Skip to content

Skip Navigation

Blockchain, Crypto and Web3

CASP Licence Malta Under MiCA: Requirements, Costs and Application Process

A CASP licence in Malta under MiCA allows crypto businesses to operate legally across the European Union through a single authorisation.

To obtain a CASP licence, businesses must meet specific regulatory requirements, governance standards, and capital thresholds.

This guide explains the key requirements, costs, timelines, and application process, helping you understand what is involved and how to launch a compliant crypto business from Malta.

CASP Licence Malta Requirements Under MiCA

Upon receipt of the official authorisation, the license holder will then be obliged to adhere to the submission of ongoing returns which the MFSA would require.  Such obligations include submitting periodic returns, meeting prudential requirements, and ensuring compliance with regulatory frameworks applicable to CASPs under MiCA, including MiCA disclosure obligations.

CASPs must also ensure that their operations comply with other overlapping regulations which may apply to digital asset service providers, such as the Digital Operational Resilience Act (DORA) and the Payment Services Directive 2 (PSD2).

Get Free Consultation
A2CO Technologies team smiling at the camera while standing in front of the A2CO logo including Partner Anton Dalli, Advisor Stephen Tonna and Junior Advisor Kate Taliana Gatt

Who Needs a CASP Licence to Offer Crypto Asset Services?

Under MiCA, a CASP is any legal person whose business or profession involves providing one or more crypto‑asset services to third parties on a professional basis. CASPs are defined under different categories, depending on the required for the crypto-asset services they intend to provide. These include:

Class 1 

  • execution of orders on behalf of clients;
  • placing of crypto-assets; 
  • providing transfer services for crypto-assets on behalf of clients;
  • reception and transmission of orders for crypto-assets on behalf of clients; 
  • providing advice on crypto-assets; and/or
  • providing portfolio management on crypto-asset

Class 2

CASP authorised for any crypto-asset services under class 1 and:

  • providing custody and administration of crypto-assets on behalf of clients; 
  • exchange of crypto-assets for funds; and/or 
  • exchange of crypto-assets for other crypto-assets.
Get Free Consultation

Class 3 

CASP authorised for any crypto-asset services under class 2 and:

  • operation of a trading platform for crypto-assets.

To act as a CASP in Malta, a legal person or other undertaking must obtain a licence from the national competent authority, the Malta Financial Services Authority (MFSA). The MFSA not only authorises a CASP to offer its services to clients in Malta but also ensures that CASPs continuously meet their regulatory obligations.

CASP Licence in Malta Costs and Capital Requirements

The following fees and capital requirements apply to applicants seeking a CASP licence in Malta:

  • Class 1: Euro 10,000
  • Class 2: Euro 20,000
  • Class 3: Euro 25,000

Where an applicant intends to provide crypto-asset services falling under different classes, only the highest application fee applicable with respect to those crypto-assets services shall apply.

The ongoing applicable fees are as follows:

  • Class 1: Euro 10,000
  • Class 2: Euro 25,000
  • Class 3: Euro 50,000

Other annual fees are the following:

  • Euro 2,000 for every service being offered by the CASP
  • 0.05% of the transaction volume of such person up to a maximum of Euro 250,000

For the minimum share capital, the following applies:

  • Class 1: Euro 50,000
  • Class 2: Euro 125,000
  • Class 3: Euro 150,000
Get Free Consultation
Close-up of a gold Ethereum coin with the Ethereum logo and text, symbolising cryptocurrency and blockchain technology.

CASP Licence in Malta Application Process

The Intention Stage  

In this stage, a prospective applicant intending to apply for authorisation will be required to submit a statement of intent which will include preliminary details on the operations of the CASP, and a legal opinion issued from a Maltese warranted lawyer confirming that the proposed activities fall within the purview of MiCA. Upon submission of this statement, the MFSA will review this statement and subsequently request a meeting with all interested parties within 10 days from receipt of the statement (unless they have further comments/queries on the statement). If satisfied with the statement and the subsequent meeting, the MFSA will issue its no objection, allowing the applicant to formally begin the registration process leading to authorisation.

Pre-Authorisation Stage 

Upon receiving the no objection from the MFSA, the application process begins, and all the necessary supporting documents must be submitted within 40 working days.

The application to seek authorisation must be submitted through the MFSA’s online portal and which would need to include the following:

  • CASP Application Form, which shall include, amongst other corporate details on the applicant, statutory documents, a business plan outlining the business model, details on the management body, draft policies and procedures, and the ICT security arrangements in place.
  • The licence requires the nomination of certain roles, in line with the proportionality principle, demonstrating independence, regulatory familiarity, policy oversight, and escalation protocols.
  • Description and details of outsourced services 
  • Fit and Proper assessments are required for qualifying shareholders, board directors, senior managers, compliance officers, and money-laundering reporting officers.

