EU/EEA PassportingMiCA CASP authorisation

CASP Authorisation in Spain

Spain is a CNMV-supervised EU/MiCA CASP route for teams targeting Spanish, Iberian and wider EU market access. It is not a zero-fee shortcut: the file needs credible governance, AML, audit, local substance and banking readiness.

Processing time
From 6 months
Service price
23 700 EUR
Required share capital
From 50 000 EUR
State fee
No state fee
Annual supervision fee
No annual fee
Banking difficulty
Medium to high
RegulatorComisión Nacional del Mercado de Valores (CNMV)

Confirm current CNMV CASP/MiCA application requirements, forms, supervisory allocation and any applicable Spanish fees before using this page for client advice.

Regulatory status should be confirmed by local counsel before relying on this route.

What is Spain CASP authorisation?

Spain CASP authorisation is the Spanish EU route for crypto-asset service providers under MiCA, supervised by the CNMV. It is relevant for teams that want a regulated base for Spanish, Iberian and EU operations, not a low-friction offshore setup.

CASP
Jurisdiction
Spain
Regulator
Comisión Nacional del Mercado de Valores (CNMV)
Regime
CASP
Legal basis
Legal basis: MiCA CASP authorisation supervised in Spain by the CNMV.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

CASP service scope in Spain

The Spanish application should begin with a precise CASP service perimeter. Exchange, custody, brokerage, wallet, advisory, staking-adjacent and payment-related models each change the governance, AML, safeguarding and technology evidence expected in the file.

  • Exchange

    Conditional

    Exchange activity may require additional scope or separate licensing.

  • Custody

    Conditional

    Custody may require separate review or additional controls.

  • Brokerage

    Conditional

    Brokerage or OTC activity typically fits within scope.

  • Wallet provider

    Conditional

    Exchange activity may require additional scope or separate licensing.

  • EU market

    Included

    EU/EEA passporting available.

  • Startups

    Excluded

    High setup complexity means significant budget is needed.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Spanish, Iberian and EU market access

Spain is strongest when the business case needs Spanish-market credibility plus a wider EU/EEA strategy. The passporting case should be mapped to approved CASP services, target countries, client categories and the required notification process.

  • Define Spanish, Iberian and EU/EEA target markets before filing.

  • Map distribution, language, consumer-facing conduct and client onboarding controls to each market.

  • Avoid presenting Spain as automatic access to every EU market or every future crypto service.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Capital, governance and audit expectations

Spain is a high-complexity route. The CSV snapshot indicates share capital from 50,000 EUR, no separate state fee indicated in CSV, no annual supervision fee indicated in CSV, local staff, physical office and audit. The real cost driver is the operating model that must be maintained after authorisation.

  • Board, senior management, compliance, AML and technology ownership should be named and credible.high
  • Capital planning should match the selected CASP services, especially for exchange, custody or fiat-heavy operations.high
  • Audit, reporting, outsourcing oversight and incident management should be budgeted as ongoing obligations.high

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Spain CASP application bottlenecks

Typical blockers are operating-model weaknesses: unclear service scope, insufficient local accountability, generic AML policies, late banking preparation and an EU passporting story that is not tied to approved activities.

  • Unclear CASP service perimeter or post-authorisation passporting plan

    High

  • Weak Spain substance, management accountability or AML ownership

    High

  • Generic policies that do not match Spanish, Iberian or EU client flows

    High

  • Underdeveloped custody, wallet, safeguarding or technology-control evidence

    High

  • Banking or PSP package prepared after the application strategy

    High

  • Route selection driven by budget or speed rather than regulated EU CASP operations

    High

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Activity fit for this route

Review which crypto activities fit within the scope of this route.

Exchange
Conditional

Exchange activity may require additional scope or separate licensing.

Custody
Conditional

Custody may require separate review or additional controls.

Brokerage
Conditional

Brokerage or OTC activity typically fits within scope.

