A regulated CASP licence does not buy you a bank account. In 2026 a VASP licence buys you even less. The hardest part of operating a regulated crypto-asset business in the EEA is not the authorisation — it is opening and keeping operating, safeguarding, and merchant accounts at a bank that will not de-risk you twelve months later. Most CASPs apply to 8–15 banks before securing one full-service relationship; many never get there and end up routing fiat through EMI rails alone.
The constraint is structural. Banks face their own AML supervisory pressure under the EBA Guidelines and the Sixth Anti-Money Laundering Directive, and crypto exposure is on every supervisor's enhanced-scrutiny list. From the bank's perspective, onboarding a single CASP triggers correspondent banking enquiries, raises capital charges on the deposit, and concentrates regulatory risk on a low-margin client. The economics only work when the CASP can demonstrate scale, governance maturity, and a reason the bank cannot get the same revenue elsewhere.³[1]
This guide explains how the banking decision is actually made — what banks evaluate, which EEA banks and EMIs currently onboard MiCA-licensed CASPs in 2026, what an application file looks like, why most are rejected, and the operational architecture that maximises long-term banking stability across the entity, the safeguarding account, and the merchant relationships.
Why Crypto Firms Get De-Banked
De-banking is rarely about the CASP doing something wrong. It is about the bank's risk appetite changing — usually after a supervisory inspection, an internal portfolio review, or a sister-bank failure. The European Banking Authority's Opinion on de-risking explicitly criticised banks for closing entire customer categories without case-by-case assessment, but in practice the supervisory pressure runs the other way: banks de-risk first and litigate later.
Three forces drive crypto de-banking. First, correspondent banking: a single US correspondent withdrawing a nostro line forces the European bank to drop its crypto book overnight (this is what happened across multiple Estonian and Latvian banks in 2018–2019, and again across mid-tier US banks in 2023). Second, capital charges — Basel III treatment of crypto exposures requires conservative risk weights on operational accounts holding client crypto-asset proceeds. Third, MLRO bandwidth: a single CASP generates 5–10× the alert volume of an equivalent-sized SaaS business, and most bank AML teams are not crypto-fluent.
What Banks Actually Evaluate
Onboarding diligence at a crypto-friendly bank takes 8–16 weeks and looks more like investment-banking M&A diligence than retail account opening. The file goes to a credit committee, a financial-crime committee, and (in the EU) often to the bank's national competent authority for non-objection. The bank evaluates seven dimensions:
Licence quality. A MiCA CASP from BaFin or Central Bank of Ireland opens doors that a Czech or Polish VASP registration does not. Licence brand matters more than licence type.
Governance & key people. Two EEA-resident executive directors, a regulator-approved MLRO, an independent compliance officer, and a non-executive risk chair are now table stakes for a Tier-1 EU bank.
AML programme. Written ML/TF risk assessment, documented transaction monitoring rules, blockchain analytics integration with named vendor, Travel Rule capability, and SAR-filing history are all reviewed line-by-line.
Customer base. Retail-only is harder than institutional-only. EEA-resident is easier than global. KYC-light tiers (limit-based onboarding) are red flags.
Asset mix. Bitcoin and major stablecoins are easy. Privacy coins (Monero, Zcash), mixers, and any token with a sanctions nexus get the file rejected automatically.
Volume forecast. The bank wants enough revenue to justify the AML overhead but not so much that a single CASP becomes a concentration risk. €5–€50 million in monthly volume is the sweet spot for a mid-tier EU bank.
Capital & runway. 18–24 months of operating capital plus prudential capital fully segregated is the standard ask. Capital from sanctioned jurisdictions or undisclosed beneficial ownership is the fastest path to refusal.
EEA Banks & EMIs That Onboard CASPs in 2026
The table below lists institutions with a published or known track record of onboarding MiCA-licensed CASPs in 2026. Inclusion is not endorsement — appetite shifts and any specific bank may pause new onboarding without notice. Treat this as a starting list, not a guarantee.
