Crypto Licensing News 2026 — New Licenses, Approvals & Enforcement

Bitcoin coins on dollar bills — Crypto Licensing News 2026 — Approvals, Enforcement & Up

New Approvals · Q1 2026

Recent Licence Approvals by Jurisdiction

The first quarter of 2026 has seen a wave of new approvals, particularly under MiCA in the EU and continued momentum from UAE VARA and Singapore MAS. Below are the notable licensing actions from January–March 2026.

Date	Jurisdiction	Regulator	Entity Type	Licence Type	Status
Mar 2026	Cyprus	CySEC	Crypto Exchange	MiCA CASP — Exchange & Custody	Approved
Mar 2026	Cyprus	CySEC	Crypto Exchange	MiCA CASP — Exchange	Approved
Mar 2026	France	AMF	Digital Asset Platform	MiCA CASP (converted from PSAN)	Approved
Mar 2026	France	AMF	Crypto Custody Provider	MiCA CASP — Custody Only	Approved
Mar 2026	UAE (Dubai)	VARA	Crypto Exchange	VASP — Exchange Services	Approved
Mar 2026	UAE (Dubai)	VARA	OTC Desk	VASP — Broker-Dealer	Approved
Mar 2026	UAE (Dubai)	VARA	Tokenisation Platform	VASP — Issuance Services	Approved
Feb 2026	Singapore	MAS	Digital Asset Custody	Major Payment Institution (DPT)	Approved
Feb 2026	Singapore	MAS	Crypto Exchange	Major Payment Institution (DPT)	Approved
Feb 2026	Malta	MFSA	Crypto Exchange	MiCA CASP — Full Services	Approved
Jan 2026	France	AMF	Digital Asset Platform	MiCA CASP (converted from PSAN)	Approved
Jan 2026	UK	FCA	Crypto Exchange	Cryptoasset Business Registration	Approved
Jan 2026	UK	FCA	DeFi Protocol	Cryptoasset Business Registration	Approved
Jan 2026	UK	FCA	Crypto Custody	Cryptoasset Business Registration	Approved

Enforcement & Suspensions · 2025–2026

Notable Enforcement Actions & Warnings

Enforcement activity has intensified globally as regulators move beyond registration to active supervision. Unregistered entities, inadequate AML controls, and misleading marketing remain the top enforcement triggers.

Date	Jurisdiction	Regulator	Action	Reason
Mar 2026	UK	FCA	Warning	12 consumer warnings issued against unregistered firms marketing crypto to UK residents
Feb 2026	USA	FinCEN	Civil Penalty	Failure to register as MSB and implement AML programme for peer-to-peer exchange
Feb 2026	EU (Germany)	BaFin	Order to Cease	Offering MiCA-regulated services to German clients without CASP authorisation
Jan 2026	Estonia	FIU	14 Revocations	Inadequate AML controls, no genuine Estonian economic activity, absent qualified personnel
Jan 2026	Singapore	MAS	Formal Reprimand	Inadequate Travel Rule implementation and KYC deficiencies for 2 MPI holders
Dec 2025	USA	SEC / DOJ	Settlement	Binance Holdings — USD 4.3bn settlement; ongoing compliance monitoring by DOJ-appointed monitor
Nov 2025	UK	FCA	Register Removal	8 entities removed from FCA cryptoasset register following compliance review
Oct 2025	South Korea	FSC/FSS	Suspension	VASP suspended pending investigation into market manipulation and insufficient capital

Licensing Trends · 2026

What's Shaping the Licensing Landscape

MiCA Driving EU Consolidation

The EU's single CASP licence is consolidating the European market. Firms previously holding separate registrations in 5–10 EU states are now applying for a single MiCA CASP in their preferred home member state. Cyprus, Malta, and Luxembourg are the most popular NCA choices due to processing speed and established crypto-friendly ecosystems.

UAE Attracting Global Players

VARA's transparent, tiered framework and Dubai's zero corporate tax rate continue to attract top-tier global exchanges and institutional players. New product categories for tokenised RWAs and DeFi protocols are bringing a second wave of applicants in 2026. VARA's approval times remain competitive at 4–8 months.

Singapore Becoming Asia's Preferred Hub

Despite tighter consumer protection rules, Singapore MAS continues to attract quality applications. The MAS's rigorous vetting process has become a quality signal — an MPI licence is now viewed as a global credibility marker. Total licensed DPT service providers now stands at 34, with 80+ applications pending.

Japan Easing Rules for Overseas Firms

Japan's JFSA has revised its rules to allow overseas-licensed crypto firms to apply for a JFSA crypto exchange licence without first establishing a full Japanese subsidiary. The simplified pathway requires a registered branch office and local compliance representative, significantly reducing setup costs for established global exchanges.

Revocations & Removals

Licence Revocations and Register Removals

Estonia FIU — January 2026: 14 VCSP licences revoked. The FIU cited failure to demonstrate genuine Estonian economic activity, absence of local compliance personnel, and documented AML programme deficiencies. Affected entities must cease Estonian-regulated activities immediately. A further 30+ reviews are ongoing.