Wallet provider
Conditional

Exchange activity may require additional scope or separate licensing.

EU market
Suitable

EU/EEA passporting available.

Startups
Not suitable

High setup complexity means significant budget is needed.

Not sure if your model fits? Request a licensing assessment

Is Spain CASP authorisation right for your project?

Best for

  • EU passporting and regulated CASP operations
  • EU/EEA market access

Not suitable for

  • Low-budget or fast offshore setup
  • Projects without a prepared banking strategy

Banking difficulty is high for this route. Prepare a banking strategy before committing to the Spain route.

Core requirements

Use this section to check the main regulatory and operational requirements before committing to a jurisdiction.

Required share capitalFrom 50 000 EUR
Required
Local staffRequired
Required
Physical officeRequired
Required
AuditRequired
Required

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Local substance in Spain

Local staff and a physical office should be treated as real operating requirements. Spain is not suitable when the applicant cannot place compliance, management and operational accountability into a defensible local model.

Local staff

Required

Required

At least one locally-accountable staff member or director is expected.

Physical office

Required

Required

A genuine office presence is expected, not a nominal registered address.

Audit

Required

Required

External audit is required for ongoing supervision compliance.

Planning notes

  • Plan Spanish compliance and AML ownership before submission.
  • Document what is controlled locally and what is outsourced to group or third-party providers.
  • Budget staff, office, audit and ongoing compliance separately from the advisory application fee.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cost breakdown

Budget for service price, regulatory fees, share capital and ongoing costs separately.

Service price (professional fees)Application preparation and professional services.
23 700 EUR EURFixed
State fee
No state feeFrom
Annual supervision feeRecurring annual cost after authorisation.
No annual feeNot applicable
Required share capitalMust be held, not an expenditure.
From 50 000 EURFrom
High ongoing cost

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cost breakdown — Spain

Budget for service price, regulatory fees, share capital and ongoing costs separately.

Cost itemAmount
Service priceApplication preparation and professional services.€23,700
Required share capitalMust be held, not an expenditure.€50,000

Summary

One-off costs
€73,700
Annual (year 1)
€0
Total year 1
€73,700

Adjust to convert to your base currency.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Application process

The sequence below shows the usual project flow. Exact steps depend on the regulator, business model and application scope. Spain — From 6 months.

Total timelineFrom 6 months

  1. Pre-assessment and scope review

    1–3 weeks

    Define the activity scope, governance model and target markets before formal preparation.

  2. Company setup in Spain

    2–6 weeks

    Establish legal entity, appoint local staff and set up local operating structure.

  3. Documentation and compliance packBottleneck risk

    3–8 weeks

    Prepare AML/CFT policies, governance documents, controls framework and application materials.

  4. Application submission to Comisión Nacional del Mercado de Valores

    1–2 weeks

    Submit complete application with all required documentation.

  5. Regulator reviewBottleneck risk

    From 6 months

    Regulator reviews the application. May request clarifications. Incomplete files extend this phase.

    Depends on: File quality and completeness

  6. Authorisation or registration confirmation

    1–4 weeks

    Regulator confirms authorisation or registration. Commence operations.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

What can delay or increase cost

These factors are most likely to affect timelines and budgets for this route.

High setup complexity
High

Setup complexity is rated high for Spain. Company setup, governance and documentation take longer than average.

Likely impactAdd 4–8 weeks to the preparation phase.
MitigationStart company setup and governance planning immediately after scope confirmation.
Banking difficulty
High

Banking difficulty is rated high. Opening accounts for crypto businesses in Spain requires extensive documentation.

Likely impactBanking can delay or block operations for 3–6 months after authorisation.
MitigationIdentify and pre-qualify banking partners before submitting the application.
High maintenance cost
Medium

Ongoing supervision, audit and compliance costs are above average. Budget for these separately from the application fee.

Likely impactRecurring annual cost significantly above the one-time service price.
MitigationModel annual compliance costs before committing to this route.
Application completeness
Medium

Incomplete files are the most common cause of delay. Regulator queries extend review by weeks or months.

