---
title: How to Get a Bank Account for a VASP or CASP (2026)
slug: bank-account-vasp-casp
publishedAt: 2026-04-20T09:00:00Z
author: Finconduit Editorial Team
tags: MiCA, AML, FATF
canonicalUrl: https://finconduit.com/resources/bank-account-vasp-casp
---
# How to Get a Bank Account for a VASP or CASP (2026)

How VASPs and CASPs open bank accounts in 2026 — covering MiCA-registered entities, Costa Rica legal opinion VASPs, offshore structures, and which banks and EMIs accept crypto businesses.

A regulated **CASP licence** does not buy you a bank account. In 2026 a **VASP licence** buys you even less. The hardest part of operating a regulated crypto\-asset business in the EEA is not the authorisation — it is opening and keeping operating, safeguarding, and merchant accounts at a bank that will not de\-risk you twelve months later. Most **CASP**s apply to 8–15 banks before securing one full\-service relationship; many never get there and end up routing fiat through **EMI** rails alone.

The constraint is structural. Banks face their own **AML** supervisory pressure under the [EBA Guidelines](https://www.eba.europa.eu/) and the Sixth Anti\-Money Laundering Directive, and crypto exposure is on every supervisor's enhanced\-scrutiny list. From the bank's perspective, onboarding a single **CASP** triggers **correspondent banking** enquiries, raises capital charges on the deposit, and concentrates regulatory risk on a low\-margin client. The economics only work when the **CASP** can demonstrate scale, governance maturity, and a reason the bank cannot get the same revenue elsewhere.³[^1]

This guide explains how the banking decision is actually made — what banks evaluate, which EEA banks and **EMI**s currently onboard **MiCA**\-licensed **CASP**s in 2026, what an application file looks like, why most are rejected, and the operational architecture that maximises long\-term banking stability across the entity, the **safeguarding account**, and the merchant relationships.

## Why Crypto Firms Get De\-Banked

De\-banking is rarely about the **CASP** doing something wrong. It is about the bank's risk appetite changing — usually after a supervisory inspection, an internal portfolio review, or a sister\-bank failure. The European Banking Authority's Opinion on **de\-risking** explicitly criticised banks for closing entire customer categories without case\-by\-case assessment, but in practice the supervisory pressure runs the other way: banks de\-risk first and litigate later.

Three forces drive crypto **de\-banking**. First, **correspondent banking**: a single US correspondent withdrawing a nostro line forces the European bank to drop its crypto book overnight \(this is what happened across multiple **Estonia**n and Latvian banks in 2018–2019, and again across mid\-tier US banks in 2023\). Second, capital charges — Basel III treatment of crypto exposures requires conservative risk weights on operational accounts holding client crypto\-asset proceeds. Third, **MLRO** bandwidth: a single **CASP** generates 5–10× the alert volume of an equivalent\-sized SaaS business, and most bank **AML** teams are not crypto\-fluent.

> **Warning:** Assume the bank account you open today will be re\-evaluated in 12 months. Build redundancy — primary operating bank, backup operating bank in a second jurisdiction, EMI rails for client deposits, and a separate safeguarding institution. A single\-bank CASP is one supervisor letter away from operational shutdown.

## What Banks Actually Evaluate

Onboarding diligence at a crypto\-friendly bank takes 8–16 weeks and looks more like investment\-banking M&A diligence than retail account opening. The file goes to a credit committee, a financial\-crime committee, and \(in the EU\) often to the bank's national competent authority for non\-objection. The bank evaluates seven dimensions:

- Licence quality. A **MiCA CASP** from **BaFin** or **Central Bank of Ireland** opens doors that a Czech or Polish **VASP registration** does not. Licence brand matters more than licence type.

- Governance & key people. Two EEA\-resident executive directors, a regulator\-approved **MLRO**, an independent compliance officer, and a non\-executive risk chair are now table stakes for a Tier\-1 EU bank.

- **AML programme**. Written ML/TF risk assessment, documented **transaction monitoring** rules, **blockchain analytics** integration with named vendor, **Travel Rule** capability, and **SAR**\-filing history are all reviewed line\-by\-line.

- Customer base. Retail\-only is harder than institutional\-only. EEA\-resident is easier than global. **KYC**\-light tiers \(limit\-based onboarding\) are red flags.

