---
title: What Banks Actually Evaluate When Onboarding a CASP (2026)
slug: what-banks-evaluate-casp
publishedAt: 2026-04-26T09:00:00Z
author: Finconduit Editorial Team
tags: MiCA, EBA, Basel III
canonicalUrl: https://finconduit.com/resources/what-banks-evaluate-casp
---
# What Banks Actually Evaluate When Onboarding a CASP (2026)

The seven dimensions banks score before opening a CASP file properly — licence quality, governance, AML programme, customer base, asset mix, volume forecast, capital. The order they read it. The rejection reasons that cluster around each.

Most **CASP** applicants approach bank diligence the way they approach NCA authorisation — with a generic Programme of Operations, a hopeful pitch deck, and the assumption that the licence does the talking. Banks evaluate seven dimensions before they open the file properly. Get the seven right and you compress onboarding from **16 weeks** to 8. Get any one of them wrong and the file sits in committee limbo while **compliance** asks the same gap questions four times.

The structural reality is that crypto firms are disproportionately demanding clients for any bank. [EBA Guidelines](https://www.eba.europa.eu/) treat crypto exposure as elevated **AML** risk by default; the [Basel Committee](https://www.bis.org/bcbs/publ/d545.htm)'s prudential treatment of cryptoasset exposures imposes meaningful capital charges on bank\-side deposit holdings; the [EBA Opinion on de\-risking](https://www.eba.europa.eu/) documented the supervisory pressure that drives mass\-category exits. Banks onboarding a **CASP** take on real regulatory risk and real capital cost — and they price that risk at the diligence stage by demanding evidence in seven specific areas before the **credit committee** meets.¹[^1]²[^2]³[^3]

This guide unpacks the seven dimensions, the order banks examine them, the **rejection reason**s that cluster around each, and the document evidence that converts a 16\-week diligence cycle into an 8\-week one. The framing is directly from the credit\-committee and financial\-crime\-committee perspective — the two committees most **CASP**s never see but whose decisions determine whether the file converts.

## The Seven Dimensions Banks Evaluate

Each of the seven sits inside a documented bank policy framework. None is negotiable on its own; together they decide whether the **CASP** file goes to **credit committee** or stays with the relationship manager.


*Table: The seven dimensions banks evaluate when onboarding a regulated crypto\-asset firm.*

| \# | Dimension | What banks score | Common rejection reason |
| --- | --- | --- | --- |
| 1 | Licence quality | MiCA CASP authorisation tier; jurisdiction credibility; full vs limited\-scope permissions | Pre\-MiCA VASP\-only registration; limited\-scope CASP oversold as full |
| 2 | Governance & key people | EEA\-resident executive directors, regulator\-approved MLRO, independent compliance, board\-level risk chair | Non\-resident MLRO; nominal directors; no documented succession |
| 3 | AML/CTF programme | Written ML/TF risk assessment, transaction monitoring rules, blockchain analytics, Travel Rule capability, SAR filing history | Generic templates; no crypto\-specific typologies; no named blockchain analytics provider |
| 4 | Customer base | Geographic split; retail vs institutional mix; sanctioned\-jurisdiction exposure; KYC tier discipline | 'Global retail with no jurisdiction restrictions' = automatic decline |
| 5 | Asset mix | Supported crypto\-assets; classification under MiCA; sanctions exposure; privacy\-coin and mixer policy | Privacy coins \(Monero, Zcash\) listed; mixer\-tainted asset support |
| 6 | Volume forecast | Monthly volume vs concentration risk for the bank; 12\-month projection; revenue trajectory | Excessive optimism without underlying customer commitments; concentration risk too high |
| 7 | Capital & runway | 18–24 months operating capital; segregated prudential capital; source of funds documented | Capital from offshore unregulated entities; UBO chain in FATF grey\-list jurisdiction |

> **Warning:** The order matters. Banks read the file from licence quality \(dimension 1\) downward; if licence quality fails the desk\-review test, dimensions 2–7 are never read. Lead the cover memo with your strongest licence credential — not with your customer\-volume projection.

