Ready-Made VASP Crypto License in Bulgaria for MiCA CASP Transition
MiCA (Markets in Crypto-Assets Regulation) sets the EU rulebook for crypto-asset services and introduces a CASP authorisation regime that can be passported across the EU. The authorisation is granted by a national competent authority, and then used cross-border through MiCA passporting. Official source: MiCA (Regulation (EU) 2023/1114).
In Bulgaria, MiCA is supported by the Markets in Crypto-Assets Act published by the FSC, which frames local registers, procedures, and supervisory practice. This is the legal bridge from the historic AML-only entry route to the MiCA authorisation track. New framework is often misunderstood because Bulgaria previously relied on a simple registration with the tax authority. That legacy status no longer defines long-term operating rights.
If you are looking for a crypto license in Bulgaria or a Bulgaria CASP license path, “ready-made” value is no longer about a simple AML entry. It depends on (i) the entity’s transition category (based on registration timing), and (ii) whether the company has real, auditable readiness for a MiCA file. We typically treat this as a boundary, evidence, and timeline project, not a label.
Table of Contents
Subtype
VASP
Jurisdiction
Bulgaria
Category
Cryptocurrency
Type
Business Licenses
Key Takeaways About Bulgarian VASP Licenses
- MiCA applies on fixed EU dates. CASP authorisation rules apply from 30 December 2024, and some token rules applied earlier. Official source: MiCA (Regulation (EU) 2023/1114.
- Bulgaria has a national MiCA act and registers. The FSC hosts the local act text and maintains relevant registers for the MiCA transition process. Official source: FSC — Markets in Cryptoassets Act (PDF)
- Grandfathering is time-boxed and category-based. Bulgaria follows MiCA Article 143 mechanics with a defined window, and the 8 October 2025 application cutoff is critical for certain registrants.
- A legacy AML registration is not a licence. It may only affect whether an entity can operate temporarily while seeking authorisation. It does not replace a CASP licence.
- Scope drives capital and governance. Under MiCA, services are authorised in categories. Mis-scoping is one of the fastest ways to lose months.
- Banking remains separate. A CASP licence does not guarantee accounts, payment rails, or EMI access. You need a parallel banking workstream.
- Commercial reality for “crypto license in Bulgaria for sale”. Buyers should price the deal on evidence: transition category, file readiness, and proof of progress, not on “registration status” alone.
- How we support. We run transition category verification, service scoping, DD of AML/governance substance, and an execution plan for obtaining a CASP license in Bulgaria without false assumptions.
Ready to Buy VASP Licenses in Bulgaria
Bulgarian VASP for Sale #1
- Authorized since October 2024 to operate in the cryptocurrency sector, providing immediate access to regulated crypto markets in Europe.
- Debt-free company, ensuring no financial liabilities are transferred to the buyer, minimizing risk and facilitating a smooth transition.
- Clean record with no history.
Shall we talk details?
VASP in Bulgaria for Sale #2
- Active VASP registration.
- Full share transfer support.
- AML & compliance policies in place.
- Established communication with the Bulgarian FIU.
- Registered office address valid for 1 year.
- Basic accounting services included.
Ready-Made Bulgaria VASP for Sale — What the Buyer Gets
What the Acquisition Includes
A “ready-made Bulgaria VASP” should be treated as an acquisition of (1) a Bulgarian corporate vehicle, plus (2) a specific regulatory starting position for MiCA conversion. The conversion value depends on whether the company sits in the correct transition category and whether its evidence pack can support a MiCA application.
In a clean structure, the seller should be able to show registration status and provide an organised compliance and governance pack. The FSC also maintains a dedicated register under §5(3) of the Bulgarian act, which is a useful transparency point. Official source: FSC — Register under §5(3)
What a Bulgaria VASP Is Not Under MiCA
It is not an “EU licence”, and it is not an automatic right to operate across the EU. It does not guarantee banking, EMI onboarding, card processing, or stable payment rails.
If your real goal is to obtain a crypto license in Bulgaria, the value of a ready-made entity is the head start on transition mechanics and documentation. That head start disappears if deadlines were missed or the file is thin.
Grandfathering and Transition Categories in Bulgaria
| Registration timing | What it means for operations and deal value |
|---|---|
| Before 30 Dec 2024 | Potential transitional operation window until 1 July 2026, unless refused earlier. Value depends on readiness and application progress. |
| 30 Dec 2024 to 8 Jul 2025 | Must file a MiCA authorisation application by 8 Oct 2025 to benefit from the grandfathering treatment. Missing this date is a major value hit. |
| After 8 Jul 2025 | No transitional runway by default. A “ready-made” acquisition only helps if governance and documentation are already built for a first-time application. |
Category A: registered before 30 December 2024
This category can be valuable if the company has a real compliance foundation and a credible path to authorisation before the window closes. Buyers should verify the exact registration position, ongoing activity footprint, and whether the MiCA file is already in progress.