- Asset mix. Bitcoin and major **stablecoin**s are easy. Privacy coins \(Monero, Zcash\), mixers, and any token with a sanctions nexus get the file rejected automatically.

- Volume forecast. The bank wants enough revenue to justify the **AML** overhead but not so much that a single **CASP** becomes a concentration risk. €5–€50 million in monthly volume is the sweet spot for a mid\-tier EU bank.

- Capital & runway. **18–24 months** of operating capital plus prudential capital fully segregated is the standard ask. Capital from sanctioned **jurisdiction**s or undisclosed **beneficial ownership** is the **fastest** path to refusal.

## EEA Banks & **EMI**s That Onboard **CASP**s in 2026

The table below lists institutions with a published or known track record of onboarding **MiCA**\-licensed **CASP**s in 2026. Inclusion is not endorsement — appetite shifts and any specific bank may pause new onboarding without notice. Treat this as a starting list, not a guarantee.


*Table: EEA banks and EMIs onboarding regulated crypto\-asset service providers \(2026\).*

| Institution | Type | Jurisdiction | Use case | Typical posture |
| --- | --- | --- | --- | --- |
| BCB Group | Bank\-equivalent | UK / EEA | Operating accounts, FX, multi\-currency | Crypto\-native; institutional CASP focus |
| ClearBank | Bank | UK | Sterling settlement, safeguarding accounts | Selective; FCA\-registered or MiCA CASP only |
| Bank of Cyprus | Bank | Cyprus | Operating \+ safeguarding for CySEC\-licensed CASPs | Strict EDD; CySEC licence usually required |
| Hellenic Bank | Bank | Cyprus | Operating accounts; CIF\-friendly | Crypto risk team; case\-by\-case |
| LHV | Bank | Estonia | Operating, embedded finance, payment processing | Selective; fintech\-friendly historically |
| Sygnum Bank | Bank | Switzerland / Singapore | Crypto\-native bank; full\-service | Crypto\-first; institutional \+ HNW only |
| AMINA Bank \(formerly SEBA\) | Bank | Switzerland | Crypto\-native bank; trading \+ custody | Institutional only; high minimums |
| Paysera | EMI | Lithuania | Multi\-currency operating accounts, IBANs | Volume\-friendly; basic CASP onboarding |
| Banking Circle | Bank | Luxembourg | Cross\-border settlement, agent rails | B2B / institutional CASPs only |
| Striga | EMI | Lithuania | Embedded finance, IBANs for CASP end\-users | Crypto\-native EMI; API\-first |
| Wio Bank | Bank | UAE \(Abu Dhabi\) | Operating accounts for VARA / ADGM CASPs | Crypto\-friendly; UAE\-licensed only |
| DBS | Bank | Singapore | Operating \+ custody for MAS\-licensed CASPs | Institutional; MAS MPI required |

> **Tip:** Lead with the strongest licence you hold and the cleanest customer base you can credibly serve. A BaFin\-licensed CASP serving institutional EEA clients only is materially easier to bank than a Lithuanian CASP serving global retail. Tailor the pitch to the bank's stated risk appetite, not your operational reality.

## The Application Playbook

A serious bank application takes 6–10 weeks of preparation before submission. Below is the document set every Tier\-1 EU bank now expects, in roughly the order they read it.


*Table: Bank account application file for a regulated CASP — document set and depth.*

| Document | Depth expected | Common gaps |
| --- | --- | --- |
| Cover memo / Programme of Operations summary | 8–15 pages | Fails to map services to MiCA Annex IV definitions |
| Group corporate structure with UBO chain | Diagram \+ supporting docs | UBO < 25% omitted; nominee structures undisclosed |
| Licence documents \+ regulatory permissions | Full grant \+ scope | Limited\-scope permissions oversold |
| Audited financials \(last 2 FYs\) | Big\-4 or Tier\-2 auditor | Unaudited or self\-prepared |
| AML programme \+ risk assessment | 30–80 pages | Generic templates; no crypto\-specific typologies |
| Sanctions / PEP / EDD policy | 10–25 pages | No screening provider named |
| Travel Rule capability evidence | Vendor contract \+ workflow | 'Will procure on day one' — automatic decline |
| Blockchain analytics evidence | Vendor contract \+ sample reports | No documented escalation path for high\-risk hits |
| Cyber & ICT controls | DORA\-aligned | No ICT third\-party register |
| Customer geography \+ volume forecast | 12\-month projection | Excessive optimism; no jurisdiction breakdown |
| Source of funds for opening capital | Bank statements \+ audit letter | Capital arriving from offshore unregulated entities |

