DISPATCH ·

CASP under MiCAR RFP template (Phase 4 per-archetype artefact)

Forty-fifth dispatch. Fourth per-archetype RFP template covering Archetype D: CASP authorised under EU MiCAR with eight regulated service categories and custody-WL boundary as procurement filter.

tags · phase-4 · rfp-template · casp · micar · archetype-d · operational-artefact

Why this dispatch exists

Fourth per-archetype RFP template covering Archetype D per the CASP archetype dispatch.

Section 1: Requirement overview

The requirement is the CASP tech stack for an operator authorised under EU MiCAR Article 60 service categories (custody and administration, operation of a trading platform, exchange of crypto for fiat, exchange of crypto for crypto, execution, placing, reception and transmission, advice, portfolio management) serving EU residents under Article 67 passporting with EU Transfer of Funds Regulation compliance.

Section 2: Vendor evaluation categories required

  • Brokerage hosting (FR2 + AM3 for EU residency + redundancy)
  • Crypto exchange WL (B2BX or Soft-FX crypto for broker-stack-bundled; ChainUp or AlphaPoint for institutional crypto-native)
  • Custody (Fireblocks / Komainu / BitGo Trust / Anchorage Digital / Hex Trust / Copper - separate procurement from venue per MiCAR Article 75)
  • Travel Rule (Notabene primary + TRP Network secondary for counterparty coverage)
  • LP procurement (institutional crypto: Cumberland / Wintermute / GSR / Falcon X / Galaxy Digital Trading + CEX institutional access)
  • Risk management (crypto-asset risk dimensions: market risk on inventory + counterparty risk + operational risk on custody + conduct risk on venue)
  • KYC + AML (Sumsub or Veriff with crypto-specific wallet attribution + ComplyAdvantage for ongoing screening)
  • RegTech (Eventus Validus or Nasdaq SMARTS for MiCAR Title VI surveillance; chain analytics Chainalysis Reactor / Elliptic Lens / TRM Labs; Behavox or Smarsh for comms surveillance; CUBE or Corlytics for MiCAR horizon scanning)
  • Broker CRM (B2Core for crypto-native CASP requirements: wallet attribution, blockchain hash transactions, asset config per jurisdiction, fiat-crypto conversion history)
  • Payments (Bank Frick or BCB Group for specialist EU CASP-friendly banking; USDC Circle EMI France for stablecoin institutional rails)
  • Broker analytics (CoinGecko Terminal / Glassnode / Messari Pro - structurally separate from CFD broker analytics)

Section 3: Universal vendor requirements

Apply the five universal dimensions from the RFP scoring framework opener.

Section 4: Per-pillar requirements

CASP-specific per-pillar emphasis:

  • Crypto exchange WL: MiCAR-aligned positioning + Article 60 service category support + Title VI surveillance integration
  • Custody: MiCAR Article 75 segregation framework + 50-100M EUR commercial crime insurance + ongoing security audit framework
  • Travel Rule: EU TFR 1,000 EUR threshold + recordkeeping on all transfers + counterparty VASP network coverage
  • KYC: wallet ownership verification + counterparty risk scoring on transfer addresses + Travel Rule integration
  • RegTech: MiCAR Title VI surveillance + chain analytics integration + CASP-specific reporting
  • CRM: B2Core or specialist crypto exchange CRM with native CASP support
  • Payments: Bank Frick or BCB Group as specialist banking partner + USDC institutional stablecoin rail

Section 5: CASP archetype customisation (weight multipliers)

Per the Phase 4 opener customisation layer:

  • CX1 (MiCAR alignment) x 2.0
  • CX2 (custody architecture) x 2.0
  • CX3 (Travel Rule) x 2.0
  • RT4 (chain analytics) x 1.5
  • KYC5 (Travel Rule integration) x 1.5

Section 6: Disqualification thresholds checklist

Vendor automatic disqualification if score below 2:

  • ☐ MiCAR Article 60 service category support for crypto venue
  • ☐ MiCAR Article 75 segregation compliance for custody vendor
  • ☐ EU TFR compliance for Travel Rule infrastructure
  • ☐ Wallet attribution layer for primary KYC vendor
  • ☐ MiCAR Title VI surveillance for trade surveillance vendor
  • ☐ Match-Trade Crypto / ETNA Software automatic disqualification for crypto venue procurement

Section 7: Vendor scoring rubric reference

CASP-specific demo emphasis:

  • Custody architecture walkthrough with MiCAR Article 75 compliance documentation
  • Travel Rule counterparty VASP network coverage demonstration with operator’s expected transfer corridor mapping
  • MiCAR Title VI surveillance demonstration with operator-provided crypto market abuse test scenarios
  • Chain analytics integration demonstration with operator-provided test transaction sequence

Section 8: Reference customer validation

Required CASP reference customers:

  • Crypto venue: minimum 2 EU CASP-authorised operators with deployment tenure
  • Custody: minimum 2 EU CASP operators with delegated custody operational tenure + minimum 2 with in-house custody if tier-1 procurement
  • Travel Rule: minimum 2 EU CASPs with counterparty network coverage operational reality
  • KYC: minimum 2 EU CASPs with wallet attribution operational tenure

Section 9: Integration testing scope

CASP-specific integration testing:

  • Custody integration testing separate from venue integration testing
  • Travel Rule integration testing with operator’s counterparty corridor
  • KYC wallet attribution integration testing
  • Chain analytics integration testing with operator’s RegTech infrastructure
  • MiCAR Title VI surveillance integration testing

Section 10: Decision documentation references

CASP-specific documentation:

  • Custody procurement separate from venue procurement rationale (MiCAR Article 75 expectations)
  • Travel Rule counterparty network coverage evaluation
  • MiCAR Title VI surveillance vendor selection rationale
  • Chain analytics vendor selection rationale