Meet Dr. Marcus Hartmann
Dr. Marcus Hartmann has spent over two decades at the intersection of financial law and emerging technology. Based in Zug — Switzerland's Crypto Valley — he has guided startups, trading platforms, and institutional investors through the full spectrum of VASP licensing: from FINMA FinTech notifications to MiCA CASP applications and offshore structuring across 60+ jurisdictions.
He joined CryptoLicenses.net as Senior Licensing Advisor after a decade leading the fintech practice of a Swiss-regulated law firm, where he managed regulatory mandates in the UAE, Singapore, Liechtenstein, and the Cayman Islands.
- A crypto license is formal legal permission from a regulator to operate cryptocurrency services commercially
- Licensing is now mandatory in 60+ countries — operating without one exposes founders to criminal liability
- Licenses cover exchanges, crypto wallets, custodians, brokers, payment processors, and asset managers
- Without a license you face fines, asset seizure, criminal prosecution, and platform shutdowns
- EU's MiCA regulation, fully in force from December 2024, created a unified CASP license valid across all 27 member states
What Is a Crypto License?
A crypto license — formally known as a Virtual Asset Service Provider (VASP) registration, Crypto Asset Service Provider (CASP) authorisation, Digital Payment Token (DPT) license, or Money Services Business (MSB) registration depending on jurisdiction — is an official regulatory approval that grants a company the legal right to provide cryptocurrency-related financial services to clients.
Think of it in the same way as a banking license or a securities broker-dealer license. It is a state permission to operate in a regulated sector. Without it, you are operating illegally, regardless of how technically sophisticated your platform is or how many users you serve.
Crypto licenses are issued by financial regulators: the European Securities and Markets Authority (ESMA) and national competent authorities in the EU, the Financial Conduct Authority (FCA) in the UK, the Monetary Authority of Singapore (MAS), the Virtual Assets Regulatory Authority (VARA) in Dubai, the Financial Crimes Enforcement Network (FinCEN) in the US, and dozens of others globally.
What a Crypto License Authorises
A crypto license grants specific permissions. These typically include: operating a crypto exchange (buying, selling, and exchanging digital assets), providing crypto custody services (holding assets on behalf of clients), operating a crypto payment service or wallet, offering brokerage or OTC desk services, managing crypto asset portfolios, and in some cases, issuing or marketing crypto assets to the public.
Importantly, a license is not a blanket permission — it authorises specific regulated activities. A custodian license does not automatically permit you to operate an exchange. Most businesses need to apply for the correct license category matching their actual service model.
Types of Crypto Licenses
Different jurisdictions use different terminology and license frameworks. The table below maps the most common license types, who needs them, and where they apply.
| License Type | Full Name | Who Needs It | Key Jurisdictions |
|---|---|---|---|
| VASP | Virtual Asset Service Provider | Exchanges, custodians, brokers, payment services | EU (pre-MiCA), Lithuania, Estonia, Poland, UAE |
| CASP | Crypto Asset Service Provider (MiCA) | All businesses offering crypto services to EU clients | All 27 EU member states from Dec 2024 |
| MSB | Money Services Business | Crypto payment services, exchanges, money transmission | USA (FinCEN), Canada (FINTRAC) |
| DPT License | Digital Payment Token License | Exchanges, custodians, OTC desks, payment services | Singapore (MAS Payment Services Act) |
| Virtual Asset License | Virtual Asset License / VATP | Exchanges offering services to retail investors | Hong Kong (SFC), Dubai (VARA) |
| DLT Provider License | Distributed Ledger Technology Provider | Broad crypto businesses, exchanges, custodians | Gibraltar (GFSC) |
MiCA consolidation: The EU's Markets in Crypto-Assets (MiCA) Regulation replaced fragmented national VASP registrations across member states with a single CASP authorisation framework from December 2024. One license now covers the entire EU single market.
"A crypto license is not a box to tick — it is the legal foundation of your entire business. Without the correct license category matching your actual services, you risk operating outside your authorisation scope even while holding a license. I have seen businesses fined not for lacking a license, but for performing activities their license did not cover. Get the classification right from day one."
