Detailed overview
Finland: FIN-FSA MiCA Authorisation under the Act on Crypto-Asset Service Providers and Markets in Crypto-Assets
Finland is a full MiCA jurisdiction. The Finnish framework is based on Regulation 2023/1114 and the Finnish Act on Crypto-Asset Service Providers and Markets in Crypto-Assets.
The Finnish Financial Supervisory Authority, FIN-FSA, is the competent authority for standard crypto-asset service provider authorisation and supervision in Finland.
The former Finnish virtual-currency provider registration regime has been repealed and replaced by MiCA. Finland should not be treated as a continuing VASP registration jurisdiction.
Regulator
The main regulator is FIN-FSA.
FIN-FSA supervises compliance with the Finnish crypto-asset statute, MiCA and Commission regulations and decisions issued under MiCA.
FIN-FSA also maintains public register information for Finnish authorised providers and for providers from other EU or EEA jurisdictions that have notified cross-border service provision into Finland.
Other regimes may still apply where the activity involves financial instruments, payments, e-money, asset-referenced tokens, e-money tokens, deposits, funds, insurance products, AML, sanctions, TFR, DORA or tax reporting.
Licensing route
A business that provides crypto-asset services in or from Finland generally needs MiCA authorisation as a crypto-asset service provider unless it is an eligible financial entity using the Article 60 notification route or a duly authorised EU or EEA CASP passporting into Finland.
The relevant crypto-asset services are custody and administration of crypto-assets for clients, operation of a crypto-asset trading platform, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of client orders, placing of crypto-assets, reception and transmission of orders, advice on crypto-assets, portfolio management on crypto-assets and transfer services for clients.
Transfer services are a separate MiCA service and should be included in the service-mapping analysis.
The licence perimeter applies only where the asset is within MiCA. Tokens that qualify as financial instruments, deposits, fund interests, insurance products, payment instruments, non-MiCA e-money structures or other regulated products require separate legal analysis.
Article 63 authorisation
A standard unregulated Finnish CASP applicant applies to FIN-FSA for MiCA authorisation.
An Article 63 CASP must have a registered office in an EU Member State where it carries out at least part of its crypto-asset services, its effective management in the EU and at least one EU-resident director.
A credible Finnish application should include a full service map, legal perimeter analysis, programme of operations, business plan, constitutional documents, proof of prudential safeguards, governance materials, management fit-and-proper evidence, qualifying-holder information, internal controls, AML and counter-terrorist-financing procedures, sanctions controls, TFR procedures, risk assessment, business-continuity plan, ICT and DORA materials, client-asset and client-fund segregation procedures, complaints procedures, conflicts management, outsourcing framework, custody policy where relevant, trading-platform rules and market-abuse controls where relevant, exchange commercial policy and pricing methodology where relevant, execution policy where relevant, advice and portfolio-management competence evidence where relevant, transfer-service procedures where relevant, crypto-asset type analysis and record-retention arrangements.
FIN-FSA assesses whether an application contains all required information within 25 working days. After missing information is supplied, the qualitative assessment period is 40 working days. The first additional clarification request can suspend the qualitative assessment period for up to 20 working days.
Article 60 notification
Article 60 is not a general shortcut for unregulated applicants. It is available only to specified financial entities and only for permitted crypto-asset services.
The Article 60 route may be relevant for credit institutions, central securities depositories, investment firms, market operators, electronic-money institutions, UCITS management companies and alternative investment fund managers.
A financial entity must notify FIN-FSA before providing crypto-asset services. The notification must be submitted at least 40 working days before the first provision of the relevant services. If the notification is incomplete, the provider may not start the service while the notification remains incomplete.
Except for credit institutions, the permitted service scope is limited by the entity’s existing authorisation and the MiCA equivalence rules. A regulated entity that wants to provide non-equivalent services may still need full CASP authorisation.
EMT and ART activity
Stablecoin-related activity should be analysed separately.
An e-money token issuer is generally an electronic-money institution or a credit institution. The issuer must notify FIN-FSA before issuing an EMT and must submit the EMT white paper before publication.
An electronic-money institution that provides custody, administration or transfer services for EMTs it issued must notify FIN-FSA. If it wants to provide services for other crypto-assets or other crypto-asset services, it may need separate CASP authorisation.
Asset-referenced token issuance is generally subject to authorisation. Authorisation is granted per ART. Credit institutions may issue ARTs based on notification, but the ART may not be issued before FIN-FSA has approved the notification and white paper.
Transitional position
Finland’s national transition has ended.
The Finnish transition ended on 30 June 2025. A Finnish legacy virtual-currency provider could rely on transition only if it satisfied the statutory legacy conditions and submitted a MiCA authorisation application by 30 October 2024.
That route is no longer available.
Finland-facing crypto-asset services may now be offered only by a FIN-FSA-authorised CASP, an eligible Article 60 financial entity, or a CASP authorised in another EU or EEA country that has validly notified cross-border provision into Finland.
