Crypto Broker License: Complete Setup Guide 2026

Lead Expert

Meet Dr. Marcus Hartmann

Dr. Marcus Hartmann

Senior Licensing Advisor · Zug, Switzerland

LL.M. International Financial Law · Dr. iur. · Zurich Bar

Dr. Marcus Hartmann has spent over two decades at the intersection of financial law and emerging technology. Based in Zug — Switzerland's Crypto Valley — he has guided startups, trading platforms, and institutional investors through the full spectrum of VASP licensing: from FINMA FinTech notifications to MiCA CASP applications and offshore structuring across 60+ jurisdictions.

He joined CryptoLicenses.net as Senior Licensing Advisor after a decade leading the fintech practice of a Swiss-regulated law firm, where he managed regulatory mandates in the UAE, Singapore, Liechtenstein, and the Cayman Islands.

22 years in financial services regulation

400+ crypto licensing mandates across 60+ jurisdictions

Certified AML Officer (ACAMS), FINMA-registered

Fluent in English, German, and French

View Full Profile →

This guide was researched and written by Dr. Marcus Hartmann, Senior Licensing Advisor at CryptoLicenses.net.

Key Takeaways

A crypto broker is an intermediary that executes cryptocurrency trades on behalf of clients — distinct from an exchange that matches buyers and sellers directly
Brokers holding client funds or providing investment advice require a VASP or CASP license in most jurisdictions
Capital requirements range from €50,000 to €150,000 depending on jurisdiction and license scope
Best jurisdictions for 2026: Estonia (VASP), Gibraltar (DLT), Cyprus (CySEC CASP), Seychelles (offshore), and EU MiCA (CASP with 27-country passporting)
Timeline ranges from 1 month (offshore) to 12 months (full MiCA CASP), with costs from €5,000 to €150,000+
MiCA CASP authorization is now the gold standard for EU brokers — passporting eliminates the need for separate national licenses

Section 1

What is a Crypto Broker?

A crypto broker is a regulated financial intermediary that buys and sells cryptocurrency assets on behalf of clients, typically at a quoted price or a spread above market rates. Unlike a crypto exchange — which operates an order book matching buyers and sellers directly — a broker acts as a principal counterparty, sourcing liquidity from exchanges, OTC desks, or market makers and filling client orders itself.

Broker vs. Exchange vs. OTC Desk

The regulatory distinction matters significantly. An exchange provides a platform where clients trade with each other; the exchange earns fees. A broker executes trades for clients and earns a spread or commission. An OTC desk handles large block trades directly, typically for institutional clients or high-net-worth individuals, often with customized pricing and settlement terms.

In practice, the lines can blur. A platform that quotes prices for immediate execution (like a buy/sell service rather than an order book) is typically classified as a broker. If your platform holds client assets between trades, routes client orders to external venues, or provides portfolio management services using crypto, you are almost certainly operating as a broker rather than a pure exchange.

How Crypto Brokers Operate

Most retail crypto brokers source liquidity from one or more upstream venues — major exchanges, prime brokers, or aggregators — and offer clients a simplified interface with fixed or semi-fixed pricing. They may custody client assets themselves or use a licensed third-party custodian. Revenue comes from the bid-ask spread, transaction fees, or both. Some brokers also offer margin or leverage, which triggers additional regulatory requirements in most jurisdictions.

Section 2

Do You Need a License?

The trigger for licensing depends on what your business actually does. In 2026, the regulatory frameworks across the EU, UK, UAE, and most major markets explicitly cover broker-type activities. If any of the following apply to your model, licensing is not optional — it is a legal requirement.

✓

Trading crypto on behalf of clients

Executing buy or sell orders using client funds or on client instructions — in any jurisdiction with a VASP or CASP framework — requires registration or authorization as a virtual asset service provider.

✓

Holding client funds or crypto assets

Custody of client assets — even temporarily between transactions — triggers licensing requirements in the EU (MiCA), UK (FCA), UAE (VARA), and most other regulated markets. You cannot avoid this by framing it as "settlement float."

✓

Providing investment advice on crypto assets

Recommending specific crypto assets or strategies to clients based on their financial situation or goals is classified as investment advice in most jurisdictions, requiring either a separate MiFID II license (EU) or inclusion in a CASP authorization under MiCA.