— Dr. Marcus Hartmann, Senior Licensing Advisor
Who Needs a Crypto License?
The requirement to hold a crypto license is triggered by the nature of your business activity, not your company's legal form or where you are incorporated. If you provide any of the following services commercially, you almost certainly need a license in every jurisdiction where you have clients.
- Crypto exchanges — platforms that allow users to buy, sell, or swap digital assets (centralised or order-book-based)
- Crypto custodians — businesses that hold private keys or digital assets on behalf of clients
- Crypto brokers and OTC desks — entities that execute crypto trades on behalf of clients or act as counterparty
- Crypto payment processors — companies that facilitate payments or settlements in digital assets
- Crypto wallet providers — hosted wallet services where the provider controls the private keys
- DeFi platforms with identifiable operators — platforms with a company controlling smart contracts, fees, or the frontend
- NFT marketplaces — where NFTs qualify as financial instruments under local law (increasingly common in 2026)
- Crypto asset managers — entities managing client crypto portfolios on a discretionary or advisory basis
- Token issuers — companies conducting public token offerings under MiCA or equivalent frameworks
Common misconception: Many founders believe that incorporating in a permissive jurisdiction (e.g., Seychelles, BVI) exempts them from licensing requirements. It does not. What matters is where your clients are located and where your services are provided — not where your company is registered.
What Activities Are Regulated?
Crypto regulation focuses on specific activities that create financial risk for consumers or risk of money laundering. Under MiCA and most global frameworks, the following activity categories are regulated and require a license to perform commercially.
Consequences of Operating Without a License
The consequences of operating a crypto business without the required license have become dramatically more severe in 2026. Regulators across all major jurisdictions have significantly increased enforcement activity, and the penalties are no longer primarily administrative — they are criminal.
| Jurisdiction | Financial Penalty | Criminal Penalty | Other Consequences |
|---|---|---|---|
| European Union (MiCA) | Up to €5,000,000 or 12.5% of annual turnover | Varies by member state; criminal referral possible | Platform shutdown, asset freeze, public censure |
| United Kingdom (FCA) | Unlimited fine | Up to 2 years imprisonment | Personal liability for directors, app store removal |
| UAE (VARA / CBUAE) | AED 10,000,000 (approx. USD 2.7M) | Up to 10 years imprisonment | Asset confiscation, business license revocation |
| Singapore (MAS) | SGD 250,000 per violation | Up to 3 years imprisonment | Debarment from financial industry, asset seizure |
| USA (FinCEN / State) | Up to USD 500,000 per day (FinCEN) | Up to 5 years imprisonment (federal) | DOJ prosecution, platform delisting by US banks |
| Hong Kong (SFC) | HKD 5,000,000 | Up to 7 years imprisonment | SFC public register, domain blocking |
Directors are personally liable. In the UK, UAE, Singapore, and under MiCA, individual directors and senior managers can face personal criminal charges — not just the company. "I didn't know" is not a defence if you held a directorship in an unlicensed crypto business.
Crypto License — Global Landscape
The global regulatory map for crypto is no longer binary. In 2026, three distinct categories of jurisdiction exist: pro-licensing (with established frameworks), restricted or banned, and unregulated (which is rapidly shrinking). Understanding where your clients are located determines which licensing obligations apply to you.
- European Union — MiCA CASP (27 countries, single passport)
- UAE — VARA (Dubai), ADGM, DIFC
- Singapore — MAS Payment Services Act
- Hong Kong — SFC Virtual Asset Trading Platform
- Switzerland — FINMA, crypto-friendly banking
- UK — FCA Crypto Asset Registration
- Bahrain — CBB Crypto Asset Module
- El Salvador — BCR Bitcoin license
- Gibraltar — GFSC DLT Provider
- Liechtenstein — Token and Trustworthy Technology Act
- China — complete ban on crypto exchanges and trading
- Egypt — crypto transactions prohibited under banking law
- Bolivia — total prohibition on crypto payments
- Iraq — central bank prohibition order
- Bangladesh — crypto transactions illegal
- Morocco — AML law effectively prohibits crypto use
- Nepal — NRB ban on all crypto transactions
- North Korea — sanctioned jurisdiction (OFAC)
- Many smaller jurisdictions lack specific crypto laws
- "Unregulated" does not mean legally safe
- General AML and financial crime laws still apply
- Banks in these countries often refuse crypto firms
- FATF grey-listing affects banking access heavily
- FATF requires all member countries to implement VASP frameworks by 2025–2026
The "offshore" myth: Registering in Seychelles, Marshall Islands, or BVI does not exempt you from licensing requirements in jurisdictions where you actually have users. Most sophisticated clients, institutional investors, and banking partners now require a license from a recognised regulator as a minimum due diligence requirement.
