MiCA Implementation in Spain: Regulatory Requirements and Licensing Process

light

As of the fourth quarter of 2024, the Bank of Spain’s register contained more than 122 organisations providing virtual asset services.

Transition to MiCA and timeline

With the adoption of the MiCA, the regulation of crypto-assets in the EU has been significantly transformed. Spain, as an EU member state, is bringing its legislation in line with MiCA by introducing new regulations for CASPs. The main control in this area is exercised by the National Securities Market Commission (“CNMV”) and the Bank of Spain. 

In March 2023, the Spanish government approved the preliminary Law 6/2023 of 17.03.2023 on securities markets and investment services to implement MiCA regulation, entrusting the CNMV with the supervision of crypto-assets. The exception was made for issuers of e-money tokens and asset-backed securities, including stablecoins, which are subject to the Bank of Spain.

This act is a key regulatory document that defines the rules for financial markets and crypto-assets in Spain. It is adapted to the requirements of MiCA and establishes the CASP licensing procedure, supervisory mechanisms, and sanctions for violations.

In general, the CNMV is responsible for the supervision of crypto-assets that are not classified as electronic money (“EMT”) or asset-related tokens (“ART”), as well as for the licensing of CASPs, while the Bank of Spain regulates EMT and ART issuers.

In October 2023, the Spanish authorities announced that they would complete the integration of MiCA by 31 December 2025, six months ahead of the European deadline of June 2026. By this time, all transitional steps for Spanish crypto-asset service providers (“CASPs”) will be completed. Currently, local regulations require all operators, regardless of their scale or type of financial activity, to register with the Bank of Spain as virtual asset providers. Thus, both the bank launching crypto services and the new exchange are subject to the same registration requirements.

CASP licensing procedure and basic requirements

The process of obtaining a CASP licence involves several stages. First, applicants prepare documentation containing general information, shareholder structure, governing bodies, business plan, internal control system, etc. It is particularly important to develop a MiCA compliance programme and risk management measures. 

It is worth noting that CASPs are required to comply with internal control and risk management requirements, including:

  • Use of mechanisms to protect client assets.
  • Implementation of transaction monitoring procedures.
  • Developing a cybersecurity policy to prevent unauthorised access to data.

In accordance with MiCA, CASPs in the AML/CFT area must also:

  • Register and verify the identity of customers (KYC procedures).
  • Analyse financial transactions for suspicious transactions.
  • Submit suspicious transaction reports to regulators.
  • Conduct anti-money laundering training for staff.

It is worth noting that the CNMV began accepting applications in September 2024, and the review process takes up to three months. During this period, the regulator may request additional information, to which the company has 10 business days to respond.

In order to successfully complete the licensing process, the company must confirm its financial stability, compliance with corporate governance requirements, and disclose all the details of its operations.

Transitional Period and Business Adaptation

Spain has decided to shorten the transitional period set by MiCA to December 30, 2025, instead of July 1, 2026. This means that companies already registered with the Bank of Spain can continue providing services until this date or until they obtain a new license from the CNMV. For businesses, this is a significant factor, as companies already operating in the crypto-asset sector need to swiftly adapt their processes to the new requirements and update their documentation in line with MiCA.

Sanctions for MiCA Violations

Companies that fail to comply with MiCA may face severe penalties. Depending on the severity of the violation, both companies and individuals could be subject to significant financial fines as well as administrative restrictions.\

Serious Violations.

In cases of serious breaches, the fine amount is calculated based on the profits gained or losses avoided and can reach up to 700,000 euros for individuals. Additional sanctions may include:

  • Public disclosure of the violation and the responsible parties.
  • An order to immediately cease the illegal activity.

Particularly Serious Violations.

For more significant breaches, legal entities may face fines of up to 5 million euros or a percentage of the company’s annual turnover (up to 15%). Individuals could be fined up to 5 million euros, depending on the gravity of the violation. Beyond financial penalties, additional measures may be imposed:

  • Revocation of the CASP license.
  • Temporary or long-term ban on holding managerial positions.
  • Restriction of access to financial operations in the market.

In cases of repeated violations, the ban on holding managerial positions could extend to 10 years. Furthermore, if the company is part of a financial group, fines are calculated based on the consolidated turnover of the entire structure.

Thus, the MiCA sanctions system is designed to ensure market transparency and accountability among participants in the financial sector.

Conclusions and Prospects

Spain is confidently implementing MiCA, establishing clear requirements for CASP licensing and effective regulatory mechanisms. Oversight of the crypto-asset market is handled by the CNMV and the Bank of Spain, which are responsible for issuing licenses and supervising company operations. The licensing process takes up to three months, while existing market players are granted a transitional period until the end of 2025.

The new regulations mandate that crypto companies not only obtain a license but also implement internal control systems, measures to counter financial risks, and anti-corruption mechanisms. With a stricter sanctions policy in place, compliance with all requirements is a critical factor for stable operations, as even minor violations can lead to significant consequences.

Consequently, companies aiming to operate in Spain’s crypto-asset market should prepare their licensing documentation in advance and ensure full compliance with regulatory standards. The introduction of MiCA opens up new opportunities for the development of digital financial services, but it demands strict adherence to established norms.

Our contacts

If you want to become our client or partner, feel free to contact us at support@manimama.eu.

Or use our telegram @ManimamaBot and we will respond to your inquiry.

We also invite you to visit our website: https://manimama.eu/.

Join our Telegram to receive news in a convenient way: Manimama Legal Channel.

Manimama Law Firm provides a gateway for the companies operating as the virtual asset wallet and exchange providers allowing to enter to the markets legally. We are ready to offer an appropriate support in obtaining a license with lower founding and operating costs. We offer KYC/AML launch, support in risk assessment, legal services, legal opinions, advice on general data protection provisions, contracts and all necessary legal and business tools to start business of virtual asset service provider.

The content of this article is intended to provide a general guide to the subject matter, not to be considered as a legal consultation.

Tags

Chat

Ready to start working with us? Fill out the form.

We are a team that maintains a high level of integrity and a “client first” approach, applying our skills and knowledge.

Tokenization

Tokenization

Licensing

Incorporation

MiCA

Send Request
send
Telegram send
Closing deals
in innovation