Category B: registered between 30 December 2024 and 8 July 2025
This is the most misunderstood category commercially. The 8 October 2025 filing cutoff is decisive. If the seller cannot evidence that the application was filed on time, you should treat the entity as “new applicant” in practice.
Category C: new applicant (post-8 July 2025)
Here, the “ready-made” value is operational rather than legal. It is about governance, AML, outsourcing control, and a clean ownership story that supports a Casp license in Bulgaria application from scratch.
What a Bulgaria CASP Authorisation Can Cover
Typical CASP permissions (service-specific)
MiCA authorisation is not a “blanket crypto license”. The FSC approves a defined set of crypto-asset services, and you can only provide what is on the licence.
For most buyer use-cases, the core service set usually sits in four groups:
- Custody and administration of crypto-assets on behalf of clients
- Exchange (crypto-to-fiat and crypto-to-crypto)
- Execution / placing / reception & transmission of orders (service-specific approvals)
- Transfer of crypto-assets on behalf of clients
Those categories are MiCA-defined. They map directly into governance, own-funds, safeguarding, and outsourcing requirements.
If your goal is to obtain crypto license Bulgaria, we start by freezing the service map early. It prevents scope drift and avoids rework during the FSC review.
Common mis-scopes (and what triggers extra perimeter)
EMT issuance and EMT perimeter (BNB relevance). Issuing electronic money tokens is not “just another CASP service”. It brings a separate perimeter and typically requires an e-money style framework, with the BNB becoming relevant depending on structure.
Fiat legs and payment rails. MiCA authorisation does not create banking access. If your model has fiat collection, payouts, cards, or IBAN-like flows, you must plan separate banking/EMI arrangements and align the compliance narrative to those partners.
Advisory / portfolio assumptions. Teams often describe “advice” casually. Under MiCA, anything resembling advice or portfolio management needs the correct MiCA permission and supporting controls. Treat this as a scoping item, not a marketing line.
Capital and Prudential Reality
Own funds logic (no guessing, scope-driven)
MiCA links minimum own funds to the services you request, not to the company size. Own funds must be maintained on an ongoing basis, so this is a planning constraint, not a one-time checkbox. Official source: MiCA — Article 67.
In practice, broader service scope means higher prudential expectations. It also increases scrutiny on safeguarding, governance, and outsourcing arrangements. This is why “over-scoping” is one of the most expensive mistakes in obtaining a CASP license in Bulgaria.
Safeguarding / custody expectations (what proof looks like)
For custody or any model touching client assets, the FSC will expect evidence of safeguarding, not just statements. Your file should show:
- segregation logic (how client assets are ring-fenced)
- reconciliations (what is checked, how often, and by whom)
- access control (who can move assets, under what approvals)
- incident response (how you detect and handle breaches)
- outsourcing oversight (if custody tech is provided by a vendor)
These expectations sit inside MiCA operational and organisational requirements.
Service scope choice vs practical impact
| Service scope choice | Prudential / governance impact (practical) |
|---|---|
| Transfer only (on behalf of clients) | Narrower safeguarding footprint. Still needs monitoring, sanctions logic, and evidence of controls. |
| Exchange (crypto/fiat, crypto/crypto) | Heavier AML and market-abuse controls. Stronger transaction monitoring logic and source-of-funds narrative needed. |
| Execution / placing / reception & transmission | Stronger governance around order handling, conflicts, complaints, and recordkeeping. Clear outsourcing oversight if tech is third-party. |
| Custody and administration | Highest safeguarding burden. Segregation, reconciliations, access controls, and incident playbooks must be evidenced and testable. |
Governance, Substance, and Outsourcing
Management body accountability (fit & proper, in real terms)
MiCA makes the management body directly accountable. The FSC will look for availability, relevant experience, and evidence that decisions are taken and recorded.
“Nominee governance” creates friction. Buyers should expect to show real oversight capacity, not outsourced signatures.
Control functions (who does what, and how you prove it)
We recommend defining responsibilities in a simple matrix and supporting it with evidence. The FSC will expect clarity on:
- compliance and AML ownership
- risk oversight (proportionate to scope)
- internal audit or independent review arrangements (where needed)
- escalation paths and decision authority
Proof is operational: training logs, committee minutes, monitoring outputs, and remediation records.
