CASP Authorisation in Germany
Germany is a premium BaFin-supervised MiCA CASP route for teams that need a high-reputation EU authorisation and can support strict governance, local substance, audit, banking readiness and ongoing compliance.
Confirm current BaFin guidance, German implementation rules, application forms, fees and CASP service categories before using this page for client advice.
Regulatory status should be confirmed by local counsel before relying on this route.
What is Germany CASP authorisation?
Germany CASP authorisation is the BaFin-supervised route for crypto-asset service providers under MiCA. It is a high-scrutiny EU authorisation route suited to serious regulated operations, not a lightweight registration or fast offshore setup.
- Jurisdiction
- Germany
- Regulator
- Federal Financial Supervisory Authority (BaFin)
- Regime
- CASP
- Legal basis
- Legal basis: MiCA CASP authorisation supervised in Germany by BaFin.
Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.
CASP service scope in Germany
A Germany CASP application should start with a precise service perimeter. Exchange, custody, brokerage, wallet and payment-adjacent models can be possible, but each adds evidence requirements around governance, client assets, AML, technology and outsourcing.
Exchange
ConditionalExchange activity may require additional scope or separate licensing.
Exchange
Exchange activity may require additional scope or separate licensing.
ConditionalCustody
ConditionalCustody may require separate review or additional controls.
Custody
Custody may require separate review or additional controls.
ConditionalBrokerage
ConditionalBrokerage or OTC activity typically fits within scope.
Brokerage
Brokerage or OTC activity typically fits within scope.
ConditionalWallet provider
ConditionalExchange activity may require additional scope or separate licensing.
Wallet provider
Exchange activity may require additional scope or separate licensing.
ConditionalEU market
IncludedEU/EEA passporting available.
EU market
EU/EEA passporting available.
IncludedStartups
ExcludedHigh setup complexity means significant budget is needed.
Startups
High setup complexity means significant budget is needed.
Excluded
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
EU/EEA passporting from Germany
Germany can be used as an EU home-state route for MiCA/CASP services, but passporting should be tied to approved activities, target markets and notification steps. It should not be presented as automatic access for every current or future product.
Define target EU/EEA markets, client categories and service lines before submission.
Map passporting plans to each approved CASP service instead of assuming one authorisation covers all future activities.
Compare non-EU CASP routes only if EU/EEA market access is not the commercial driver.
Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.
Capital, governance and audit expectations
Germany is a very high-complexity CASP route. The CSV snapshot indicates share capital from 50,000 EUR, a 10,750 EUR state fee, annual supervision from 10,000 EUR, local staff, physical office and audit. The practical question is whether the business can maintain this operating model after authorisation.
- Board, senior management, compliance, AML and technology ownership should be named and credible.highBoard, senior management, compliance, AML and technology ownership should be named and credible.high
- Capital planning should match the service scope, especially for exchange, custody or fiat-heavy operations.highCapital planning should match the service scope, especially for exchange, custody or fiat-heavy operations.high
- Audit, reporting, outsourcing, complaints, incident management and compliance monitoring should be budgeted as ongoing obligations.highAudit, reporting, outsourcing, complaints, incident management and compliance monitoring should be budgeted as ongoing obligations.high
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Germany CASP application bottlenecks
Germany CASP blockers are usually operating-model issues rather than form-filling issues. The route works best when scope, substance, controls, banking and long-term compliance cost are resolved before the application is treated as a timeline exercise.
- High
Unclear CASP service perimeter or EU/EEA passporting plan
- High
Insufficient local governance, staffing or BaFin-facing accountability
- High
Weak custody, safeguarding, wallet or technology-control evidence
- High
Generic AML policies that do not match client geography, tokens and fiat flows
- High
Banking or PSP package prepared too late
- High
Route selection driven by a low-budget or fast-launch objective rather than BaFin-supervised EU operations
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Activity fit for this route
Review which crypto activities fit within the scope of this route.
Exchange activity may require additional scope or separate licensing.
Custody may require separate review or additional controls.
Brokerage or OTC activity typically fits within scope.
Exchange activity may require additional scope or separate licensing.
EU/EEA passporting available.
High setup complexity means significant budget is needed.
Not sure if your model fits? Request a licensing assessment
Is Germany CASP authorisation right for your project?
Best for
- EU passporting and regulated CASP operations
- EU/EEA market access
Not suitable for
- Low-budget startups and fast launch projects
- Projects without a prepared banking strategy
Banking difficulty is high for this route. Prepare a banking strategy before committing to the Germany route.
Core requirements
Use this section to check the main regulatory and operational requirements before committing to a jurisdiction.