EEA banks and EMIs onboarding regulated crypto-asset service providers (2026).
| Institution | Type | Jurisdiction | Use case | Typical posture |
|---|---|---|---|---|
| BCB Group | Bank-equivalent | UK / EEA | Operating accounts, FX, multi-currency | Crypto-native; institutional CASP focus |
| ClearBank | Bank | UK | Sterling settlement, safeguarding accounts | Selective; FCA-registered or MiCA CASP only |
| Bank of Cyprus | Bank | Cyprus | Operating + safeguarding for CySEC-licensed CASPs | Strict EDD; CySEC licence usually required |
| Hellenic Bank | Bank | Cyprus | Operating accounts; CIF-friendly | Crypto risk team; case-by-case |
| LHV | Bank | Estonia | Operating, embedded finance, payment processing | Selective; fintech-friendly historically |
| Sygnum Bank | Bank | Switzerland / Singapore | Crypto-native bank; full-service | Crypto-first; institutional + HNW only |
| AMINA Bank (formerly SEBA) | Bank | Switzerland | Crypto-native bank; trading + custody | Institutional only; high minimums |
| Paysera | EMI | Lithuania | Multi-currency operating accounts, IBANs | Volume-friendly; basic CASP onboarding |
| Banking Circle | Bank | Luxembourg | Cross-border settlement, agent rails | B2B / institutional CASPs only |
| Striga | EMI | Lithuania | Embedded finance, IBANs for CASP end-users | Crypto-native EMI; API-first |
| Wio Bank | Bank | UAE (Abu Dhabi) | Operating accounts for VARA / ADGM CASPs | Crypto-friendly; UAE-licensed only |
| DBS | Bank | Singapore | Operating + custody for MAS-licensed CASPs | Institutional; MAS MPI required |
The Application Playbook
A serious bank application takes 6–10 weeks of preparation before submission. Below is the document set every Tier-1 EU bank now expects, in roughly the order they read it.
Bank account application file for a regulated CASP — document set and depth.
| Document | Depth expected | Common gaps |
|---|---|---|
| Cover memo / Programme of Operations summary | 8–15 pages | Fails to map services to MiCA Annex IV definitions |
| Group corporate structure with UBO chain | Diagram + supporting docs | UBO < 25% omitted; nominee structures undisclosed |
| Licence documents + regulatory permissions | Full grant + scope | Limited-scope permissions oversold |
| Audited financials (last 2 FYs) | Big-4 or Tier-2 auditor | Unaudited or self-prepared |
| AML programme + risk assessment | 30–80 pages | Generic templates; no crypto-specific typologies |
| Sanctions / PEP / EDD policy | 10–25 pages | No screening provider named |
| Travel Rule capability evidence | Vendor contract + workflow | 'Will procure on day one' — automatic decline |
| Blockchain analytics evidence | Vendor contract + sample reports | No documented escalation path for high-risk hits |
| Cyber & ICT controls | DORA-aligned | No ICT third-party register |
| Customer geography + volume forecast | 12-month projection | Excessive optimism; no jurisdiction breakdown |
| Source of funds for opening capital | Bank statements + audit letter | Capital arriving from offshore unregulated entities |
Account Architecture — Don't Run Everything Through One Bank
The right operational pattern uses 4–6 institutions across distinct functions. This is more expensive than a single relationship but it is the only architecture that survives a de-banking event without halting client withdrawals.
Operating account — Tier-1 EU bank in the licence jurisdiction (Bank of Cyprus, LHV, Banking Circle). Salary, suppliers, tax payments.
Backup operating account — second jurisdiction (BCB Group in the UK, Sygnum Bank in Switzerland). Activated within 48 hours of a primary disruption.
Client safeguarding account — segregated, named, ring-fenced from the operating bank. Required by MiCA and PSD2/EMD2 for CASPs combining services.⁶[2]
Inbound deposit rail — EMI (Striga, Modulr, Banking Circle) issuing virtual IBANs for client funding. Reduces concentration on the safeguarding account.
FX / settlement — separate institutional FX provider for cross-currency settlement.
Custody bank — for the prudential capital own funds (separate from client safeguarding).
Realistic Timeline From Pitch to Funded Account
Plan 4–7 months from initial outreach to a fully funded operating account at a Tier-1 EEA bank. Faster timelines exist with EMIs (4–8 weeks) but EMIs cannot replace bank-money for safeguarding.
Weeks 1–2: Soft outreach via warm introduction. Cold applications are deprioritised by every Tier-1 bank's crypto desk.
Weeks 3–6: Initial diligence file submission. Bank requests gaps, sends preliminary AML questionnaire.
Weeks 6–12: Financial-crime committee review. Site visit or video diligence with key function holders.
Weeks 12–18: Credit committee review. Account-opening package issued.
Weeks 18–24: Operational onboarding — IBAN issuance, signatory setup, mandate testing, first inbound transfer.
Most Common Rejection Reasons
VASP-only registration without a serious authorisation behind it. Banks now treat pre-MiCA VASP registrations as expiring credentials.
