Equilex
Back to News

CASP License Business Plan under MiCA: Key Requirements and Structure

Learn what a CASP License Business Plan under MiCA should include, from governance and compliance to financial planning, NBS expectations, and EU regulatory readiness.

Crypto Licensing#MiCA
May 14, 2026
8 min read
CASP License Business Plan under MiCA: Key Requirements and Structure

A CASP License Business Plan is one of the most important documents for crypto-asset service providers applying for authorization under the European MiCA Regulation, officially known as Regulation (EU) 2023/1114. In practice, any crypto company planning to offer crypto-asset services in the EU must receive approval from the competent national authority before starting regulated activity.

For companies applying in Slovakia, the competent authority is the National Bank of Slovakia, also known as the NBS. Under Article 62(1) of MiCA, the CASP license application must include a detailed business plan, often referred to as a “programme of operations.” This plan must cover at least the first three years of the company’s intended activity.

Below, we explain what regulators typically expect from a CASP License Business Plan, based on MiCA requirements and practical experience with the Slovak regulatory approach.

#MiCA Business Plan Regulatory Requirements

Article 62(2) of MiCA sets out the information that must be included in a CASP license application. One of the key documents is the business plan describing the applicant’s planned crypto-asset services, operational model, target markets, governance, compliance framework, and financial projections.

The business plan must be detailed, realistic, and forward-looking. It should clearly explain how the company intends to operate during at least the next three years.

In particular, the applicant should include the following sections.

#Business Model and Planned Crypto-Asset Services

The business plan should provide a clear explanation of the company’s business model and the crypto-asset services it plans to offer. This may include services such as crypto exchange, custody and administration of crypto-assets, portfolio management, investment advice, execution of orders, or other MiCA-regulated activities.

The company should also explain how it plans to generate revenue from these services. This may include transaction fees, custody fees, spreads, subscription models, or other commercial arrangements.

The regulator will expect the plan to show where and how the services will be offered, which distribution channels will be used, and whether the company intends to operate only in Slovakia or across the wider EU market. The business plan should demonstrate that the applicant understands the market and has a realistic commercial strategy.

#Target Markets and Client Groups

The business plan should describe the company’s target audience and geographic scope. For example, the applicant should explain whether it plans to serve retail clients, corporate clients, institutional investors, or a combination of these groups.

It should also clarify whether the company’s activities will be limited to Slovakia or whether it intends to provide services on a cross-border basis within the EU.

This section helps the regulator assess whether the applicant understands its client base, the expected level of demand, and the risks connected with the intended crypto-asset services.

#Governance and Organizational Structure

A CASP License Business Plan must also explain the company’s governance and internal structure. This includes the legal form of the company, ownership structure, internal organization chart, key departments, and reporting lines.

The plan should identify the members of the management body and the persons responsible for core functions such as compliance, risk management, AML/CFT, IT security, and operations.

Because MiCA places strong emphasis on sound governance, the business plan should show that the company has qualified management, clear internal responsibilities, and effective control mechanisms. The regulator needs to see that the company is not only commercially viable, but also properly managed.

#Compliance and Risk Management Framework

Compliance is one of the most important parts of the CASP licensing process. The applicant must explain how it will meet its regulatory obligations under MiCA, AML/CFT rules, and other applicable legislation.

This section should cover areas such as:

  • AML/CFT policies and customer due diligence;
  • KYC onboarding procedures;
  • transaction monitoring;
  • Travel Rule compliance;
  • conflict of interest management;
  • segregation of client assets;
  • protection of client crypto-assets and funds;
  • internal reporting and escalation procedures.

The business plan should also describe the company’s approach to cybersecurity and operational resilience. This includes IT security measures, data protection, backup systems, incident response procedures, and business continuity planning.

These points are especially important because crypto-asset service providers are expected to operate in line with high standards of technical and operational reliability, including requirements connected to DORA.

#Financial Plan and Available Resources

The business plan must include financial projections covering at least three years. These projections should be realistic and supported by clear assumptions.

The financial section should usually include:

  • projected profit and loss statements;
  • balance sheet forecasts;
  • expected revenue and cost structure;
  • funding sources;
  • capital adequacy calculations;
  • liquidity planning;
  • prudential resource requirements.

The regulator will check whether the applicant has sufficient financial resources to operate safely and meet the minimum prudential requirements under MiCA. Depending on the services provided, this may include own funds or equivalent insurance coverage ranging from EUR 50,000 to EUR 150,000.

This section should show that the company has enough capital to launch, operate, manage compliance costs, and remain financially stable during its first years of activity.

#Regulator Expectations: Slovak Experience with the NBS

In Slovakia, MiCA requirements are implemented nationally through Act No. 248/2024 Coll. on Crypto-assets. This law designates the National Bank of Slovakia as the authority responsible for CASP licensing and supervision.

The NBS does not review business plans only as a formal requirement. It looks closely at whether the plan is clear, realistic, and supported by proper documentation. Even before MiCA, Slovak regulators expected detailed and credible business plans. Under MiCA, this standard is now even higher.

Based on practical experience, the NBS pays particular attention to the following areas.

#AML/CFT Compliance

The NBS is known for taking AML/CFT requirements seriously. A crypto company’s compliance framework should therefore be explained in detail.

