Staking-as-a-Service: The Regulatory Classification and Banking Treatment in 2026

Staking is the feature every exchange wants and the one regulators understand least consistently. It looks simple from the product side — lock a token, earn a yield — but the legal characterisation of that yield is anything but settled. The same product can be a regulated crypto-asset service in the EU, a security in the US, and an unbankable risk to a payments bank — all at once.

Under MiCA, staking is not a named service — it is reverse-engineered from the activities you actually perform, most often custody and administration of crypto-assets on behalf of clients. In the US, staking-as-a-service drew direct SEC enforcement on a securities theory. And to a bank, a counterparty paying a yield on a digital asset is a flashing question mark over the source of that yield.

This guide maps four staking models onto that regulatory and banking reality using a single lens — The Staking Service Spectrum. It ranks the models by regulatory weight: which fall inside MiCA custody and administration, which risk being a collective investment scheme or a security, and which the banking system will actually support.

Staking sits in a regulatory blind spot because it does three things at once that different regimes police differently. It is a technical operation (validating a proof-of-stake network), a custody arrangement (someone holds or controls the asset), and a yield-bearing financial product (a return is paid). No single regime captures all three cleanly.

The Markets in Crypto-Assets Regulation¹ never uses the word "staking" as a defined service. Instead, ^[1]MiCA Annex I lists the regulated activities, and a staking offering is assessed against them — most often custody and administration of crypto-assets on behalf of clients. The classification is functional, not nominal.

That is why two products marketed identically as "staking" can land in completely different regulatory boxes. The decisive variable is who controls the keys and the stake. If the user retains control, the regulatory touch is light; if the platform takes control, it has almost certainly entered MiCA custody and administration territory.

Layer a yield on top, and a second question appears: where does the return come from, and does pooling it turn the product into an investment fund or a security? That is the question that breaks banking relationships, and the one the rest of this guide answers.

The Staking Service Spectrum arranges staking into four models, ordered by increasing regulatory weight. As you move down the spectrum, you take on more control of the user's asset, and the product moves from lightly-touched infrastructure into regulated financial services.

1. 1

   Solo / non-custodial staking — the user keeps the keys and runs or delegates their own stake. Lightest regulatory touch.

2. 2

   Delegated non-custodial — staking-as-a-service where the platform operates the validator but never takes custody of the asset.

3. 3

   Custodial staking — the platform holds the asset and stakes it on the user's behalf. Squarely MiCA custody and administration.

4. 4

   Liquid staking — the platform issues a receipt token (an LST) representing the staked position, raising its own classification question.

In solo non-custodial staking, the user holds their own keys and either runs a validator themselves or delegates voting power on-chain without surrendering the asset. The provider, if any, supplies software or infrastructure, not a financial service.

Because no one else ever controls the asset, this model carries the lightest regulatory touch on the spectrum. There is no custody to trigger MiCA, and no pooled return to raise a collective-investment question. The reward accrues to the user directly from the protocol.

The caveat is the AML perimeter. The FATF virtual-assets guidance² is clear that wrapping pure infrastructure around control of user assets — or taking a cut in a way that resembles a service — can drag even a "non-custodial" arrangement into ^[2]VASP territory. Stay genuinely non-custodial and the touch stays light.

In the delegated non-custodial model, the platform runs the validator infrastructure and earns a commission, but the user's asset never leaves the user's control. This is staking-as-a-service without custody — the operator performs the technical work, the user keeps the keys.

The classification hinges on a narrow factual question: does the platform ever gain the ability to move the asset? In a clean delegation, the answer is no — the user delegates validation rights on-chain, not ownership. Without control of the asset, the core custody trigger under MiCA Annex I is not met.

But the model is fragile. The moment the platform offers "set-and-forget" convenience that requires holding keys, auto-compounding that requires moving rewards, or a pooled reward structure, it slides toward custodial staking or a collective scheme. The downside of this model is how easily a product feature pushes it down the spectrum.

