Any fintech startup needs solid foundations to have a fighting chance at success. But this is especially important if you’re planning a crypto business startup launch. When you start a crypto business, you’re up against a triple-whammy of technical risk, regulatory ambiguity — even in jurisdictions with ostensibly harmonised regimes — and, all too often, a certain degree of skepticism.

In this guide, we’ll walk you through the key issues you should consider before you even think of applying for a crypto licence.

Spoiler alert: we can’t guarantee following these steps will turn your startup into the next big thing in crypto. But it’ll definitely help you put your best foot forward.

1. What’s your crypto business model?

There are three main types of crypto business:

1.    Trading platforms

These include exchanges (centralised, decentralised, and P2P), over-the-counter services, and marketplaces for cryptocurrencies and NFTs

2.    Payment services involving crypto flows

Acquirers, payment processors, crypto and crypto-to-fiat wallets, and debit cards would fall in this category

3.    Other crypto services

Examples include tokenisation platforms, stablecoin issuers, lending and borrowing services, staking, and other blockchain-based financial products

It goes without saying, but all three models target different customers — indeed, several different sub-categories of customers. And, each of these customer segments has its own unique attitudes, idiosyncrasies, and expectations, which you’ll need to cater to.

Research suggests preferences don’t just vary by customer type, but also by geography.

For example, Latin America prefers centralised exchanges more than any other market. This is most notable in Venezuela, where, because of the complex economic and political situation, many consumers use cryptocurrencies as their primary payment method.

In Europe, on the other hand, cryptocurrency is predominantly an investment (though, a growing number of consumers are using it for day-to-day purchases). Many European investors are new to crypto or have less than five years’ experience. So, they value educational resources, security, and market stability.

At the risk of stating the obvious, understanding your customer base is critical. But the reason for this isn’t just product-market fit. Your business model will also have a bearing on your budget, your infrastructure, and, most important of all, your choice of jurisdiction.

2. What should go in your crypto business plan: a checklist

While regulatory approaches to crypto vary dramatically even across the EU, where MiCAR — the Markers in Crypto Assets Regulation — means the same rules apply in every member state, there’s one thing every regulator over the world will require: a business plan.

This business plan can’t be just a box-ticking exercise. It must comprehensively set out what services you’ll offer, the target market, financial projections, what your infrastructure will look like, and the operational strategy.

We’ll go into key aspects of the business plan in greater detail in the coming sections. For now, here’s a quick rundown of what it should include:

1.    Market overview

  • Who are your target customers?
  • Which geographic locations will you serve? What are the current trends in those locations? What’s the competitive landscape like, and what’s the growth potential?
  • How will you attract customers, through active marketing or organic channels? This latter point has important implications for your choice of jurisdiction which we’ll address in detail in the next section.

2.    Operational details

  • What’s your business model, and which types of services will you provide? What customer problems do these solve?
  • What will your structure look like? Who is in charge of the day-to-day running of the business? Who are the key team members and advisors? What’s their background and skills?
  • Where will you be headquartered? Again, this has important implications for your choice of jurisdiction. Most regulators require you to have a local presence, but some are more stringent than others.
  • How will you approach custody, and how long do you expect to hold funds?
  • What’s your technical setup, including integrations and partners? What about scalability, security, and auditability?

3.    Financial planning

  • What’s your revenue model?
  • What are your financial projections, key milestones, and KPIs?
  • What’s your budget? Alongside regulatory fees, and minimum and ongoing capital requirements, you’ll need to budget for startup, setup, and ongoing costs, plus a buffer for contingencies

4.    Compliance

  • What are your policies and procedures?
  • What are your business’ key risks and how will you manage them?
  • What’s your anti-money laundering policy?

Is putting something like this together a big undertaking? Yes. The goal is to prove you have a viable, sustainable, and compliant business.

But making your business plan as extensive and exhaustive as possible also has another significant benefit. It brings you greater clarity ahead of kickstarting the setup process, which means you’ll be better prepared for it.

3. Which is the best jurisdiction to set up your crypto business in?

In the context of choosing a crypto jurisdiction, ‘best’ is extremely subjective. Every business is different, and there’s no one-size-fits-all solution. 

That said, there are three considerations that can help guide your decision:

  • How will you market your services: through direct approaches or organic means (what’s known as reverse solicitation)?
  • Do you need access to specific services, such as custody?
  • How much can you afford to invest?

Direct approach vs reverse solicitation

As a rule, if you plan to actively promote your services to a specific customer segment, you’ll need to be licensed in the jurisdiction those customers reside in. So, if you’ll be advertising to European consumers, for instance, you’ll need a crypto-asset service provider, or CASP, licence under MiCAR.