UK FCA — November 2025: 8 entities removed from the FCA cryptoasset register. Grounds included failure to respond to supervisory enquiries, inability to demonstrate compliance with UK AML regulations, and providing misleading information during the registration process. FCA has signalled further removals expected in H1 2026.

What to do if your licence is at risk: If you receive a regulatory enquiry, supervisory questionnaire, or show-cause notice, you should respond promptly and in full. Do not ignore correspondence. Engage specialist regulatory counsel immediately. In many jurisdictions, proactive remediation can prevent revocation. Contact our team for urgent licensing compliance support.

Compliance Guidance

How to Stay Compliant in 2026

Holding a licence is only the beginning. Regulators are increasingly active in post-licensing supervision. The following obligations apply to most licensed entities in major jurisdictions.

Annual Regulatory Reporting

Most jurisdictions require annual compliance reports, AML/CFT statistical reports, and financial statements. Deadlines vary — typically 3–6 months after financial year end. Missing filings triggers supervisory review.

Ongoing AML Programme Maintenance

Your AML/CFT programme must be reviewed and updated at minimum annually, and whenever there are material changes to products, customers, or geographies. Travel Rule compliance must cover all counterparty VASPs in Travel Rule jurisdictions.

Change of Control Notifications

Changes to beneficial ownership (typically thresholds of 10%, 20%, 33%, or 50%), directors, or key function holders must be notified to the regulator in advance. Failure to notify is a common enforcement trigger. Processing times vary from 2 weeks (Estonia) to 3 months (MAS, FCA).

Product and Service Change Approvals

Adding new crypto-asset services, new product types, or new customer segments may require prior regulatory approval or notification. Under MiCA, adding new CASP service categories requires an amendment to your authorisation.

Incident and Breach Reporting

Cyber incidents, material operational disruptions, and suspected financial crime must be reported to your regulator within defined timeframes. MiCA requires notification within 4 hours for major operational incidents. FCA expects notification as soon as practicable.

◆ ENFORCEMENT METRICS

2026 Regulatory Actions Across Major Jurisdictions

License Suspensions (Global)

CHF 8.3M

Fines Issued by FINMA 2026

156

New Enforcement Cases Filed

73%

Compliance Rate (Licensed Entities)

Q2–Q4 2026

Peak Enforcement Period

UK FCA Enforcement Actions

◆ COMPARATIVE ANALYSIS

Regulatory Enforcement Intensity by Region (2026)

European Union (EBA + National) 68%

Switzerland (FINMA + SECO) 52%

United Kingdom (FCA) 61%

Singapore (MAS) 58%

Hong Kong (SFC) 45%

United States (SEC + CFTC) 74%

FAQ

Frequently Asked Questions

How many new crypto licences were issued globally in 2025? +

Over 500 new VASP-type licences were issued globally in 2025 across all major jurisdictions. The highest volumes came from UAE VARA (80+ cumulative), Singapore MAS (30+), UK FCA (25+), and South Africa FSCA (59). In 2026, MiCA is driving a new wave of EU-wide CASP applications, with 120+ filed in Q1 alone.

How long does MiCA CASP authorisation take in 2026? +

The MiCA regulation sets a maximum 25 working day timeline for NCAs to assess completeness of CASP applications, then a further 40 working days for the substantive assessment. In practice, expect 3–6 months total from submission to decision. Cyprus CySEC, Malta MFSA, and France AMF are currently processing applications fastest due to established regulatory infrastructure and experience with crypto entities.

What is causing FCA crypto approvals to accelerate? +

The FCA launched a dedicated cryptoasset registration team and has streamlined its review process. New digital asset financial promotion rules (effective October 2023) created urgency as UK firms need FCA registration to market crypto services to UK consumers. The FCA has also clarified its expectations around AML standards, reducing back-and-forth in the application process.

Why is Estonia revoking so many crypto licences? +

Estonia's FIU has been conducting a systematic review of its large VASP register following AML concerns and EU-level criticism of its supervisory approach. Revocations target entities that fail to demonstrate genuine Estonian economic activity, have inadequate AML/KYC programmes, or cannot demonstrate presence of qualified compliance personnel in Estonia. The regime has tightened dramatically since the 2020–2021 reforms.

What happens if my crypto licence is revoked? +

A revocation means you must immediately cease regulated activities in that jurisdiction and wind down in an orderly manner. You must notify affected customers. Depending on the jurisdiction, enforcement action, fines, and director disqualification may follow. Many jurisdictions allow appeals — timelines are typically 14–28 days from revocation notice. Seek specialist regulatory counsel immediately if you receive a revocation notice.