✓

Using or monetizing client order flow

If you aggregate client orders, route them to specific venues for payment for order flow (PFOF), or otherwise benefit from client order information, this triggers additional obligations around best execution and conflicts of interest disclosure under MiCA and equivalent frameworks.

Offshore is not a solution for EU/UK clients: Operating through a Seychelles or Marshall Islands entity while serving EU or UK clients remains illegal under those clients' home jurisdiction rules. Geo-blocking is required if you are not licensed to serve those markets.

"The most common mistake I see crypto brokers make in 2026 is choosing their jurisdiction before they have clearly defined their business model. A broker planning to serve retail EU clients with a simple buy/sell interface has completely different licensing needs than one offering margin products to institutional clients across MENA and Asia. Get the business model documentation right first — the jurisdiction choice follows naturally from that."
— Dr. Marcus Hartmann, Senior Licensing Advisor

Section 3

Best Jurisdictions for Crypto Broker License

The right jurisdiction depends on your target market, capital position, and how quickly you need to go live. Below is a comparison of the six most-used frameworks for crypto brokers in 2026, covering license type, minimum capital, timeline, and key considerations.

Jurisdiction	License Type	Min. Capital	Timeline	Key Feature
🇪🇪 Estonia	VASP (FIU)	€10,000–20,000	2–3 months	EU-based, cost-effective entry point
🇬🇮 Gibraltar	DLT License (GFSC)	€50,000	6–9 months	Robust framework, English common law
🇨🇾 Cyprus	CySEC CASP	€125,000	6–12 months	EU MiCA transition path, CySEC credibility
🇪🇺 EU MiCA	CASP Authorization	€125,000	3–6 months	27-country EU passport, highest credibility
🇸🇨 Seychelles	Offshore FSA	~€5,000	1–2 months	Fastest and cheapest, limited banking access
🇦🇪 UAE (VARA)	VARA Broker License	$50,000+	6–12 months	MENA market access, premium credibility

Which Jurisdiction is Right for You?

For EU-focused brokers, MiCA CASP authorization is the definitive long-term solution — one license covers all 27 member states, and the regulatory framework is now mature and well-understood. Cyprus CySEC offers a faster entry point with a clear MiCA transition pathway.

For brokers targeting global clients or wanting a faster launch, Estonia remains a viable EU-compliant option at significantly lower cost. Gibraltar is preferred by brokers who value a common-law environment with a strong regulatory reputation and no EU overhead.

Seychelles and similar offshore jurisdictions are suitable only for non-EU, non-UK client bases. They provide little credibility with institutional counterparties or banking partners and should be treated as a temporary or supplementary structure, not a primary license.

Section 4

Crypto Broker Licensing Requirements

While specific requirements vary by jurisdiction, the following checklist covers what virtually every regulated broker license requires. Gaps in any of these areas will delay or derail your application.

Incorporated legal entity in the target jurisdiction (Ltd, LLC, or local equivalent) with appropriate corporate structure
Local director or equivalent substance in the jurisdiction — nominee-only structures are increasingly rejected by regulators
Qualified AML Compliance Officer (MLRO) with demonstrable crypto or financial services experience, approved by the regulator
Comprehensive AML/KYC program: written policies, procedures, risk appetite statement, and a transaction monitoring system
Minimum capital requirement met and evidenced — paid-up share capital, not a loan or credit line
IT infrastructure documentation: trading platform, order management, custody solution, and cybersecurity framework
Professional indemnity insurance (required in Gibraltar, Cyprus, MiCA — amounts vary by jurisdiction)
Detailed business plan covering target market, revenue model, risk management, governance, and 3-year financial projections
KYC documentation for all directors, senior management, and ultimate beneficial owners (UBOs) — certified copies, source of wealth, clean criminal records
Client agreements, terms of service, best execution policy, and conflicts of interest disclosure

Common rejection trigger: Generic or template AML documentation is the number-one cause of application rejection and delay across all jurisdictions. Regulators can identify off-the-shelf AML policies instantly. Your AML program must be specifically tailored to your business model, client base, and risk profile.

◆ Need Help?

Not sure which licence fits your business? Get a free 30-minute consultation with our advisors. We'll review your model and recommend the right jurisdiction.

Get Free Consultation →

Section 5

Steps to Get Your Broker License

Getting a crypto broker license is a structured process. Rushing any step — particularly AML documentation and capital preparation — leads to delays. The following seven steps apply across all major jurisdictions, with jurisdiction-specific variations noted.

