sk sk

Preparation and submission of a request

Regulation (EU) 2023/1113 of the European Parliament and of the Council of 31 May 2023 on data accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience of the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011

Act No 297/2008 Coll. on protection against legalization of proceeds from crime and on protection against financing of terrorism and on amendments and supplements to certain acts, as amended

Act No. 266/2005 Coll. on consumer protection in distance financial services and on amendments and supplements to certain acts, as amended

Act No. 108/2024 Coll. on consumer protection and on amendments and supplements to certain acts

Act No. 747/2004 Coll. on financial market supervision and on amendments and supplements to certain acts, as amended

The MiCA Regulation empowers the European Commission to adopt implementing rules governing the details in relation to several provisions of the MiCA Regulation.

MiCA and TFR implementing regulation and guidelines

745.44 kB

What legal form can an applicant for a license to operate as a Crypto-Asset service provider have?

An applicant for a crypto-asset service provider authorisation may have one of the following legal forms:

joint-stock company,

limited liability company,

simple share company,

European company (Societas Europea).

Article 59(1)(a) of the MiCA provides that an authorisation for the activity of a crypto-asset service provider may be granted exclusively to legal persons or other undertakings. Pursuant to Article 59(3) of the MiCA, the legal form of such undertakings must, under the relevant national law, guarantee a level of protection of third-party interests equivalent to that provided by legal persons and must at the same time be subject to equivalent prudential supervision corresponding to their legal form. The legal order of the Slovak Republic does not recognise a form of undertaking that would meet the requirement of Article 59(3) of the MiCA and at the same time enable the fulfilment of other requirements imposed on applicants for an authorisation for the activity of a crypto-asset service provider.

A public company and a natural person – entrepreneur are not suitable legal forms for applicants for a license to operate a crypto-asset service provider, as they do not allow for the fulfillment of prudential requirements under the MiCA. A cooperative is also not a suitable legal form for applicants for a license to operate a crypto-asset service provider, as the applicable legal regulation prohibits the creation of the institute of a “free” member share, which would be available to the cooperative in the event of the termination of the membership of one of its members. Unlike capital companies, a cooperative is in some cases unable to prevent a reduction in the amount of its prudential guarantees, which constitutes a reason for a mandatory refusal to grant a license to operate a crypto-asset service provider pursuant to Article 63(1)(d) of the MiCA. A limited partnership is also unable to prevent a reduction in its prudential guarantees and is therefore also not a suitable legal form for applicants for a license to operate a crypto-asset service provider.

How to proceed when choosing technological solutions related to the performance of activities?

When choosing technology solutions for a crypto asset service provider, it is important to consider various aspects, from security to effective management. General recommendations for key areas:

  • Cloud services and internal server solutions

    CASPs should utilize cloud services or internal server solutions with a business continuity plan that ensure high availability and resilience to outages. These systems must guarantee rapid recovery from outages and continuous operational efficiency.

  • Advanced wallets for managing funds

    Using enterprise-grade wallets that support multi-factor authentication and have the ability to manage multiple crypto assets. These wallets should support hardware security and enable efficient key management.

  • Solution for storage of clients´funds

    The solution should ensure the safe custody of client funds, protection against unauthorized access, and the ability to quickly and efficiently manipulate funds. It is important that these systems are resistant to cyber attacks and provide multi-layered protection. It is recommended to implement additional security measures such as multi-signature transactions, time locks, and hardware security modules to further protect client funds.

  • Security solutions for protection against cyber threats

    These solutions should include advanced firewall systems, intrusion detection and prevention, data encryption, and regular security auditing. It is crucial that these systems are flexible and able to adapt to new threats and developments in cybersecurity.

  • Clients´applications

    Intuitive and user-friendly front-end interfaces that allow for easy and secure interaction with client accounts. Use of secure and encrypted data transfer protocols, such as SSL/TLS, to secure data transfers between client and server.

  • Tools for blockchain analysis

    The chosen software should provide detailed analysis of transactions on the blockchain, identifying risk patterns and links between addresses and transactions. Such software is crucial for effective risk management and tracking unusual activity.

  • Tools for AML risk screening

    The selected software should be able to perform customer due diligence (CDD), continuously monitor the client’s business activities, check its inclusion in global and regional sanctions lists, and prevent unusual business operations and transactions violating sanctions measures.

In general, CASPs should implement reliable solutions that ensure high availability, scalability, and fast transaction processing. These systems should be designed with cyber-attack protection in mind and provide advanced compliance and auditing features. In each of these areas, it is important to look for solutions that are specifically designed for the needs and challenges of the crypto-asset sector, ensure compliance with regulatory requirements, and offer a high level of security and efficiency.