In custodial staking, the platform holds the user's asset and stakes it on their behalf. This is the model most exchanges actually run, and it sits squarely inside MiCA custody and administration of crypto-assets on behalf of clients. There is no ambiguity: holding the asset is custody, and arranging the staking is administration.

This means a CASP authorisation covering custody is required, with the full apparatus the ESMA³ supervisory framework attaches to it: ^[3]segregation of client assets, custody policies, liability for loss, and clear disclosure. The staked asset must be ringfenced from the platform's own balance sheet.

The operational complications are real. Slashing risk — where a validator penalty reduces the stake — raises the question of who bears the loss. Unbonding periods create a liquidity mismatch between what the user can withdraw and what is locked on-chain. Both must be disclosed and provisioned for.

The advantage of custodial staking is clarity: you know exactly which licence you need. The cost is full custody obligations and the highest substance and segregation bar on the spectrum.

In liquid staking, the user stakes an asset and receives a liquid staking token (LST) — a tradable receipt representing the staked position plus accruing rewards. The LST can be sold, lent, or used as collateral while the underlying stake stays locked.

This model carries the heaviest regulatory weight because it stacks two questions. First, the underlying custodial staking is itself a regulated activity. Second — and this is the hard part — what is the LST itself? A receipt token that derives its value from a pooled, yield-bearing arrangement managed by a third party starts to look like a financial instrument.

If the LST qualifies as a transferable security or other financial instrument under MiFID II⁴, it falls outside MiCA entirely and into the ^[4]securities regime — with prospectus, conduct, and investment-services obligations that dwarf a CASP licence. The classification of the receipt token is the single most consequential question in the whole product.

The boundary between a MiCA crypto-asset and a MiFID financial instrument is precisely where ESMA's qualification guidance⁵ does its work. The verdict on any given LST is fact-specific — but the more the token behaves like a ^[5]managed, pooled, return-generating claim, the closer it moves to a security.

The table below maps each model against the four variables that determine its treatment: custody status, MiCA service classification, securities risk, and banking acceptability. Read it top to bottom as a ramp of increasing regulatory weight.

The pattern is consistent: the more control you take and the more you engineer the yield, the heavier the regulatory weight and the harder the banking. Custody is the line where MiCA bites; the receipt token is the line where securities law may bite.

When a staking product is held to be a regulated service under MiCA, the relevant head is almost always custody and administration of crypto-assets on behalf of clients — one of the services enumerated in MiCA Annex I. "Administration" is the operative word: arranging the staking, claiming and distributing rewards, and managing unbonding are all administrative acts performed over assets you hold.

The obligations that follow are demanding. The CASP must segregate client crypto-assets from its own, maintain a custody policy, keep a register of positions, and accept liability for loss of assets held in custody. For a staking product, that liability has to address slashing and validator failure explicitly.

The disclosure bar is equally high. Users must be told how the yield is generated, what risks apply, and how rewards and losses are allocated. A staking product that markets a headline APY without disclosing slashing, unbonding and counterparty risk is non-compliant on its face.

There is a second, more dangerous classification lurking behind pooled staking. If user assets are pooled and managed for a collective return, the arrangement can resemble a collective investment scheme — and fall under fund regulation rather than crypto-asset regulation.

The AIFMD⁶ defines an ^[6]alternative investment fund by three features: raising capital from a number of investors, investing it per a defined policy, and doing so for the investors' benefit. A pooled staking product that promises a managed return can meet all three — and an AIF requires a fund manager authorisation, not a CASP licence.

The design lesson is to keep rewards individually attributable. When each user's reward traces directly to their own staked asset and the protocol's payout, the product reads as custody and administration. When rewards are pooled, smoothed, or actively managed for a blended yield, the collective-scheme risk rises sharply.

The transatlantic split on staking is stark. In the EU, the question is which crypto-asset service you are providing. In the US, the question regulators asked was whether staking-as-a-service is the offer and sale of a security — a fundamentally different starting point.

The SEC advanced the theory that a custodial staking program — where a platform takes user assets, pools them, applies its own effort to generate a return, and pays a yield — has the hallmarks of an investment contract. The user invests, expects profit, and that profit comes from the efforts of the platform — the classic securities test.