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Local substance in Germany
Local staff and physical office should be treated as operating requirements. Germany is a weak fit for nominal substance if decision-making, compliance and technology accountability sit elsewhere without a defensible control model.
Local staff
RequiredRequired
At least one locally-accountable staff member or director is expected.
Physical office
RequiredRequired
A genuine office presence is expected, not a nominal registered address.
Audit
RequiredRequired
External audit is required for ongoing supervision compliance.
Planning notes
- Plan local compliance ownership and BaFin-facing accountability before filing.
- Document what is controlled in Germany and what is outsourced, including oversight of group or technology providers.
- Budget local staff, office, audit and ongoing compliance separately from application advisory fees.
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Cost breakdown
Budget for service price, regulatory fees, share capital and ongoing costs separately.
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Cost breakdown — Germany
Budget for service price, regulatory fees, share capital and ongoing costs separately.
| Cost item | Amount |
|---|---|
| Service priceApplication preparation and professional services. | €28,200 |
| State fee | €10,750 |
| Required share capitalMust be held, not an expenditure. | €50,000 |
Summary
- One-off costs
- €88,950
- Annual (year 1)
- €0
- Total year 1
- €88,950
Adjust to convert to your base currency.
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Application process
The sequence below shows the usual project flow. Exact steps depend on the regulator, business model and application scope. Germany — From 6 months.
Pre-assessment and scope review
1–3 weeksDefine the activity scope, governance model and target markets before formal preparation.
Company setup in Germany
2–6 weeksEstablish legal entity, appoint local staff and set up local operating structure.
Documentation and compliance packBottleneck risk
3–8 weeksPrepare AML/CFT policies, governance documents, controls framework and application materials.
Application submission to Federal Financial Supervisory Authority
1–2 weeksSubmit complete application with all required documentation.
Regulator reviewBottleneck risk
From 6 monthsRegulator reviews the application. May request clarifications. Incomplete files extend this phase.
Depends on: File quality and completeness
Authorisation or registration confirmation
1–4 weeksRegulator confirms authorisation or registration. Commence operations.
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
What can delay or increase cost
These factors are most likely to affect timelines and budgets for this route.
Setup complexity is rated high for Germany. Company setup, governance and documentation take longer than average.
Banking difficulty is rated high. Opening accounts for crypto businesses in Germany requires extensive documentation.
Ongoing supervision, audit and compliance costs are above average. Budget for these separately from the application fee.
Incomplete files are the most common cause of delay. Regulator queries extend review by weeks or months.
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Banking and PSP strategy in Germany
Germany has very high regulatory reputation, but banking difficulty remains high for crypto businesses. Bank and PSP readiness should run in parallel with authorisation planning, especially for exchange, custody and fiat-heavy models.
Reflects how challenging it is to open and maintain business bank accounts in this jurisdiction.
Reflects availability of payment service providers willing to onboard crypto-licensed entities.
A licence or registration does not guarantee bank account or payment provider approval. Banking feasibility should be reviewed before the application strategy is finalized.
Preparation checklist
- Prepare ownership, source-of-funds, flow-of-funds, client geography, token policy and transaction monitoring evidence.
- Explain fiat rails, safeguarding and complaints handling before approaching banks or PSPs.
- Do not assume BaFin authorisation will automatically solve account opening or PSP onboarding.
Business model fit — Germany
Assess how well this route covers your planned activities.
Fit score
- Good fit
- 0/6
- Partial fit
- 6/6
- Poor fit
- 0/6
Germany may not cover your primary activities
Consider an alternative route that better matches your activity profile.
BaFin application profile
Federal Financial Supervisory Authority (BaFin)
A Germany CASP file should read like a premium financial services application: clear activities, accountable management, local substance, risk controls, safeguarding, AML and technology evidence. Weak substance, generic policies or unclear outsourcing are likely to create review friction.
Official regulator website- BaFin positioning is strongest for teams that value regulatory reputation and can evidence real Germany-based operations.
- Custody, exchange and cross-border fiat flows need a stronger control file than narrow brokerage or advisory models.
- AML, sanctions, travel rule, transaction monitoring, outsourcing and cybersecurity evidence should be product-specific.
- Legal and regulatory source updates should be checked before relying on timelines or fee assumptions.
Strong international recognition and established supervision track record.
Reflects documentation depth, governance requirements and expected review friction.
Reflects likelihood of delays, additional information requests or policy uncertainty.
Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.
Compliance documentation
Most crypto licensing routes require a documented compliance framework before submission, not only after approval.
- RequiredAML/CFT policy and risk assessmentDocument your customer risk model and control framework.
- RequiredCustomer due diligence (CDD) procedures
- RequiredEnhanced due diligence (EDD) proceduresFor high-risk clients and jurisdictions.
