CASP License in Spain Under MiCA
What Is CASP Authorization in Spain?
CASP (Crypto-Asset Service Provider) authorization is an EU regulatory approval under MiCA allowing firms to provide regulated crypto-asset services across Spain and the EU via passporting.
It applies when a company performs regulated intermediary functions involving crypto-assets on behalf of clients.
Regulated crypto-asset services may include:
- custody and administration of crypto-assets
- crypto exchange services (fiat ↔ crypto / crypto ↔ crypto)
- operation of trading platforms
- execution of client orders
- brokerage and intermediation services
- crypto transfer services
- portfolio management services
- crypto-asset advisory services (crypto-asset advisory services may fall within CASP scope depending on whether the activity constitutes regulated crypto-asset advice under MiCA classification and applicable national supervisory interpretation)
Do I Need a CASP License in Spain?
CASP authorization is typically required if you:
- hold or control client crypto-assets
- operate centralized exchange infrastructure
- execute trades or orders for clients
- intermediate crypto transactions
- provide regulated portfolio management
- run brokerage or OTC execution services
CASP authorization is typically not required if you:
- provide non-custodial software solutions
- build infrastructure tools (APIs, nodes, analytics)
- operate fully decentralized protocols without intermediary control
- publish educational or informational content
Borderline assessment depends on:
- level of custody or control
- intermediary role
- governance structure
- handling of client assets
- actual operational behaviour (substance over form principle)
MiCA Regulatory Framework in Spain
Spain applies MiCA as directly applicable EU regulation, with CASP authorization and supervisory practices implemented by the CNMV under harmonised EU rules, including national procedural and supervisory interpretation where applicable.
MiCA is complemented by:
- EU AML/CFT framework
- ESMA regulatory technical standards
- DORA ICT risk requirements
- GDPR data protection rules
- EU sanctions compliance regimes
MiCA Transitional Period in Spain (VASP → CASP Migration)
Spain applies transitional arrangements allowing certain previously registered crypto service providers (legacy VASP frameworks) to continue operating during migration to MiCA authorization.
Key elements:
- transitional grandfathering provisions
- migration into CASP regulatory regime
- alignment with MiCA compliance standards
- progressive enforcement after transition period
After the transition period, only EU crypto authorization (CASP) holders may provide regulated crypto-asset services.
CASP License Application Process
Step 1 — Regulatory classification
Determine whether activities fall under MiCA scope.
Step 2 — Entity setup
Establish EU legal structure and ownership framework.
Step 3 — Compliance design
AML system, governance framework, risk management and ICT security architecture form an integrated compliance structure that ensures regulatory adherence, effective risk control and secure information technology infrastructure within an organization.
Step 4 — Documentation
Prepare full regulatory submission package.
Step 5 — Review phase
CNMV evaluates governance quality, financial stability, compliance maturity, and operational readiness when assessing an organization’s regulatory compliance and overall suitability.
Step 6 — Authorization
Approved entities gain EU passporting rights.
CNMV Supervisory Approach
The Comisión Nacional del Mercado de Valores applies a risk-based supervisory approach that can be highly stringent for custody, exchange, and brokerage business models.
Key evaluation areas:
Governance
- management structure
- internal controls
- decision-making accountability
Ownership
- UBO transparency
- shareholder structure
- conflict-of-interest controls
Compliance & Risk
- AML/CFT systems
- sanctions screening
- transaction monitoring
- travel rule implementation
Technology & Security
- custody architecture
- cybersecurity controls
- ICT resilience
- outsourcing governance
Secure Your Fully Compliant Spain Crypto License
CASP Requirements in Spain
Legal Structure
An EU-incorporated entity with a transparent ownership structure, identifiable beneficial owners, and operational substance within the EU.
Governance
Qualified management, a compliance officer (MLRO), a risk management function, and an internal audit capability.
AML / KYC Framework
Customer due diligence (CDD), enhanced due diligence (EDD), transaction monitoring, sanctions screening, suspicious activity reporting, and Travel Rule compliance.
Operational Substance
EU-based decision-making, compliance presence, documented governance processes, and oversight of outsourced providers.
Capital Requirements
Custody activities are associated with higher capital expectations, exchanges are subject to medium-to-high thresholds, brokerage requires medium capital levels, and advisory services are subject to variable requirements depending on regulatory classification.
CASP License Requirements Checklist
Legal
- EU entity
- UBO transparency
- governance framework
Compliance
- AML/KYC program
- travel rule compliance
- sanctions screening
Operational
- cybersecurity systems
- custody controls
- risk management
Financial
- minimum capital adequacy
- liquidity planning
- sustainability proof
CASP vs VASP vs MiCA Authorization
VASP (legacy regime)
- national registrations (pre-MiCA)
- fragmented EU regulation
- country-specific rules
CASP (MiCA framework)
- unified EU authorization
- passporting rights
- harmonised compliance standards
MiCA authorization (umbrella regime)
- EU-level regulatory framework governing CASPs
- directly applicable regulation across Member States
CASP is the operational license; MiCA is the regulatory framework governing it.
Banking for Crypto Companies in Spain
CASP authorization does not guarantee access to banking services.
Banking partners apply independent AML/CTF and de-risking frameworks that may be stricter than regulatory minimums.
Key banking challenges:
- enhanced due diligence (EDD)
- source-of-funds verification
- transaction monitoring constraints
- onboarding delays
- operational flow restrictions
Banking options:
Traditional banks
High scrutiny, selective onboarding.
EU banking institutions
Broader cross-border coverage.
EMIs
- Wise Business
- Revolut Business
Spain vs Other EU Jurisdictions
Spain vs Lithuania
- Spain → institutional credibility
- Lithuania → faster setup speed
Spain vs Portugal
- Spain → larger financial ecosystem
- Portugal → startup-friendly environment
Spain vs France
- France → stricter regulatory regime
- Spain → balanced EU market access
Frequently Asked Questions
Yes, but regulators assess financial viability and operational readiness.
It may face regulatory enforcement and banking restrictions.
Depends on business model and risk profile.
Only partially; EMIs are not full banking substitutes.
Only if there is identifiable intermediary control.
Governance, AML, financial, and ICT documentation.
Yes, subject to notification procedures under MiCA.
Often expected depending on operational substance.
No, banking is a separate risk decision.
Yes, but responsibility remains with CASP entity.
Get Your Spain Crypto License with Full Legal Support
Launching a crypto business in Spain requires correct regulatory structuring from the beginning.
We help with:
- CASP eligibility analysis
- Jurisdiction structuring
- AML/KYC framework design
- CNMV application preparation
- Banking setup strategy
- End-to-end licensing support
Start Your CASP Assessment
Get a clear roadmap before applying to avoid rejection and delays.
Contact for consultation and project review.
Final Thoughts
A CASP license in Spain under MiCA is the only legal framework for crypto businesses in 2026.
It provides:
- Legal market access
- EU-wide scalability
- Institutional banking access
- Regulatory credibility
Spain is now a fully regulated CASP jurisdiction where compliance determines market survival and business scalability.