What will be the fees and annual contributions in the crypto asset sector?

There are costs associated with the procedure for granting a license to operate as a crypto-asset service provider before the National Bank of Slovakia and the supervision of supervised entities by the National Bank of Slovakia.

Fee for the act of the National Bank of Slovakia

The fee for the act of the National Bank of Slovakia is payable by the person who submitted the application or other initiative (extension, amendment of the permit, granting of prior consent or its amendment, or approval of an act, prospectus or other act) aimed at performing an act subject to the fee. The applicant for the grant of a permit to operate as a crypto-asset service provider is obliged to pay the fee by submitting an application to the National Bank of Slovakia, no later than five working days from the date of delivery of the application to the National Bank of Slovakia. The applicant is obliged to submit a copy of the document on payment of the fee in the application, but no later than before the expiry of the deadline for a decision on the application.

Fee for submitting an application for a permit

The amount of the fee for submitting an application for a permit for the activity of a crypto-asset service provider is specified in the Regulation of the National Bank of Slovakia No. 5/2021 on fees for the acts of the National Bank of Slovakia, as amended by the Regulation of the National Bank of Slovakia No. 8/2024. The amount of the fee is determined according to the scope of the requested crypto-asset services specified in the application for a permit as follows: EUR 1,700, EUR 2,500 or EUR 3,400.

Details on the issue of fees for the acts of the National Bank of Slovakia are provided on the website of the National Bank of Slovakia.

Annual Contribution

The annual contribution of a supervised entity is obliged to be paid to the National Bank of Slovakia by a supervised entity that has acquired a permit or other authorization to carry out activities in the financial market pursuant to a special regulation. Pursuant to the provisions of Section 40, paragraph 2 of Act No. 747/2004 Coll. on Financial Market Supervision and on Amendments and Supplements to Certain Acts, as amended, the annual contribution for the relevant calendar year is determined by the Bank Board in advance for the entire year no later than December 20 of the previous year, for all contributors of the same type under the same conditions, in the same manner and within the rates for annual contributions of contributors. Annual contributions are paid by supervised entities each calendar year throughout the validity period of the permit.

For crypto-asset service providers, the annual contributions for 2025 were determined in Decision No. 4/2024 of 25 June 2024 on the determination of annual contributions and a special contribution of supervised financial market entities for 2025, as amended by Decision No. 15/2024 of the National Bank of Slovakia (full text No. 16/2024). The amount of the annual contribution for crypto-asset service providers is determined at 0.1% of the volume of assets of the crypto-asset service provider, but at least EUR 1,000.

Details on the issue of fees for the acts of the National Bank of Slovakia are provided on the website of the National Bank of Slovakia.

Preparation of a request

Do I need legal representation when proceeding before the NBS?

The National Bank of Slovakia recommends that applicants, when preparing their application and during the licensing procedure before the National Bank of Slovakia, use the option of legal representation by a law firm that has experience with proceedings conducted before the National Bank of Slovakia. Using the services of a law firm in the process of preparing the application and all its annexes can contribute to a smooth and efficient procedure in the application, which has a positive impact on the length and outcome of the licensing procedure.

How to choose a lawyer for licensing proceedings?

The choice of legal representative is entirely the responsibility of the applicant. NBS recommends cooperating with established law firms with proven experience with Slovak legal system and licensing procedures before NBS. We recommend avoiding legal representatives who offer the following: Statements about guaranteeing success or “processing” the license in unrealistic time, offering “ready-made” packages including directors or compliance officers, the seat of the advisor in offshore jurisdictions, marketing based on the “easiest way” to the EU.

Je možné využiť tzv. “nominee” konateľov alebo spoločníkov na splnenie požiadaviek lokálnej prítomnosti?

Nie. Využívanie „nominee services“ je v priamom rozpore s  požiadavkami skutočného riadenia a vhodnosti osôb, ako aj s predpismi v oblasti AML/CFT. NBS vyžaduje identifikáciu osôb, ktoré skutočne riadia poskytovanie služieb kryptoaktív. NBS vyžaduje reálnu odbornosť, znalosť obchodného modelu, technickej infraštruktúry a riadenia rizík. Ak sa preukáže, že osoby nemajú reálny vplyv na riadenie alebo rozhodovanie, ide o závažný nedostatok z hľadiska požiadaviek na osoby v riadiacich pozíciách, ktorý môže viesť k negatívnemu posúdeniu žiadosti.

Is it possible to use so-called “nominee” directors or partners to meet local presence requirements?

