Go to content

CASP pre-scan

The AFM offers companies preparing a CASP licence application the opportunity to request an optional pre-scan procedure. This helps to make the licence application process more efficient while building up mutual knowledge of important subjects.

The pre-scan is not a substitute for a formal review of your authorisation application and feedback will be of a general nature.


Market participants can submit CASP licence applications or notifications to the AFM from 22 April 2024. If approved, the licences or notifications can be used from 30 December 2024.

Eligibility

To be eligible for a pre-scan a party must:

• Have determined that their activities fall under the scope of MiCAR. (We suggest parties seek legal advice on this topic when still in doubt.)
• Be certain that they will apply for a MiCAR authorization in the Netherlands.
• Be at a sufficiently advanced stage of preparations to have substantive discussions on MiCAR compliance policies.

Process

Regarding the pre-scan process, you can expect the following 4 steps:

1. You contact the AFM at crypto@afm.nl to apply for the pre-scan.
2. We send you an email with an invitation for a 1-hour online meeting.
3. You prepare a slidedeck covering your answers to the pre-scan questions below regarding your preparations for the MiCAR authorization application and send this to us at least 1 working day ahead of the meeting.

The pre-scan questions

  1. In which jurisdictions do you currently hold registrations/authorisations/licenses? For what services/activities (incl. non-EEA jurisdictions and non-crypto activities)?
  2. In which EEA-jurisdictions (incl. NL) can you make use of a grandfathering / transitional period? What is the duration of the grandfathering/transitional periods in the relevant jurisdictions? Do you foresee exceeding any of those grandfathering/transitional periods and which steps do you plan to undertake in this regard?  
  3. For which services, as listed under Art. 3(1)(16) MiCAR, will you apply for authorisation (including a legal substantiation and a brief explanation as to why other services are not applicable)?   
  4. Which entities are involved (in a group structure), what are their relations to each other, and their responsibilities? How many FTE are employed in the group as a whole (subdivided per entity)? What is the address of the requesting entity's headquarters? What is your (planned) presence in the Netherlands (offices, FTE employed, etc.)?   
  5. Which persons are in-scope for fit and proper testing (please include all persons in charge of day-to-day operations and members of the supervisory board)? What is the proposed board composition and how does this ensure compliance with the suitability requirements?   
  6. What are your internal control mechanisms, policies and procedures to identify, assess and manage relevant risks? What are the main risks related to your activities? What is your FTE capacity for the internal control functions (compliance, risk etc.) and why is this sufficient considering the scale and complexity of your activities?   
  7. What are your ICT-Risk management, outsourcing, business continuity, and DORA compliance plans?   
  8. What is your AML/CFT (ie., Wwft, Sanctiewet, TFR) compliance plan? What blockchain monitoring-tooling do you (intend to) use for your customer due diligence and/or your transaction monitoring?   
  9. How do you guarantee the clients’ ownership rights of their crypto-assets and funds (e.g, in case of insolvency) and prevent the use of clients’ crypto-assets and funds for your own account (segregation of assets)?   
  10. How are clients informed about the nature, costs, and risks of the CASP services and products?