Another Member State’s national MiCA grandfathering period does not give the provider the right to provide crypto-asset services in Finland.
A pending application or legacy status should not be marketed as MiCA authorisation.
Cross-border services
A CASP authorised in another EU or EEA Member State may provide services in Finland through MiCA passporting, provided the required cross-border notification has been submitted.
FIN-FSA and ESMA register information should be checked before relying on a provider’s authorisation status, onboarding a counterparty, or publishing a provider-status claim.
Costs
FIN-FSA processing fees apply.
The current FIN-FSA fee schedule lists EUR 8,700 for CASP authorisation.
Processing an Article 60 notification costs EUR 3,500.
A cross-border services notification to another EEA country costs EUR 585.
Other processing of a MiCA authorisation, decision, exemption or notification costs EUR 1,850.
Where no fixed fee is listed, FIN-FSA applies an hourly rate of EUR 133.
A processing fee is charged for both positive and negative decisions. If an application is withdrawn, FIN-FSA may charge for costs incurred up to withdrawal.
These fees are not the full cost of authorisation. Applicants should also budget for legal, governance, AML, sanctions, TFR, DORA, ICT, custody, outsourcing, complaints, conflicts, audit, accounting, tax reporting, prudential, insurance and operational implementation costs.
Prudential safeguards
A CASP must maintain MiCA prudential safeguards at all times.
The required amount is at least the higher of the applicable permanent minimum capital requirement and one quarter of fixed overheads for the preceding year.
Prudential safeguards may take the form of own funds, an insurance policy, a comparable guarantee or a permitted combination.
The prudential package should be evidenced in the application and maintained after authorisation.
Ongoing obligations
A Finnish CASP must comply with MiCA, Finnish implementation law, FIN-FSA supervisory requirements, AML and counter-terrorist-financing obligations, sanctions controls, TFR, DORA and applicable tax-reporting rules.
Core obligations include governance, management suitability, qualifying-holder controls, prudential safeguards, internal controls, risk management, AML and sanctions procedures, transaction monitoring, TFR implementation, business continuity, ICT and DORA controls, outsourcing oversight, complaints handling, conflicts management, custody safeguards, client-asset and client-fund segregation, recordkeeping, fair and non-misleading client information, cost and fee transparency, market-abuse controls where relevant and service-specific conduct rules.
From 2026, reporting crypto-asset service providers must collect information on users and their crypto-asset purchases, sales and transfers. The first annual returns are expected in 2027.
White papers and marketing
CASP authorisation and token-offer compliance are separate.
Issuance, public offering and admission to trading of crypto-assets other than ARTs and EMTs may not require authorisation, but MiCA can require a crypto-asset white paper and compliant marketing communications.
Marketing communications must be consistent with the relevant white paper where a white paper is required.
FIN-FSA can require amendments or supplements to crypto-asset white papers and marketing communications. It can also suspend, prohibit or require cessation of marketing communications where there are reasonable grounds to suspect a MiCA infringement.
A Finnish-facing website, white paper, token listing, staking page, wallet promotion, exchange advertisement or influencer campaign should be reviewed before launch.
Enforcement risk
Finland is not a light-touch jurisdiction.
FIN-FSA may order immediate cessation of unauthorised crypto-asset services without prior warning or deadline.
FIN-FSA may suspend or prohibit crypto-asset services, suspend or prohibit marketing communications, require amendments to white papers, publish non-compliance, require transfer of client contracts after authorisation withdrawal, and use additional supervisory powers under MiCA and Finnish law.
MiCA CASP breaches can trigger administrative penalties and other measures. MiCA requires Member States to provide at least public statements, cease-and-desist orders, benefit-based fines, natural-person fines of at least EUR 700,000 and legal-person fines of at least EUR 5,000,000 or 5 percent of turnover for key CASP infringements.
Finnish law also creates a crypto-asset offence. Intentional or grossly negligent unauthorised provision of crypto-asset services may be punished by a fine or imprisonment for up to one year.
The main enforcement risks are providing services in Finland without FIN-FSA authorisation or a valid passport, relying on another Member State’s grandfathering for Finnish clients, presenting transition or a pending application as MiCA authorisation, using Article 60 without eligibility, providing services outside the authorised scope, weak AML or sanctions controls, weak TFR implementation, inadequate DORA readiness, and non-compliant token marketing.
Practical assessment
Finland is suitable for firms that want MiCA authorisation through a mature Nordic financial regulator and are prepared for a substantive supervisory process.
It is not suitable for firms looking for a continuing VASP registration, indefinite grandfathering, a pending-application launch strategy, or reliance on another Member State’s transition to serve Finnish clients.
The main execution risks are incorrect service classification, ignoring transfer services, assuming Article 60 is a general shortcut, underestimating FIN-FSA documentation expectations, launching before authorisation, relying on expired transition, failing to verify passporting status, and filing before AML, sanctions, TFR, DORA, ICT, custody, complaints, conflicts, prudential and service-specific controls are ready.