1

Select Your Jurisdiction

Before any incorporation or legal work, finalize the jurisdiction based on your target market, capital available, and desired timeline. If you plan to serve EU clients, MiCA CASP (via Cyprus, Lithuania, or another NCA) is the right long-term path. If you need speed and low cost, Estonia VASP or Seychelles FSA can bridge the gap while you build toward MiCA authorization.

Confirm that the chosen license actually covers your intended business activities — for example, if you plan to offer leverage or margin products, verify that the broker license in your chosen jurisdiction covers this, or whether a separate derivative dealer license is required.

Tip: Don't choose based on cost alone. A €5,000 Seychelles registration is worthless if your target clients are based in Germany, France, or the Netherlands.

2

Incorporate the Legal Entity

Register the company in the target jurisdiction with the correct share structure, articles of association, and registered office. Appoint directors who meet the jurisdiction's "fit and proper" criteria — usually requiring relevant financial services experience, clean criminal records, and (for senior roles) regulator pre-approval.

For MiCA CASP applications, the entity must have its registered office and effective place of management within the EU. Gibraltar requires a physical office; Cyprus CySEC requires genuine local substance, not just a registered address.

3

Build Your AML/KYC Program

Draft a complete AML/KYC policy suite: AML policy, customer due diligence (CDD) procedures, enhanced due diligence (EDD) procedures for high-risk clients, transaction monitoring policy, record-keeping policy, sanctions screening procedure, and Travel Rule compliance procedure.

Appoint and train your MLRO (Money Laundering Reporting Officer). The MLRO must have demonstrable compliance experience — not just a job title. In Cyprus, Gibraltar, and most MiCA NCAs, the MLRO appointment must be approved by the regulator before the license is granted. Build this into your timeline: regulator review of MLRO candidates can take 4–8 weeks.

4

Prepare Capital and Banking

Ensure the required minimum capital is fully paid up and evidenced by bank statements showing clear source of funds. This is not a reserve — it must be genuinely available in the company account. Many applications stall because capital is not ready at the time of filing.

Simultaneously, open a corporate bank account or secure a crypto-friendly banking partner. For EU-based entities, this is often the hardest practical step — many traditional banks remain reluctant to bank crypto businesses, even licensed ones. Fintech-friendly banks and EMIs (electronic money institutions) are often the most practical solution. Start banking conversations before you file for the license, not after.

5

Assemble the Application Package

Compile all required documentation: completed application forms, corporate documents, KYC packages for all directors and UBOs, business plan, AML policy suite, financial projections, IT documentation, and client-facing agreements (terms, best execution policy, conflicts of interest disclosure).

For MiCA CASP applications, the business plan is typically 40–80 pages covering governance structure, risk management framework, technology architecture, and regulatory compliance program. Do not underestimate this — the quality and specificity of your business plan is a primary signal to the regulator of your operational readiness.

6

Submit and Manage the Review

File the complete application with the relevant regulator. Most regulators acknowledge receipt within 5–10 business days and may issue a completeness check before formally starting the review clock. Respond to all information requests (RFIs) promptly and completely — partial responses typically reset the review clock.

Maintain close communication with your local legal representative throughout the review period. Do not make material changes to your ownership structure or business model without notifying the regulator. In Cyprus and Gibraltar, in-person meetings with regulators are standard practice during broker license reviews.

7

Go Live and Establish Ongoing Compliance

Once the license is granted, activate your compliance infrastructure before onboarding any clients. This means transaction monitoring systems are live, KYC workflows are operational, MLRO is in post and active, and your reporting schedule to the regulator is calendared.

Notify the regulator when you begin operations — many jurisdictions require formal notification of operational commencement. Ensure your website and client-facing materials include required disclosures: license number, regulator name, risk warnings, and complaints procedure. Operating without these disclosures is a compliance failure even with a valid license.

Tip: The first six months after licensing are your highest risk period. Regulatory inspections and monitoring are most likely shortly after authorization. Run your compliance program as if an inspection is imminent from day one.

Section 6

Capital Requirements by Jurisdiction

Capital requirements for crypto broker licenses vary significantly by jurisdiction and by the scope of activities covered. The following table shows minimum paid-up capital requirements as of 2026. Note that capital must remain in the entity — it is not an operating cost, though it is locked up during the license period.

