Free consultation

Crypto Licensing — global

Crypto License.

Specialist legal infrastructure for crypto licensing across 17 jurisdictions. We obtain VASP, CASP, VATP, VARA, MSB, MTL, FCA and FINMA authorisations end-to-end — strategy, jurisdiction selection, application, banking and post-licence supervision.

  • 17+ jurisdictions covered
  • 200+ licenses obtained
  • 95% application success rate
  • 8+ years of crypto regulation
Free jurisdiction assessment Browse all jurisdictions →

What is a crypto license

Crypto licensing in 2026 — the short version.

A crypto license is regulator authorisation to provide one or more digital-asset services — exchange, custody, brokerage, payments or token issuance. The legal permission to operate. The right authorisation depends on the activity scope, customer geography and capital tolerance — and most credible operators run a primary licence (typically VARA, MAS MPI, VATP or FCA) plus a secondary onshore wrapper or offshore foundation.

Our practice covers the full perimeter: MiCA CASP across the EU, FinCEN MSB and state Money Transmitter Licences in the US, VARA / ADGM / DMCC / DIFC in the UAE, SFC VATP in Hong Kong, FINMA SRO and fintech licences in Switzerland, and the offshore VASP regimes in BVI, Cayman, Jersey, Panama and Montenegro.

Recognised by industry bodies and ranking platforms

Crypto licensing terminology — the working glossary

The eight acronyms that drive every crypto licensing engagement. Each term links to the live page where the licence is obtained.

CASP Crypto-Asset Service Provider

EU MiCA authorisation that lets a regulated entity provide crypto services across all 27 EU and 3 EEA states under a single passportable licence.

See licensing path →
VASP Virtual Asset Service Provider

FATF-aligned registration regime applied in offshore jurisdictions (BVI, Cayman, Georgia, Montenegro, Bosnia) for exchange, custody and transfer services.

See licensing path →
VATP Virtual Asset Trading Platform

Hong Kong SFC licence for centralised crypto exchanges. Combines AMLO conduct rules with SFO investor-protection rules; usually paired with a TCSP for client-asset custody.

See licensing path →
MSB Money Services Business

US federal AML registration with FinCEN. Baseline for any crypto activity in the United States; not enough on its own — state Money Transmitter Licences sit on top.

See licensing path →
MTL Money Transmitter License

US state licence required to transmit money or virtual currency. Each state runs its own regime, with surety-bond and capital requirements per state. NYDFS BitLicense sits alongside the MTL stack for New York.

See licensing path →
EMI E-Money Institution

Authorisation to issue e-money and provide payment services. Used by crypto-payment processors and stablecoin issuers in the EU and UK alongside a CASP or FCA cryptoasset registration.

See licensing path →
VARA Virtual Assets Regulatory Authority

Dubai’s dedicated virtual-asset regulator. Operates a four-category licence regime — advisory, broker-dealer, exchange and custody — under a single Dubai-mainland framework.

See licensing path →
DPT Digital Payment Token Service

Singapore MAS framework under the Payment Services Act for crypto activity. Sits alongside Major Payment Institution (MPI) and Standard Payment Institution (SPI) licences.

See licensing path →

Types of crypto licensing and regulation

Crypto regulation in 2026 splits into five working clusters. Pick the cluster that matches the customer geography and operating model — the right authorisation almost always lives in one of these five.

Europe — MiCA CASP

EU Markets in Crypto-Assets Regulation (MiCA) introduces a single Crypto-Asset Service Provider (CASP) authorisation passportable across 27 EU and 3 EEA states. Distinct ART and EMT regimes for stablecoins.

EU MiCA regulation guide →

Offshore — VASP

Virtual Asset Service Provider regimes outside the EU: BVI (VASP Act 2022), Cayman (VASP Act 2020 amended 2024), Georgia (FIZ + NBG), Montenegro, Bosnia & Herzegovina. Common-law base, lower capital, faster live operation.