## Dimension 1 — Licence Quality

Licence quality is the gatekeeper. A **MiCA CASP** authorisation from a credible NCA — Bank of **Lithuania**, Central Bank of **Ireland**, **BaFin**, **CySEC**, **MFSA** — opens conversations that a pre\-**MiCA** national **VASP** registration does not. Banks treat legacy **VASP** registrations as expiring credentials in 2026 because the transitional period ends between 1 July 2026 and 30 December 2026; a **CASP** applicant relying on a **VASP** registration without a **CASP** file in flight is effectively already de\-banked at onboarding.

The licence brand matters more than the licence type. A **BaFin**\-authorised **CASP** carries materially more institutional credibility than a Cypriot **CASP** at equivalent scope, even though both are **MiCA** passport\-equivalent. Licence quality is also assessed in the negative — limited\-scope permissions disclosed as full\-scope is one of the **fastest** paths to a credit\-committee rejection.

## Dimension 2 — Governance and Key People

Two EEA\-resident executive directors, a regulator\-approved **MLRO**, an independent **compliance** officer, and a board\-level risk chair are now table stakes for a **Tier\-1 EU bank**. Banks examine each individual through the lens of the Joint **EBA**/**ESMA** Guidelines on suitability — fitness, knowledge, experience, independence, time commitment. A flying\-in **MLRO** and a board of three founders without an independent risk chair fails this dimension regardless of licence quality.

## Dimension 3 — **AML**/**CTF** Programme

The **AML programme** is read line\-by\-line at the **financial\-crime committee**. Banks expect: a written 30–80 page programme covering risk assessment, **CDD**/**EDD**, **sanctions screening**, **transaction monitoring** rules with documented thresholds, **Travel Rule** capability with a named provider, **blockchain analytics** integration with a named provider, **MLRO** appointment and approval evidence, and SAR\-filing history. Generic templates lifted from **EBA Guidelines** without crypto\-specific typology coverage are flagged on first review and downgrade the file to high\-scrutiny.

## Dimension 4 — Customer Base

Banks score customer base on three sub\-dimensions: geographic split \(where do customers reside\), retail vs institutional \(institutional\-only is materially easier to bank\), and **KYC** tier discipline. A **CASP** serving global retail customers without robust geographic restrictions is now an automatic decline at most **Tier\-1 EU bank**s. The right framing in the cover memo: 'EEA\-resident retail with documented **KYC** tiers, plus EU\-headquartered institutional clients' — backed by geographic\-split evidence at submission.

## Dimension 5 — Asset Mix

Asset mix is the dimension where credible **CASP**s surprisingly fail. Bitcoin and major fiat\-pegged stablecoins are easy. Privacy coins \(Monero, Zcash\) are an automatic decline at every **Tier\-1 EU bank** in 2026. Tokens with sanctions nexus — through issuer, major holder, or smart\-contract interaction with sanctioned addresses — fail asset\-mix screening. Mixer\-tainted asset support, even if the assets are technically permissible, is treated as a sanctions\-risk amplifier.

## Dimension 6 — Volume Forecast

Volume is double\-edged. Too small and the **AML** overhead is not justified for the bank; too large and you become a **concentration risk** on the bank's own deposit book. The sweet spot for a mid\-tier EU bank is **€5–€50 million** in monthly volume — large enough to generate meaningful revenue, small enough to not breach concentration limits. **CASP**s with €100M\+ monthly volume face a different conversation entirely; banks at that scale require institutional\-grade governance evidence and often refer to capital\-markets counterparts.

## Dimension 7 — Capital and Runway

The minimum capital test is straightforward — **18–24 months** of operating capital plus prudential capital fully segregated and demonstrable. The harder test is source of funds. Capital arriving from offshore unregulated entities, capital with **UBO** chains touching **FATF** grey\-list jurisdictions, and capital with undisclosed nominee structures all fail at this dimension. Banks expect bank statements plus a Big\-4 or Tier\-2 audit letter on the source\-of\-funds package.