Authorisation Stage 

Should the MFSA be satisfied with all the application documents submitted, it will then proceed to issue an in-principal approval letter whereby it will state that certain requirements must be met prior to the granting of the official authorisation. These requirements must be met within a timeframe indicated in the letter.

Once the regulator, the MFSA is satisfied that the requests above have been met, it will issue the official authorisation to the applicant to provide the services applied for as a CASP. At this stage, the licence must meet specific conditions set out by the MFSA before the holder is permitted to commence business operations. Upon the completion of these conditions to the satisfaction of the MFSA, the licence holder can commence its business operations, concluding the formal licensing process.

Get Free Consultation
Partner at A2CO seated in the boardroom during a business meeting with colleagues.
Bitcoin coin placed on a white and black background

CASP Licence Malta: Key Facts and Requirements at a Glance

  • Authorisation timeline: typically 3 to 6 months depending on complexity
  • Capital requirements: €50,000 to €150,000 depending on CASP class
  • Regulator: Malta Financial Services Authority (MFSA)
  • EU passporting: ability to offer services across all EU Member States
  • Eligible activities: exchange, custody, transfer, execution, and advisory services
  • Substance requirements: local presence, governance structure, and key function holders required
  • Compliance obligations: AML, risk management, and ongoing regulatory reporting
  • Application process: staged approach including pre-authorisation and formal submission

General Principles – CASP Licence Application in Malta Under MiCA

Obtaining an authorisation in Malta to act as crypto asset service provider (CASP) requires structured preparation, regulatory clarity and disciplined execution. The Malta Financial Services Authority (MFSA) is the competent authority responsible for granting crypto asset service provider authorisation in Malta. The MiCA CASP application is not a formality. It involves a full assessment of business model risk, governance standards, financial soundness and operational resilience. Below is a structured overview of the CASP authorisation Malta process as applied by the MFSA.

Regulatory Classification and Scope Assessment

An initial consideration for before commencing with a CASP application is determining whether the proposed activities fall within the definition of a crypto asset service provider in MiCA.

MiCA defines specific regulated services, including custody and administration of crypto assets, operation of a trading platform, exchange of crypto assets for funds or other crypto assets, execution of orders, placement of crypto assets and portfolio management.

At the early stages the main focus would be to establish a detailed scope of services and the manner in which these services are to be provided.

Key considerations include:

  • Whether the entity will hold client crypto assets or private keys
  • Whether the platform facilitates matching of third party buying and selling interests
  • Whether proprietary trading is involved
  • Whether client onboarding includes retail or professional participants

At this stage, careful analysis also avoids unintended regulatory exposure. Certain business models may initially appear technological but in substance fall within regulated CASP activity. A structured regulatory assessment ensures that the Malta CASP licence application reflects the true operational scope.

Corporate Structuring and Capital Planning

Another element to consider is the alignment of the applicant’s corporate structure with the expectations of the MFSA.

A CASP authorisation Malta expects that the applicant establishes an effective management and control located in Malta. The MFSA expects genuine substance rather than nominal presence.

Corporate structuring involves:

  • Incorporation of a Maltese company
  • Identification of qualifying shareholders
  • Appointment of a board with appropriate collective competence

Moreover, this phase also includes identifying key function holders, such as compliance, risk management and internal audit where applicable. Governance planning at this stage reduces supervisory friction later in the process

Capital planning is a critical element of the MiCA CASP application. CASP capital requirements vary depending on the services provided. MiCA establishes minimum initial capital thresholds and ongoing own funds obligations linked to operational risk and service type.

Applicants must demonstrate sufficient paid up share capital, ongoing financial resources to sustain operations, realistic revenue projections, and adequate liquidity buffers to ensure the business can operate in a stable and financially sound manner.

The MFSA evaluates whether financial resources are proportionate to the scale and complexity of the proposed activity. Underestimating capital needs is a common weakness in CASP licence timeline Malta planning.

Get Free Consultation

Governance, Risk and Compliance Framework Design

A Malta CASP licence requires more than a viable commercial concept. The MFSA expects a comprehensive governance and control framework.

CASP governance requirements include:

  • Clear organisational structure and reporting lines
  • Segregation of duties
  • Fit and proper directors and senior management
  • Conflict of interest management

Risk management frameworks must address various risks which are inherently associated with the services being offered by the CASP.

AML alignment is essential.  The AML framework must integrate certain procedures which deal with customer due diligence, transaction monitoring, the travel rule and suspicious activity reporting processes.