Jurisdiction	License	Min. Capital	Ongoing Capital Rule	Notes
🇸🇨 Seychelles	FSA Offshore	~€5,000	None specified	Minimal credibility; offshore only
🇪🇪 Estonia	VASP (FIU)	€10,000–20,000	None specified	Low barrier; MiCA transition pending
🇬🇮 Gibraltar	DLT License	€50,000	Risk-based ongoing assessment	Additional operational capital expected
🇦🇪 UAE (VARA)	VARA Broker	$50,000+	Activity-dependent; can scale to $1M+	Security deposit also required
🇨🇾 Cyprus CySEC	CASP	€125,000	Must maintain at all times	EU MiCA aligned; CIF also available
🇪🇺 EU MiCA	CASP (Class 3)	€125,000	Quarter-of-fixed-overhead rule applies	27-country passport; gold standard

Capital is not a cost: Minimum capital requirements represent funds that must be held in the entity — they are not consumed or paid to the regulator. However, they must be genuinely available and maintained throughout the license period. Dropping below minimum capital thresholds must be reported to the regulator immediately.

Section 7

Technology Requirements

Technology documentation is a mandatory component of all serious crypto broker license applications. Regulators want to understand how your trading infrastructure operates, how client assets are protected, and how your systems detect and prevent market abuse and money laundering. Below are the four core technology areas every broker must address.

Order Management System (OMS)

Your OMS must be able to record all client orders with timestamps, routing decisions, execution venues, prices achieved, and any deviations from stated policy. Under MiCA and Gibraltar DLT requirements, you must be able to demonstrate — with data — that client orders were handled correctly and in clients' best interests. Off-the-shelf white-label trading platforms should be assessed for whether they produce sufficient audit trail data to satisfy regulatory requirements.

Best Execution Framework

MiCA CASP authorization and most EU-equivalent broker licenses require a documented best execution policy — a written commitment to execute client orders on terms most favorable to the client, considering price, speed, likelihood of execution, and cost. You must monitor and review best execution outcomes at least annually, and disclose your policy to clients. This requires aggregating execution quality data across all venues used.

Trade Reporting

Depending on jurisdiction, crypto brokers may be required to report trade data to regulators in near real-time or at defined intervals. MiCA introduces transaction reporting obligations for CASPs, aligned with MiFIR reporting concepts but adapted for crypto assets. Your systems must be capable of generating compliant reports in the required format — this should be tested before going live, not after your first regulatory review.

Custody Separation

All major broker license frameworks require the segregation of client assets from company assets. Client crypto holdings must be held in clearly identifiable client accounts or wallets, not commingled with the broker's own funds. This applies whether you custody assets in-house or through a third-party custodian. A written custody policy and demonstrated technical implementation of segregation are required documentation in most applications.

"MiCA has fundamentally changed the competitive calculus for EU crypto brokers. A single CASP authorization from CySEC or AMF now passports across all 27 member states — which means a broker that invests in proper MiCA authorization today has a structural advantage over competitors holding multiple national registrations. The ongoing compliance cost of MiCA is real, but it is offset by not having to maintain parallel compliance programs in each market."
— Dr. Marcus Hartmann, Senior Licensing Advisor

Section 8

Ongoing Compliance After Licensing

A crypto broker license is not a one-time approval — it is an ongoing permission that depends on continuous compliance with regulatory obligations. Regulators are increasingly active in supervising licensed entities, and the industry is seeing a significant rise in post-licensing enforcement actions in 2026.

Annual audited financial statements submitted to the regulator within the required filing period (typically 3–6 months after financial year-end)
Ongoing capital monitoring — minimum capital adequacy must be maintained at all times and breaches reported within 24–72 hours depending on jurisdiction
Independent AML audit by a qualified third party — annually in most jurisdictions, bi-annually in some. Results must be made available to the regulator on request
Transaction monitoring: all transactions above threshold amounts screened against sanctions lists; suspicious transaction reports (STRs/SARs) filed with the FIU within the required timeframe
Travel Rule compliance for all applicable virtual asset transfers — both outgoing and incoming, with counterparty VASP verification
Regulatory notifications for material changes: changes in ownership (UBOs), key management changes, new business lines, new markets, technology infrastructure changes
License renewal where applicable — Estonia VASP requires periodic renewal; MiCA CASP authorization is indefinite subject to ongoing compliance
Annual review and update of AML/KYC policies to reflect regulatory changes — FATF guidance updates, new ESMA guidelines under MiCA, national FIU directives

MiCA-Specific Ongoing Obligations

For brokers holding a MiCA CASP authorization, additional ongoing requirements apply: client asset safeguarding quarterly reconciliation, conflicts of interest register maintenance, market abuse monitoring and reporting to the relevant NCA, complaint handling with mandatory reporting statistics, and annual review of the best execution policy with public disclosure of the results.