Offshore crypto regulation →

United States — FinCEN MSB + state MTL

Federal MSB registration with FinCEN is the baseline; state Money Transmitter Licences are the heavy lift; NYDFS BitLicense and Wyoming SPDI are state-special regimes. SEC and CFTC sit alongside for securities and derivatives.

US crypto regulation guide →

APAC — VATP, MPI, DPT, AFSL

Singapore (MAS PSA — MPI / SPI / DPT), Hong Kong (SFC VATP / TCSP / Type 1 / Type 7 / HKMA stablecoin), Australia (AUSTRAC DCE + ASIC AFSL). Strong counterparty networks across Asia.

APAC jurisdictions →

MENA — VARA, ADGM, DMCC, DIFC

United Arab Emirates is the most credible MENA hub. Four parallel frameworks: VARA in Dubai mainland, FSRA in ADGM, DMCC in the free zone, DFSA in DIFC. Each carries a distinct supervisory style.

UAE crypto licence framework →

Crypto licensing by region

Pick the region first, then the jurisdiction. Each link opens a full guide with regulator, capital, timeline and our practising-counsel notes.

MENA crypto licensing

United Arab Emirates and other Gulf jurisdictions. UAE alone runs four parallel frameworks (VARA, ADGM, DMCC, DIFC), each with a distinct supervisory style.

United Arab Emirates

Regulator
VARA / FSRA (ADGM) / DMCC / DFSA (DIFC)
Timeline
9–14 months (VARA) · 6–10 months (ADGM)
Min. capital
USD 135,000–272,000 depending on category
View licensing path →

Europe crypto licensing — CASP and beyond

EU MiCA passportable CASP licences plus the United Kingdom (FCA), Switzerland (FINMA + SRO), Gibraltar (DLT), Montenegro and Bosnia & Herzegovina.

Montenegro

Regulator
Capital Market Authority (Komisija za tržište kapitala)
Timeline
8–12 weeks
Min. capital
None significant
View licensing path →

United Kingdom

Regulator
Financial Conduct Authority (FCA)
Timeline
12–18 months (FCA)
Min. capital
EMI: GBP 350,000
View licensing path →

Gibraltar

Regulator
Gibraltar Financial Services Commission (GFSC)
Timeline
16–24 weeks
Min. capital
Substance-based
View licensing path →

Switzerland

Regulator
FINMA + SROs (e.g. VQF)
Timeline
SRO 2–3 months · Fintech 6–9 months · Banking 12–18 months
Min. capital
Fintech: CHF 300,000 · Banking: CHF 10,000,000 · SRO: none
View licensing path →

Bosnia & Herzegovina

Regulator
Securities Commission of Republika Srpska (Komisija za hartije od vrijednosti)
Timeline
8–10 weeks
Min. capital
None significant
View licensing path →

Georgia

Regulator
NBG / FIZ administrators
Timeline
4–6 weeks
Min. capital
None for FIZ
View licensing path →

Slovakia

Regulator
Národná banka Slovenska (NBS)
Timeline
5–9 months (NBS review: 25 + 40 working days)
Min. capital
€50,000 / €125,000 / €150,000 (by CASP class)
View licensing path →

Poland

Regulator
Komisja Nadzoru Finansowego (KNF)
Timeline
Gated by national legislation — see status below
Min. capital
€50,000 / €125,000 / €150,000 (by CASP class)
View licensing path →

Czech Republic

Regulator
Česká národní banka (ČNB)
Timeline
6–12 months (ČNB)
Min. capital
€50,000 / €125,000 / €150,000 (by CASP class)
View licensing path →

Lithuania

Regulator
Bank of Lithuania (Lietuvos bankas)
Timeline
3–6 months (Bank of Lithuania review)
Min. capital
€50,000 / €125,000 / €150,000 (by CASP class)
View licensing path →