## The Cover Memo and Document File

Banks read the cover memo first. A serious cover memo is 8–15 pages, structured to map directly to the seven dimensions, and includes specific page references for the supporting evidence. The full file behind it follows a standard inventory.


*Table: Bank diligence file — the document set behind the cover memo, ordered by dimension.*

| Document | Maps to dimension\(s\) | Depth |
| --- | --- | --- |
| Cover memo \+ Programme of Operations summary | 1, 2, 4, 6 | 8–15 pages |
| Group corporate structure with UBO chain | 7 | Diagram \+ supporting documents |
| Licence documents \+ regulatory permissions | 1 | Full grant \+ scope |
| Audited financials \(last 2 FYs\) | 7 | Big\-4 or Tier\-2 auditor |
| AML programme \+ risk assessment | 3 | 30–80 pages |
| Sanctions / PEP / EDD policy | 3, 5 | 10–25 pages |
| Travel Rule capability evidence | 3 | Vendor contract \+ workflow |
| Blockchain analytics evidence | 3 | Vendor contract \+ sample reports |
| Cyber & ICT controls \(DORA\-aligned\) | 2, 3 | Documented framework \+ third\-party register |
| Customer geography \+ volume forecast | 4, 6 | 12\-month projection with breakdown |
| Source of funds for opening capital | 7 | Bank statements \+ audit letter |

## Common Rejection Reasons by Dimension

- Dimension 1 — Pre\-**MiCA** **VASP**\-only registration without an active **CASP** application; limited\-scope **CASP** authorisation oversold as full\-scope.

- Dimension 2 — **MLRO** not regulator\-pre\-approved; non\-resident directors; absence of independent **compliance**.

- Dimension 3 — Generic **AML programme** without crypto\-specific typologies; no named **Travel Rule** provider; no named **blockchain analytics** provider.

- Dimension 4 — 'Global retail' customer description; **KYC** tiers light or limit\-based.

- Dimension 5 — Privacy coins listed; tokens with documented sanctions exposure; mixer\-tainted asset support.

- Dimension 6 — Volume projection without underlying customer commitments; **concentration risk** above the bank's appetite.

- Dimension 7 — Capital from offshore unregulated entities; undisclosed nominee structures; **UBO**s in **FATF** grey\-list jurisdictions.

## Frequently Asked Questions

### How long does serious bank diligence actually take?

**8–16 weeks** at a **Tier\-1 EU bank** for a clean file. The faster end \(6–**8 weeks**\) is for **CASP**s with regulator\-pre\-approved **MLRO**, named **blockchain analytics** and **Travel Rule** contracts in hand, and a coherent customer\-base story. The slower end \(16\+ weeks\) is where the file iterates through 2–3 rounds of gap\-questions and an external diligence firm is engaged. Plan **12 weeks** as the realistic working assumption; pad to 16 if you have any open authorisation conditions still being closed.

### Which dimension is the most common rejection cause?

Dimension 4 — customer base — and dimension 7 — capital source — are the two **highest**\-frequency rejection causes in 2026 onboarding files. Customer base because most **CASP**s underestimate how unwelcome 'global retail' is at **credit committee**; capital source because most founder\-led structures have **UBO** disclosure gaps that surface only at fund\-tracing diligence. Dimensions 1 and 2 \(licence and governance\) are easier to rectify pre\-application; dimensions 4 and 7 require substantive structural decisions.

### Does a non\-EU **CASP** licence \(**VARA**, **MAS**, SFC\) help with EU bank onboarding?

Marginally. A serious non\-EU licence \(**VARA** full licence, **MAS** Major Payment Institution, Hong Kong SFC VATP\) evidences regulatory experience, but EU banks substantively diligence the EU\-specific **MiCA** position separately. Operators with both a non\-EU and an EU licence sometimes find the non\-EU licence speeds up customer\-base evidence \(geographic diversification\) without changing the core **MiCA** file requirements. The non\-EU licence is supportive evidence, not a substitute.

