MiCA Authorisation for CASPs: What Regulators Will Look For in 2025–2026

MiCA aims to deliver consistent authorisation standards across the EU. In practice, national competent authorities increasingly align their reviews with the supervisory expectations developed at EU level, including ESMA’s emphasis on risk-based supervision and authorisation convergence.

The “Make-or-Break” Areas in Authorisation Reviews

While each firm is assessed proportionately, several topics regularly determine whether an application progresses smoothly:

1) Governance, Control Functions and Accountability
Authorities expect a robust governance model with clearly assigned responsibilities, independent oversight and credible senior management involvement.

2) Substance and Operational Readiness
Applicants must demonstrate they can operate the business in practice: staffing, systems, procedures, decision-making and oversight—supported by evidence.

3) Outsourcing and Third-Party Dependencies
CASPs often rely heavily on technology, liquidity venues, custody providers, cloud infrastructure and group entities. Supervisors assess whether outsourcing:

• preserves supervisory access and auditability,
• ensures operational continuity,
• avoids unacceptable concentration risk, and
• includes workable exit strategies.

4) Client Protection and Conduct Controls
Authorities expect appropriate client disclosures, complaints handling, conflicts management and conduct controls consistent with the services provided.

5) Business Model Credibility and Risk Controls
Applications are tested for internal consistency: business plan, target market, revenue model, risk framework and operational capability must align.

Practical Advice for Applicants

Successful applicants typically:

• build a clear permissions map and service architecture,
• produce a coherent governance narrative (who does what and how it is controlled),
• document outsourcing thoroughly (including oversight, SLAs, audit rights, exit),
• prepare an “evidence pack” proving implementation (not only policy wording),
• demonstrate proportionate but effective controls.

Conclusion

MiCA authorisation is increasingly assessed as a holistic operational capability test. Firms that demonstrate real governance, credible substance and well-controlled outsourcing will be materially better positioned for a smooth regulatory process and for long-term resilience.

The content of this article is intended solely for general information purposes and does not constitute, and should not be construed as, professional advice or a formal opinion.

© 2026 DKA FINANCIAL CONSULTANTS LTD. All rights reserved.