No. The MiCA Regulation allows crypto-asset service providers to use outsourcing, but this must not lead to the delegation of responsibility, change of the relationship with the client, delegation of management or the creation of an entity without real operational and decision-making substance.

The crypto-asset service provider must retain full responsibility and effective control over the outsourced activities. The NBS is of the opinion that key decision-making processes, in particular in the areas of compliance, AML/CFT control and IT risk management, should be carried out internally and under the direct control of the statutory body in the Slovak Republic.

Extensive outsourcing that would limit the provider’s ability to effectively manage its activities or would impede the exercise of supervision by the competent authorities may lead to a negative assessment of the application or to supervisory measures.

Does the NBS only check the documents I submit to it, or also publicly available sources?

In the licensing procedure, the NBS assesses not only the information and documents submitted by the applicant, but also other relevant facts available from public and official sources. Discrepancies between the submitted data and publicly available information may lead to additional considerations when assessing the credibility and suitability of the applicant.

How should an application for a crypto-asset service provider authorisation be structured from a formal perspective? Can the applicant submit the application or attachments in electronic form?

The applicant shall submit an application pursuant to Article 62(2) of the MICA Regulation with details pursuant to Article 62(2) and (3) of the MiCA Regulation. The standard form and template for the application for authorisation to provide crypto-asset services will be available on the website of the National Bank of Slovakia after the approval of the Regulatory Technical Regulations (RTS) and Implementing Technical Regulations (ITS). Their drafts are currently available on the website of the National Bank of Slovakia. Given the number of annexes and their extensive content, it is necessary to attach a list of annexes with their exact numerical designation to the application. Proceedings before the NBS shall be conducted in paper form. Annexes to the application must be originals or officially certified copies. The NBS may, on the basis of a written proposal from the applicant or on its own initiative, waive the submission of an annex to the application in paper form and allow its submission in electronic form on a durable medium, unless special regulations provide otherwise.

What should I do when it is necessary to present public documents issued abroad in the proceedings?

Before a public document from abroad can be used in the application procedure, it must first be authenticated in the country of its origin in a relevant manner. This is most often done by means of an apostille.

If it is a public document from a country that is not a signatory to the Hague Convention, it must be super-legalized (so-called consular super-legalization). This verification is a 3-step process. In the third step, the document submitted to the NBS is verified by the Slovak embassy (embassy or consulate), i.e. in principle, the embassy of the country from which the document is to be used.

If it is a public document from a country that is a signatory to the Hague Convention Abolishing the Requirement of Legalization for Foreign Public Documents, it is sufficient to have an apostille, while it is necessary that not only the document but also the translation clause on the official translation be apostille if the official translator is from abroad (i.e. 2 Apostille certificates are required).

Since February 16, 2019, certain types of public documents issued or certified in EU Member States are exempt from all forms of authentication (apostille, superlegalization). It is not necessary to verify the absence of a criminal record. However, the Slovak Republic has concluded bilateral agreements with some states that allow mutual recognition of documents even without an apostille (list available in PDF versions). As for a document issued by a state authority in this category, an apostille is not required.

Can the application or part of it (e.g. any of the annexes) be submitted in a language other than Slovak?

The application, including its annexes, shall be submitted in the state language. If any of the annexes is drawn up in a language other than the state language, its officially certified translation into the Slovak language must be submitted together with the annex. The National Bank of Slovakia may, based on the applicant’s written proposal (stated in the application or its supplement), waive the submission of an officially certified translation of the technical documentation or other annex into the state language if it is drawn up in Czech or English.

The National Bank of Slovakia usually accepts the submission of technical documentation in English. The National Bank of Slovakia also usually accepts documents proving the professional competence of the assessed persons in English. The National Bank of Slovakia may, after agreement with the applicant, accept the submission of other annexes to the application in English if this is in accordance with special generally binding legal regulations.

Documents relating to the applicant’s internal organisation, such as The internal regulations that the applicant will follow after the granting of the authorisation and which will also be subject to supervision must be submitted in the Slovak language, or bilingually if necessary. However, the National Bank of Slovakia is also entitled to additionally request the submission of an officially certified translation into the state language, if necessary.

What are the requirements for the separation of assets between a crypto asset service provider and its clients?

Cryptoasset service providers are required to ensure the separation of their assets from those of their clients on two levels:

  • Separation of clients´ funds

    In relation to client funds, crypto-asset service providers are required, unless they are electronic money tokens, to ensure their separation from their own funds through a separate ad-hoc bank account. This separate bank account must be clearly identifiable and may never contain the crypto-asset service provider’s funds. Client funds must be credited to this separate bank account no later than the next business day after their receipt by the crypto-asset service provider.

