Why VASPs Are Struggling to Transition to CASP Under MiCA

A practical industry analysis and regulatory readiness guide by Gidea Advisory

Introduction

When MiCA was adopted, it was widely welcomed as the regulatory reset the European crypto market needed — harmonisation, passporting, and legal certainty after years of fragmented national regimes. However, as the transition from VASP registrations to CASP authorisations unfolds, many firms are discovering that submitting a compliant application is far more complex than anticipated. This article explains why companies across Europe are struggling with CASP licensing under MiCA, drawing on real market experience and regulatory implementation trends, and outlines how firms can successfully navigate the transition.

1. MiCA Is Harmonised in Law — But Fragmented in Execution

Although MiCA is directly applicable across the EU, national regulators retain discretion over how transitional periods, supervisory engagement, and application review are handled. This has resulted in uneven regulatory pathways, particularly for firms operating cross-border.

For example, Lithuania was one of the first jurisdictions where MiCA transitional periods closed decisively. Firms that failed to submit complete CASP applications were required to wind down or cease onboarding activity immediately. Several operators that had previously relied on Lithuania’s fast VASP regime found themselves excluded from the market — not because their business models were non-compliant with MiCA in principle, but because their internal readiness and documentation maturity were insufficient when deadlines expired. This demonstrates a broader regulatory trend: incomplete filings do not preserve market access, and regulators are no longer extending timelines for underprepared firms.

On the other hand, in Poland, firms face the opposite challenge. While the country historically operated a lighter crypto registration framework, CASP authorisation under MiCA now requires a full institutional compliance build-out. Polish operators are discovering that governance, capital adequacy, operational resilience, and AML systems must meet financial-sector-grade standards rather than undergo incremental upgrades. As a result, many firms are delaying submissions while restructuring corporate governance, senior management functions, and compliance architecture — creating regulatory bottlenecks before applications even reach the submission stage.

2. Regulatory Backlogs Are Breaking Application Timelines

National competent authorities across the EU were not resourced for the volume or complexity of CASP applications now arriving. Unlike earlier VASP registrations, CASP authorisations require full-scope assessments of governance, risk, AML, ICT security, capital, insurance, outsourcing, custody controls, and operational resilience.This has resulted in prolonged review cycles, increased rejection of incomplete submissions, reduced tolerance for iterative remediation, and commercial uncertainty for firms dependent on regulatory continuity.

3. Most Firms Underestimated the Compliance Transformation Required

MiCA does not regulate crypto businesses as startups — it regulates them as financial institutions. This has caught many VASPs off guard. Common pressure points include:- Governance frameworks (independent oversight, control functions, senior management fitness)- Prudential safeguards (own funds, insurance, treasury governance)- Operational resilience (ICT security, outsourcing oversight, incident response)- AML maturity (transaction monitoring logic, escalation workflows, sanctions screening)Many firms attempted to adapt existing VASP frameworks only to discover that regulators expect institutional operating models — not policy repackaging.

4. VASP to CASP transition periods created strategic complacency

MiCA’s transitional regime was designed to ensure continuity of services. In practice, however, it delayed compliance mobilisation across large parts of the market. Firms waited for national guidance and supervisory convergence before starting implementation, losing valuable preparation time. Now, as transitional windows close across multiple jurisdictions, companies are racing to submit applications into congested regulatory pipelines with structurally incomplete submissions — a high-risk strategy in a regime where regulators prioritise first-time completeness.

5. Capital and Insurance Are Emerging as Hard Licensing Blockers

Under MiCA, CASPs must demonstrate financial resilience and liability protection proportional to their risk exposure. This includes own funds thresholds and professional indemnity insurance or equivalent guarantees. Many firms are encountering late-stage obstacles such as:- Insurance policies excluding digital asset risks or custody events- Coverage limits misaligned with client asset volumes- Capital structures below prudential thresholds- Weak treasury and liquidity governance. Even operationally mature firms are failing at this layer because their financial architecture was never designed to meet regulated financial institution standards.

6. Documentation Quality Has Become a Gatekeeper

CASP applications are no longer policy-based — they are evidence-based. Regulators expect firms to demonstrate not only that controls exist, but how they operate in practice. Common failure points include:- AML frameworks without transaction monitoring logic or escalation evidence- Risk frameworks without defined KRIs, ownership, and mitigation mapping- ICT policies without operational resilience testing or incident simulations- Outsourcing frameworks without subcontractor controls or exit planning- Custody models without segregation proofs or recovery scenariosDocumentation quality — not just business intent — increasingly determines whether applications proceed to substantive review.

7. Passporting Remains Strategically Uncertain

Although MiCA establishes EU-wide passporting rights, firms remain uncertain how host state supervision, consumer protection overlays, and cross-border enforcement coordination will operate in practice. This uncertainty is delaying jurisdictional strategy decisions and influencing market entry planning.

Conclusion: CASP Readiness Is a Structural Evolution — Not a Filing Exercise

The transition from VASP to CASP is proving difficult, not because MiCA is unclear, but because it is uncompromising. It requires crypto businesses to operate as regulated financial institutions — with governance, capital, risk, compliance, and operational resilience embedded at the core of their operating models. Delays, rejected submissions, regulator backlogs, and operational friction are not anomalies — they are structural consequences of institutionalisation. Firms that succeed will be those that start early, invest in operational substance, and treat CASP authorisation as a business transformation programme rather than a compliance filing.

How Gidea Advisory Can Help — Estonia CASP Strategy & Execution

At Gidea Advisory, we specialise in guiding crypto firms through MiCA CASP authorisation and transition, with a strong operational focus on Estonia as a licensing jurisdiction. We support clients with:

- End-to-end CASP licensing strategy and jurisdiction structuring

- Estonia CASP applications and regulator engagement

- Governance, AML, risk, ICT, and operational resilience frameworks

- Capital, insurance, and prudential readiness structuring

- Documentation design and regulator-grade submission packages

- Cross-border passporting readiness and EU market access planning.

If you are planning a CASP submission in Estonia or reassessing your MiCA jurisdictional strategy, Gidea Advisory is ready to support you. Contact us to discuss your CASP readiness and transition roadmap.