Outsourcing and ICT (oversight, not delegation)
Outsourcing is permitted, but accountability stays with the CASP. Your file should include:
- an outsourcing register
- contracts and SLAs with measurable controls
- oversight routines (KPIs, audits, incident reporting)
- access management and change control
- incident handling with timelines and responsible persons
Treat ICT and outsourcing as governance topics. If the vendor runs your core stack, the oversight must be documented and alive.
Banking and Payment Rails
Why licence ≠ banking
A CASP licence does not compel a bank or EMI to onboard you. Banks run independent risk assessments on flows, geographies, UBO credibility, and how you control client assets.
This is why a “crypto license in Bulgaria” strategy must include a parallel banking plan. It is a separate workstream with separate evidence.
What improves onboarding odds (what banks actually test)
Banks want a coherent flow story. They also want evidence that monitoring is not theoretical.
The strongest signals usually come from:
- a clear flow narrative (who pays whom, why, and where funds come from)
- UBO and source-of-funds clarity
- transaction monitoring evidence (scenarios, thresholds, escalation logs)
- conservative geography and counterparty choices at launch
- custody design that is easy to explain and audit
Mini-checklist: Bank pack items to prepare
- one-page business and flow map (fiat + crypto legs)
- UBO file + source-of-funds evidence set
- AML policy summary + risk assessment + monitoring overview
- sample monitoring outputs (alerts, investigations, closures)
- key contracts (custody tech, liquidity, payments partners)
- safeguarding description (segregation, access controls, reconciliations)
- governance pack (roles, decision records, responsible persons)
Eligibility Checklist for a CASP License in Bulgaria
If you are targeting a CASP license in Bulgaria, eligibility is less about slogans and more about whether the FSC can verify control, substance, and scope discipline.
Ownership & controllers
- clean UBO chain with supporting documents
- credible source of funds for capital and operations
- transparent control rights and governance triggers
Scope & capital planning
- service matrix mapped to MiCA categories
- own-funds plan aligned to scope and maintained over time
- launch sequencing (what you do on Day 1 vs later)
Governance & key individuals
- management team with relevant track record
- defined responsibilities and escalation authority
- decision records (minutes, approvals, risk acceptance)
Local operational substance
- real capacity to operate compliance and oversight
- accessible records, responsive governance, accountable roles
- not a “mailbox” structure
AML + transaction monitoring readiness
- risk assessment aligned to products and client mix
- monitoring scenarios that match flows
- investigation workflow with evidence retention
Proof-of-funds + banking plan
- capital proof + operating budget logic
- bank pack readiness and partner outreach strategy
- realistic constraints on corridors, geographies, and counterparties
Pros & Cons — Bulgaria VASP / MiCA CASP Path
+ EU passport after authorisation. A MiCA CASP authorisation can be passported to other EU states once granted.
+ Transition value if eligible. For legacy registrants, the grandfathering window can preserve continuity while the CASP file is prepared, but only if category rules are met.
+ Service-by-service structure. MiCA permissions are modular, so you can align scope, governance, and own funds to what you will actually launch.
+ Cost planning clarity. Bulgaria’s corporate tax rate is 10%, which helps forecast operating costs, while regulatory effort remains scope-driven.
+ Public registers and official track. The FSC publishes MiCA materials and maintains a local register under the Bulgarian act, which supports basic verification.
– No blanket “crypto licence”. You only get the services explicitly approved; any expansion requires regulatory work.
– Own funds are ongoing. Minimum own funds depend on services and must be maintained, which affects treasury planning.
– Banking remains separate. A CASP authorisation does not compel banks/EMIs to onboard crypto flows; you need a parallel plan and a bank-ready evidence pack.
– Governance and evidence burden. MiCA pushes accountability to the management body and requires auditable controls, not “policy-only” compliance.
– Transition runway shrinks. If the entity relies on grandfathering, missed milestones reduce deal value and may force a “new applicant” path.
How to Get a Crypto License in Bulgaria (MiCA CASP Path)
Founders typically choose between (i) converting a legacy AML-registered ready-made Bulgarian VASP for sale into a MiCA applicant, or (ii) applying as a new applicant with no transitional runway. The critical success factor is scoping the services correctly and building evidence that matches the real flows.
- Step 1: Transition Category and Scope Lock 2–4 weeks
Confirm the entity’s MiCA transition category and lock the exact CASP service scope for Day 1 vs later expansion. This reduces rework and prevents mis-scoping during FSC review.
Key Documents: Registration timing evidence, service matrix, flow map (fiat + crypto legs).
Estimated Cost: Internal scoping and advisory time (scope-dependent).