  • Separation of Clients´ Crypto-Assets

    In relation to clients’ crypto-assets, crypto-asset service providers that provide custody and management of crypto-assets on behalf of clients are required to ensure clear operational separation of these from their own crypto-assets and to identify the means of access to them. Client crypto-assets must be held in wallets that do not and have never held the crypto-asset provider’s own crypto-assets.

In the licensing procedure, a potential crypto-asset service provider must demonstrate either direct compliance with the above requirements or unconditional ability to meet them. Ability to meet the requirements is understood as the existence of a complete plan to meet the requirements in question through specific third-party services (e.g. banks), with these third parties confirming their readiness to provide such services to the potential crypto-asset service provider.

For the above purpose, a potential crypto-asset service provider must submit, for example, contracts with suspensive conditions as of the date of granting the permit, contracts on future contracts, or a written confirmation indicating that the third party is ready to provide a certain service to the potential crypto-asset service provider under pre-agreed conditions.

How is the sufficiently good reputation and adequate knowledge, skills and experience of the members of the applicant’s management body demonstrated?

According to Article 62(2)(g) of the MiCA Regulation and the draft relevant ESMA and EBA joint guidelines, members of the management body of the applicant in a CASP must meet the requirements of sufficiently good repute and have adequate knowledge, skills and experience to manage the CASP.

  • Good reputation

    Good reputation shall also include the concepts of trustworthiness, integrity and good repute. The applicant must demonstrate that the members of the management body have no criminal record and have not committed any serious violations of regulatory or administrative regulations in the past, which is evidence of their integrity and trustworthiness. The applicant must also submit information in the application about ongoing criminal proceedings, as well as enforcement, civil, administrative and disciplinary proceedings, including disqualification from performing the functions of a member of the statutory body, a member of the supervisory body, a head of an organizational unit of the company, a head of an enterprise of a foreign person, a head of an organizational unit of an enterprise of a foreign person or a procurator. Documents proving these facts must not be older than three months.

  • Assessment of appropriate knowledge, skills and experience

    The assessment of adequate knowledge, skills and experience is based on the assessment of the requirements and entitlements for the position to be filled, knowledge and abilities acquired through education and practice, professional experience from previous work positions. When assessing knowledge and experience, particular account is taken of education and practice in the field of regulation of financial markets and the crypto-asset market, as well as their nature and types. Knowledge of risk management, in particular credit, market and liquidity risk, is also assessed. Awareness of the requirements for operational resilience, auditing, accounting, regulations for the prevention of money laundering and terrorist financing, and personal data protection is also taken into account. Previous management skills, the ability to perform internal control, strategic planning and understanding of the applicant’s business strategy are also demonstrated.

    When assessing professional experience, the nature of the previous position and its level in the hierarchy, length of service, number of subordinates, acquired technical knowledge and decision-making powers are taken into account. The applicant is required to submit a professional CV with a precise history of employment, indicating the time periods and the designation of the job position held by this natural person. When demonstrating adequate knowledge, skills and experience, it is necessary to submit documents on professional practice with a detailed description of the activities performed, responsibilities and indicating the areas of the financial market/cryptoasset sector in which the natural person worked. It is necessary to indicate the exact period of employment in the job position/job positions. If the employment in the job position includes the tasks and responsibilities of a senior employee, it is necessary to specify management experience separately, indicating the scope of responsibility for managing other persons, assigning tasks, controlling the performance of tasks, or other competencies of a manager.

    All this in relation to each other and with regard to whether the professional experience of the members of the applicant’s management body and their previous experience will ensure the proper and secure functioning of the crypto-asset service provider in the financial market.

    The individual suitability of each member of the management body, as well as the collective suitability of the management body, is assessed, since the management of a CASP requires the cooperation of persons with a diverse and balanced set of skills.

Insufficient demonstration of good reputation, adequate knowledge, skills and experience of the above-mentioned persons through the prescribed documents is a substantive deficiency in the application for a license to operate as a crypto-asset service provider. The National Bank of Slovakia cannot decide on the granting of a license to operate as a crypto-asset service provider without demonstrating the above conditions.

How is the suitability of shareholders and partners who have qualifying holdings in the applicant proven?

The applicant is required to provide evidence of the sufficiently good repute of all direct or indirect shareholders and associates of the applicant pursuant to Article 62(2)(h)(3) of the MiCA Regulation. The applicant is required to demonstrate, in accordance with the relevant regulatory standards, the suitability and financial soundness of the shareholder or associate of the applicant and the absence of suspicion that money laundering, terrorist financing or attempted money laundering or terrorist financing is taking place or has taken place in connection with the proposed acquisition.