Likely impactEach regulator query adds 2–6 weeks to the review phase.
MitigationUse a structured compliance pack. Review file completeness before submission.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Banking and PSP strategy in Spain

Spain has a high regulatory reputation, but banking difficulty is still medium to high. Bank and PSP readiness should be developed in parallel with the authorisation file, especially for exchange, custody and fiat-heavy business models.

Banking difficulty
High

Reflects how challenging it is to open and maintain business bank accounts in this jurisdiction.

Medium PSP availability
Medium

Reflects availability of payment service providers willing to onboard crypto-licensed entities.

A licence or registration does not guarantee bank account or payment provider approval. Banking feasibility should be reviewed before the application strategy is finalized.

Preparation checklist

  • Prepare ownership, source-of-funds, flow-of-funds, token policy and client geography materials early.
  • Explain fiat rails, safeguarding, reconciliation and transaction monitoring before approaching banks or PSPs.
  • Do not assume CNMV authorisation will automatically solve account opening or payment provider onboarding.

Business model fit — Spain

Assess how well this route covers your planned activities.

Fit score

Good fit
0/6
Partial fit
6/6
Poor fit
0/6

Spain may not cover your primary activities

Consider an alternative route that better matches your activity profile.

CNMV application profile

Regulatory authority · Spain

Comisión Nacional del Mercado de Valores (CNMV)

A Spain CASP application should read like a serious regulated financial-services file. CNMV-facing materials should connect service scope, ownership, governance, AML, local substance, safeguarding, outsourcing and banking readiness into one defensible operating model.

Likely areas of scrutiny
  • AML, sanctions, transaction monitoring, travel rule and suspicious activity workflows should match the product and client geography.
  • Governance should show accountable local decision-making rather than nominal Spanish presence.
  • Outsourcing, group support and technology providers should be controlled through documented oversight.
  • Fees, timelines and regulator process should be rechecked before client-facing reliance.
Regulatory reputation
High

Strong international recognition and established supervision track record.

Setup complexity
High

Reflects documentation depth, governance requirements and expected review friction.

Regulatory risk
Medium

Reflects likelihood of delays, additional information requests or policy uncertainty.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Compliance documentation

Most crypto licensing routes require a documented compliance framework before submission, not only after approval.

  • Required
    AML/CFT policy and risk assessmentDocument your customer risk model and control framework.
  • Required
    Customer due diligence (CDD) procedures
  • Required
    Enhanced due diligence (EDD) proceduresFor high-risk clients and jurisdictions.
  • Required
    Transaction monitoring system and rules
  • Required
    Sanctions screening procedures
  • Required
    Suspicious activity reporting (SAR) process
  • Required
    MLRO / Compliance officer appointmentLocal accountability may be required.
  • Recommended
    Board-approved governance charter
  • Conditional
    Outsourcing policy and monitoringRequired if functions are outsourced.
  • Recommended
    ICT / cybersecurity policy
  • Required
    Complaints handling procedure
  • Required
    Annual external audit engagementRequired for ongoing supervision compliance.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Documents to prepare

Preparing these materials before filing reduces regulator questions and helps with banking or payment provider onboarding.

0 / 12 required
Required
Recommended
Depends on scope

Corporate documents

AML and compliance

Operational

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Risk assessment

Main risk dimensions for the Spain route.

Banking difficulty
High

Route risk rating — banking difficulty: Medium to high. Authorisation does not guarantee bank account opening.

Mitigation: Start banking outreach and compliance preparation before the application.

Setup complexity
High

Route risk rating — setup complexity: High.

Maintenance cost
High

Route risk rating — maintenance cost: High. Budget for ongoing compliance, fees and supervision separately.

Regulatory reputation
High

Route risk rating — regulatory reputation: High.

Regulatory risk
Medium

Route risk rating — regulatory risk: Low to medium. Weak compliance, vague scope or insufficient controls increase review risk.

