You are here: 

Information for CASP applicants

Legal persons or other undertakings that intend to provide crypto-asset services shall submit their application for an authorisation as a crypto-asset service provider to the Austrian Financial Market Authority (FMA) in accordance with Article 62 of Regulation (EU) 2023/1114 on markets in crypto-assets (MiCAR).

Authorisation applications will only be formally dealt with from the date on which the corresponding national legislation accompanying MiCAR enters into force and the FMA is designated by law as the national competent authority. In anticipation of this, the FMA is endeavouring to communicate its supervisory expectations and standards in bilateral discussions with prospective applicants and by making explanatory information and documents available on its website.

The following information for CASP applications serves as an orientation guide for applicants in relation to the substantively correct and complete submission of the authorisation application. The information also provides a general overview about the crypto-assets requiring authorisation and the conditions to be met for authorisation.

Interested entities will be able to submit an application for authorisation as a crypto-asset service provider (CASP) from 1 October 2024 at the earliest. If an authorisation is granted, the entity concerned may provide the corresponding services in accordance with Article 149(2) MiCAR from 30 December 2024 at the earliest based on this authorisation.

The following application form is required to be used for the submission of the authorisation application, and the completed form, together with the documents and information required for the procedure specified therein, must be submitted to the FMA:

CASP authorisation form Art 62 MiCAR (Format: docx, Size: 104,4 KB, Language: English)

Please also note the information on the recommended procedure for preparing the CASP authorisation application provided in the Roadmap for Crypto-Asset Service Providers.

In the near future, the FMA will publish detailed Regulatory Guidance, which will provide further specifications for each requirement of the application form, as well as the necessary documents and information to be submitted. This is intended to ensure a high quality of authorisation applications and to clarify any questions applicants may have prior to submitting an application.

The FMA recommends using the secure file exchange system (FTAPI) to transmit the information and documents required for the authorisation application. Interested applicants will receive relevant information about this system by e-mail ([email protected]) prior to submitting their application. Alternatively, the FMA recommends sending encrypted file attachments via e-mail, and to transmit the password separately.

The provision of one or more crypto-asset services requires authorisation by the FMA in accordance with Article 59 MiCAR.

A “crypto-asset” is defined in Article 3(1)(5) MiCAR, as a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology (DLT) or similar technology. This includes:

  • asset-referenced tokens pursuant to Article 3(1)(6) MiCAR;
  • electronic money tokens pursuant to Article 3(1)(7) MiCAR;
  • other crypto-assets pursuant to Article 3(1)(9) MiCAR.

The MiCAR framework, however, is only applicable to those crypto-assets that do not fall under an existing legal framework under capital market law as stated in Article 2(4) MiCAR (e.g., not applicable to [tokenized] financial instruments as defined by Directive 2014/65/EU (MiFID II; Markets in Financial Instruments Directive)).

Article 3(1)(16) MiCAR states that provision of the following crypto-asset services is subject to authorisation:

  1. providing custody and administration of crypto-assets on behalf of clients;
  2. operation of a trading platform for crypto-assets;
  3. exchange of crypto-assets for funds;
  4. exchange of crypto-assets for other crypto-assets;
  5. execution of orders for crypto-assets on behalf of clients;
  6. placing of crypto-assets;
  7. reception and transmission of orders for crypto-assets on behalf of clients;
  8. providing advice on crypto-assets;
  9. providing portfolio management on crypto-assets;
  10. providing transfer services for crypto-assets on behalf of clients.

The authorisation procedure is a multi-stage, fee-based administrative procedure according to the General Administrative Procedures Act 1991 (AVG; Allgemeinen Verwaltungsverfahrensgesetz 1991).

The authorisation application must be accompanied by the documents and information specified in the application form for applicants. Applicants will receive a confirmation of receipt, when the FMA has received the application.

In the event that that the application is not sufficiently specific or is incomplete, a request for improvement including a deadline will be issued. The FMA will send a written confirmation to the applicant if the application is sufficiently specific and complete.

Once the application has been received in full, the FMA will review and assess its content. Where stipulated by law or required in the respective case in hand, other domestic and foreign bodies (authorities, courts, reference persons, etc.) will be consulted regarding observations or information concerning the applicant and/or relevant persons.