- RequiredTransaction monitoring system and rules
- RequiredSanctions screening procedures
- RequiredSuspicious activity reporting (SAR) process
- RequiredMLRO / Compliance officer appointmentLocal accountability may be required.
- RecommendedBoard-approved governance charter
- ConditionalOutsourcing policy and monitoringRequired if functions are outsourced.
- RecommendedICT / cybersecurity policy
- RequiredComplaints handling procedure
- RequiredAnnual external audit engagementRequired for ongoing supervision compliance.
Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.
Documents to prepare
Preparing these materials before filing reduces regulator questions and helps with banking or payment provider onboarding.
Corporate documents
AML and compliance
Operational
Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Risk assessment
Main risk dimensions for the Germany route.
Route risk rating — banking difficulty: High. Authorisation does not guarantee bank account opening.
Mitigation: Start banking outreach and compliance preparation before the application.
Route risk rating — setup complexity: Very high.
Route risk rating — maintenance cost: Very high. Budget for ongoing compliance, fees and supervision separately.
Route risk rating — regulatory reputation: Very high.
Route risk rating — regulatory risk: Low to medium. Weak compliance, vague scope or insufficient controls increase review risk.
Mitigation: Prepare an evidence-based compliance file before submission.
This content is for general orientation only. Crypto regulation changes quickly and the final scope should be confirmed through a jurisdiction-specific legal review before filing or incorporation.
Germany CASP vs alternatives
Compare Germany with Malta CASP for an established EU/MiCA route, Luxembourg CASP and Netherlands CASP for other high-reputation EU options, and Turkey CASP when the project is focused on Turkey rather than EU/EEA passporting.
Germany
CASP
- Price
- 28 200 EUR
- Timeline
- From 6 months
- Passporting
- EU/EEA
- Banking
- High
- Reputation
- Very high
Malta (CASP)
CASP
- Price
- 20 700 EUR
- Timeline
- From 6 months
- Passporting
- EU/EEA
- Banking
- Medium to high
- Reputation
- High
+ Established EU/MiCA route with MFSA supervision
− Still requires local substance, audit and a regulator-grade file
View routeLuxembourg (CASP)
CASP
- Timeline
- From 6 months
- Passporting
- EU/EEA
- Banking
- High
- Reputation
- Very high
+ Strong EU financial centre positioning for institutional models
− Usually not a low-cost or fast-launch route
View routeNetherlands (CASP)
CASP
- Timeline
- From 6 months
- Passporting
- EU/EEA
- Banking
- High
- Reputation
- Very high
+ High-reputation EU route for mature compliance-led teams
− Strict AML, governance and banking expectations can slow launch
View routeTurkey (CASP)
CASP
- Price
- 52 800 EUR
- Timeline
- From 3 months
- Passporting
- No passporting
- Banking
- High
- Reputation
- Medium
+ Local-market CASP route for Turkey-facing operations
− No EU/EEA passporting and a materially different regulator profile
View routeFees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.
Germany vs other CASP routes
Compare key parameters across CASP authorisation routes.
Check your readiness for Germany CASP authorisation
Documented AML/CFT policies, risk assessment, compliance officer.
From 50 000 EUR minimum capital required.
Documented AML/CFT policies, risk assessment, compliance officer.
Board, management, accountability chain defined.
Banking strategy and identified partners.
Local staff and office in Germany.
Readiness status
Answer the criteria on the left to see your readiness status.
Frequently asked questions
Germany CASP authorisation under MiCA can support EU/EEA passporting for approved services, but it should not be described as automatic access. The service scope, target markets and required notification process must be reviewed before launch.
Usually no. Germany is a premium, high-scrutiny route with local staff, office, audit, governance, capital, banking and ongoing compliance obligations. It is better suited to teams that can maintain a regulated operating model.
Germany may be stronger when BaFin supervision, German market credibility and very high regulatory reputation are commercially important. Malta may be easier to compare when the team wants an established EU/MiCA route with a different regulator profile.
The main risks are high bank scrutiny of ownership, source of funds, client geography, token policy, fiat flows, custody controls and transaction monitoring. Authorisation planning should not assume that bank or PSP onboarding will be simple.
Review CASP service scope, capital, local substance, governance, AML, technology controls, outsourcing, audit, banking strategy, passporting plan and any non-MiCA permissions that may be triggered by the business model.
The page is not legal advice and should not be relied on as a substitute for advice from qualified counsel in the relevant jurisdiction.
Your dedicated specialists
Enrico
Rein
Jurata
Andrej
Marta
Katrin
Inga
Request a Germany CASP assessment
Share your planned activities, target markets and timeline. We will review which crypto licensing route is likely to fit.