Cryptoasset service providers (CASPs) face a critical regulatory shift under the Markets in Cryptoassets Regulation (MiCAR). So, what will the Central Bank of Ireland (CBI) expect from firms seeking authorisation?
Introduction
The countdown is on.
With MiCAR coming into force, compliance professionals are under pressure to prepare their firms for the upcoming obligations, all while managing existing regulatory demands. For firms planning to operate as cryptoasset service providers (CASPs), securing authorisation under MiCAR is not just a milestone, it’s a necessary step to ensure long term operational readiness.
At the recent “Path to Success” industry briefing in Dublin (28 March 2025), the CBI offered timely insights into how MiCAR aligns with its supervisory expectations. For those in compliance and risk roles, the message was clear: strong preparation, sound governance, and a well-documented application will define the path to approval.
This blog outlines key expectations from the CBI and what practical steps your firm should be taking now.
MiCAR through the lens of the CBI: regulatory alignment
The CBI’s approach to MiCAR is not a departure from its existing supervisory stance, rather, it’s a natural extension of its priorities:
- Consumer protection remains a central pillar of its regulatory agenda.
- The CBI emphasised its continued focus on financial and operational resilience.
- Firms are expected to demonstrate sustainable, well-governed business models, regardless of whether their service delivery is traditional or digital.
From a compliance standpoint, this means the MiCAR authorisation process is about more than ticking regulatory boxes, it’s about demonstrating organisational readiness to operate responsibly in a complex and evolving market.
The two-phase authorisation journey
Firms applying for CASP authorisation under MiCAR will undergo a two-phase review:
1. Pre-application phase
- Key facts document: this is a foundational document that sets the tone for the rest of the application. It must clearly articulate:
- The firm’s business model and services.
- The intended activities under MiCAR.
- An understanding of the regulatory landscape.
- Governance, risk, and compliance arrangements in place.
2. Application phase
- Submission of the full application will be followed by:
- Regulatory assessment by the CBI.
- Requests for clarification or additional information.
- A final authorisation decision.
Firms with a well-prepared pre-application package are more likely to progress efficiently through the second phase.
What will the CBI be looking for?
During the briefing, the CBI highlighted the following key features they expect to see in any CASP application:
- Evidence of regulatory understanding: firms must demonstrate in-depth knowledge of MiCAR and its implications.
- Clear articulation of business model: including current services and any material changes anticipated.
- Robust risk management frameworks: governance, internal control, and risk oversight should be clearly documented.
- Consumer protection focus: measures must be embedded throughout the firm’s operations.
- Effective financial crime frameworks: AML/CTF policies tailored to cryptoasset activities.
- Board-level compliance culture: The tone from the top matters. The CBI will look for evidence that compliance is supported and prioritised by leadership.
Five practical steps for compliance teams
To ensure your CASP authorisation process runs smoothly, fscom recommends the following actions:
- Start early with your Key Facts Document
Treat it as a strategic narrative that clearly explains your firm’s business model and how it maps to MiCAR.
- Update key policy and procedural documents
Ensure your governance, AML, outsourcing, and risk management frameworks reflect the specific risks and obligations of cryptoasset services.
- Map all outsourcing arrangements
Provide documentation of third-party relationships and explain how risk is managed through proportionate controls.
- Establish a plan for regulatory engagement
Build internal processes to respond quickly and thoroughly to any CBI queries or requests for clarification.
- Ensure alignment between service offering and application
Your documented operational model must match the services for which you are seeking authorisation.
Conclusion: success lies in preparation
The CBI has made it clear that it is committed to supporting firms through the authorisation process. But with tight timelines and significant expectations, firms must be proactive, well-prepared, and transparent in their approach.
A high-quality, well-structured submission, especially at the pre-application stage, will be the foundation for a smoother regulatory journey. Compliance professionals have a critical role to play in coordinating this effort, aligning the business with MiCAR’s demands, and ensuring that regulatory expectations are not just met, but exceeded.
Need help preparing for MiCAR authorisation?
At fscom, we specialise in guiding firms through complex authorisation journeys. Contact us today to speak with one of our regulatory compliance experts.
This blog contains a summary of FCA guidance and is not a substitute for tailored legal or regulatory advice. Please consult your fscom adviser before acting on any of the above.