Mitigation: Prepare an evidence-based compliance file before submission.

This content is for general orientation only. Crypto regulation changes quickly and the final scope should be confirmed through a jurisdiction-specific legal review before filing or incorporation.

Spain CASP vs alternatives

Compare Spain with Portugal CASP for Iberian market positioning, France CASP for another high-reputation EU market route, Malta CASP for an established EU crypto supervision profile and Turkey CASP when the project is Turkey-market led rather than EU-passporting led.

Current

Spain

CASP

Price
23 700 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

Portugal (CASP)

CASP

Price
18 900 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ Comparable Iberian EU/MiCA route with Portuguese-speaking market logic

Different regulator profile and local substance plan from Spain

View route

France (CASP)

CASP

Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ High-reputation EU route for teams prioritising French market access

Needs separate validation of current French CASP scope, timing and fees

View route

Malta (CASP)

CASP

Price
20 700 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ Established EU/MiCA crypto supervision profile

Not a lighter route; MFSA substance and compliance burden remain material

View route

Turkey (CASP)

CASP

Price
52 800 EUR
Timeline
From 3 months
Passporting
No passporting
Banking
High
Reputation
Medium

+ Local-market CASP route for Turkey-facing operations

No EU/EEA passporting and a materially different regulatory perimeter

View route

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Spain vs other CASP routes

Compare key parameters across CASP authorisation routes.

Sort by:
SpainCurrent
Price23 700 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Portugal
Price18 900 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Malta
Price20 700 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Turkey
Price52 800 EUR
TimelineFrom 3 months
BankingHigh
ReputationMedium

Check your readiness for Spain CASP authorisation

Documented AML/CFT policies, risk assessment, compliance officer.

Share capital

From 50 000 EUR minimum capital required.

AML/CFT framework

Documented AML/CFT policies, risk assessment, compliance officer.

Governance structure

Board, management, accountability chain defined.

Banking preparation

Banking strategy and identified partners.

Local substance plan

Local staff and office in Spain.

Readiness status

Answer the criteria on the left to see your readiness status.

Frequently asked questions

Spain CASP authorisation under MiCA can support EU/EEA passporting, but it should not be described as automatic. Passporting depends on the approved service scope, readiness of the operating model and the required notification process.

It is best suited for teams that want CNMV-supervised regulated CASP operations, Spanish or Iberian market credibility and a wider EU strategy, while being able to maintain local staff, office, audit, AML and governance obligations.

No. The CSV does not indicate a separate state fee or annual supervision fee, but Spain should still be treated as a high-complexity EU authorisation route with material operating, staffing, audit, governance and banking costs.

Expect scrutiny of service scope, AML, sanctions, travel rule, transaction monitoring, governance, ownership, local substance, safeguarding, outsourcing, technology controls and banking or PSP readiness.

Compare Portugal for another Iberian EU route, France for French-market EU positioning, Malta for established EU crypto supervision and Turkey only for local Turkey market entry because Turkey CASP does not provide EU/EEA passporting.

The page is not legal advice and should not be relied on as a substitute for advice from qualified counsel in the relevant jurisdiction.

Your dedicated specialists

  • Enrico Kärvinen

    Enrico

  • Rein Tammik

    Rein

  • Jurata Žukaitė

    Jurata

  • Andrej Kazlauskas

    Andrej

  • Marta Värna

    Marta

  • Katrin Lepik

    Katrin

  • Inga Stankavičiūtė

    Inga

Request a Spain CASP assessment

Share your planned activities, target markets and timeline. We will review which crypto licensing route is likely to fit.

Leave open if you want a country comparison.
Select every activity you plan to offer. The licence route may change if you include custody, exchange, trading platform or fiat flows.
Include service fees, regulator fees, share capital, local office or staff, audit and ongoing compliance.

By submitting this form, you agree to be contacted about your crypto licensing request. Do not include passwords, private keys or confidential customer data.