EU introduces licensing of crypto exchanges & custodian wallets

  • September 15, 2019

If you are a cryptocurrency exchange or a provider of crypto custodian wallet, wondering if you need a license to operate in the EU, then you should continue reading this article. Up until now, crypto exchanges and custodians were not regulated on the European level. This is changing with the adoption of the 5th Anti-money Laundering Directive, and as of 10 January 2020, all crypto exchanges and custodian wallet providers must be licensed or registered by every single national authority in the European Union. But don’t get scared away – we are here to help you understand the subject matter and to help you with the licensing/registration formalities.


European Anti-Money Laundering laws aim to prevent the misuse of the financial system for the purpose of money laundering and terrorist financing. The robust legislation imposes strict rules for the gatekeepers (banks and other obliged entities) where it is essential to apply measures to prevent money laundering and terrorist financing and ensure traceability of financial information. 

In the light of recent terrorist attacks and detection of money laundering via cryptocurrencies, the European Union has adopted a 5th Anti-Money Laundering Directive (5AMLD). The Directive states that “terrorist groups may be able to transfer money into the Union financial system or within virtual currency networks by concealing transfers or by benefiting from a certain degree of anonymity on those platforms. It is therefore essential to extend the scope of the Directive so as to include providers engaged in exchange services between virtual currencies and fiat currencies as well as custodian wallet providers. The competent authorities should be able, through obliged entities, to monitor the use of virtual currencies. Such monitoring would provide a balanced and proportional approach, safeguarding technical advances and the high degree of transparency attained in the field of alternative finance and social entrepreneurship.”

Moreover, the new Article 47 of the 5AMLD now also states that: “The Member States shall ensure that providers of exchange services between virtual currencies and fiat currencies, and custodian wallet providers, are registered, that currency exchange and cheque cashing offices, and trust or company service providers are licensed or registered, and that providers of gambling services are regulated.


The date for transposition of the Directive into national law for each Member State is 10 January 2020. This means, that the EU Member States must adapt their laws and ensure that all cryptocurrency exchanges and custodian wallet providers (domestic and potentially non-domestic) go through a registration or licensing procedure.

The steps taken by the EU policymakers and the Member States are not only going to affect their domestic companies but in many cases also non-domestic companies. Member States have taken different approaches, namely, some will only impose registration/licensing for the domestic companies, some for non-domestic as well – this will majorly depend on the actual marketing activities of the service provider on that territory, namely the national financial authorities will assess whether the company is actively pursuing users on that territory with marketing, PR or SEO activities, attending conferences and similar online and offline activities – such Activity Level Approach (ALA) will be taken by Germany and Finland, among others. Many companies might consider to not target markets with ALA specifically, but will let users come to them “on their own”. Where will an actual line be drawn for such activities and to which extent will they allow such activities to be carried out without a license or registration, remains to be seen.

The Directive does not give any specific guidance to the Member States on how to execute this, so the Member States are taking different approaches, some more burdensome than others.
Note, that in case the Member States decided to take a licensing approach (instead of a simpler registration procedure), such license awarded shall not be passportable, which means that the license shall be valid only on the territory of the Member State that awarded the license.


According to the 5AMLD, the Member States have two different approaches, namely (1) registration of cryptocurrency exchange or custodian wallet provider, (2) licensing of such service. Member States can choose freely which approach to take.

1. Registration

Some Member States are going to choose a (simpler) registration procedure with the aim to create a list of registered companies that operate such business. In this case, a company will have to register with the regulator via a simplified procedure. Such countries are Slovenia, the Netherlands, France, Sweden, etc. It is not yet clear, however, if the registration procedure will also be held in the English language and what will be the costs of the procedure.

In Finland, the domestic companies will have to go through a registration procedure, whereas the virtual currency provider’s obligation to register as a foreign company is still open to interpretation.

2. Licensing

In 2017 Estonia introduced two operating licenses for crypto exchanges and virtual wallet providers for companies registered in Estonia. The licensing procedure took 5 days, signing a few agreements (that bind you, as a financial business, to respect the international and national AML rules, perform a KYC client identification, properly monitor risks, report suspicious transactions, etc.) and payment of an application fee of approx. 300 EUR. This fee is, however, is about to rise to approx. 3000 EUR in December. In addition, Estonian regulator is contemplating on enhancing the rules for companies, established in Estonia, but having the management and actual operations held in other countries – if the law passes, all licensed cryptocurrency exchanges and wallet providers will have to ensure that actual operations are being held physically in Estonia. It is not yet clear, however, if the same rule for licensing will apply to non-domestic companies.

Another, more critical, example of imposing a license in Germany. It is important to note, that in Germany cryptocurrencies are (as of recently) regarded as financial instruments (units of account), meaning that companies offering cryptocurrencies or custodian wallets will need to obtain a license as a bank or financial service provider (MiFid ii license) or a new crypto license, which will be obtainable as of 30 June 2020. Before that date, all cryptocurrency exchanges and custodian wallet providers must notify the German Financial Authority about the intent of carrying out financial activities on the german territory and intent to apply for the license. It is noteworthy, that the application process for the crypto license will be run in German language only, and the company applying for the license will have to (1) open a branch in Germany, (2) pay an application fee, (3) provide a proof of a deposit of an initial capital in amount of 125.000 EUR (or more), (4) provide a proof of trustworthiness and technical reliability of the management, (5) Business, financial, strategic, organizational and governance plans, among other conditions.

The overall procedure is much like the procedure for licensing Payment service providers and electronic money institutions. My impression here is that Germany is taking the opportunity to impose limits to foreign companies for offering services on the German territory (unless if a company opens at least a branch), which hinders the principle of free movement of goods and services within the EU and could be seen as a covert quantitative restriction.


Every service provider will need to assess a number of criteria for licensing or registration of a service provider, namely:

(1) how will operations be organized and is a service provider planning to open a company, branch or subsidiary in one or more Member States,
(2) if, according to the national law of the Member State where the services are being (or intend to be) offered, the business is considered as a cross-border financial service provider,
(3) are services going to be advertised/marketed actively, how and what kind of activities are planned for that territory (if any),
(4) how does the national law treat cryptocurrencies (are cryptocurrencies treated as financial instruments, as means of payment, are the utility tokens regulated or not, etc.).

Every service provider will have to first estimate, which EU territories you wish to cover and/or enter with your service. If you only operate on some territories or you are concentrated or one or two, then concentrate on those markets. Based on your coverage, begin to learn about the national requirements for registration/licensing.

For bigger service providers who cover more than just a few Member States, you should prepare a plan, a list from countries where your service is most widespread (where you have the highest number of users) to countries where you have the least. Engage with regulators, connect with your legal advisors and work actively with them.

We are connected to regulators throughout the EU and can help you with licensing or registration procedures, as well as with communications with regulators and policymakers. In case you need our help, contact us here: [email protected]

Read also, how is Slovenia going to implement the Directive:

If you need a fintech lawyer, contact us here.

Call Now ButtonCall Us