If the shareholder or associate of the applicant is a natural person, the applicant is required to demonstrate that he or she has no criminal record, including information on whether such person is entered in the register of disqualifications. If the shareholder or associate of the applicant is a legal person, the applicant must demonstrate compliance with the condition for all legal persons that have a direct or indirect shareholding of at least 10% in the applicant. In the case of an indirect share, the fulfillment of the conditions shall be demonstrated for each legal entity whose indirect share is higher than 10% and for a natural person whose indirect share in these legal entities is higher than 10% (ultimate beneficial owner).

The application shall also be accompanied by documents proving the origin of the funds invested in the applicant’s share capital and the origin of other financial resources necessary to overcome the applicant’s adverse financial situation in the future. The applicant is obliged to provide information on the origin of the funds invested in the applicant’s share capital and other financial resources and to submit documents reliably proving the above facts, in particular statements of accounts, an extract from the real estate cadastre, securities, business shares or other documents and deeds proving the origin and ownership of the resources to be used to finance the crypto-asset service provider.

The submitted documents must clearly indicate the source of these funds, their true origin, sufficient volume and composition.

  • Own funds financing

    In the event that the applicant’s shareholder or partner’s own funds are involved, it is necessary to provide, in particular, detailed information on how the aforementioned resources were obtained and to submit documents proving these facts (e.g. tax returns, income from dependent activities, financial statements). It is also necessary to submit the annual financial statements of the person with a qualifying holding for the last three accounting periods and, in the case of a natural person – entrepreneur, also the income tax return for the last three tax periods, or for a shorter period if the natural person – entrepreneur started carrying out business activities less than three years before submitting the application for a permit. In the case of a natural person who is not an entrepreneur, a document on the annual settlement of advance payments for income tax from dependent activities is alternatively submitted.

  • Other sources of financing

    In the event that it concerns another (foreign) source of financing (e.g. loan, credit), the application must contain details of these sources, their origin, composition and documents proving these facts. In the event that the applicant uses foreign sources of financing, the National Bank of Slovakia will examine all relevant facts on the basis of which these foreign sources of financing were provided, and determine their initial source and historical origin. It is therefore necessary for the applicant to document the origin of the funds back to the initial source. In the case of the applicant’s other financial sources, it is also necessary to demonstrate that these are liquid financial resources that will need to be used in the short term in the event of an unfavorable financial situation of the crypto-asset service provider. The National Bank of Slovakia states that such liquid financial resources include, for example, cash in bank accounts or liquid securities. Real estate does not meet the condition of liquid assets for this purpose.

Insufficient demonstration of the suitability of shareholders and partners who have qualifying holdings in the applicant and the origin, composition and sufficient volume of funds in the above-mentioned scope and through the prescribed documents is a substantive deficiency in the application for a license to operate as a crypto-asset service provider. The National Bank of Slovakia cannot decide on the granting of a license to operate as a crypto-asset service provider without demonstrating the above conditions.

What are the personnel requirements for a crypto asset service provider?

  • Number od employees

    The number of employees should reflect the requirements of the MiCA Regulation and correspond to the nature, scope and complexity of its subject matter and the scope of activities performed and services provided.

  • Composition of employees

    The requirements for the specific composition of staff are set out in the MiCA Regulation and related regulations (AML Act, DORA Regulation) in the relevant areas that regulate the provision of crypto-asset services. The applicant is required to indicate in the application the persons responsible for the internal functions: management, supervision and internal control functions and provide details of the position of the responsible person under the AML Act, the technical officer to ensure operational resilience and the functioning of the systems and the officer providing the specific crypto-asset service. The division of positions must guarantee sufficient time to effectively perform the tasks, taking into account their other commitments. These criteria ensure the competence and credibility of the CASP management, which helps to meet regulatory requirements and protect the integrity of the crypto-asset sector.

Failure to demonstrate sufficient personnel security of the applicant is a substantive deficiency in the application for a license to operate as a crypto-asset service provider. The National Bank of Slovakia cannot decide on the granting of a license to operate as a crypto-asset service provider without demonstrating the above conditions.

What should the applicant’s action plan contain?

The application for a crypto-asset service provider licence must include a detailed business plan for a three-year period. The business plan must be based on realistic assumptions specified by the applicant and take into account different scenarios of possible developments in the crypto-asset market (e.g. market growth, stagnation, market decline). The business plan should be comprehensive, realistic and cover all key areas of activity. Overly optimistic estimates in the areas of finance, human resources, marketing, client acquisition and overall business results cannot be accepted, without a description of mitigating measures and critical scenarios. The plan shall also include evidence to support the forecasts submitted.

