Finland • VASP register • FIN-FSA supervision

Finland | Virtual Currency Provider (VASP) & MiCA Transition

Full country note • FIN-FSA (Finanssivalvonta) • Styled for CryptoWisely

Overview

Finland regulates crypto activity via VASP registration supervised by the Financial Supervisory Authority (FIN-FSA / Finanssivalvonta). The framework has been active since 2019 and requires virtual currency providers to register and operate under robust AML/CFT controls. Crypto is not legal tender, but the environment is generally viewed as stable, transparent, and aligned with broader EU supervisory standards. During 2025–2026, Finnish VASPs are expected to transition toward MiCA CASP authorization as EU harmonization becomes fully operational.

Permitted Activities (Typical VASP Scope)

  • Custody and safekeeping of virtual assets or private keys
  • Crypto↔Fiat and Crypto↔Crypto exchange
  • Brokerage / execution-type services (depending on declared perimeter)
  • Token-related services where not classified as securities, e-money, or regulated payment services

Activities extending into payments, securities, derivatives, or investment instruments may trigger additional EU/Finnish licensing requirements.

Regulator & Supervision

  • Regulator: FIN-FSA (Finanssivalvonta)
  • Register: FIN-FSA maintains a public register of registered virtual currency providers
  • Legal basis: Act on Virtual Currency Providers (572/2019) + Finnish AML legislation
  • Supervisory posture: evidence-led AML controls, governance fitness, and operational readiness

Core Requirements (VASP Registration – Practical)

  • Finnish company (commonly Oy)
  • Substance expectations: local address and practical operational oversight (avoid “letterbox-only” setups)
  • Fit & proper management (background checks, competence, integrity)
  • AML/CFT framework:
    • KYC/KYB + risk assessment methodology
    • Transaction monitoring and alert handling
    • Sanctions screening and escalation procedures
    • Suspicious activity reporting processes
    • Training, recordkeeping, and internal controls
  • Client disclosures, complaints handling, and safeguarding practices (especially for custody)

Licensing Process (Indicative)

Stage 1 — Incorporation (≈ 1–2 weeks)

  • Register a Finnish Oy (remote setup can be feasible depending on provider)
  • Set local address and governance structure
  • Prepare shareholder/UBO pack and management documentation

Stage 2 — Documentation & Controls (≈ 2–6 weeks)

  • Define service perimeter (exchange vs custody vs brokerage)
  • Finalize AML/CFT manuals, risk methodology, and operational procedures
  • Implement monitoring tooling (or documented outsourced monitoring model)
  • Prepare customer terms, disclosures, and incident response procedures

Stage 3 — FIN-FSA Review (≈ 4–10+ weeks)

  • Submit the registration file
  • Respond to RFIs (staffing, governance, IT/security, AML controls)
  • Registration and entry into the public register upon completion

Stage 4 — Go Live & Ongoing Supervision

  • Operational rollout after registration
  • Ongoing AML training, recordkeeping, periodic reviews, and reporting

Typical planning range: ~2–3 months if the documentation and operational controls are ready; longer if the scope is broad or controls are immature.

MiCA Transition (2025–2026)

Under the Markets in Crypto-Assets Regulation (MiCA), national VASP regimes across the EU are expected to migrate into CASP authorization. For Finland, this means that VASPs should plan for MiCA-grade controls: clearer service classification, own-funds requirements aligned to CASP classes (commonly referenced thresholds of €50k / €125k / €150k depending on activities), strengthened ICT governance, outsourcing discipline, safeguarding, and enhanced consumer protection disclosures. The practical strategy is to treat VASP registration as a “build phase” and progressively harden policies and operations so MiCA conversion is a controlled upgrade—not a rebuild.

FAQ (Essentials)

  • Resident director? Not always mandatory; however, credible local oversight and a reliable local point of contact materially help.
  • Physical office? Substance expectations apply; purely nominal presence can create supervisory friction.
  • Banking? Often achievable via EMIs and banks willing to onboard VASPs; compliance maturity is the main determinant.
  • Documents required? AML/KYC suite, business plan, governance evidence, procedures, disclosures, and safeguarding (if custody).
  • Minimum capital? Company law capital rules apply at incorporation; MiCA own-funds thresholds apply at CASP stage.

CryptoWisely.io Comment

Finland is a quality-over-hype jurisdiction: stable supervision, predictable expectations, and strong alignment with EU standards.

Best for: Compliance-driven custody and exchange operations that value credibility and long-term EU readiness.
CryptoWisely insight: Use the VASP phase to build MiCA-grade controls early—AML evidence, safeguarding, and ICT discipline. That’s what makes the MiCA transition feel like a smooth upgrade.

Disclaimer: Informational only and not legal advice. Always verify the latest FIN-FSA guidance and EU MiCA transition rules before proceeding.