Ending the activity of a virtual asset service provider (VASP) — crypto-asset service provider (CASP) may result from a voluntary decision, insolvency proceedings, or the expiry of a transitional regime. If poorly planned or poorly communicated, an exit can cause regulatory exposure, client disputes (including potential class actions where clients are consumers), data-protection incidents, and lasting loss of confidence in the brand and the team.

What are the principal causes of a CASP’s cessation of activity? What sequence and controls should be put in place? What does MiCA require of CASPs in the event of cessation?

Main causes of cessation of activity

The end-of-life of a CASP does not follow a single pattern; it may stem from distinct causes, each calling for its own organisation and timeline.

Voluntary withdrawal from the market

A provider may choose to exit the market to refocus on another business line, following a strategic pivot, or to anticipate the costs of compliance and supervision under MiCA. The aim is to conduct an orderly wind-down, with early and transparent communication to clients and the regulator in order to inform the market and protect the customers.

Such an exit requires demonstrating — up to the final day — the proper functioning of security, custody and restitution processes, and documenting all decisions and communications. Any inconsistency or delay may be recharacterised as a breach and trigger enforcement. The deregistration file is submitted to the AMF which, after review and validation, makes its decision available online.

Court-ordered liquidation

When financial difficulties become insurmountable for a CASP, the commercial court may open insolvency proceedings. The judicial liquidator plays a central role, in particular to secure client assets, identify and segregate crypto-assets and funds, and organise restitutions. 

The CASP’s technical stack (wallet management, private-key governance, transaction logging, KYC/AML records) must be explained in plain terms to the liquidator, who does not necessarily have deep crypto expertise. The company must also ensure compliance with the minimum requirements tied to its registration or authorisation status.

Expiry of the “grandfathering” clause

EU law provides for a transitional period: VASPs registered under national law before full application of MiCA benefit from time-limited grandfathering. VASPs already registered as at 30 December 2024 may continue to operate without CASP authorisation only until 1 July 2026; thereafter, they must cease activity or obtain authorisation.

What may have seemed a distant deadline now requires concrete planning: an inventory of the services concerned and a two-track plan:

• bringing the activity into MiCA compliance; and
• an orderly cessation of the activity, whose complexity and duration should not be underestimated (several months at a minimum).
  

Continuing activity from another Member State

A group may decide to concentrate its activities in another Member State, then transfer clients and positions to a new entity authorised in that jurisdiction. Such a re-organisation requires client consent and careful coordination to avoid service disruption and regulatory gaps (a path followed by several European players).

Applicable regulatory framework

Typology of VASP statuses during the transitional period (French law)

During the transitional period (“grandfathering”), VASPs may operate under three statuses under French law:

• “Simple” registration (prior to 1 July 2023): the French Monetary and Financial Code does not lay down specific rules on end-of-activity or restitution of client funds. In practice, winding down involves a request for removal from the whitelist together with a wind-down plan.
• “Enhanced” registration: the Code requires the prompt restitution of the means of access to any crypto-assets held in custody; failing that, the assets must be transferred to another registered VASP.
• VASP or PSCA authorisation: both the French Monetary and Financial Code and MiCA set out obligations regarding restitution and cessation of activity.

Obligations under the French Monetary and Financial Code

National provisions continue to apply until deregistration becomes effective:

• Restitution of client crypto-assets: VASPs must return clients’ crypto-assets or, failing that, transfer them to another authorised VASP or CASP.
• Recovery and orderly wind-down plan: affected VASPs must implement a wind-down plan describing safeguarding and restitution procedures in the event of cessation.
• Public disclosure: the VASP must clearly inform the public and clients of (i) the wind-down plan and deregistration process and (ii) the conditions, timelines and limitations applicable to users.
• Regulatory data retention: notably under AML/CTF rules, client data must be retained for several years (generally five years) after the end of the business relationship; cessation does not interrupt this obligation.

Failure to comply during the wind-down may result in disciplinary sanctions.

Additional obligations under MiCA

MiCA adds a directly applicable set of requirements for CASPs:

• Maintain an orderly wind-down plan detailing measures to ensure service continuity and integrity and the prompt restitution of clients’ crypto-assets and funds.
• Heightened custodian responsibility for restitution of crypto-assets or cash compensation without undue delay.