IT governance is another core focus area. The MFSA assesses cybersecurity controls, system resilience and data integrity measures which are expected to be in line with the Digital Operational Resilience Act (DORA). Operational continuity planning must demonstrate that client assets and records remain protected in adverse scenarios.

 

Statement of Intent and Preparation of the MiCA CASP Application Pack

The MiCA CASP application requires submission of a detailed documentation pack to the MFSA.

Core components typically include:

  • Programme of operations describing services, client types and geographic scope
  • Comprehensive business plan
  • Three-year financial projections
  • Governance and organisational structure documentation
  • Risk management and internal control policies
  • Safeguarding arrangements
  • Outsourcing agreements
  • IT and cybersecurity framework descriptions

The programme of operations must explain how each regulated service will be delivered in practice. The MFSA expects clarity on order flow, asset custody mechanics, client onboarding processes and revenue models.

Financial projections must be consistent with capital adequacy calculations and staffing plans. Overly optimistic assumptions can delay the CASP licence timeline Malta review.

Directors and qualifying shareholders must provide personal questionnaires and supporting documentation to allow fit and proper assessment. Transparency at this stage supports efficient regulatory engagement.

A well-prepared application pack reduces the number of clarification rounds and signals regulatory maturity.

Statement of Intent and Submission to the MFSA and Regulatory Engagement

Before submitting documents for the application stage, a preliminary meeting is conducted with the MFSA. During this meeting, the entity presents its operational strategy for the project. Following the discussion, the MFSA assesses whether the proposed operations align with its risk appetite and evaluates the potential impact on Malta’s regulatory and financial landscape. If the MFSA is satisfied with the business strategy, it provides approval for the applicant to formally submit the application for authorisation to operate as a CASP.

Following submission of the application form and the necessary supporting documents with the MFSA, the authority conducts a completeness review. Once the application is deemed complete, the formal assessment phase begins.

During this stage, the Authority may issue written queries requesting clarification on all aspects of the applicaiton submitted and the supporting doucments submitted. The quality and timeliness of responses significantly influence the CASP authorisation Malta process.

Meetings with the regulator may be held to discuss complex aspects of the model. Clear documentation and consistent narrative across submissions are essential.

The CASP licence timeline Malta depends on the complexity of the business model and the responsiveness of the applicant. Incomplete submissions or inconsistent governance documentation frequently extend the review period.

The objective at this stage is not speed alone but regulatory credibility. MFSA CASP approval is granted where the Authority is satisfied that the applicant can operate in a sound and prudent manner.

Authorisation Decision and Post Approval Obligations

If the MFSA is satisfied, crypto asset service provider authorisation is granted subject to any specific conditions imposed.

Authorisation marks the beginning of ongoing regulatory obligations rather than the end of the process. CASPs must comply with continuing requirements under MiCA and Maltese supervisory rules.

Where cross border activity is intended, passporting notifications must be submitted in accordance with MiCA procedures. Once approved, the Malta CASP licence enables provision of services across the European Union subject to notification requirements.

The MFSA retains supervisory powers to conduct inspections and request information. Sustained compliance culture is therefore critical beyond initial authorisation.

A2CO supports clients throughout each stage of the Malta CASP licence process. Our approach focuses on regulatory clarity, structured documentation and alignment with MFSA supervisory expectations. We assist with scope analysis, capital planning, governance framework design and preparation of a complete MiCA CASP application, ensuring that each element is internally coherent and regulator ready.

Get Free Consultation

CASP vs VASP: What’s the Difference?

Crypto Asset Service Providers (CASPs), as defined under the EU’s MiCA Regulation, are sometimes referred to as Virtual Asset Service Providers (VASPs) in international regulatory discussions. The term VASP comes from the Financial Action Task Force (FATF), which uses it as part of its global framework to combat money laundering and terrorist financing. While the terminology differs, both CASPs and VASPs refer to businesses that provide services such as crypto exchange, custody, and transfer of virtual assets. In the EU, “CASP” is the official term used under MiCA. Outside the EU, particularly in FATF-aligned jurisdictions, “VASP” is more commonly used. If your cryptocurrency business operates across multiple jurisdictions, understanding both terms is essential for maintaining regulatory compliance and meeting global expectations.

Malta’s Regulatory Framework for CASP Licensing Under MiCA

As of 30 December 2024, Malta has fully implemented the EU’s Markets in Crypto-Assets Regulation (MiCAR) through its national Markets in Crypto‑Assets Act (Chapter 647). Malta was among the first EU Member States to align its legal framework and regulatory authorities, including the Malta Financial Services Authority (MFSA), with MiCA’s unified approach for crypto‑asset services. Having operated under the Virtual Financial Assets Act (VFA Act) since 2018, Malta now offers a robust licensing regime within a well-established regulatory framework for service providers seeking to offer cryptocurrency services from Malta, along with a clear transition path for existing Virtual Financial Asset (VFA) providers.