Timeline: 2–4 weeks. - Step 2: Ownership, Governance, and Proof-of-Funds Readiness 3–6 weeks
Finalise UBO disclosures, management structure, controller narrative, and proof-of-funds package aligned to the proposed scope and expected transaction flows.
Key Documents: Ownership charts, UBO IDs, source-of-funds set, CVs, mandates/resolutions.
Estimated Cost: Capital funding (service-driven) plus governance setup and legal support.
Timeline: 3–6 weeks. - Step 3: AML, Monitoring, and Safeguarding Build-Out 6–10 weeks
Build a MiCA-ready evidence pack: AML risk assessment, monitoring logic, escalation workflow, and safeguarding controls that match custody and exchange realities.
Key Documents: AML risk assessment, CDD/EDD procedures, monitoring scenarios, SAR workflow, safeguarding description (segregation, reconciliations, access controls).
Estimated Cost: Compliance drafting, monitoring tooling, training, and external reviews (scope-dependent).
Timeline: 6–10 weeks. - Step 4: Outsourcing, ICT Controls, and Operational Resilience Evidence 4–8 weeks
Document outsourcing and ICT governance so the FSC can see control over vendors, access, change management, and incident response.
Key Documents: Outsourcing register, contracts/SLAs, oversight KPIs, access matrix, incident response plan, audit/logging approach.
Estimated Cost: Vendor contracting and oversight setup, security work, and documentation support.
Timeline: 4–8 weeks (often parallel with Step 3). - Step 5: Application Pack Assembly and Filing to the FSC up to 40 working days
Compile the full application pack in the FSC-required structure and file it with consistent scope, governance, and flow logic across all documents.
Key Documents: Completed application forms, business plan, governance pack, AML and safeguarding pack, outsourcing/ICT pack, proof-of-funds materials.
Estimated Cost: Regulatory filing work and advisory support (scope-dependent).
Timeline: Statutory completeness check up to 25 working days; substantive assessment up to 40 working days from a complete file (excluding suspensions). - Step 6: Review Cycle, Clarifications, and Launch Sequencing 4–5 months
Respond to FSC queries, keep scope stable unless required, and run banking/EMI onboarding in parallel so authorisation does not stall at payment rails.
Key Documents: Clarification responses, updated scope matrix (if needed), bank onboarding pack (flows, UBO/SOF, monitoring evidence).
Estimated Cost: Management time, advisory support, banking onboarding workstream, and ongoing compliance staffing.
Timeline: 4–5 months estimated FSC review time for submitted documentation, with delays if statutory deadlines are suspended during Q&A.
Total timelines and costs for a Bulgaria CASP Licence
- End-to-end preparation plus FSC review commonly runs 4–6 months for well-prepared teams, assuming the application file is complete and clarifications are handled without repeated scope changes. The statutory MiCA clocks include up to 25 working days for completeness assessment and up to 40 working days for substantive assessment from a complete file, with the timeline paused while the authority waits for answers.
- Main cost drivers: own funds (service-dependent), governance staffing (compliance/AML/risk), transaction monitoring and screening tooling, safeguarding/custody controls, outsourcing and ICT security work, legal/advisory support for the application pack, and parallel banking/EMI onboarding. MiCA-ready “paperwork” is not the main cost; ongoing operational capacity usually is.
Acquisition Due Diligence for a Bulgaria VASP for Sale
What to request from the seller
For a “crypto license in Bulgaria for sale” narrative to be credible, the seller must prove two things: the transition category (based on registration timing) and MiCA file readiness (evidence, not intentions).
Ask for:
- Registration proof and category evidence
- proof of inclusion in the FSC interim register under §5(3), and the exact date basis used for classification.
- any letters or emails from the FSC on status, category, or expected next steps.
- Transition planning and filings
- service scope matrix mapped to MiCA categories.
- draft application pack index and the latest version date stamps.
- evidence of submission (where applicable) and proof of any interaction cycle.
- AML evidence (substance)
- risk assessment, CDD/EDD procedures, sanctions approach.
- transaction monitoring rules, sample alerts, investigations, closure notes.
- training logs, compliance calendar, SAR workflow.
- Governance evidence
- management appointments, mandates, and decision records.
- role matrix (who owns compliance/AML/risk).
- outsourcing register and key vendor contracts (if tech/compliance is outsourced).
- Banking and rails readiness
- current accounts (if any), KYC pack used, restrictions, and bank correspondence.
- flow narrative and source-of-funds set used for onboarding.
This is the difference between “registered” and “acquirable”.
Deal risks and structuring
The main acquisition risk is paying for “status” and discovering post-close that the entity is effectively a new applicant with a weak evidence pack.