Do I need a new MiCA CASP licence if I already have an EU VASP registration? +

Yes. Existing EU VASP/national crypto registrations do not automatically convert to MiCA CASP authorisations. You must apply for a CASP licence in your member state by July 2026 under the grandfathering provisions. Operating after the grandfathering deadline without a CASP is a regulatory breach. We recommend beginning the application process at least 12 months before the deadline — contact us to start.

License costs vary significantly based on the activity type and canton, ranging from CHF 5,000 to CHF 50,000+ for initial application and processing fees. Additional annual compliance and supervision fees typically run between CHF 2,000 and CHF 15,000 depending on your business volume and regulatory classification. Zug-based firms often benefit from streamlined processes that can reduce costs compared to other cantons.

Standard crypto licensing timelines range from 3 to 6 months for complete applications with all required documentation, though complex cases involving institutional clients or multiple jurisdictions can extend to 9-12 months. FINMA's decision clock is typically 3-4 months after submission, but pre-application consultation and document preparation usually add 2-3 months to the total process. Engaging experienced advisors in Zug can accelerate approval by clarifying requirements upfront.

Most FINMA-licensed crypto firms must establish accounts with Swiss traditional banks or approved crypto-friendly institutions to maintain fiat on/off ramps and meet anti-money laundering requirements. As of 2026, several Swiss banks including Sygnum, Swisstrade, and select cantonal banks actively support licensed crypto businesses. Your banking arrangement must be documented and approved as part of your license application, with some banks requiring proof of regulatory approval before opening accounts.

Core documents include detailed business plans, organizational charts, shareholder information, anti-money laundering and know-your-customer policies, IT security assessments, and CVs of board members and compliance officers. You'll also need proof of capital adequacy (typically CHF 100,000 minimum), banking relationships, insurance certificates, and documented audit procedures. FINMA also requires evidence of information security measures meeting Swiss financial standards and client asset protection mechanisms.

Licensed crypto businesses in Switzerland benefit from favorable treatment, with revenue typically classified as ordinary business income rather than speculative gains, reducing cantonal tax burdens significantly. However, cantonal residence determines tax rates—Zug offers approximately 11.6% combined federal and cantonal tax, among the lowest in Switzerland. Your business structure (corporation versus foundation) and whether you're trading versus providing services will be clarified during licensing, which should precede final tax structure decisions.

Failure to renew within 30 days of expiration results in automatic suspension of regulatory permissions, meaning you cannot conduct licensed activities legally. FINMA can impose administrative fines up to CHF 100,000+ for operating without valid licensing, plus enforcement action against directors and shareholders. Renewal typically requires updated compliance certifications and can take 4-8 weeks, so you should initiate the process 3 months before expiration.

Switzerland offers stronger regulatory credibility and banking integration than Malta, typically requires less capital (CHF 100,000-300,000 versus EUR 500,000+), and provides faster approval timelines (3-6 months versus 6-9 months). However, Swiss licensing is more expensive operationally and compliance-intensive than Singapore's Monetary Authority framework. Switzerland's reputation attracts institutional clients but suits companies seeking long-term legitimacy over rapid market entry.

FINMA requires compliance with ISO 27001 standards or equivalent information security management systems, plus documented penetration testing and vulnerability assessments conducted by independent third parties. Your security documentation must cover encryption protocols for customer data, cold storage arrangements for cryptocurrency holdings, and incident response procedures. Annual security audits and evidence of continuous monitoring are mandatory compliance requirements reviewed during renewal assessments.

FINMA-licensed platforms can offer major cryptocurrencies like Bitcoin and Ethereum without additional approvals, but offering tokens requires individual assessment for securities or financial instrument classification. Staking, lending, or derivatives products involving tokens face heightened scrutiny and may require separate authorization or structural modifications. Your license application should clearly specify all intended products, as adding new offerings mid-year typically requires formal amendment requests.

Minimum capital requirements typically range from CHF 100,000 for smaller platforms to CHF 300,000-500,000 for firms handling custody or offering investment services. Capital must be held in approved banking relationships and cannot be withdrawn without FINMA notification—essentially locked throughout your licensing period. Your capital adequacy ratio and liquidity requirements are calculated based on client assets under management, with larger platforms requiring proportionally higher reserves by 2026 standards.

Minor compliance gaps typically trigger a 30-60 day remediation notice; failure to address results in progressive fines (CHF 10,000 to CHF 100,000+) and potential license suspension. Serious violations such as inadequate anti-money laundering controls, unauthorized activities, or undisclosed beneficial ownership trigger immediate enforcement action including license revocation. FINMA can also pursue personal liability against directors and officers, making compliance maintenance critical throughout your licensing period.

Compliance policies must be reviewed and updated at minimum annually, with documented board approval and FINMA notification of any material changes. Internal audits are required at least semi-annually for firms managing significant client assets, and quarterly for high-risk activities like leverage trading or custody services. External independent audits meeting Swiss audit standards must be conducted annually and filed with FINMA within 120 days of fiscal year-end.

Crypto Licensing News 2026 — Approvals, Enforcement & Updates