  • List of Crypto-Asset services

    This plan must include a list of crypto-asset services that the CASP intends to provide, with a clear description of the activities, along with a justification for qualifying these activities as specific crypto-asset services. It must also explicitly state which types of crypto-assets these services apply to and for which potential clients the applicant intends to provide them.

  • List of other regulated and non-regulated activities

    The business plan describes all regulated and unregulated activities, supported by CASP’s ability to perform them and the manner in which they are performed, and the geographical distribution of services according to the domicile of target clients.

  • Description of organisational structure

    The plan must also describe the human, financial and technical resources allocated to the provision of the services, defining the organizational structure, qualification requirements for the various tasks and the geographical location of these resources. An outsourcing policy must also be included, describing the agreements, the list of entities that will provide outsourced services for the applicant, and the specification of the outsourced services.

  • Other duties

    If the applicant is part of a group, it shall also provide details of the applicant’s qualifying holding structure, the current and planned organisation and structure of the group, a list of all supervised entities within the group, including an indication of the services provided by them, activities and types of clients for whom they are intended.

    Client access to crypto-asset services should be clearly stated, specifying domain names, IT applications and marketing strategies.

The inconsistency of the business plan with the crypto-asset services for which the applicant is requesting a license, the vagueness and incompleteness of the business plan are substantive deficiencies in the application for a license to operate as a crypto-asset service provider. The National Bank of Slovakia cannot decide on the granting of a license to operate as a crypto-asset service provider without demonstrating the above conditions.

What expectations does the NBS have from the applicant regarding demonstrating compliance with regulatory requirements in the area of ​​AML/CFT?

Jednou z obligatórnych podmienok na udelenie povolenia je požiadavka na riadne plnenie povinností a opatrení na ochranu pred legalizáciou príjmov z trestnej činnosti a financovaním terorizmu (ďalej len „ochrana pred ML/TF“). Podrobnosti o očakávaniach NBS v tejto oblasti sú pre rozsiahlosť uvedené v samostatnom dokumente.

One of the mandatory conditions for granting a permit is the requirement for proper fulfillment of obligations and measures to protect against money laundering and terrorist financing (hereinafter referred to as “ML/TF protection”). Details of the NBS’s expectations in this area are provided in a separate document due to their extensiveness.

What monitoring and analytical tools has requestor?

A crypto-asset service provider’s compliance with MiCA requires the implementation of a comprehensive set of analytics and security tools. These tools, focused on blockchain analytics, anti-money laundering (AML) screening, including compliance with restrictive measures, and other key areas, form the foundation of a robust compliance framework, ensuring operational integrity and compliance. An overview is provided in the “Before You Apply” section.

What should an applicant keep in mind if they want to implement identification and verification of client identification without physical presence (online/remote onboarding)?

The legal basis for processing identity documents of crypto-asset service providers is based on their classification as obliged entities under Act No. 297/2008 Coll. on the Protection against Money Laundering and on the Protection against Terrorist Financing, as amended (hereinafter referred to as the “AML Act”), which imposes an obligation to perform customer due diligence, which includes identifying and verifying the identification of the client. This requires the collection, recording, storage and processing of the client’s personal data, including identity documents such as ID cards or passports.

  • Identification and verification of a client

    Identification and verification of the identification of a client – ​​a natural person without physical presence through technological means must be at a level comparable to verification with the physical presence of the client. This method of identification and verification must take into account risk factors from the perspective of the product, service, trade, distribution channel and geographical perspective.

    When identifying and verifying the identification of a client – ​​a natural person, without their physical presence, the crypto-asset service provider shall ensure that the technical means have, in particular, the functions of obtaining and verifying biometric or comparable data and their trustworthy verification, detecting discrepancies in biometric data, verifying the obtained data with external sources, obtaining other personal data, e.g. through a photocopy of an identity card. Verifying the authenticity of the submitted documents and identifying the risky behavior of the verified entity during communication or supervision. Details are regulated by other sources, e.g. EBA guidelines and the NBS opinion.

  • Processing of personal data of client

    In accordance with Section 19(1) of the AML Act, crypto-asset service providers are entitled to process personal data of a client even without his consent, if this is required to fulfil the obligations set out in the law in the field of prevention of money laundering and terrorist financing. It is important that such data processing must always be carried out only on a lawful legal basis.

    The processing of such data is therefore lawful and is part of the crypto-asset service providers’ obligations when exercising due diligence in relation to their clients. This also includes the possibility to request and scan the client’s identity documents.

What are the requirements for using third-party services (outsourcing)?