Estonia

Regulator
Finantsinspektsioon (EFSA)
Timeline
6–12 months (EFSA statutory review ~5 months from a complete file)
Min. capital
€50,000 / €125,000 / €150,000 (by CASP class)
View licensing path →

Cyprus

Regulator
CySEC (Cyprus Securities and Exchange Commission)
Timeline
9–12 months (CySEC; statutory max 6 months from a complete file)
Min. capital
€50,000 / €125,000 / €150,000 (by CASP class)
View licensing path →

Portugal

Regulator
Banco de Portugal (CASP authorisation) + CMVM (conduct)
Timeline
6–8 months (Banco de Portugal; MiCA Art. 63 clock)
Min. capital
€50,000 / €125,000 / €150,000 (by CASP class)
View licensing path →

Crypto licensing by business model

Eleven verticals, eleven different regulatory perimeters. Pick the page that matches the model — each opens a full service guide with credible jurisdictions, costs and a five-stage process.

Crypto exchange

VATP, MPI, VARA, MTL, MiCA CASP. The most demanding regulatory perimeter in the industry.

Open service →

Crypto custody

TCSP, FINMA, ADGM, Wyoming SPDI, Jersey. Institutional-grade custody with capital, audit and tech-stack obligations.

Open service →

DeFi protocol

BVI / Cayman foundation, operating SPV, token classification. Structuring more than licensing in most cases.

Open service →

Crypto wallet

Custodial vs non-custodial determines everything. Custodial = full custody licensing; non-custodial often outside.

Open service →

Token issuer (ICO / STO)

BVI foundation + Swiss or Liechtenstein SPV. Securities-law analysis is half the engagement.

Open service →

Crypto payments

EMI + crypto licence in the same group. Double regulatory layer; one licence rarely enough.

Open service →

Stablecoin issuer

MiCA EMT / ART, HKMA stablecoin, NYDFS limited-purpose trust. Highest scrutiny segment in 2026.

Open service →

OTC desk

Switzerland VQF SRO, UAE VARA dealer, Hong Kong VA dealer. Quieter regulatory zone but jurisdiction-specific carve-outs.

Open service →

Crypto broker

DMCC, FINMA fintech, MAS SPI, AFSL. Close to exchange but distinct regime in many jurisdictions.

Open service →

NFT marketplace

Many marketplaces fall outside licensing — depends on whether they handle fiat, custody or financialised assets.

Open service →

Crypto startup / MVP

Georgia FIZ + VASP, Panama, El Salvador. Speed and cost over prestige in year one.

Open service →

How to get a crypto license — the client journey

A crypto licensing engagement runs in eight stages from kickoff to authorisation. Each stage has named deliverables and a regulator-grade acceptance bar. The same project manager runs the file from stage one to year-one audit.

  1. 01

    Strategy and gap analysis

    Map the business model to credible licence categories. Score capital, timeline, banking risk and post-licence supervision burden.

  2. 02

    Jurisdiction selection

    Compare two-to-three credible options on cost, speed, banking access and counterparty trust. Decision committed in writing.

  3. 03

    Company formation and substance

    Local entity, resident director, registered office, AML officer. All set up in parallel to compress the timeline.

  4. 04

    Documents and compliance pack

    Beneficial-ownership chain, source-of-funds file, CVs, fit-and-proper, business plan, three-year financials.

  5. 05

    AML / KYC programme

    Risk assessment, transaction-monitoring rules, sanctions screening, MLRO matrix, FATF Travel Rule integration.

  6. 06

    Application submission

    Application file built to the actual reading list of the regulator’s examiners — not a generic template. Covering memo addresses common RFI triggers.

  7. 07

    Regulator engagement

    Weekly status, RFI responses inside the published service-level windows, regulator-meeting prep and rehearsal.

  8. 08

    Authorisation and onboarding

    Banking, payment rails, audit-firm appointment, year-one supervision calendar locked in.

