regulation (EU) 2023/1114 (MiCAR), or (ii) another company in their group submits such an application by the same date.

Can a crypto-asset service provider operate in other Member States, i.e. on a cross-border basis?

Yes, crypto-asset service providers may provide services in a Member State other than the one where the licence was granted.

To this end, when submitting or after submitting the licensing application, applicants must provide Banca d'Italia or CONSOB with the information specified in Article 65 (1) of the MiCA Regulation, namely:

  • a list of the Member States in which they intend to provide crypto-asset services;
  • the crypto-asset services that they intend to provide on a cross-border basis;
  • the starting date of the intended provision of crypto-asset services;
  • a list of all other activities carried out by the crypto-asset service provider that fall outside the scope of MiCAR.

CONSOB - the authority designated as the single point of contact with ESMA - will provide ESMA with the required information.

Is there an application form?

Yes, to prepare and submit a licensing application, use the application form available in the Downloads section, which is based on the template annexed to Implementing Regulation (EU) 2025/306.

What documents should be attached to the application?

The information and documents to be submitted with the licensing application are set out in the relevant legislation (MiCA Regulation, Delegated Regulation (EU) 2025/305 and Implementing Regulation (EU) 2025/306) and in the application form, which can be found in the Downloads section.

What prudential requirements apply to crypto-asset service providers?

Crypto-asset service providers must at all times have prudential safeguards equal to the higher of: (i) the permanent minimum capital requirement, as determined by the type of crypto-asset services provided under Annex IV to MiCAR; and (ii) one quarter of the previous year's fixed overheads, subject to annual review. As provided for in Article 67 of the MiCA Regulation, these safeguards may take one of the following forms:

  1. own funds, calculated in accordance with Regulation (EU) no 575/2013 ('CRR');
  2. an insurance policy covering the territories of the EU where crypto-asset services are provided, or a comparable guarantee;
  3. a combination of (a) and (b) above. In that case, it must be verified that the sum of the value covered by the policy (per-claim ceiling) and the amount of available own funds is at least equal to the minimum amount required.

The supplier must produce:

  • for own funds: (a) documentation demonstrating how the applicant calculated the amount in accordance with Article 67 of MiCAR;(b) for existing undertakings, an extract from their audited accounts or from a public register certifying the amount of own funds; (c)for newly created undertakings, a bank statement issued by a credit institution stating that the funds are deposited in the applicant's account;
  • for the insurance policy: a copy of the contract - including a preliminary version - containing all elements necessary to comply with Article 67 (5) and (6) of the MiCA Regulation, signed by an undertaking authorized to provide insurance under EU or national law. The policy must be signed by the end of the licensing procedure and may include a suspension clause until the licensing decision is issued.

Are there any measures for the protection and segregation of client funds?

Yes, crypto-asset service providers holding crypto-assets that belong to clients or means of access to such crypto-assets must put in place appropriate arrangements to protect clients' ownership rights.

By the end of the working day following the receipt of client funds (excluding e-money tokens), crypto-asset service providers must deposit those funds with a credit institution or a central bank.

Crypto-asset service providers must take all necessary steps to ensure that such client funds (excluding e-money tokens) deposited with a credit institution or a central bank are held in accounts that are separately identifiable and clearly segregated from those used to hold the provider's own funds.

Are crypto-asset service providers subject to anti-money laundering obligations?

Yes. Legislative Decree 231 of 21 November 2007 (the Anti-Money Laundering Decree) was amended by Legislative Decree 204 of 27 December 2024 to transpose the amendments made by the new Regulation (EU) 2023/1113 on transfers of funds to Directive (EU) 2015/849 (the Fourth Anti-Money Laundering Directive).

As a result of these changes, crypto-asset service providers have been included among the financial intermediaries subject to anti-money laundering (AML) obligations and Banca d'Italia has been assigned AML supervisory responsibilities over this new category of intermediaries.

The new EU Regulation on transfers of funds extends to crypto-asset transfers the obligation (previously applicable only to fiat currency transfers) to include information on the payer and the payee in each payment message. This is intended to ensure traceability and help detect suspicious transactions.

With the Provision dated 23 July 2025, Banca d'Italia extended the following provisions to crypto-asset service providers, other than banking and financial intermediaries already subject to anti-money laundering and countering terrorist financing (AML-CTF) supervision:

Are there specific requirements regarding the physical presence of CASP staff in Italy?

Yes. Under the MiCA Regulation (recital 74 and Article 59(2)), the place of effective management of a CASP (i.e. where the main management and commercial decisions are made) must be located in the European Union and at least one director must be resident in the European Union.

At the EU level, in order to ensure a CASP's sufficient local substance in its home Member State, ESMA has specified, among other things, that:

  • there should be sufficient staff in the home Member State, including at least one executive director residing there;
  • the CASP must be able to demonstrate that decision-making power remains in the Member State where it was licensed; in particular, executive board members and key senior managers should be employed and physically present in the Member State of establishment in proportion to their role, ensuring that they can effectively fulfil their responsibilities;
  • the deployment of staff outside the country of licensing must not hinder the exercise of supervisory functions or rapid access to relevant information by national authorities, prevent the CASP's management from exercising effective control over its staff, or compromise the CASP's ability to ensure continuity in the provision of its crypto-asset services (see ESMA's supervisory briefing on the licensing CASPs).

In any event, the overall set-up of the CASP will be assessed in its entirety, also taking into account its size and operational complexity, to avoid excessive reliance on outsourcing and to prevent the creation of empty-shell entities.

Under what conditions can the licence of a crypto-asset service provider be withdrawn?

Under MiCAR, the competent authorities may withdraw a licence, including for individual services, if the crypto-asset service provider:

  • has not used its licence within 12 months from the date it was issued;
  • has expressly renounced its licence;
  • has not provided crypto-asset services for nine consecutive months;
  • has obtained its licence by irregular means, such as by submitting false statements in its licensing application;
  • no longer meets the conditions under which the licence was granted and has failed to take the corrective action requested by the competent authority within the specified timeframe;
  • does not have effective systems, procedures and arrangements in place to detect and prevent money laundering and terrorist financing, as required by Directive (EU) 2015/849;
  • has seriously infringed the MiCA Regulation, including the provisions relating to the protection of crypto-asset holders and clients of crypto-asset service providers, or relating to market integrity.
  • has violated national laws transposing Directive (EU) 2015/849;

has lost its licence as a payment institution or an electronic money institution and has not remedied the situation within 40 calendar days.