Liechtenstein's FinTech At The Frontier

Legal framework in Liechtenstein

Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCAR) has been fully applicable in the EU since 30 December 2024. Its objective is to create a harmonised legal framework for companies that are active on a primary or secondary market in relation to crypto-assets.

Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCAR) was incorporated into the Agreement on the European Economic Area on 24 June 2025. From that date, the Regulation has been directly applicable in Liechtenstein under international law. This point in time is relevant because authorisations granted under MiCAR give rise to rights of cross-border activity under the law of the Contracting Parties. During the lengthy incorporation process, practice operated with transitional arrangements where this was required by the structure of MiCAR. Only the text incorporated into EEA law is authoritative.

The flanking framework conditions for MiCAR were embedded by the Liechtenstein legislator in the Act to Implement Regulation (EU) 2023/1114 on Markets in Crypto-Assets (EWR‑MiCA‑Durchführungsgesetz, EEA MiCA Implementation Act, "EWR‑MiCA‑DG"), which entered into force on 1 February 2025.

Liechtenstein FinTech market overview

As at the cut‑off date of November 4th 2025, no company having its registered office in Liechtenstein had yet obtained an authorisation as a crypto‑asset service provider (CASP) under MiCAR. Some existing banks can be expected to be permitted to provide MiCAR services by the Financial Market Authority (FMA) via the simplified procedure under Article 60 MiCAR—possibly as early as Q1 2026. As far as can be deduced from public sources, no company in Liechtenstein has applied to be a token issuer under MiCAR.

On the same cut‑off date, however, 29 companies held at least one registration under the Token and TT Service Provider Act (TVTG) – colloquially, but misleadingly, the "Blockchain Act". Of these, five are banks that provide TT services – practically relevant only token custody – as ancillary services. The other companies primarily offer token‑custody and TT‑exchange services. After 1 July 2026 these TT services may only be provided for crypto‑assets that are not covered by MiCAR (e.g., NFTs or genuine, operator-free DeFi protocols, while the central entry and exit points – on/off ramps, such as custody, brokers/exchanges, fiat-crypto exchanges, payment services – are regularly regulated or fall under MiCAR/TVTG, AML regimes, and, where applicable, banking or payment supervision.). Given MiCAR's predominance, the already limited practical relevance of the TVTG is likely to continue to decline. On the other hand, it would be reductive to conclude that the TVTG has become functionally obsolete, because – beyond its supervisory register – its distinctive contribution lies in the private-law architecture for "tokens" (including the representation of claims, rights in rem, and other legal positions) and the attendant rules on acquisition, transfer, encumbrance, segregation in insolvency, and enforceability of custody and security interests effected via TT-systems; in this respect MiCAR, which primarily harmonizes public-law obligations for issuers and service providers, deliberately leaves considerable space to Member State law on civil-law characterization and effects, such that Liechtenstein's codified framework continues to supply legal certainty for tokenization use-cases that are economically relevant but often fall outside (or only tangentially within) MiCAR's scope.

Most notably unique and non-fungible assets (NFTs), certain non-transferable or soul-bound tokens, and bespoke tokenized rights—where, moreover, the rapidly expanding global gaming market (with its in-game assets, collectibles, and cross-platform interoperability value flows) underscores the practical utility of TVTG's private-law clarity for structuring ownership, transfer, and collateral arrangements in ways that remain recognized and enforceable under Liechtenstein law notwithstanding evolving EU-level market regulation.

An important twist in the web3 economy is that the normative promise of permissionlessness and effective control – indeed, true ownership – over digital assets, so often assumed in discourse, is in practice frequently not implemented (owing to platform-level gating, upgrade keys, and contractual overlays such as EULAs and licence grants), such that a framework like the TVTG can be read as a legal vehicle for "giving ownership back" combined with blockchain technology, in contexts where, absent such legal structuring, mere licences or other private-law agreements would otherwise prevail.

Specific features of Liechtenstein's FinTech regulation

Although MiCAR fundamentally regulates the markets for crypto‑asset services by means of EU law, there are nevertheless specific features in FinTech regulation in Liechtenstein.

3.1 EEA MiCA Implementation Act

The EEA MiCA Implementation Act is used in particular for administrative law and the implementation of MiCAR and lays down additional supervisory conditions for CASPs, which are briefly addressed below:

3.1.1 Obligation to undergo external audit (Article 9).

MiCA institutions, banks, e‑money institutions and other providers under Article 60 MiCAR shall have an annual audit performed by an audit firm recognised by the FMA. This audit supplements the statutory audit of the annual financial statements with supervisory components that the FMA typically specifies in the "FMA Audit Guidelines".

Auditors shall at all times be granted access to books, vouchers, mandates, business correspondence and minutes of the management body; all required information shall be provided.

