Contact and frequently asked questions

When a crypto-asset service provider (CASP) also provides PSD2 services, it must do so in accordance with PSD2 regulations. DNB is the primary supervisor of PSD2 and deals with PSD2 scope issues. Unless there is an exemption, a PSD2 license must be obtained from DNB.

An alternative option offered by Article 70 paragraph 4 MiCAR is to outsource the payment services to a third party that has a PSD2 authorisation. It requires a careful assessment of the services offered in order to be able to determine compliance with both the MiCAR regulation and any applicable payment service regulations.

Please also pay attention to recital 90 MiCAR: 'Some crypto-asset services, in particular providing custody and administration of crypto-assets on behalf of clients, the placing of crypto-assets, and transfer services for crypto-assets on behalf of clients, might overlap with payment services as defined in Directive (EU) 2015/2366.'

The applicable law for The Netherlands is based upon the Act implementing amendments to the Fourth Anti-Money Laundering Directive, which stipulates that crypto service providers (firms offering exchange of virtual currencies (crypto) for money and (vice versa)), and providers of custodian wallets for virtual currencies must request registration with De Nederlandsche Bank (DNB).

The Netherlands plans to limit the transitional period for those crypto-asset service providers (entities that are already registered by DNB) clause to 6 months. We support this. This entails that crypto-asset service providers that provided their services based on their DNB registration before 30 December 2024, may continue to do so until 30 June 2025. This follows from Article 143 paragraph 3 MiCAR: 'Crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorisation pursuant to Article 63, whichever is sooner.'

Please note that the transitional period does not apply for parties who do not have a DNB registration before 30 December 2024.

Therefore, the AFM and DNB advise enterprises that intend to provide crypto-asset services in the Netherlands to submit a license or notification request at the AFM, instead of applying for a registration at DNB. This approach is more efficient for all parties involved. If potential CASP’s submit a registration request at DNB after the middle of 2024, they risk having to pay costs with no guarantee of obtaining a registration in 2024 because of the lead time of the assessment. In that case the transitional period will also not apply.

There is no simplified procedure conform Article 143 MiCAR in The Netherlands. For entities that are already registered in The Netherlands at DNB, under certain circumstances we can decide that a lighter MiCAR-assessment on specific components or topics could be performed in case elements have previously been assessed by DNB. For this purpose, we will receive the relevant information from DNB to minimise the need to re-assess similar information by us for a MiCAR license. This can for example be the case for the fit and proper testing of persons in charge of day-to-day operations and members of the supervisory board of CASP’s.

Please note that it is important that the license applicant indicates clearly in the fit and proper forms if the requested information or relevant information was provided to DNB in the past in the context of the application for registration under the Dutch Money Laundering and Terrorist Financing Prevention Act. Wecan then verify with DNB whether the information in question is indeed provided and assessed, in order to minimize the need for the same information to be reassessed by us as much as possible.

The AFM is the first point of contact for all matters related to CASP licensing and notifications (see Article 2, first paragraph, Decree on the Implementation of EU Financial Markets Regulations (BuEU) and Article 60 MiCAR and Article 63 MiCAR) and we will liaise with DNB where necessary, case-by-case. You can email us at crypto@afm.nl.

For questions on prudential requirements (see Article 67, Article 83 and Article 84 MiCAR) such as the capital requirements and the assessment of qualifying holdings, please contact DNB at crypto@dnb.nl and put crypto@afm.nl in CC.

• Among other things, the AFM expects crypto-asset service providers (CASPs) to properly inform their clients on the ways in which the clients’ assets are segregated from the assets of the CASP. It should be clear to clients what rights they have, how crypto-assets and funds are held in custody and what happens to customers' crypto-assets and funds in case a CASP goes bankrupt.
 
• Article 75 paragraph 7 MiCAR states that the clients’ crypto-assets should be held separately from the crypto-assets of the CASP. It is important that these assets are segregated both legally and operationally. This in any event means that the clients’ crypto-assets are held in custody via one or more separate wallets and the crypto-assets of the CASPs are held via one or more different wallets.
 
• Customer deposits held in custody can also be held in so-called omnibus wallets. CASPs may not hold their own crypto-assets in an omnibus wallet that has customer deposits. It thus requires a comprehensive administrative system so as to always be able to track which crypto-assets belong to which client.

