Assurance: MiCA — CASP Readiness
MiCA readiness for CASPs—delivered as control mapping, an evidence pack, and an execution roadmap.
Built for teams who need a structured way to operationalise requirements, reduce supervisory friction, and present credible, complete evidence to stakeholders.
Netallion provides readiness and assurance support. We do not provide legal advice.
Who it's for
Designed for:
- CASPs including exchanges, brokers, custodians, wallet providers, and other crypto service providers
- Compliance and risk teams who need traceability from obligations → controls → evidence
- Engineering/ops teams who want "what to build" clearly defined (not vague policy talk)
Not ideal if:
You want guaranteed authorisation outcomes (no credible provider should promise that)
What you get
You receive a versioned, export-ready pack including:
Readiness Roadmap
- •Current-state assessment (maturity + gaps)
- •Prioritised remediation plan (30/60/90 days)
- •Ownership + timelines + dependency notes
Control Mapping
- •Obligations → controls → evidence matrix
- •RACI mapping (who owns what: compliance, ops, engineering, leadership)
- •"Evidence index" so you can respond fast to due diligence queries
CASP Evidence Folder (Audit-Grade Structure)
- •Governance & accountability overview
- •Policies and operating procedures (structured, consistent, versioned)
- •Security posture summary (IAM, logging, monitoring, vulnerability management, incident handling)
- •Customer assets & safeguarding narrative (where applicable)
- •Change management and release governance summary
- •Vendor/outsourcing register and oversight approach
- •Complaints handling and customer support process overview
- •Operational resilience and continuity artefacts (aligned with DORA-style expectations where relevant)
Executive Summary
- •Readiness snapshot
- •Key risks + mitigation plan
- •Residual risk notes (clear, credible, non-marketing)
What we cover
Your scope depends on your CASP model, but typically includes:
How it works
Intake + scope + mapping skeleton
Confirm CASP services, entity boundaries, and build control framework baseline.
Evidence build + control mapping
Assemble evidence, validate operational controls, and map to obligations.
Pack finalisation + handover + maintenance plan
Export evidence pack, executive summary, and establish ongoing refresh cadence.
*Timeline varies with service complexity and documentation maturity.
Packaging (3 tiers)
Toolkit (Self-Serve)
Templates + checklists + evidence structure
Guided (Hybrid)
Workshops + reviews + we help assemble the evidence pack
Enterprise (Assured Delivery)
Deeper validation, executive reporting, optional ongoing refresh
Add-ons (optional)
- +DORA Resilience Pack (recommended if you want resilience alignment and third-party discipline)
- +Security evidence enrichment (turn technical reality into audit-friendly artefacts)
- +Ongoing monthly refresh (versioned updates as you ship changes)
Frequently Asked Questions
Do you replace our legal/compliance counsel?
No. We produce readiness packs and evidence structure; we can collaborate with your counsel.
Can you support multi-entity / group operating models?
Yes—scope can be separated by entity and consolidated in a group summary.
Can this include technical validation?
Yes—where helpful, we can include security testing summaries and control evidence from your systems.
Build CASP readiness with audit-grade evidence—not scattered documents.
Netallion Assurance provides readiness and evidence support. We do not provide legal advice. Regulatory and listing outcomes are determined by regulators and venues and are not guaranteed.