Not sure which licence fits your business? Get a free 30-minute consultation with our advisors. We'll review your model and recommend the right jurisdiction.
Get Free Consultation →"MiCA has fundamentally restructured the global competitive landscape for crypto licensing. It replaced seven or eight different national VASP registration frameworks with a single authorisation that passports across 27 markets. For any business targeting EU clients — which in practice means almost every globally-operating exchange — getting MiCA-authorised is no longer optional. The transition period ends, and the enforcement calendar is already running."
— Dr. Marcus Hartmann, Senior Licensing Advisor
How MiCA Changed Everything
The EU's Markets in Crypto-Assets (MiCA) Regulation, which entered into full force in December 2024, is the most significant development in crypto regulation since Bitcoin was created. For the first time, a major economic bloc has a comprehensive, unified regulatory framework covering the entire crypto asset sector.
What MiCA Created
MiCA established the Crypto Asset Service Provider (CASP) authorisation — a single license issued by a competent authority in any EU member state that provides passporting rights across all 27 EU countries. A company authorised as a CASP in France can operate in Germany, Italy, Spain, and every other EU member state without seeking additional national approvals.
Before MiCA, a crypto business serving clients across the EU needed to navigate 27 different national regulatory regimes — some with full licensing requirements, some with light-touch registrations, and some with no framework at all. MiCA replaced this fragmented patchwork with a single rulebook.
What MiCA Covers
MiCA covers three categories of crypto assets: asset-referenced tokens (ARTs, including stablecoins backed by multiple assets), e-money tokens (EMTs, including fiat-backed stablecoins like USDC), and all other crypto-assets (including utility tokens, governance tokens, and most existing cryptocurrencies). It explicitly excludes Bitcoin and Ethereum as "sufficiently decentralised" assets from the ART/EMT categories, though CASP licensing requirements apply to anyone providing services involving these assets.
Capital Requirements Under MiCA
MiCA sets tiered minimum capital requirements based on service type: Class 1 CASPs (order execution, advice, placement, reception/transmission of orders) require EUR 50,000. Class 2 CASPs (exchange, portfolio management) require EUR 125,000. Class 3 CASPs (custody, operation of a trading platform) require EUR 150,000. These are floor requirements — larger firms must hold capital proportional to their operational risk.
MiCA Passporting: The Key Advantage
The passporting mechanism under MiCA is genuinely transformative. Once authorised in one EU state, a CASP can notify its home regulator of its intention to operate in another EU state — the host state regulator then has 10 working days to raise objections. In practice, this means a crypto business can access the entire EU market (roughly 450 million consumers) from a single point of regulation.
This has created significant strategic interest in "MiCA-first" jurisdictions — EU member states with efficient, experienced competent authorities, competitive costs, and strong reputations. Poland, Lithuania, Ireland, and Luxembourg have emerged as particularly popular CASP authorisation hubs in 2026.
What Is a Crypto License — Common Questions
Sources & Official References
- FINMA — Crypto Services Classification: What Requires Authorisation
- FINMA — FinTech Licence: Accept Up to CHF 100M in Deposits or Crypto Assets
- FINMA Guidance 01/2026 — Custody of Crypto-Based Assets: Risk Assessment
- FINMA FinTech Dossier — Regulatory Framework for Digital Finance in Switzerland
- Swiss AMLA — Federal Act on Combating Money Laundering and Terrorist Financing