### What's the single thing that most differentiates an 8\-week file from a 16\-week one?

Named, contracted, and operationally\-deployed **blockchain analytics** and **Travel Rule** providers at submission. Files that name vendors and attach signed contracts skip three rounds of gap\-questions; files that promise 'we will procure post\-onboarding' enter immediate high\-scrutiny review. The marginal cost of the analytics \+ **Travel Rule** contracts pre\-onboarding is small; the time saving on diligence is material.

### How does [AMLR](https://eur-lex.europa.eu/eli/reg/2024/1624/oj) application from 10 July 2027 change the diligence?⁵[^4]

**AMLR** codifies harmonised **CDD**, **EDD**, and beneficial\-ownership rules across all 27 member states. Banks already aligned to **EBA Guidelines** will not see major substantive change; banks running national\-variation positions tighten toward the **AMLR** baseline. For **CASP** applicants, the practical effect is that **AMLR**\-aligned **AML programme**s \(drafted to **AMLR** text rather than national 6**AML**D transposition\) become the diligence baseline — a **CASP** file submitted in late 2026 should be drafted to **AMLR** rather than to legacy national text.

### If I'm rejected, can I reapply at the same bank?

Yes, but only after material remediation. Rejected files sit in the bank's diligence record for 12–24 months at most institutions; reapplying without a documented remediation memo addressing the rejection grounds is rarely successful. The right interval is 9–18 months with explicit remediation evidence on the original **rejection reason**. In parallel, prioritise applications at 4–6 alternative institutions — single\-bank concentration on the rejection reaction is itself a structural mistake.

> **Call to action:** Want to know how your CASP file would score across the seven dimensions before you submit? Finconduit runs structured pre\-application reviews that surface gaps before the bank does, and makes vetted introductions when the file is genuinely ready. Get a free seven\-dimension diligence review.

## Related Guides

- [How to Get a Bank Account for a VASP or CASP](/resources/bank-account-vasp-casp): The 2026 banking playbook for regulated crypto firms

- [MiCA Compliance Guide for CASPs](/resources/mica-compliance-guide-casps): Authorisation walkthrough — capital, governance, supplier stack

- [De\-Banking Response Playbook for CASPs](/resources/de-banking-response-playbook): What to do when your bank closes your account

- [Multi\-Bank Treasury Architecture for Regulated Fintechs](/resources/multi-bank-treasury-architecture): The four\-layer model — operating, safeguarding, **EMI** rails, capital

Bank diligence on a **CASP** is structured, predictable, and pattern\-rich. Banks evaluate seven dimensions in a fixed order; they reject for documented reasons that recur across files; they reward applicants who present evidence in the order the **credit committee** reads it. The **CASP**s that get banked in 2026 are the ones that built the diligence file before they applied — not the ones that started building it after the first round of gap\-questions arrived.

- [The Five\-Layer SOF Dossier for Crypto Founders](/resources/source-of-funds-source-of-wealth-crypto-dossier) — the founder\-side evidence that defends what banks evaluate.

- [The 23\-Question Bank Onboarding Interview: How to Rehearse](/resources/bank-onboarding-interview-23-questions) — the verbatim question bank for the 90\-minute panel.

- [Staking\-as\-a\-Service: Regulatory Classification and Banking](/resources/staking-as-a-service-regulatory-banking) — why a staking offering changes how banks assess a CASP, and the banking arrangements it demands.

## Footnotes

[^1]: EBA Guidelines on the management of money laundering and terrorist financing risks \(EBA/GL/2021/02\), 1 March 2021. <https://www.eba.europa.eu/>
[^2]: EBA Opinion on de\-risking, 5 January 2022 — addresses unjustified mass de\-risking of customer categories including crypto\-asset firms. <https://www.eba.europa.eu/>
[^3]: Basel Committee on Banking Supervision — Prudential treatment of cryptoasset exposures, December 2022. Sets risk weights on crypto exposures held by banks. <https://www.bis.org/bcbs/publ/d545.htm>
[^4]: Regulation \(EU\) 2024/1624 \(AMLR\) — applicable from 10 July 2027. <https://eur-lex.europa.eu/eli/reg/2024/1624/oj>


---
Source: https://finconduit.com/resources/what-banks-evaluate-casp