This includes customer onboarding, risk scoring, transaction monitoring, Travel Rule implementation, appointment of an AML officer, internal controls, suspicious activity reporting, and staff training.

If AML information is vague or incomplete, the regulator may ask additional questions or consider the application insufficient.

#Key Personnel and Corporate Governance

The NBS will carefully assess the ownership and management structure of the applicant. Companies should be ready to provide CVs, criminal record certificates, proof of professional experience, and evidence of relevant expertise in finance, crypto, compliance, IT, or risk management.

Important roles such as directors, compliance officers, AML officers, and risk managers should be clearly assigned to qualified individuals.

A clear division of responsibilities, transparent reporting lines, and conflict of interest policies help demonstrate that the company is ready to operate under regulatory supervision.

#Operational and Technical Resilience

The regulator will also want to understand the company’s technical setup. This includes IT architecture, cybersecurity controls, wallet infrastructure, data protection, system backups, and disaster recovery arrangements.

For CASPs dealing with client crypto-assets, the plan should explain how assets will be protected. This may include cold storage, multi-factor authentication, access controls, transaction approval processes, cyber insurance, or third-party custody arrangements.

A strong operational resilience framework can significantly improve the quality of the application.

#Financial Transparency

The NBS will assess whether the company’s financial projections are realistic. Overly optimistic revenue forecasts, unclear funding sources, or underestimated compliance costs may raise concerns.

The business plan should explain how the company will finance its operations, maintain liquidity, cover compliance and staffing costs, and meet prudential requirements.

The regulator will also review how client funds and crypto-assets will be protected, including whether separate accounts, custody arrangements, or insurance mechanisms will be used.

#Submission Language and Format

In Slovakia, CASP license application documents must generally be submitted in Slovak. If the business plan or supporting documents are prepared in another language, an official Slovak translation will usually be required.

In some cases, technical documents in English may be accepted, but this should not be assumed. Foreign applicants should plan sufficient time and budget for translation and localization.

#Pre-Licensing Dialogue with the NBS

The NBS encourages early communication with applicants before the formal submission of the CASP license application. This is often done through pre-licensing dialogue meetings.

Such meetings can be very useful. They help applicants understand the regulator’s expectations, clarify the structure of the application, and avoid common mistakes before submitting the full package.

In practice, a strong application should show that the applicant has a viable business model, proper governance, effective risk controls, technical resilience, and enough financial resources to operate safely.

#Conclusion

A CASP License Business Plan under MiCA is not just a formal document. It is one of the most important parts of the authorization process for any crypto-asset service provider entering the EU market.

The plan must give the regulator a complete and realistic picture of the company’s business model, planned services, compliance framework, governance structure, operational setup, and financial resources.

For applicants in Slovakia, the business plan should follow the requirements of MiCA, especially Article 62 of Regulation (EU) 2023/1114, while also taking into account national rules such as Act No. 248/2024 Coll. and the expectations of the NBS.

A clear, well-structured, and legally sound business plan can make the CASP licensing process smoother and increase the chances of a successful application. It also gives the company a stronger foundation for entering the EU crypto market with confidence.

Need Help with Licensing?

If you need support with preparing a CASP license application or business plan under MiCA, please complete the inquiry form on our website. The Equilex team will review your request and contact you within 24 hours to discuss your project, licensing strategy, and available regulatory options.

Related Services

Explore our services that can help you achieve your licensing goals.

Crypto licenses

AUSTRAC DCE in Australia

Crypto-regulated company to start business in Oceania.

Read more

BSP/DASP in El Salvador

The first country that legalized Bitcoin in 2021 under the Bitcoin Law, and it has since emerged as the hub of Latin America's cryptocurrency market.

Read more

MSB Registration in Canada

Multiglobal company to work with crypto, money remittance, and processing of payments.

Read more

VASP in Georgia

Georgian VASP is ideal for operational crypto businesses that want speed, flexibility, and reasonable compliance—without the cost and rigidity of EU-level regulation.

Read more

CASP in Malta

Your gateway to EU-wide crypto-asset services: a Malta-based MiCA authorisation lets you passport crypto-asset services to all 27 EU Member States without requiring a physical presence in each host state, leveraging Malta's experienced financial services ecosystem.

Read more

Payment & Fintech licenses

AFSL in Australia

An Australian Financial Services (AFS) license is a legal authorization for an individual or business to conduct financial services operations in Australia and is required for businesses that deal with, advise on, or manage financial products.

Read more

MSB in USA

A US Montana MSB registration is a FinCEN-registered money services business incorporated in Montana, commonly used by fintech, payment, remittance, and crypto companies seeking a streamlined US regulatory structure.

Read more

MSO in Hong Kong

A person or organization that runs a money exchange or remittance business is known as an MSO. As MSO suggests, the money-changing service involves changing several currencies.

Read more

PIS in Mauritius

Providing payment accounts or wallets, money remittance, PSP collating payments from cards and remittance to merchants.

Read more

SPI (MIP) in Poland

Fast-track Polish payment institution regime for PSPs that need regulated status to launch payment flows (transfers, cards, acquiring, remittance) without going straight into full EMI.

Read more

SRO regulated asset management company in Switzerland

A pragmatic Swiss AML-supervised setup for crypto/fiat payment and exchange, brokerage, and credit businesses via membership in a FINMA-authorized SRO.

Read more

You might also like

Continue exploring related topics