Navigating MiCAR Authorisation: Lessons from the EMI Era and How to Avoid Common Pitfalls
Feb 8
4 min read
0
95
0
Over the last several weeks, speaking with Irish VASPs and new Crypto Asset Service Provider (CASP) entrants, I’ve noticed a recurring theme—some are making their authorisation process more difficult than it needs to be. The challenges they’re facing now are similar to what we saw years ago when new Electronic Money Institutions (EMIs) were entering the market.
Back then, firms underestimated key regulatory expectations, particularly around “heart and mind” in Ireland, substance in Ireland, robust risk management, and the need for clear, well-documented submissions to the Central Bank of Ireland. Fast forward to today, and we’re seeing the same issues crop up again with CASPs. This is despite some very clear signposting from ESMA and the CBI.
Key Challenges We’re Seeing
1. Local Presence & Substance in Ireland
One of the most common issues is that firms underestimate how much local presence is required. Many are:
Under-resourcing their local teams, expecting to run operations in Ireland with minimal headcount.
Assuming they can appoint key PCF roles (Pre-Approval Controlled Functions) on a part-time basis or from outside of Ireland (in some cases, even outside the EEA).
CBI’s expectations are clear: there must be real decision-making power based in Ireland. This means firms need a robust local management team, not just a token presence.
2. Hiring PCFs Too Late
The labour market for experienced compliance, risk, and senior leadership roles is tight. Yet, many firms are not realising the time it takes to:
Identify and hire the right PCF candidates.
Conduct the right level of F&P due diligence
Get CBI’s approval.
We strongly recommend starting the hiring process ASAP, rather than leaving it until after the application is submitted. Finvisor can help bridge the gap in the meantime with our fractional compliance officer offering, ensuring firms have the right expertise in place from the outset.
3. Misalignment of Funds Flow & Regulatory Permissions
Another key issue we’re seeing is firms not getting their funds flow right or failing to clearly explain their product in the context of regulatory permissions.
If the CBI cannot clearly understand how funds/assets move, and how your service aligns with regulatory requirements, delays are inevitable.
Some firms are not fully appreciating ESMA’s guidance or the RTS (Regulatory Technical Standards) documents that provide clarity on key operational and risk management requirements. If you have not already read this I suggest you do https://www.esma.europa.eu/sites/default/files/2025-01/ESMA75-453128700-1263_Supervisory_Briefing_on_Authorisation_of_CASPs.pdf
4. Overlooking Operational Realities
Beyond regulatory compliance, firms need to think through the day-to-day practicalities of running a regulated business.
How will you serve customers outside of business hours?
Who is your back-up to your PCFs?
What happens on weekends or public holidays?
Is there sufficient operational staff to manage peak times?
CBI may want to see that these operational aspects are fully thought through as part of the business model and risk framework. This is highly linked to outsourcing which is totally allowed, its just about getting the right framework in place and ensuring that the Irish operation is not a “postbox” (linking back to old ESMA guidance on Brexit).
Collaboration Is Key
One thing I tell every firm: CBI is not scary. They have a job to do, just like you do. Their role is to ensure financial stability, consumer protection, and market integrity. Your job is to build a compliant and sustainable business.
The best approach is to collaborate. That means:
Educate the CBI on your business model—never assume they understand the nuances of how you operate.
Over-explain critical areas like custody, sourcing assets from liquidity providers, and how you built your financial model.
Be clear, transparent, and proactive—the more they understand, the smoother your authorisation process will be.
You can never over-educate the CBI on your business. If they ask questions, that’s a sign that something isn’t clear. Don’t take it as resistance—see it as an opportunity to provide more clarity. For the areas they quiz you on make sure you really detail those areas in your KFD.
How to Get It Right
1. Read & Understand the Key Documents: When speaking with firms, my first piece of advice is always:
Read the KFD (Key Facts Document) again, properly, and then read it two more times. Ensure your full management team is fully aware of what needs to be done.
Ensure you have full executive leadership sponsorship – ensure you have a budget, and some form of project management framework around you.
Go through the CBI’s guidance on completing EMI applications—many of the principles apply to MiCAR.
Study the CBI’s MiCAR risk appetite. If you don’t align with this, your authorisation process will be an uphill battle.
2. Plan Your Hiring Strategy Now
Identify all required PCFs and start recruitment as early as possible.
Be prepared for the cost—PCF salaries are not cheap in this market.
Consider the use of fractional CCO / CRO roles as you build out your KFD and move into application. This will mean that when your hires land the framework is there and their focus should be on implementation.
3. Get Your Documentation Right
Clearly map out and explain funds flow in a way that is regulator friendly. Your grandmother should be able to understand it, don’t use internal lingo.
Ensure risk management frameworks are robust and well-articulated.
Align business models with ESMA guidance and RTS expectations to avoid unnecessary back-and-forth with CBI.
Final Thoughts
The good news? These challenges are solvable with the right preparation and expertise.
The bad news? Failing to get these basics right will lead to delays, increased costs, and potential rejection.
We’ve seen this before with EMIs, and we know how to navigate these roadblocks. If you need guidance on bridging compliance gaps, hiring the right PCFs, or structuring your MiCAR application effectively, Finvisor can help.
Now is the time to get ahead of the curve—the firms that do will be the ones that successfully secure authorisation without unnecessary roadblocks.