Where a French VASP begins a cessation procedure before the end of the transitional period, it remains subject exclusively to French law, although nothing prevents voluntary alignment with MiCA.

Legal risks during the cessation procedure

The cessation procedure is a particularly sensitive period for a CASP. Three categories of risk merit particular attention.

Civil liability towards clients

Towards its clients, a CASP faces two principal risks:

• Restitution liability: it must return clients’ crypto-assets and/or funds. Delay or error can give rise to claims, including for loss of chance or deprivation of gain, and potential class actions where clients are consumers.
• Unlawful custody: the temptation to retain crypto-assets as self-help to cover alleged debts beyond the effective date of its deregistration may be deemed to be operating unlawfully. Such behaviour can engage the provider’s contractual and/or tortious liability vis-à-vis its clients.

Retention of regulatory data

Documentary compliance does not end with market exit. The CASP must retain regulatory records (KYC/AML files, transaction logs, communications, consents, etc.) for five years after the end of the business relationship.

Loss, destruction or unavailability of these data — including in the context of cessation of activity and company dissolution — exposes the CASP:

• to administrative sanctions under MiCA and AML/CTF rules; and
• to GDPR sanctions, notably where the failure stems from a breach of the security obligation.

Beyond sanctions, the inability to produce these records deprives the CASP of its defence in client litigation or regulatory investigations.

Disciplinary risks

Throughout the wind-down, the CASP remains subject to supervision. The regulator may take action for breaches identified during this period. The management body must ensure ongoing compliance, including the duty to safeguard client assets and to provide accurate, timely information to clients and the market.

Operational wind-down procedure 

A successful wind-down requires methodical organisation, in line with the AMF General Regulation and MiCA. The following steps help ensure an orderly and secure wind-down.

Preliminary mapping

Before any action, the company draws up a comprehensive mapping of:

• key personnel: effective managers, compliance, AML/CTF officers and information-security leads;
• critical providers: cold-wallet custodians, key-management/HSM solutions, cloud providers, blockchain analytics and on-chain monitoring, KYC vendors, liquidity or payment partners;
• affected clients, in particular for a foreign CASP or where cessation concerns only certain services;
• sensitive services: custody and administration of crypto-assets and private-key governance, automated-execution or subscription services, API-based services, etc.

This mapping should support a holistic understanding of the perimeter, feed into the risk analysis, and be formalised in a plan — a version of which is transmitted to the Autorité des marchés financiers (French Financial Markets Authority, AMF).

Implementing the orderly wind-down plan

The management body adopts a resolution acknowledging the cessation of services and setting the wind-down calendar; it freezes new onboarding and non-essential changes, defines technical cut-off dates, and informs the existing client base of the practical consequences. The decision is notified to the AMF at least one month before the effective date.

Client communications

The company sends each client a position statement and opens a dedicated channel for restitutions. It specifies deadlines, steps, eligibility and the supporting documents required (identity verification, on-chain destination, bank details, any power-of-attorney). Every restitution operation is logged and archived (transaction hash, timestamp, operator, approvals).

Except in cases of force majeure, the CASP must allow a reasonable period for clients to organise restitutions. The CASP must also obtain clients’ consent for any proposed transfer of positions or services (e.g., intra-group transfer or transfer of funds to a third-party CASP).

Monitoring and regulatory reporting

A weekly report is transmitted to the AMF until all restitutions are completed. It summarises the status of restitutions, any security incidents and any disputes. Supporting documents (withdrawal orders, transaction hashes, proof of receipt, client acknowledgments) are preserved with the other data that must be retained by law.

Closing the procedure

Once all assets have been returned and any disputes resolved:

• an independent audit may be commissioned to validate the wind-down operations;
• the company files a deregistration request with the AMF; the deregistration decision is published by the AMF within fifteen days and communicated by the CASP within 24 hours;
• third-party contracts are terminated, software licences are deactivated, and access rights are withdrawn;
• a post-mortem is conducted to document the procedure, respond to any client or regulatory enquiries, and update group policies accordingly.