Why us

What we are, and what we are not.

Specialist focus

We handle crypto licensing exclusively — not as a side practice next to corporate or M&A. The reading list is the rulebook, not last year’s blog.

Multi-jurisdictional bench

Seventeen active jurisdictions with in-house counsel in the major hubs. One project manager coordinates across all of them.

Application success rate

We pre-qualify clients before applications, not after. If the project doesn’t fit a jurisdiction, we say so before the engagement letter is signed.

Banking matters

A licence without a bank account is a paperweight. We secure both — the regulator approval and a working banking stack — and treat them as one engagement.

Post-license support

Year-one supervision — audit, annual returns, AML refresh, MLRO continuity — is calendared and run by the same team that obtained the licence.

Honest assessment first

If you don’t need a particular licence, we say so — even if it costs us a fee. Long-term relationships are worth more than over-sold engagements.

Our lawyers

Three anchor partners — twenty-five years of crypto regulation between them.

Daniel R. Whitmore

Founder & Managing Partner

Jurisdictions: United Kingdom · United States · Jersey · Gibraltar · Switzerland

Languages: English, French

Layla A. Hassan

Partner — Head of MENA & APAC

Jurisdictions: United Arab Emirates · Singapore · Hong Kong · Australia

Languages: English, Arabic, Mandarin (working)

Marcus T. Andersson

Partner — Head of Americas & Offshore

Jurisdictions: Canada · El Salvador · Panama · BVI · Cayman Islands · Montenegro · Bosnia & Herzegovina

Languages: English, Swedish, Spanish

View the full team →

Selected work

What clients say about the engagement.

★★★★★

Layla’s team made the difference between a ‟maybe’ and a ‟yes’ from VARA. The pre-application gap analysis they ran caught two governance issues that would have stopped us cold at the assessment stage. Our VARA Category 2 licence was approved in 11 months — fast for this regime.

Yusuf Al-Sayed · CEO, Falcon Digital Markets Crypto Exchange · Dubai
★★★★★

FCA cryptoasset registration has a very high bar — Daniel and his team are the reason we cleared it. Our Annex II self-assessment was rebuilt from scratch under their supervision. The financial-promotions regime work was equally rigorous.

Charlotte Pemberton · Founder, Albion Digital Assets Ltd Crypto Exchange · London
★★★★★

Hong Kong VATP is the most demanding crypto licence we have ever applied for. Layla’s team brought us through the SFC process — including the external assessment, responsible-officer fit-and-proper interviews, and the parallel TCSP setup for client-asset custody. Licence granted, business operational.

Wei Chen · CEO, Victoria Harbour Digital Virtual Asset Trading Platform · Hong Kong
★★★★★

FinCEN MSB plus a phased state MTL rollout — Daniel’s team built us a 24-month roadmap that prioritised the states by transaction volume and regulator turnaround. We launched live in five states inside the first year. Phenomenal project management.

Jordan Reeves · CEO, Liberty Crypto Inc. Crypto Exchange · Delaware / Wyoming

Insights

Latest analysis from practising counsel.

1 — Top lists by region

Top 10 Jurisdictions for a Crypto License in 2026

A practising-counsel ranking of the ten most credible crypto licensing jurisdictions in 2026, scored on regulator credibility, banking access, capital, timeline and post-licence reality.

Read article → 2 — Comparisons

UAE VARA vs Singapore MAS — Which Fits Your Exchange?

Side-by-side analysis of UAE VARA and Singapore MAS for centralised crypto exchanges — capital, timeline, supervisory style, banking access and ongoing burden.

Read article → 4 — Regulatory updates

MiCA Explained — Complete Guide for Crypto Businesses (2026 Update)

A practical 2026 guide to the EU Markets in Crypto-Assets Regulation: CASP authorisation, ART and EMT regimes, transitional periods, and the country-by-country path to a passportable licence.