3.1.2 Periodic Reporting (Article 8)

MiCA institutions shall submit a management report to the FMA no later than four months after the end of the financial year (para. 1) and provide additional periodic reports for statistical and supervisory purposes (para. 2). The periodicity and content are to be specified by ordinance (para. 3).

3.1.3 Ad‑hoc Reporting (Article 6)

MiCA institutions require prior approval from the FMA for the appointment of the audit firm (Art. 11) and for any change thereof (Art. 6 para. 1).

The following shall be pre‑notified, among other things: amendments to statutes/regulations insofar as they affect the business scope, own funds or organisation, as well as changes of registered office or address. Outsourcing of important functions is also subject to prior notification (para. 2). "Important functions" are those whose inadequate performance could materially impair ongoing compliance with licensing requirements, financial performance, or the soundness and continuity of services (para. 4).

The following shall be notified without delay: the loss of licensing requirements; the imminent or actual non‑compliance with own‑funds or prudential requirements under MiCAR (Arts. 35 or 67 MiCAR); as well as dissolution/liquidation and insolvency events.

3.2 Interfaces with the Liechtenstein TVTG

MiCAR regulates activities that were previously covered largely by the TVTG. TT service providers whose business model newly falls under the MiCAR regime may continue their activity under the TVTG during the transitional period without a MiCAR authorisation. However, cross‑border activities in the EEA (passporting) are only possible after a CASP licence has been obtained. Registered VT service providers shall therefore obtain an authorisation pursuant to Art. 63 MiCAR by 1 July 2026 if they wish to continue beyond that date. The extension of this transitional period was only recently adopted by the Liechtenstein Parliament. Notably, Art. 143(3) subparagraph 2 only states that the duration of the transitional regime may only be reduced by Member States where they evaluate their national regulatory framework to be less strict than MiCAR. Consequently, the legislator assumes the TVTG to be on par with MiCAR putting registered service providers in a pole position for MiCAR licensing.

For registered VT service providers that are financial undertakings listed in Art. 59(1)(b) MiCAR (in practice, banks), an authorisation under Art. 63 MiCAR is not required; instead, Art. 60 MiCAR applies.

At the same time as the EEA MiCA Implementation Act entered into force, the scope of the TVTG was also adjusted so that both legal acts continue to exist in parallel while their respective areas of application are mutually exclusive. For example, so‑called non‑fungible tokens (NFTs) may fall within the scope of the TVTG, because under Art. 2(3) MiCAR they are excluded from the Regulation's scope. Depending on the business model and the facts, service providers may therefore need authorisations under both statutes.

3.3 Particularities concerning AML/CFT

The FMA 2018/7 Guidance explains how Liechtenstein applies AML/CFT duties to FinTech and VT‑service providers and CASPs in a technology‑neutral, risk‑based way, updated to align terminology with MiCA.

Core expectations mirror the general regime but are tailored to DLT: firms should run a documented business‑wide risk assessment, assign relationship‑level risk ratings, and maintain plausible, up‑to‑date business profiles capturing source and purpose of funds and wealth alongside crypto‑specific identifiers (e.g., wallet/public keys).

Transaction monitoring should be DLT‑aware. All on‑and off‑chain activity is to be screened against sanctions; where tools support it, screening should be performed at the wallet‑address level. CASPs are expected to combine blockchain analytics with alerting for red flags and to reconcile activity to the customer profile, with enhanced scrutiny for higher‑risk scenarios (including unhosted/private wallets). Screening for PEPs, sanctions and adverse media should be systematic and embedded in onboarding and ongoing monitoring.

Organisationally, CASPs should assign accountable senior management, designate AML and investigations functions with separation of duties, ensure competent staffing, and govern delegation and outsourcing with enforceable oversight and audit trails. Documentation and retention of all identification artefacts, monitoring results and decision rationales are emphasised throughout. Overall, VT‑service providers and CASPs should evidence an end‑to‑end, risk‑based control environment that is specific to crypto‑asset risks yet consistent with the general SPG/ SPV framework.

Building on this document, in the 2024 audit year the FMA Liechtenstein conducted numerous inspections concerning compliance with the provisions of the Due Diligence Act to Combat Money Laundering, Organised Crime and Terrorist Financing (SPG).

With regard to SPG audits, the FMA Liechtenstein has published preparatory documents for CASPs. The document disclosed is a comprehensive audit checklist for MiCA institutions, designed for unrestricted AML/CFT examinations under the SPG/SPV framework. It structures the review across the full lifecycle: entity classification (e.g., token issuers, custodians, exchangers), onboarding with or without personal contact, verification of customers and beneficial owners, and the evidentiary standards for natural and legal persons. It details robust video/remote identification controls (real‑time audiovisual checks, verification of security features, PRADO lookups, biometrics with low false‑acceptance rates, encryption) and prescribes full documentation and long‑term retention of all artefacts and logs. For corporates, it requires validated registry documents and secure e‑signature processes.