The FMA then sets (one or several) date(s) for the hearing, which takes the form of an oral hearing under the AVG. The management and, if necessary, other key function holders (e.g. authorised signatory, compliance officer, representative of the supervisory body) or shareholders or partners of the applicant may be invited to the hearing.

As part of the hearing, unresolved questions about the applicant’s company and business model are discussed and the professional qualifications of those persons who are in charge of the applicant’s day to day-business are reviewed in the form of an oral fit-and-proper interview. Such an interview may also take place with regard to other key function holders.

All oral statements and answers during the hearing are recorded in the form of a transcript and subsequently provided the participants.

An authorisation shall only be granted if all authorisation requirements within the meaning of Article 63 MiCAR are demonstrably fulfilled. Authorisations shall be refused where objective and demonstrable grounds exist pursuant to Article 63(10) MiCAR that:

  1. the management body of the applicant crypto-asset service provider poses a threat to its effective, sound and prudent management and business continuity, and to the adequate consideration of the interest of its clients and the integrity of the market, or exposes the applicant crypto-asset service provider to a serious risk of money laundering or terrorist financing;
  2. the members of the management body of the applicant crypto-asset service provider do not meet the criteria set out in Article 68(1);
  3. the shareholders or members, whether direct or indirect, that have qualifying holdings in the applicant crypto-asset service provider do not meet the criteria of sufficiently good repute set out in Article 68(2);
  4. the applicant crypto-asset service provider fails to meet or is likely to fail to meet any of the requirements of this Title.

The decision to grant or refuse authorisation is made by the Executive Board of the FMA and communicated to the applicant in writing. A positive decision is subsequently published on the FMA website.

Fees  are charged for conducting the authorisation procedure (irrespective of the outcome of the procedure) in accordance with the Gebührengesetz (GebG). In the event that an authorisation is granted, fees will be charged in accordance with the FMA-Gebührenverordnung (FMA-GebV) (Note: The normative setting of fees under the FMA-GebV will take place in parallel with the national legislation transposing MiCAR).

There is no legal obligation for the applicant to have legal representation for the authorisation procedure. However, applicants are free to engage such representation for the authorisation procedure. Lawyers may refer to the power of attorney granted pursuant to Article 8 para. 1 of the Code of Professional Conduct for Lawyers (RAO; Rechtsanwaltsordnung). For all other persons, a corresponding power of attorney must be attached with the application.

As part of CASP authorisation procedures, applicants must submit extensive documentation and information about the proposed business model and the FMA in turn conducts comprehensive supervisory review steps and procedures. Such supervisory procedures usually take several months.

The actual duration of a formal authorisation procedure essentially depends on the quality of the authorisation application, the documents submitted, the complexity of the corporate structure of the applicant and the underlying business model, as well as any changes that the applicant is required to make to the planned business model as part of the procedure. It is therefore not possible to make a binding statement about the expected duration of the procedure.

  1. The applicant initiates the authorisation procedure by submitting the application.
  2. The FMA shall send the applicant a written confirmation of receipt within five working days of receiving the authorisation application.
  3. The completeness of the documents and information received will be checked within 25 working days.
  4. If the application is not considered to be complete, a written request for the missing, relevant documents and information will be made, setting a deadline for their submission (the deadline will depend on the scope of the documents and information to be submitted).
  5. Where the applicant fails to submit the missing documents and information on time or where they are still incomplete, the FMA may refuse to process the authorisation application further.
  6. The FMA will inform the applicant in writing in the event that the necessary documents and information were submitted in full originally or were subsequently submitted in full and on time.
  7. If it becomes apparent in the further course of the procedure that, despite the declaration of completeness, that further documents and information necessary for the completion of the assessment are missing, the FMA may request these in accordance with Article 63(12) MiCAR up to the 20th working day of the above declaration, and suspend the review period for up to 20 working days. The request for further additions or clarifications to the documents and information is at the discretion of the FMA, but does not lead to a (further) suspension of the review period.
  8. The procedure is concluded by the final substantive examination and assessment of the authorisation application within 40 (up to a maximum of 60) working days from the date of completeness.
  9. The outcome of the procedure (whether an authorisation is to be granted or refused based on the respective FMA Executive Board decision) shall be communicated to the applicant in writing within five working days of the decision being taken.

Certain financial entities under Article 60 MiCAR that intend to provide crypto-asset services, are requested to contact the unit competent for their supervision by e-mail well in advance and to send a notification of this intention to the following e-mail address: [email protected].