The practical consequence is that a product perfectly licensable as custody and administration under MiCA in the EU may be treated as an unregistered securities offering in the US. A staking business serving both markets cannot assume one classification travels. The same facts, two regimes, two verdicts.

The takeaway for operators is to classify per jurisdiction, not globally. The EU's functional, service-based approach and the US's securities-first approach can reach opposite conclusions about an identical product — and your geofencing and disclosures have to reflect that.

Even a perfectly licensed staking product can fail at the banking layer. To a bank's financial-crime team, a business that pays a yield on digital assets raises immediate questions about the source of that yield. Unexplained yield is, historically, the signature of fraud — so the burden is on you to make it boring and explicable.

The table below sets out how to present a staking business so the yield reads as protocol reward, not financial engineering. Each row is a question the bank will ask and the narrative that answers it.

The single most powerful move is to reframe the yield as a network-native reward paid by the protocol, not a return manufactured by your business. When the bank understands the yield comes from the blockchain and merely passes through you, the red flag dims.

The narrative that gets a staking business banked rests on one distinction the bank's committee must accept: reward is not interest. Interest is a return you pay out of your own balance sheet for the use of a deposit — which looks like unlicensed deposit-taking. A staking reward is a distribution from the protocol that you pass through to the user.

Build the narrative around four pillars the bank can verify: the licence, the segregation, the source of yield, and the source of funds. Show your CASP authorisation, evidence that client assets are ringfenced, a clear explanation that the yield is protocol-native, and a robust source-of-funds programme on inflows.

The fourth pillar is where most applications fail. The bank does not just want to know your yield is clean — it wants to know the money flowing into staking is clean. A layered source-of-funds and source-of-wealth dossier on user inflows, with Travel Rule and screening applied, is what turns a nervous committee into an approval.

The verdict for operators is simple: win the banking conversation by making the yield boring. A protocol-native reward, ringfenced assets, a clear licence, and a documented SOF trail together convert staking from a red flag into a bankable, regulated business.

MiCA does not name "staking" as a service, but a staking offering is assessed against the regulated activities in MiCA Annex I. Where the platform holds the asset, it falls under custody and administration of crypto-assets on behalf of clients and requires a CASP authorisation. Genuinely non-custodial staking usually sits outside MiCA's service perimeter.

Yes. Custodial staking — where the platform holds and stakes the user's asset — is a regulated custody and administration service under MiCA, with obligations to segregate client assets, accept liability for loss, and disclose slashing and unbonding risk. If rewards are pooled and managed, it can additionally raise a collective investment scheme question under AIFMD.

It can be. The liquid staking token (LST) is a separate classification question from the underlying staking. If the LST behaves like a managed, pooled, return-generating claim, it may qualify as a transferable security or financial instrument under MiFID II, placing it outside MiCA and into the securities regime. The answer is fact-specific and turns on ESMA's qualification guidance.

Because unexplained yield is a classic fraud signal. Banks fear a Ponzi, undisclosed leverage, or unlicensed deposit-taking. You change the answer by presenting the yield as a protocol-native reward, proving client assets are ringfenced, distinguishing reward from interest, and backing it with a layered source-of-funds dossier on inflows.

• MiCA Compliance Guide for CASPs: the full authorisation walkthrough behind the custody and administration service a staking product needs.

• Running a Crypto Exchange Under MiCA: the Class 3 playbook for the exchanges that bolt staking onto their offering.

• What Banks Actually Evaluate When Onboarding a CASP: the wider banking lens that frames the staking-yield narrative.

• The Five-Layer SOF Dossier: how to build the source-of-funds evidence that underpins the fourth banking pillar.

Staking will keep outrunning the rules, but the operators who win are the ones who classify before they build. Decide where your model sits on the spectrum, accept the licence that control level demands, keep rewards individually attributable to dodge the fund trap, and make the yield boring enough to bank. The product that survives is the one that is legible to a regulator and a bank at the same time — long before the next enforcement action redraws the map.