We can guide you through the MiCA‑compliant authorisation process, ensuring you meet MFSA expectations and operate legally within a robust and recognised regulatory environment.

Get Free Consultation
Close-up of the European Union flag showing two yellow stars on a blue background with visible creases in the fabric.

How A2CO Supports You Throughout the CASP Licensing Process

We structure Malta CASP licence applications around MFSA supervisory expectations, not just documentation requirements
We map your business model precisely to MiCA CASP classifications before submission to reduce rework and regulatory friction
We design governance frameworks that meet fit and proper, oversight and internal control standards assessed during MFSA CASP approval
We align capital planning with MiCA prudential thresholds to strengthen financial credibility at the authorisation stage
We integrate AML, risk management and operational readiness into the CASP application rather than treating them as standalone policies
We manage regulatory engagement throughout the MiCA CASP application process, ensuring structured and consistent communication with the MFSA
We support ongoing compliance and EU passporting strategy following crypto asset service provider authorisation

Our Services 

Initial eligibility and compliance assessment
Preparation and submission of the licence application
Drafting all documents relating to the authorisation with the MFSA 
KYC framework setup and risk management planning
Ongoing regulatory support and licence maintenance
FAQs

Frequently Asked Questions

A CASP in Malta can offer services such as cryptocurrency exchange, custody of crypto-assets, and execution of orders on behalf of clients. The specific services depend on the class of CASP licence obtained.

Capital requirements depend on the class of crypto asset service provided under MiCA. Activities such as operating a trading platform, executing orders or providing custody may trigger higher minimum capital thresholds. In addition to initial capital, ongoing prudential and safeguarding obligations apply.

Applicants must submit a detailed application to the MFSA, including a business plan, governance arrangements, risk management policies, and proof of fitness and properness of key individuals.

Yes. Once authorised under MiCA in Malta, a CASP may exercise passporting rights across other EU Member States, subject to notification procedures. This allows firms to provide services cross border without obtaining separate licences in each jurisdiction.

Once authorised in Malta, a CASP can passport its services across the EU under the MiCA regulation, subject to notification requirements.

A CASP licence is required for services such as custody of crypto assets, operation of trading platforms, execution of orders, exchange of crypto assets for funds or other crypto assets, and placement of crypto assets. Each activity must be assessed individually to determine regulatory classification.

The authorisation process typically takes 3 to 6 months, depending on the completeness of the application and the MFSA’s review.

CASP applicants must demonstrate robust governance, including fit and proper directors, clear organisational structure, risk management procedures, compliance oversight and internal controls. The MFSA assesses competence, integrity and operational readiness before granting approval.

To obtain a CASP licence in the European Union, you must apply for authorisation under the MiCA Regulation through the national competent authority of an EU Member State.

Yes. Operating a crypto exchange platform falls within the scope of CASP activities under MiCA. Exchanges must obtain authorisation before providing trading or execution services to clients within the EU.

The timeline for a CASP licence under MiCA depends on the complexity of the business model, governance structure and completeness of the application. In practice, preparation and submission phases may take several months, followed by MFSA review and clarification stages. Early structuring of capital, internal controls and key function holders can significantly reduce delays.

Couldn't find your answer?
Get In Touch
LET'S BUILD YOUR SUCCESS—TOGETHER.

Get Free Consultation

Secure your CASP licence in Malta with expert guidance on MiCA compliance, MFSA authorisation, and EU-wide crypto service approvals.
Anton Dalli
Anton Dalli

Partner

Oliver Zammit
Oliver Zammit

Partner

We're on Socials:

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Consent*

RELATED SERVICES

Explore Our Services

Burj Al Arab hotel representing A2CO’s presence in Dubai and global reach.

VARA Regulation

European Union flag reflecting A2CO’s compliance with EU regulations.

MiCA Regulation

The Siege Bell War Memorial overlooking the Grand Harbour in Valletta, Malta, with a clear view of the sea and breakwater under a bright blue sky.

Malta Company Formation

Browse All Services
A2CO Logo
Quad Central, Q3 Level 1, Triq L-Esportaturi Birkirkara, CBD 1040, Malta
+356 2133 2100
Get inspired for your next project!
Subscribe to our newsletter now!
Consent(Required)

We're on Socials:
USEFUL LINKS
Company Overview Careers Testimonials Privacy Policy
SERVICES
Blockchain, Crypto and Web3 Accounting Corporate Services and Company Formation Residency in Malta iGaming Betting Licensing Legal and Regulatory Risk and Compliance Tax Services
© 2026, A2CO. All Rights Reserved.
Members of Delphi Alliance and INAA Group
Powered By9H Digital