UBO domiciled in a jurisdiction with high AML risk (FATF grey list / EU high-risk third country list).
Customer-base description that includes 'global retail with no jurisdiction restrictions'. This is now a fast-decline trigger.
Privacy coins (Monero, Zcash) or mixer-tainted assets in the supported asset list.
No named blockchain analytics provider, no Travel Rule provider contract, or 'in-house solution' for either.
Capital structure with offshore intermediary trusts and undisclosed nominee directors.
Keeping the Account — Ongoing Bank Relationship Management
Banks de-bank quietly. The first signal is usually a request for additional information that is impossible to satisfy on the timeline given. Treat relationship management as a permanent CASP function:
Quarterly business review with the bank's relationship manager. Volume, customer mix, top-counterparty changes, AML alert volumes, SAR count.
Annual updated AML and source-of-funds package, even if not requested.
Pre-emptive disclosure of incidents. A self-reported AML hit is a manageable conversation; a hit discovered by the bank's monitoring is an exit ticket.
Two-week response SLA on every information request — internal escalation if compliance cannot meet it.
Frequently Asked Questions
Can an EMI replace a bank for my CASP operating account?
Partially. EMIs (Paysera, Banking Circle, Striga, Modulr) issue IBANs and clear SEPA payments under PSD2 and the Electronic Money Directive, and are sufficient for many client-funding flows. But EMIs cannot hold client safeguarding under MiCA Article 75 the same way a credit institution can; they cannot issue formal sponsor letters that satisfy correspondent banking enquiries; and most cannot extend overdraft, FX lines, or treasury services. Use EMIs as the rail for inbound client deposits — never as the only banking layer.⁸[3]
How many banks should I apply to in parallel?
Six to eight Tier-1 banks plus three EMIs. Not all in the same jurisdiction. Reject any pressure from a bank to make the relationship exclusive — exclusivity is leverage banks use to extract economics, and removes your ability to switch under stress.
Does my MiCA CASP licence guarantee bank access in Lithuania?
No. The Bank of Lithuania has authorised dozens of CASPs, but only a subset of Lithuanian banks (and EMIs like Paysera) onboard them, and none guarantee approval. The licence opens conversations; the AML programme, customer base, and capital structure determine whether the conversation ends in an account.
What about the UAE — is it easier?
Yes, with caveats. Wio Bank, Emirates NBD, and First Abu Dhabi Bank actively onboard VARA-licensed and ADGM FSRA-licensed CASPs, and the timelines are shorter (3–9 months end-to-end). The trade-off: no EEA passport from a UAE entity, and the full set of European regulators do not give credit to UAE banking when reviewing an EEA application.
How much capital does the bank want me to hold?
Above the MiCA Class 3 floor of €150,000, banks expect to see 18–24 months of operating capital plus prudential capital fully segregated. For a mid-sized CASP that is €1.5–€3 million held in the bank's own institution before the bank considers the file low-risk.
What if a bank closes my account with 30 days notice?
Activate the backup operating bank within 48 hours, notify clients of any IBAN changes with 14 days lead time, ring-fence client safeguarding (this should already be at a separate institution), and file an EBA de-risking complaint if the closure is generic rather than case-specific. The EBA Opinion on de-risking gives you grounds to request the bank's reasons in writing — though enforcement is weak.⁴[4]
Need a specific banking strategy for your CASP or VASP? Finconduit connects regulated crypto firms with vetted introductions into Tier-1 EEA banks and crypto-native EMIs that are actively onboarding in 2026. Get a free banking-fit assessment based on your licence, customer base, and volume profile.
Book AssessmentMiCA Compliance Guide for CASPs: Authorisation walkthrough — capital, governance, supplier stack
EEA vs UK vs Offshore: Where to Incorporate Your Crypto Business: Which jurisdiction maximises banking access and tax efficiency
EMI vs PSP vs VASP vs CASP: Which financial licence do you actually need?
AML Compliance for Crypto Firms: What the 6AMLD requires from CASPs and VASPs
The CASP that wins long-term is not the fastest to authorisation — it is the one with diversified banking. Treat banking as a continuous, three-year programme: open more relationships than you need, keep them current with quarterly reviews, route client funds through EMI rails so the safeguarding bank never becomes a single point of failure, and assume every relationship has a 12-month re-evaluation horizon. The crypto firms still operating in 2030 will be the ones that built bank redundancy into their treasury architecture from day one.
Footnotes & Citations