Read article →

Frequently asked questions about crypto licensing

What is a crypto license?

A crypto license is regulator authorisation to provide one or more digital-asset services — exchange, custody, brokerage, payment, token issuance. It is the legal permission to operate. Without it, the activity is unauthorised in jurisdictions that regulate the perimeter, which today includes the EU (MiCA CASP), the UK (FCA), the US (FinCEN MSB plus state MTL), the UAE (VARA), Singapore (MAS PSA), Hong Kong (SFC) and most other major financial centres.

Who needs a crypto licence in 2026?

Most operating models do — centralised exchanges, custodians, brokers, OTC desks, payment processors, stablecoin issuers and token issuers selling to retail. Genuine non-custodial DeFi front-ends and limited NFT collectibles platforms can fall outside, but the threshold question turns on activity scope, customer geography and whether the operator controls client assets.

Which is the cheapest crypto license to obtain?

El Salvador (DASP), Georgia (FIZ + VASP), Panama and Bosnia & Herzegovina lead on total first-year cost. Total all-in — including statutory capital, legal fees, substance and ongoing supervision — typically falls between USD 12,000 and USD 25,000 in those jurisdictions. The full ranking is on /compare/cheapest-crypto-license/.

Which jurisdiction is best for a crypto exchange?

For an institutional centralised exchange the credible shortlist is UAE (VARA), Singapore (MAS MPI) and Hong Kong (SFC VATP). Switzerland (FINMA fintech) and EU MiCA member states (Lithuania first) are credible alternatives. The right answer turns on customer geography, banking strategy and capital tolerance.

How long does it take to get a crypto license?

Crypto license timelines range from 1–3 weeks (Panama, no specific licence) to 18–24 months (NYDFS BitLicense). Most regimes take 8–14 weeks (offshore VASP) or 6–12 months (Tier-1 onshore). The variance comes from RFI cycles and the quality of the application file at submission, not from the published schedule.

Can I operate a crypto business from an offshore jurisdiction?

Yes — offshore (BVI, Cayman, Panama, Jersey) is a legitimate operating base for many crypto models, particularly token issuers and custodians. The trade-off is banking access. Supervised offshore (BVI, Cayman, Jersey) plugs into institutional banking. Lightly-supervised offshore (Seychelles, Anjouan, Vanuatu) frequently cannot, and operators almost always pair it with an onshore wrapper.

What is the difference between VASP, CASP and VATP?

VASP is the FATF-aligned offshore framework (BVI, Cayman, Georgia, Montenegro). CASP is the EU MiCA framework — passportable across all 30 EEA states under a single authorisation. VATP is the Hong Kong SFC framework for centralised crypto trading platforms. Overlapping activity, different legal systems and capital regimes.

Do I need a license for DeFi?

It depends on whether the protocol is genuinely non-custodial and on whether you operate the front-end as a business. A pure smart-contract layer with anonymous deployers and no custody often falls outside licensing — but the operator behind a branded front-end, token treasury or governance hub frequently does need authorisation.

How much does a crypto license cost?

Total first-year cost for a credible crypto license ranges from USD 12,000 (El Salvador DASP) to USD 1,500,000+ (NYDFS BitLicense). The principal cost drivers are statutory capital, legal fees, substance (resident director and office), banking and ongoing supervision. We model three-year total cost upfront — first-year is rarely the relevant number.

What happens after I get the licence?

Authorisation is the start, not the end. Year-one obligations typically include external audit, annual return to the regulator, AML programme refresh, MLRO continuity, material-change notifications and FATF Travel Rule provider integration. The same team that obtained the licence runs the post-licence supervision cycle for retainer clients.

Tell us about your project. We come back within 24 hours.

A short description of the model, target customers and timeline is enough to scope a free jurisdiction assessment. The first call is with the partner who would lead the engagement, not a sales layer.

Free jurisdiction assessment Browse all services →