## Account Architecture — Don't Run Everything Through One Bank

The right operational pattern uses 4–6 institutions across distinct functions. This is more expensive than a single relationship but it is the only architecture that survives a **de\-banking** event without halting client withdrawals.

- Operating account — Tier\-1 EU bank in the licence **jurisdiction** \(**Bank of Cyprus**, **LHV**, **Banking Circle**\). Salary, suppliers, tax payments.

- Backup **operating account** — second **jurisdiction** \(**BCB Group** in the UK, **Sygnum Bank** in **Switzerland**\). Activated within 48 hours of a primary disruption.

- Client **safeguarding account** — segregated, named, ring\-fenced from the operating bank. Required by **MiCA** and [PSD2](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L2366)/EMD2 for **CASP**s combining services.⁶[^2]

- Inbound deposit rail — **EMI** \(**Striga**, **Modulr**, **Banking Circle**\) issuing virtual **IBAN**s for client funding. Reduces concentration on the **safeguarding account**.

- FX / settlement — separate institutional FX provider for cross\-currency settlement.

- Custody bank — for the prudential capital own funds \(separate from client safeguarding\).

## Realistic Timeline From Pitch to Funded Account

Plan 4–7 months from initial outreach to a fully funded **operating account** at a Tier\-1 EEA bank. Faster timelines exist with **EMI**s \(4–8 weeks\) but **EMI**s cannot replace bank\-money for safeguarding.

- Weeks 1–2: Soft outreach via warm introduction. Cold applications are deprioritised by every Tier\-1 bank's crypto desk.

- Weeks 3–6: Initial diligence file submission. Bank requests gaps, sends preliminary **AML** questionnaire.

- Weeks 6–12: Financial\-crime committee review. Site visit or video diligence with key function holders.

- Weeks 12–18: Credit committee review. Account\-opening package issued.

- Weeks 18–24: Operational onboarding — **IBAN** issuance, signatory setup, mandate testing, first inbound transfer.

## Most Common Rejection Reasons

- **VASP**\-only registration without a serious authorisation behind it. Banks now treat pre\-**MiCA** **VASP registration**s as expiring credentials.

- **UBO** domiciled in a **jurisdiction** with high **AML** risk \(**FATF** grey list / EU high\-risk third country list\).

- Customer\-base description that includes 'global retail with no **jurisdiction** restrictions'. This is now a fast\-decline trigger.

- Privacy coins \(Monero, Zcash\) or mixer\-tainted assets in the supported asset list.

- No named **blockchain analytics** provider, no **Travel Rule** provider contract, or 'in\-house solution' for either.

- Capital structure with offshore intermediary trusts and undisclosed nominee directors.

## Keeping the Account — Ongoing Bank Relationship Management

Banks de\-bank quietly. The first signal is usually a request for additional information that is impossible to satisfy on the timeline given. Treat relationship management as a permanent **CASP** function:

- Quarterly business review with the bank's relationship manager. Volume, customer mix, top\-counterparty changes, **AML** alert volumes, **SAR** count.

- Annual updated **AML** and source\-of\-funds package, even if not requested.

- Pre\-emptive disclosure of incidents. A self\-reported **AML** hit is a manageable conversation; a hit discovered by the bank's monitoring is an exit ticket.

- Two\-week response SLA on every information request — internal escalation if compliance cannot meet it.