Build compliance costs into your financial projections from day one. For a mid-sized crypto broker operating under MiCA, realistic ongoing compliance costs — MLRO, external AML audit, legal advisory, regulatory reporting, and technology — typically run €50,000–€150,000 per year, excluding capital.

Related Resources

Continue Reading

Related Guides

Related Services

FAQ

Crypto Broker License — Common Questions

A crypto exchange operates an order book or matching engine where buyers and sellers trade directly with each other — the exchange earns fees for facilitating the match. A crypto broker acts as a counterparty, buying or selling crypto to clients at a quoted price, sourcing liquidity from exchanges, OTC desks, or market makers. The broker earns the spread between the price it pays for liquidity and the price it charges clients. Regulatorily, brokers are more likely to be classified as investment firms (under MiCA or MiFID II) while exchanges are typically classified as trading venues or multilateral trading facilities. Both require licenses, but the license type and requirements differ.

The cheapest licensed option is a Seychelles FSA registration, with government fees and incorporation costs starting around €5,000 and a minimum capital requirement of approximately €5,000. However, Seychelles registrations provide limited practical utility: they do not allow you to legally serve EU or UK clients, banking access is difficult, and institutional counterparties and liquidity providers will often refuse to deal with Seychelles-regulated entities. For a cost-effective but credible EU-accessible license, Estonia VASP (€10,000–20,000 total including advisory) remains the most affordable genuine option. Estonia is EU-based, provides real regulatory credibility, and is compatible with MiCA transition planning.

Timelines vary significantly by jurisdiction. Seychelles FSA: 1–2 months from incorporation to approval. Estonia VASP (FIU): 2–3 months from complete application filing. Gibraltar DLT License: 6–9 months from complete application. Cyprus CySEC CASP: 6–12 months. EU MiCA CASP: 3–6 months from complete application under the mandatory review timeline (MiCA specifies a 3-month maximum review period for complete applications, but preparation and completeness checks can extend the total timeline). UAE VARA: 6–12 months. These timelines assume a complete, well-prepared application. Missing documents or poor AML documentation can add 2–6 months to any jurisdiction's timeline. Working with experienced advisors typically compresses timelines by 30–50%.

No single license provides global coverage. The closest to a broad license is the EU MiCA CASP authorization, which provides passporting rights across all 27 EU member states — allowing a broker licensed in, say, Cyprus to serve clients in Germany, France, or Spain without requiring a separate national license. Outside the EU, each major market requires its own license or registration: UK (FCA), UAE (VARA or ADGM), Singapore (MAS MPI), Hong Kong (SFC VATP), Australia (AUSTRAC + ASIC). For truly global operations, most brokers structure with 2–3 licenses covering their primary markets (typically EU + 1 APAC + 1 MENA), and implement geographic restrictions on markets where they have no license.

Minimum capital requirements range from approximately €5,000 (Seychelles, offshore) to €125,000 (Cyprus CySEC CASP, EU MiCA CASP). Estonia VASP requires €10,000–20,000; Gibraltar DLT License requires approximately €50,000; UAE VARA starts at $50,000 but can require significantly more depending on the scope of activities. Capital requirements are not costs — they are funds that must be held in the entity and maintained continuously. They cannot be borrowed or funded by credit lines; they must be genuine paid-up equity capital with documented source of funds. Dropping below the minimum capital threshold during operations must be reported to the regulator and remediated immediately.

Best execution is a regulatory obligation requiring brokers to take all sufficient steps to obtain the best possible result for clients when executing orders, considering factors including price, speed, likelihood of execution, settlement, size, and nature of the order. Under MiCA (which applies to CASPs providing order execution services), brokers must maintain and publish a best execution policy, monitor execution quality against that policy, and review and update it at least annually. In practice, this means documenting which liquidity venues you use and why, maintaining data on execution quality (fill rates, slippage, price improvement), and being able to demonstrate to regulators that your routing and execution decisions genuinely serve client interests. Retail clients are prioritized on price and cost; institutional clients can agree to alternative factors.

References

Sources & Official References

MH