If your clients will be finding you through web searches, events, word-of-mouth, and other organic channels, you have more leeway. Case in point, becoming an SRO member in Switzerland could be an option, even though some of your clients may be based in the EU.

In this case, the other two considerations we’ve outlined — which services you’ll provide or need access to, and your budget — will figure more highly on your priority list.

Jurisdictions such as Canada, Australia, and El Salvador, for instance, tend to be more cost-effective compared to Switzerland. But the latter may be a better choice if you need custody services.

It’s also worth noting that reverse solicitation is a grey area.

On the one hand, there isn’t a widely accepted threshold at which reverse solicitation goes from acceptable to problematic. This means it may be hard to predict at which point you might attract the wrong kind of regulatory attention.

The flipside is that in practice, reverse solicitation is common, especially in the early stages, because of the onerous requirements and cost of setting up in some jurisdictions, like the EU.

Whatever you decide, it’s important to proceed with caution. You should never use reverse solicitation as a means of circumventing the responsibilities being regulated in your target market would entail.

Time-frames and requirements

Costs, time-frames, and requirements vary significantly between jurisdictions.

In general, obtaining a CASP licence is a more complex and drawn-out process than registering with an SRO in Switzerland or getting registered as an MSB in Canada.

This table compares the key requirements under each regime.

CASP licence (EU) SRO registration (Switzerland) MSB registration (Canada)
Minimum capital requirements • Class 1 services: €50,000 • Class 2 services: €125,000 • Class 3 services: €150,000 • CHF 20,000 (around €21,400) for limited companies (GmbH) • Up to CHF 100,000 (around €107,000) for stock corporations (AG / SA) No statutory minimum
Ongoing capital requirements The higher of: • Class minimum • 25% of fixed overheads No statutory minimum, but must remain operationally viable No statutory minimum
Mandatory forms • Corporate questionnaire • Involvement Suitability Assessment • Digital Operational Resilience Assessment • Personal questionnaires • Application forms • Business plan and operational flow description • Compliance Concept including AML Policy • Legal opinion confirming business can operate via SRO membership • MSB pre-registration and registration forms
Corporate documents • Incorporation documents • Group structure chart • Transaction flow diagram • Audited financials (if active) • Incorporation documents • Articles of Association • Proof of business address • Corporate bank account • Shareholder structure • Incorporation documents • Description of services provided • Information about owners and directors • Bank account info • Representative authorization form (if applicable)
Financial documents • Proof of paid-up capital • Own funds forecasts • Financial statements • Proof of paid-up capital • Business plan with financial projections • Source of funds/wealth for shareholders • Estimate of annual transaction volumes for each service provided
Operational requirements • At least 2 locally-based individuals directing the business • Local office with local staff • AML/CFT compliance policy • Conflicts of interest policy • IT resilience policy • Market abuse policy • Technical IT documentation • Extended IT questionnaire • For Class 3 firms, trading platform rules • At least 1 signatory or director based in Switzerland • Swiss registered office • Proof of anti-money laundering compliance • AML officer • At least 1 director and 1 compliance officer. No residency requirements • Compliance policies and procedures • Risk assessment • Employee training program • Reporting • Effectiveness review conducted at least once every two years
Additional requirements • Third-party outsourcing arrangements • Placement / execution policies • SME self-declaration • Third-party protection assessment • CVs, proof of ID and proof of address for beneficial owners, directors and AML officer • Criminal record checks for beneficial owners, directors/board members, and AML officer • List of all branches and agents • Details about individuals and entities with significant control
Timeframe Nine to fifteen months Three to four months Three to four months

4. How will you build your infrastructure?

One of the most common mistakes we see crypto startups — both B2B and B2C — make, is underestimating the time, effort, and cost required to build meaningful partnerships with banks and non-bank financial institutions so they can send and receive payments.

The same goes for assembling the right infrastructure. That is, putting in place accounts to hold and safeguard customer funds and securing access to the payment rails. 

Whether it’s crypto or another vertical, no fintech operates in a vacuum. The challenge, as a startup, is that serious, high-quality partners typically require significant transaction volumes as a condition of doing business.

At launch, this can become a chicken-and-egg proposition, where it’s difficult to attract the right partners without being able to generate substantial business, and difficult to create that volume of business when you don’t have the right partners in place.

While there’s no silver bullet, patience and a phased approach to growth can help overcome the issue.

Taking it step-by-step

Because projected time-frames can be — indeed, often are — overly optimistic, we typically suggest adding a three to six month buffer.

It’s also good practice to do things incrementally. Identify which partnerships and integrations are essential in the initial stages — banking partners, payment processing, and a custodian, for instance — and prioritise them.

This puts you in a position where you can start building a reputation and business volume, while allowing you enough flexibility to adapt to new opportunities that might emerge.