## Frequently Asked Questions

### Can an **EMI** replace a bank for my **CASP** **operating account**?

Partially. **EMI**s \(**Paysera**, **Banking Circle**, **Striga**, **Modulr**\) issue **IBAN**s and clear **SEPA** payments under **PSD2** and the [Electronic Money Directive](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0110), and are sufficient for many client\-funding flows. But **EMI**s cannot hold client safeguarding under **MiCA** Article 75 the same way a credit institution can; they cannot issue formal sponsor letters that satisfy **correspondent banking** enquiries; and most cannot extend overdraft, FX lines, or treasury services. Use **EMI**s as the rail for inbound client deposits — never as the only banking layer.⁸[^3]

### How many banks should I apply to in parallel?

Six to eight Tier\-1 banks plus three **EMI**s. Not all in the same **jurisdiction**. Reject any pressure from a bank to make the relationship exclusive — exclusivity is leverage banks use to extract economics, and removes your ability to switch under stress.

### Does my **MiCA CASP** licence guarantee bank access in **Lithuania**?

No. The **Bank of Lithuania** has authorised dozens of **CASP**s, but only a subset of **Lithuania**n banks \(and **EMI**s like **Paysera**\) onboard them, and none guarantee approval. The licence opens conversations; the **AML programme**, customer base, and capital structure determine whether the conversation ends in an account.

### What about the **UAE** — is it easier?

Yes, with caveats. **Wio Bank**, **Emirates NBD**, and **First Abu Dhabi Bank** actively onboard **VARA**\-licensed and **ADGM** **FSRA**\-licensed **CASP**s, and the timelines are shorter \(3–9 months end\-to\-end\). The trade\-off: no **EEA passport** from a **UAE** entity, and the full set of European regulators do not give credit to **UAE** banking when reviewing an EEA application.

### How much capital does the bank want me to hold?

Above the **MiCA** Class 3 floor of **€150,000**, banks expect to see **18–24 months** of operating capital plus prudential capital fully segregated. For a mid\-sized **CASP** that is €1.5–€3 million held in the bank's own institution before the bank considers the file low\-risk.

### What if a bank closes my account with 30 days notice?

Activate the backup operating bank within 48 hours, notify clients of any **IBAN** changes with 14 days lead time, ring\-fence client safeguarding \(this should already be at a separate institution\), and file an **EBA** **de\-risking** complaint if the closure is generic rather than case\-specific. The [EBA Opinion on de\-risking](https://www.eba.europa.eu/) gives you grounds to request the bank's reasons in writing — though enforcement is weak.⁴[^4]

> **Call to action:** Need a specific banking strategy for your CASP or VASP? Finconduit connects regulated crypto firms with vetted introductions into Tier\-1 EEA banks and crypto\-native EMIs that are actively onboarding in 2026. Get a free banking\-fit assessment based on your licence, customer base, and volume profile.

## Related Guides

- [MiCA Compliance Guide for CASPs](/resources/mica-compliance-guide-casps): Authorisation walkthrough — capital, governance, supplier stack

- [EEA vs UK vs Offshore: Where to Incorporate Your Crypto Business](/resources/eea-uk-offshore-crypto-incorporation): Which **jurisdiction** maximises banking access and tax efficiency

- [EMI vs PSP vs VASP vs CASP](/resources/emi-psp-vasp-licence-comparison): Which financial licence do you actually need?

- [AML Compliance for Crypto Firms](/resources/aml-compliance-crypto-6amld): What the **6AMLD** requires from **CASP**s and **VASP**s

The **CASP** that wins long\-term is not the **fastest** to authorisation — it is the one with diversified banking. Treat banking as a continuous, three\-year programme: open more relationships than you need, keep them current with quarterly reviews, route client funds through **EMI** rails so the safeguarding bank never becomes a single point of failure, and assume every relationship has a 12\-month re\-evaluation horizon. The crypto firms still operating in 2030 will be the ones that built bank redundancy into their treasury architecture from day one.

## Footnotes

[^1]: EBA Guidelines on the management of money laundering and terrorist financing risks \(EBA/GL/2021/02\), 1 March 2021. <https://www.eba.europa.eu/>
[^2]: Directive \(EU\) 2015/2366 on payment services in the internal market \(PSD2\). <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L2366>
[^3]: Directive 2009/110/EC on the taking up, pursuit and prudential supervision of the business of electronic money institutions \(EMD2\). <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0110>
[^4]: EBA Opinion on de\-risking, 5 January 2022 — addresses unjustified mass de\-risking of customer categories including crypto\-asset firms. <https://www.eba.europa.eu/>


---
Source: https://finconduit.com/resources/bank-account-vasp-casp