The purpose of outsourcing is to improve the operational efficiency of a crypto-asset service provider by using the expertise of third parties to perform certain services or operational functions or activities. In the provision of outsourcing services, third parties perform services, functions or activities that would otherwise be performed by the crypto-asset service provider.

Services or activities that would not otherwise be performed by the authorised entity, such as the purchase of office supplies and furniture, cleaning, statutory audit or legal representation before a court or administrative authority, are not considered to be outsourcing.

An applicant for an authorisation to operate a crypto-asset service provider shall, when specifying the intended business model, submit a business plan pursuant to Article 62(2)(d) of the MiCA Regulation, setting out the types of crypto-asset services that it intends to provide, including where and how those services are to be marketed.

If the applicant intends to perform services or certain activities through third parties (outsourcing), the business plan submitted by the applicant in the application must also include details on how the outsourcing will be performed, as specified in the draft delegated regulation supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the information to be included in an application for authorisation as a crypto-asset service provider. These include:

  • Policy of requestor in the domain of outsourcing

    The applicant’s outsourcing policy should include, in particular, procedures for implementing, monitoring and managing outsourcing mechanisms, the responsibilities of the management body when making decisions on outsourcing, the identification, assessment and management of risks when using outsourcing, procedures for identifying critical or important functions, procedures for identifying, assessing, managing and mitigating potential conflicts of interest and the potential impact on business continuity.

  • Description of planned agreements of requestor

    A detailed description of the applicant’s planned outsourcing arrangements, including intra-group agreements on how the applicant intends to meet the requirements set out in Article 73 of the MICA Regulation, shall include, in particular, a specification of the activities to be outsourced, the financial commitments of the contracting parties, precise quantitative and qualitative performance targets for the outsourced function, the right of the crypto-asset service provider to monitor the performance of the third-party provider on an ongoing basis; where the crypto-asset service provider and the third party are part of the same group, the outsourcing requirements should meet the same requirements as for outsourcing to an external third party.

  • Information on functions

    Information on the functions or person responsible for outsourcing, the human and information resources specified for the control of the outsourced functions, services or activities and the risk assessment related to outsourcing. The applicant specifies the function or person who will be responsible for the control of the outsourced activities.

Where a crypto-asset service provider outsources the performance of any of its services or activities to a third party or entrusts the performance of operational functions to a third party, it shall remain fully responsible for compliance with all its obligations under the MiCA Regulation and shall ensure at all times that the conditions for the performance of the outsourced services and activities referred to in Article 73 of the MiCA Regulation are met; outsourcing shall not result in the delegation of responsibility of the crypto-asset service provider.

When selecting a third party to which it intends to outsource certain services, functions or activities, the applicant should in particular carry out an analysis of its business model, assess the scale and complexity of its activities, financial situation, ownership and group structure, any supervision exercised by the competent authority, and subsequently take into account its ability, capacity, sufficient resources and organisational structure to perform the outsourced activities reliably and professionally. According to Article 75(1) 9 of the MiCA Regulation, where crypto-asset service providers providing custody and management of crypto-assets on behalf of clients use other crypto-asset service providers for the said service, they shall only use crypto-asset service providers that have been granted authorisation in accordance with Article 59 of the MiCA Regulation; they shall also be obliged to inform their clients thereof.

Details of the manner in which the operational functions identified by the applicant as critical or important operational functions are to be performed must be specified in the description of the business continuity plan submitted by the applicant in the application. The applicant is obliged to assess whether these are critical or important functions even if only partial activities are intended to be outsourced. When assessing whether an outsourced function is critical or important, it is decisive whether it is essential for the operation of the crypto-asset service provider, i.e. without it the crypto-asset service provider would not be able to provide its services. The criteria for assessing a critical or important function are specified in Article 3(22) of the DORA Regulation.

When developing an outsourcing policy, we recommend that applicants proceed analogously according to the EBA Guidelines on outsourcing EBA/GL/2019/02 and ESMA Guidelines No. ESMA50-164-4285 on outsourcing to cloud service providers.

Does the NBS check the applicant’s close ties with other entities when processing the application?

The National Bank of Slovakia shall, in the proceedings concerning the application, grant a licence for the activity of a crypto-asset service provider only if the close links of the applicant with natural persons or other legal entities do not impede the effective supervision of the future crypto-asset service provider.

In this context, the National Bank of Slovakia shall assess in particular the detailed organisational chart of the group structure, information on the activities currently carried out by the group entities, information on the share of capital and voting rights of shareholders with significant influence over the group entities, as well as information on the relationships between the financial and non-financial entities of the group. The subject of assessment in the proceedings concerning the application shall be documents and information on whether the close links of the proposed acquirer will affect the ability of the future crypto-asset service provider to provide timely and accurate information to the National Bank of Slovakia in the exercise of supervision and whether the links between these entities do not impede the exercise of supervision over the crypto-asset service provider.