Setting expectations

Regulation, particularly MiCA, has gone a long way toward overcoming traditional financial services firm’s scepticism (remember when JP Morgan chairman and CEO Jamie Dimon called people who buy Bitcoin ‘stupid’?)

But regulators have also made it very clear that traditional firms need to approach partnerships with caution. A joint statement of the US Federal Reserve, FDIC, and OCC, for instance, spelled out that:

Whenever a bank chooses to engage with a client involved with the business of cryptocurrency, the prudential regulators will be watching closely… [banks must] put into place appropriate risk management, including board oversight, policies, procedures, risk assessments, controls, gates and guardrails, and monitoring.

With this in mind, having in place a credible business structure, robust business model, and comprehensive compliance documentation, before you approach potential partners, can go a long way toward making them more receptive to working with you.

What to look for in a partner

So far, we’ve discussed what potential partners will be looking for in a crypto startup. But what about the other side of the coin? What makes an ideal partner?

In our experience, there are two main factors to take into account.

First, do they understand the crypto ecosystem, business models, and market dynamics?

And, second, is their infrastructure suitable for handling crypto, both from a technical standpoint, and when it comes to compliance and risk management?

This might seem like a straightforward, yes or no question. But there’a a lot of nuance. For example, are they equipped to track anonymised transactions? And do they have the capabilities to interpret behaviours that may be unusual in traditional settings but run-of-the-mill in crypto?

As the crypto space is inherently unpredictable — even within jurisdictions with advanced regulatory frameworks, like the EU, attitudes (and policies) toward crypto can make 180-degree turns — It’s also good practice not to depend on a single partner. This prevents concentration risk. And more importantly, gives you a failsafe in case a partner or regulator suddenly changes their policy about working with crypto services firms.

5. Crypto business startup launch: what’s a reasonable budget?

There are two possible answers to this question.

The short, somewhat unhelpful one is: it depends. On which jurisdiction you’ll set up in, your business model, whether you’ll operate exclusively through partnerships and integrations or build your technology in-house, and more.

The more specific, albeit still not exactly helpful answer is: at least €100,000, but €200,000 is probably a better starting point. This doesn’t include regulatory fees or capital (though some jurisdictions, like Australia, Singapore, and the EU, give firms the flexibility to spend some of the capital for business development, hiring, marketing, and technology).

Software: should you build custom or white-label?

While €100,000 to €200,000 can be a good starting budget, your decisions around software will likely have an outsize impact on how far it will take you.

A custom build gives you complete control over the look, feel, and functionality, but it requires a level of investment that might not be feasible, especially in the initial stages.

Between payroll, infrastructure, and ongoing security and maintenance, a custom build can easily run into the hundreds of thousands, with high-end, enterprise builds potentially costing up to €1 million.

Assembling the right team can also be tricky. 60% of hiring managers in a recent survey reported being unable to fill technical vacancies, especially in senior roles.

Partnering with a white-label provider can be more cost-effective, and enable you to launch more quickly. The trade-off is less control over the look, feel, functionality, and security, plus the risk of being dependent on the white-label vendor for updates, support, and stability.

Creating a comprehensive operational budget

As with infrastructure and partnership timeframes, we find that crypto firms tend to underestimate budgets, too. The most common pitfalls we encounter include:

  • Underestimating ‘soft’ costs like document preparation
  • Miscalculating staff costs
  • Not budgeting for system maintenance and upgrades
  • Not having a buffer for delays — we recommend a three to six month contingency

So, what should your budget, excluding regulatory fees and minimum capital requirements, include?

Here’s a checklist of the absolute must-haves:

Compliance preparation

  • Developing policies, manuals, and procedures
  • Forms and documentation
  • Buffer for potential annual audits

Staff costs

  • Personnel, including developers, compliance officers, anti-money laundering officers, customer support, management, and local directors and staff
  • Legal advisors
  • Accountants and auditors
  • Corporate service providers
  • Office space and equipment
  • Insurance and other admin expenses

Infrastructure

  • UI and UX design
  • Software development
  • Blockchain and other network integrations
  • Partnerships with banks, payment processors, custodians, and other providers
  • Maintenance and R&D
  • Security (encryption, storage, audits, monitoring, disaster recovery)

Measurement and contingency

  • Tools for cash flow management, financial projections, and KPI tracking
  • A reserve for unexpected costs

6. From planning to expansion, Advapay has you covered

So there you have it. Everything you need to know about what it takes to lay the groundwork for a successful crypto services business launch.

Time-consuming? Yes.

Resource-intensive? Yes, again. Perhaps even daunting.

The good news is that you don’t have to go it alone. Advapay’s local experts can guide you through every step of the set up and licensing process.

Our services include:

Share this post