We structure deals around verifiable milestones:
- Holdbacks tied to delivery of a complete MiCA evidence pack and clean governance set.
- Milestones tied to application submission and completion of the authority’s formal completeness stage under MiCA.
- Scope stability clauses: pricing assumes a defined service scope; expansion triggers additional cost allocation.
- Change-of-control planning: seller cooperation for notifications, and a transition plan for responsible persons.
Ongoing Compliance After Authorisation
After authorisation, CASPs are supervised against MiCA organisational requirements and must sustain own-funds and governance arrangements. Compliance is operational: reporting, controls, outsourcing oversight, and change management.
Key ongoing obligations to plan for:
Ongoing AML obligations:
- continued customer due diligence, monitoring, and FIU reporting, aligned to real flows.
- periodic updates to risk assessment and scenarios.
Reporting and prudential maintenance:
- own-funds maintenance tied to authorised scope.
- supervisory reporting and ad-hoc data requests.
Notifications for changes:
- material changes to services, controllers/ownership, and management.
- outsourcing changes that affect critical functions.
ICT and outsourcing oversight:
- vendor governance, access control, incident reporting, and auditability.
- evidence retention that supports supervisory reviews.
Common Pitfalls When Getting a CASP License in Bulgaria
These are the issues that usually create delays, rework, or post-close surprises:
- Mis-scoped services: teams describe the model broadly (“exchange + custody + payments”) without mapping to exact MiCA service categories.
- Underbuilt governance: nominal directors, no decision evidence, or unclear responsibility split.
- Weak monitoring evidence: policies exist, but alerts/investigations cannot be demonstrated.
- Ignoring the banking workstream: licence preparation is treated as the only blocker, and the rails plan starts too late.
- Controller change timing: acquisitions proceed without planning for approvals/notifications and the scrutiny that follows a control change.
FAQ — CASP License in Bulgaria and Crypto License in Bulgaria for Sale
What is a CASP license in Bulgaria?
A CASP licence in Bulgaria is a national authorisation granted by the FSC under MiCA for specific crypto-asset services. Once authorised, the CASP can use MiCA passporting to operate cross-border in the EU, within its approved service scope.
Can I buy a crypto license in Bulgaria?
- You can acquire a Bulgarian company that holds a legacy registration and is positioned for MiCA transition, but that is not the same as buying a finished MiCA authorisation. The purchase is valuable only if the transition category is correct and the evidence pack supports a MiCA application and banking onboarding.
Does a Bulgaria CASP licence automatically allow retail clients?
It depends on the authorised services, distribution setup, and consumer-facing controls you implement. MiCA authorisation is service-specific, and retail exposure increases expectations around disclosures, complaints handling, conflicts, and operational safeguards.
How long does obtaining a CASP license in Bulgaria take?
MiCA sets procedural clocks for completeness review and for assessment from a complete file, with pauses while the authority waits for answers. In Bulgaria, the FSC has publicly indicated an estimated review timeframe for submitted documentation, but projects still succeed fastest when the scope is stable and the evidence pack is complete.
Is the Bulgarian National Bank involved?
BNB relevance appears when the model touches electronic-money token perimeter or overlaps with payment/e-money frameworks. For most CASP services, the FSC is the competent authority under MiCA.
What is the single biggest reason applications stall?
Mis-scoped services and weak evidence. If monitoring outputs, governance decisions, safeguarding design, and outsourcing oversight cannot be shown, the review becomes a clarification loop.
What should a buyer demand before closing an acquisition?
A verified transition category, a clean evidence pack, scope stability, proof-of-funds narrative, and a banking plan. If these are not ready, price the deal as a build-out project.
Resources (MiCA CASP in Bulgaria)
Official FSC page outlining MiCA implementation in Bulgaria and key supervisory materials for the national framework and licensing track.
II. FSC Register under the Crypto-Asset Markets Act
FSC page pointing to the interim register under §5(3) of the Bulgarian act; useful for confirming listed entities and transparency mechanics.
III. FSC — Crypto-assets (MiCA) Frequently Asked Questions
FSC FAQ explaining the authority’s role, licensing scope, and key practical questions for CASPs and issuers under MiCA in Bulgaria.
IV. ESMA — List of National Competent Authorities under MiCA (Article 93)
ESMA list confirming notified competent authorities under MiCA, including Bulgaria’s FSC, supporting authority validation for cross-border planning.
V. EUR-Lex — Regulation (EU) 2023/1114 (MiCA)
Primary EU law text covering CASP authorisation, services, prudential logic, governance requirements, and the authorisation procedure timelines.
