Applying for a CASP license in Poland under the MiCA, Regulation (EU) 2023/1114 is not just about ticking boxes. Regulatory expectations for directors go far beyond formalities. They require demonstrable experience, regulatory awareness, and physical presence within the EU.
This guide outlines the specific criteria a prospective CASP director must meet — based on MiCA and ESMA recommendations.
1. Residence requirements
First, it is important to note that MiCA does not refer to the citizenship of CASP management but rather to directors’ residence.
MiCA requires CASPs to have their place of effective management within the EU, and at least one director must be a resident of an EU Member State:
Recital 74 MiCA:
“Crypto-asset service providers should therefore have their place of effective management in the Union, and at least one of the directors should be resident in the Union. The place of effective management means the place where the key management and commercial decisions that are necessary for the conduct of the business are taken.”
According to the ESMA Supervisory Briefing (31/01/2025):
“Home NCAs (National Competent Authorities) should ensure that registered entities have sufficient in-country personnel and at least one executive management board member located in their jurisdiction. For small Member States (with fewer than 1 million inhabitants), allowances can be made for the executive management board member to be based in a different Member State, provided they are available at short notice (no more than 2 business days’ notice) for ad-hoc in-person engagement with the NCA.”
As a result, ESMA recommends that at least one director reside in the country where the CASP is registered or seeks authorization.
Further, ESMA emphasizes:
“Home NCAs should verify the decision-making powers and presence of executives and senior managers in the Member State. The burden of proof lies on CASPs. NCAs should be convinced that decision making does not lie elsewhere.”
“A business set up where more functions are performed by or for the EU entity outside the EU than within it should be critically assessed.”
Summary: In practice, at least one board member must reside in Poland. The company must also prove that key strategic decisions are made within the EU, and that the management is not purely nominal or outsourced. “Outsourcing arrangements should not involve the delegation of functions/services to an extent that the CASP becomes a letter-box entity”
2. Time commitment requirements
According to ESMA Supervisory Briefing :
“The chief executive officer should, as a rule, devote 100% of his/her time to CASP duties. Only where NCAs are comfortable that this does not negatively impact the ability to effectively govern the CASP in a compliant manner, NCAs may allow lower time commitment.”
“For members of the executive management board other than the CEO, NCAs can be more flexible. However, the board must function effectively as a collective and not rely on a single member.”
Although there are no formal time commitment thresholds under Polish CASP regulations, the standard defined in the Polish Labour Code — 40 hours per week across 5 working days — may serve as a reference point when assessing whether the CEO’s involvement qualifies as full-time.
Summary: While full-time engagement is expected of the CEO, other board members may balance CASP responsibilities with other professional roles — provided they can demonstrate meaningful involvement, timely decision-making, and no conflicts of interest. Polish regulators may require evidence that the management body functions as a cohesive, competent unit rather than a formality.
3. Polish language requirement
While there is no formal requirement for the CEO to speak Polish, it is important to remember that Polish is the sole official language of all regulatory communication in Poland. A CEO who lacks Polish language proficiency may face practical limitations when interacting with national authorities, which could be perceived as a weakness in the company’s governance structure.
However, in practice, it should be acceptable if another key officer — such as the Chief Compliance Officer or AML Officer — is fluent in Polish and able to manage all interactions with the KNF and GIIF. Requiring the CEO personally to speak Polish in every case might raise questions about the proportionality of such a restriction under the principle of freedom to conduct business.
4. CEO as Management Board Member
The CEO title is not a legally defined corporate role under Polish law. It is a functional designation, most often referring to the President of the Management Board. To ensure regulatory clarity and reflect the CEO’s actual responsibilities, the individual holding this position should be formally appointed as a Management Board Member and registered in the National Court Register (KRS). This alignment between functional and legal status is critical for transparency and compliance.
5. Form of engagement
There is no fixed legal requirement regarding the form of engagement for the CEO (President of the Management Board). The role may be performed under an employment contract, a service agreement (umowa zlecenie), or solely on the basis of appointment to the board. However, the company must be able to demonstrate the CEO’s actual involvement — for example, through schedules, internal reports, documented scope of responsibilities, or a role description.
6. Requirements regarding Reputation, Knowledge, Skills, and Experience
Article 68 MiCA states:
„Members of the management body of crypto-asset service providers shall be of sufficiently good repute and possess the appropriate knowledge, skills and experience, both individually and collectively, to perform their duties. In particular, members of the management body of crypto-asset service providers shall not have been convicted of offences relating to money laundering or terrorist financing or of any other offences that would affect their good repute. They shall also demonstrate that they are capable of committing sufficient time to effectively perform their duties.”
a) Reputation
MiCA requires that management board members be of “sufficiently good repute.” In particular, they must not have been convicted of money laundering, terrorist financing, or other offenses affecting professional integrity.
According to ESMA’s RTS pursuant to Article 62(5) MiCA, CASP applications must include documentation proving good repute, such as:
- Recent criminal records (within the last 3 months), pending investigations, enforcement actions, disqualifications, insolvency, etc.
- Any past rejections or revocations of registrations, licenses, or professional memberships.
- Information on dismissals from fiduciary or executive roles.
- Details of previous fitness/reputation assessments by other authorities.
b) Knowledge, Skills, and Experience
According to ESMA Recommendations:
“Executive management board members should possess strong local knowledge of both national and EU rules and context. They should be familiar with the regulations in the Member State of incorporation and any key jurisdictions in which the CASP operates.”
“They must understand the technical functioning of crypto-assets and services, and the distinctive characteristics of the EU and national markets.”
Summary: Each candidate’s competence must be individually assessed (suitability assessment) in the context of the services provided by the CASP. Each member of the management board must meet the so-called fit and proper requirements, assessed individually and depending on the nature, scale, and complexity of the services the CASP intends to provide.
Directors must present a clean and verifiable professional history, alongside proven competence in crypto and regulation.
7. Documents required
The CASP application must include the following (based on the Article 7 of RTS):
- Full personal identification (name, address, the place and date of birth, address, contact details, place of residence history for 10 years, nationality/ies, copy of ID document, personal notational identification number).
- Information on the role to be held and its responsibilities.
- A detailed CV covering the past 10 years, including:
- Work experience in crypto-assets, financial services, DLT, cybersecurity, or digital innovation.
- Delegated powers, decision-making responsibilities, and areas of control.
- Documentation related to reputation and experience (references, letters of recommendation).
- Criminal records, pending cases, disciplinary actions, dismissals, etc.
- A description of any financial and non-financial interests or relationships of the person and their close relatives to members of the management body and key function holders in the same institution, the parent institution and subsidiaries and shareholders. This includes any financial interests such as crypto-assets, other digital assets, loans, shareholdings, guarantees or security interests, whether granted or received, commercial relationships, legal proceedings, and whether the person was a politically exposed person (PEP) under Article 3(9) of Directive (EU) 2015/849 in the past two years,
- Conflict of interest mitigation statements, if applicable.
- Time commitment estimate, including and all other mandates/directorships and the time spent on each.