If the applicant is closely linked to another natural or legal person established in a third country or is part of a group established outside the Union, the National Bank of Slovakia shall additionally take into account the existence/absence of a memorandum of understanding or cooperation between the National Bank of Slovakia and the supervisory authority of the third country. The subject of the assessment shall also be general information on the regulatory regime of the third country, a detailed description of the applicable legal framework for combating money laundering and terrorist financing, including its compliance with the recommendations of the Financial Action Task Force (FATF), the laws, other legal regulations or administrative measures of the third country by which the natural person or other legal persons are governed, as well as any declarations by the relevant foreign authorities that there are no obstacles or restrictions in providing information necessary for the supervision of the National Bank of Slovakia.

The National Bank of Slovakia will refuse to grant a license to provide crypto-asset services unless it is proven beyond reasonable doubt that close ties do not impede effective supervision of the future crypto-asset service provider.

Will the supervised entity be required to have an account with a bank or other payment service provider at the time of application?

In the application procedure, the applicant shall demonstrate that it has taken appropriate measures to protect the proprietary rights of clients in order to demonstrate compliance with the condition under Article 70(1) and (3) of the MiCA Regulation. According to Article 10 of the draft delegated regulation supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the information to be included in an application for authorisation as a crypto-asset service provider, the applicant shall provide a detailed description of its policies and procedures for the segregation of crypto-assets and client funds in the application procedure and indicate how it will ensure that client funds are held in an account that will be segregated from accounts belonging to the applicant.

The applicant’s description of the procedures for the segregation of client funds should include information on the bank account(s) to be maintained by the prospective crypto-asset service provider for this purpose. At the same time, it is necessary for the applicant to submit documents in the application proving the separation of the client’s financial resources from the applicant’s accounts, e.g. a contract concluded with a financial institution to open a bank account.

Can information and communication tools, such as an electronic form, be used in the complaint handling process?

Complaints are governed by Article 71 of the MiCA Regulation and the Implementing Regulation on the handling of complaints by crypto-asset service providers, which is currently under consultation. The draft Implementing Regulation states that clients should be able to submit a complaint electronically or by post. (Art.3(1)) The provider is obliged to publish the “Complaint Form” set out in the Annex to the Implementing Regulation. However, failure to comply with the form shall not be grounds for rejecting the complaint as inadmissible (Art.1(7)).

It follows from the above that the provider may allow complaints to be submitted electronically via the provider’s platform, subject to compliance with the content requirements and a transparent complaint handling process, in order to achieve a better user-friendliness of the platform and the services provided. The obligation to make the “Complaint Form” available and to inform clients about the possibility of submitting a complaint is not affected by this.

What are the most common formal shortcomings in permit applications in other sectors?

Based on experience from proceedings before the National Bank of Slovakia in other financial market sectors, this may include, for example, missing application requirements or attachments, submission of a copy of documents without their official certification, failure to pay the fee for the act of the National Bank of Slovakia, or failure to submit a document confirming payment of this fee, or the absence of an officially certified signature of the applicant, or the applicant’s inability to eliminate the alleged deficiencies in the application within the period specified by the National Bank of Slovakia.

Submission of a request

  • Form of a request

    An application for a license to operate as a crypto-asset service provider shall be submitted using the standard application form and its annexes and shall be delivered to the National Bank of Slovakia in paper form. The signatures of the persons authorized to act on behalf of the applicant on the application and any amendments thereto must be officially certified. In addition, the application must contain all the requirements in the section “Preparation of the application”.

  • Place of submission

    The application for a license to operate as a crypto-asset service provider shall be submitted to the following address:

    National Bank of Slovakia
    Financial Technology and Innovation Department
    Crypto-asset and Innovation Department
    Imricha Karvaša 1
    813 25 Bratislava

  • Fee

    Together with the submission of an application for a license to operate as a crypto-asset service provider, the applicant is obliged to pay, pursuant to the provisions of Section 42, paragraph 1 of Act No. 747/2004 Coll. on financial market supervision and on amendments and supplements to certain acts, as amended, a fee for the act of the National Bank of Slovakia and to attach a copy of the document confirming payment of the fee to this application.

In the interest of economy and efficiency of the procedure, we recommend that after properly submitting the application in paper form and paying the fee, the application be delivered to the National Bank of Slovakia in electronic form as well.


Last updated on 21 May 2026