MiCA · Insurance
The insurance evidence pack.
Brokers can only price what you can show them. This is the pack to put in front of one before you ask about Article 67 cover or Article 75 custody liability.
The mistake most CASPs make
"Find a broker" is the wrong first step. A specialist broker can place crypto risk only if your firm has already built a clean view of activity scope, custody model, controls, governance, vendors, incidents, and client terms. Without that, the conversation stalls or you get quoted on the safe assumption - which is the expensive one.
The firms that get terms quickly arrive with a tight evidence pack and a clear question: Article 67 prudential safeguard, custody liability, professional indemnity, cyber/crime, D&O, or a combined programme.
Where insurance touches MiCA
Article 67 - prudential safeguards
Own funds, an insurance policy, a comparable guarantee, or a mix. Minimum is the higher of the class minimum or one-quarter of fixed overheads.
Article 67 - policy terms
12-month minimum term, 90-day cancellation notice, Union territory cover, named risk categories, third-party insurer, public disclosure.
Article 75 - custody liability
If you safeguard or control client crypto-assets or access, Article 75 makes you liable for loss. This is where custody-liability cover earns its keep.
Own funds vs insurance
Capital is simple but heavy. Insurance is leaner but underwriting will look hard at your governance and controls. Most teams end up with a mix.
The checklist
Build a single dossier with the following. PDF, Notion, Confluence - doesn't matter. Versioned and current does.
1. Services and territories
Which of the ten CASP services. EU territories. Client segments. Volumes. Article 65 passporting plan.
2. Article 67 maths
Fixed-overhead calculation with assumptions. Class minimum from Annex IV. Chosen safeguard route. If insurance: limits, structure, gaps.
3. Custody model
Self-custody, sub-custody, MPC, multisig. Key-management architecture. Segregation. Signing workflow. Return procedure on insolvency or exit.
4. Controls and vendors
Security architecture. Wallet controls. Transaction monitoring. AML/sanctions tooling. Incident response. Outsourcing register. BCP/DR.
5. Incident history
Known losses, downtime, security events, customer complaints, regulatory contact. Remediation done; what's still open and who owns it.
6. Client documents
Terms of service. Custody policy summary. Fee disclosures. Authentication. Statement cadence. How you handle forks, airdrops, staking, voting rights.
What a broker meeting actually needs
You're not auditioning. The broker needs three things on the table before they pick up the phone to a market:
- Scope - which services, which member states, what volumes, what client types.
- Question - Article 67 only, or also professional indemnity, custody liability, cyber/crime, D&O, or a combined programme.
- Owner - a single named person on your side who can answer questions on governance, custody, vendors, and incidents without a six-week scavenger hunt.
If you can put those three on a single page, you're already in the top decile of files most brokers see.
Common questions
Is Article 67 only about insurance?
No. It's about prudential safeguards. Insurance is one of three forms (own funds, comparable guarantees), or any combination.
Does Article 75 require custody insurance?
It doesn't require it. But the strict-liability test it creates for loss of client crypto-assets is the main reason CASPs buy custody-liability cover.
Can my Article 67 policy be written outside the EU?
Article 67 says the policy must be from an undertaking authorised under Union or national law. In practice that's an EU/EEA insurer or a third-country one passporting in.
How much capacity is actually in the market?
Limited but growing. Most placements go through specialist brokers (Lockton, Howden, Elmore, Superscript, Canopius) into Lloyd's syndicates and a small group of crypto-native carriers. The directory lists the ones publishing CASP work.