Preparing for MiCAR authorisation: key takeaways from the CBI’s “Path to Success” briefing

Cryptoasset service providers (CASPs) face a critical regulatory shift under the Markets in Crypto-Assets Regulation (MiCAR). So, what will the Central Bank of Ireland (CBI) expect from firms seeking authorisation? Read this article by Fred McDowell which provides key takeaways from the CBI’s briefing.

Introduction

The countdown is on.

With MiCAR coming into force, compliance professionals are under pressure to prepare their firms for the upcoming obligations, all while managing existing regulatory demands. For firms planning to operate as cryptoasset service providers (CASPs), securing authorisation under MiCAR is not just a milestone, it’s a necessary step to ensure long-term operational readiness.

At the recent “Path to Success” industry briefing in Dublin (28 March 2025), the CBI offered timely insights into how MiCAR aligns with its supervisory expectations. For those in compliance and risk roles, the message was clear: strong preparation, sound governance, and a well-documented application will define the path to approval.

This blog outlines key expectations from the CBI and what practical steps your firm should be taking now.

MiCAR through the lens of the CBI: regulatory alignment

The CBI’s approach to MiCAR is not a departure from its existing supervisory stance — rather, it’s a natural extension of its priorities:

• Consumer protection remains a central pillar of its regulatory agenda;
• The CBI emphasised its continued focus on financial and operational resilience; and
• Firms are expected to demonstrate sustainable, well governed business models, regardless of whether their service delivery is traditional or digital.

From a compliance standpoint, this means the MiCAR authorisation process is about more than ticking regulatory boxes — it’s about demonstrating organisational readiness to operate responsibly in a complex and evolving market.

The two-phase authorisation journey

Firms applying for CASP authorisation under MiCAR will undergo a two-phase review:

1. Pre-application phase

• Key facts document: This is a foundational document that sets the tone for the rest of the application. It must clearly articulate:
  • The firm’s business model and services;
  • The intended activities under MiCAR;
  • An understanding of the regulatory landscape; and
  • Robust and proportionate Governance, risk, and compliance arrangements in place.

2. Application phase

• Submission of the full application will be followed by:
  • Regulatory assessment by the CBI;
  • Requests for clarification or additional information; and
  • A final authorisation decision.

Firms with a well-prepared pre-application package are more likely to progress efficiently through the second phase.

What will the CBI be looking for?

During the briefing, the CBI highlighted the following key features they expect to see in any CASP application:

• Evidence of regulatory understanding: Firms must demonstrate in-depth knowledge of MiCAR and its implications;
• Clear articulation of business model: Including current services and any material changes anticipated;
• Strong risk management frameworks: Governance, internal control, and risk oversight should be clearly documented;
• Consumer protection focus: Measures must be embedded throughout the firm’s operations;
• Effective financial crime frameworks: Up to date AML/CTF policies tailored to cryptoasset activities; and
• Board level compliance culture: The tone from the top matters. The CBI will look for evidence that compliance is supported and prioritised by leadership.

Five practical steps for compliance teams

To ensure your CASP authorisation process runs smoothly, fscom recommends the following actions:

1. Start early with your Key Facts Document

Treat it as a strategic narrative that clearly explains your firm’s business model and how it maps to MiCAR.

2. Update key policy and procedural documents

Ensure your governance, AML, outsourcing, and risk management frameworks reflect the specific risks and obligations of cryptoasset services.

3. Map all outsourcing arrangements

Provide documentation of third party relationships and explain how risk is managed through proportionate controls.

4. Establish a plan for regulatory engagement

Build internal processes to respond quickly and thoroughly to any CBI queries or requests for clarification.

5. Ensure alignment between service offering and application

Your documented operational model must match the services for which you’re seeking authorisation.

Conclusion: success lies in preparation

The CBI has made it clear that it is committed to supporting firms through the authorisation process. But with tight timelines and significant expectations, firms must be proactive, well-prepared, and transparent in their approach.

A high quality, well-structured submission — especially at the pre-application stage — will be the foundation for a smoother regulatory journey. Compliance professionals have a critical role to play in coordinating this effort, aligning the business with MiCAR’s demands, and ensuring that regulatory expectations are understood  and met .

Need help preparing for MiCAR authorisation?

At fscom, we specialise in guiding firms through complex authorisation journeys.  If you would like to discuss how we can support you, or if you have any questions about topics covered in this article, please feel free to get in touch.