• In terms of crypto-assets, there is no Dutch law based on which crypto-assets held in custody are segregated from CASPs’ assets, as there is for banks and investment firms under the Securities (Bank Giro Transactions) Act (Wet giraal effectenverkeer). To legally segregate clients’ assets from the crypto-assets of the CASP, CASPs often make use of a separate entity. Often, this is a foundation. This construction creates legal segregation. It is also done for other forms of financial services in the Netherlands.


• Another option is to comply with the requirements of asset segregation under MiCAR under the law of another European Union Member State. Other Member States in the European Union allow for crypto-assets to be held in custody by CASPs without the need of a separate entity. If CASPs decide to make use of such arrangements, the AFM considers it important that the CASPs demonstrate that this construction is as a minimum equivalent to the protection clients have under Dutch law and that clients are clearly informed about the method of asset segregation and their rights in the event of loss of crypto-assets.

• The separate entity holds the crypto-assets and funds in custody on behalf of their clients. In this case, the clients have a claim against the separate entity, as a result of which the crypto-assets and funds do not form part of the CASP’s equity, not even if the CASP suffers bankruptcy. Thus, creditors of the CASP cannot claim any of the crypto-assets and funds of the clients of the CASP.
 
• The AFM expects CASPs to be able to meet the legal and operational requirements of asset segregation imposed by MiCAR when incorporating a separate entity. In so doing, the AFM expects that such separate entities meet certain requirements. See question: What does the AFM expect from CASPs that incorporate a separate entity (Third-Party Funds Foundation) in order to meet MiCAR’s requirement of asset segregation?

The AFM expects CASPs to incorporate the separate entity with the aim of providing custody of the crypto-assets and funds of their clients and to keep these segregated from the CASP’s assets. The separate entity will be constructed so that only activities that contribute to this objective can be carried out. The AFM is of the opinion that if these and other requirements are being met, the entity serves as an extension of the CASP and a separate MiCAR licence may not be required. For the separate entity to qualify as an extension, it is important that all of the client’s crypto-assets and funds are segregated both legally and operationally and that the CASP bears ultimate responsibility and liability for custody and management.

Brought in detail, the AFM expects at least the following requirements to be met (not exhaustive):

• The AFM expects the board of directors of the separate entity to be sufficiently reliable and to have the right knowledge and skills to carefully manage and hold clients’ crypto-assets and funds in accordance with MiCAR. These could be the executive directors of the CASP. Should this be the case, the AFM expects CASPs to take any potential conflicts of interest into consideration.
 
• The AFM expects the entity to act solely in the interests of the clients for whom it provides custody of the crypto-assets and funds. In accordance with Article 75 paragraph 8 MiCAR, by having a separate entity as an extension, CASPs will be liable to their clients for the loss of any crypto-assets or of the means of access to the crypto-assets as a result of an incident that is attributable to them.
 
• By having a separate entity as an extension of the CASP, the AFM expects CASPs to guarantee compliance with the obligations and any liability of the separate entity. In their business continuity plan, CASPs include the settlement procedure of the separate entity in case of the CASP’s bankruptcy. CASPs also ensure that the entity has sufficient capital to return the crypto-assets and funds to the clients.
 
• The AFM expects for the separate entity to be included in the CASP’s risk and control procedures.

It is essential that the clients’ crypto-assets and funds are segregated from the CASP’s assets both legally and operationally. Below is a non-exhaustive list of requirements important to the AFM that must be complied with in order to refer to an operational segregation.

• The AFM expects that the clients’ crypto-assets are held in custody via one or more separate wallets and that the crypto-assets of the CASPs are held via one or more different wallets.
  
  
• The AFM expects CASPs to keep a register of positions, corresponding to each client’s rights to the crypto-assets at any given moment. This register of positions is frequently updated and at all times kept up to date. In accordance with Article 75 paragraph 4 MiCAR, any event likely to create or modify the rights of a client will immediately be recorded in the client’s register of positions.
  
  
• In accordance with Article 75 paragraph 3 MiCAR, the AFM expects that establishing a custody policy will minimise the risk of loss of clients’ crypto-assets or the rights related to those crypto-assets or the means of access to the crypto-assets due to fraud, cyber threats or negligence.
  
  
• The AFM expects that only the separate client asset segregation entity has control over (recovery of) the private keys of the wallets where client assets are held.