Relationships with financial instruments under MiFID II

Crypto‑assets that qualify as financial instruments within the meaning of Directive 2014/65/EU (MiFID II) are excluded from the scope of MiCAR. This boundary is of high relevance for Liechtenstein companies as well. Accordingly, the first step in the regulatory classification of a crypto‑asset is to examine whether it is a financial instrument under MiFID II. ESMA was mandated to set out clear delineation criteria in this regard.

ESMA's 2025 Guidelines set out when a crypto‑asset should be treated as a MiFID II financial instrument and therefore fall outside MiCA's main regime. The approach is technology‑neutral and substance‑driven: tokenisation alone does not change the legal nature of an asset. National competent authorities are expected to apply the criteria consistently and embed them into supervision shortly after publication, so market participants get uniform treatment across the EEA.

Consequently, where a token qualifies as a MiFID II financial instrument" (equity or non-equity instrument) any public offer or admission to trading triggers the Prospectus Regulation (EU) 2017/1129 – subject to exemptions – whereas asset-referenced tokens (ARTs) remain within MiCAR's Title III regime, requiring issuer authorization and a MiCAR white paper rather than a securities prospectus – again, subject to exemptions.

The starting point is the category of transferable securities. A token qualifies if it is not an instrument of payment, belongs to a class of interchangeable tokens that confer the same rights from the same issuer, and is negotiable on capital markets. Equity‑like tokens that grant voting, dividends, or liquidation rights are securities; governance rights tied only to protocol parameters, without corporate‑type control, are not. Debt‑like tokens that evidence a loan to the issuer point to bonds. By contrast, genuine utility tokens that simply grant access or discounts, without investment‑type rights, are not securities even if some users hope for price appreciation.

ESMA then maps other MiFID II instruments. Tokens can represent units or shares in collective investment undertakings where investors pool money or crypto‑assets into a managed portfolio, lack day‑to‑day discretion, and share in returns; in such cases, the token is a fund unit. Certain liquid‑staking or yield tokens may fall here if a third party manages a pooled strategy; if users retain day‑to‑day control and free disposal, they typically do not. Derivatives classification requires that token‑holders' rights are contingent on a contract about a future commitment, the value depends on an underlying (rates, indices, commodities, crypto, and more), and settlement follows MiFID II modalities. Whether settlement is in cash, crypto, or by physical delivery does not change the analysis; tokenised perpetuals can qualify as derivatives.

Finally, ESMA addresses NFTs. Truly unique tokens—such as a one‑off digital work or a token linked to a specific physical asset—sit outside the main MiCA regime unless they satisfy financial‑instrument tests. Uniqueness should be assessed on economic substance, not mere technical labels or IDs; series that are de‑facto substitutable are unlikely to be non‑fungible in a regulatory sense.

Legal nexus with payment services under PSD2

In Liechtenstein, too, the boundary between crypto‑assets and payment services is particularly important. The core dilemma is regulatory overlap: when customers use e‑money tokens (EMTs) for payments, do they fall under the EU's crypto‑asset regime (MiCA) or the payments framework (PSD2), and how can duplication be avoided until PSD3/PSR takes effect?

The EBA's no‑action opinion of 10 June 2025 sketches a pragmatic bridge, however only for the near future. Its guiding idea is simple: keep PSD2 in play only where EMT activity truly looks and behaves like a payment service, and otherwise rely on MiCA. In practice, that means two buckets land inside PSD2: executing EMT transfers on a customer's behalf and providing custody/administration of EMTs where a custodial wallet lets users send to—or receive from—third parties, i.e., a wallet that functions like a payment account. For these cases, firms should secure PSD2 authorisation via streamlined procedures that build on their MiCA materials, with authorisation in place by 1 March 2026. Providers without a licence—or a partnership with a licensed PSP—should then stop offering those specific services.

Looking beyond the interim, the EBA's preferred end state is to strengthen MiCA so that it embeds PSD3/PSR‑level protections for EMT‑based payments—on consumer protection, security/ SCA, capital, and fraud data—making an extra payments licence unnecessary. Failing that, PSD3/PSR should precisely define which EMT services they cover, again without layering a second authorisation. What the EBA rejects outright is a blanket carve‑out of EMTs from PSD3/PSR without first upgrading MiCA: that would skew competition and leave users exposed.

Outlook

From a regulatory perspective, Liechtenstein will, for the time being, continue to operate with two regimes in parallel—MiCAR and the TVTG—with MiCAR prevailing in all essential respects. No significant regulatory changes are expected in 2026.

For 2026, however, the Liechtenstein financial centre expects the first CASP authorisations to be granted.

References:

Bergt, J., & Graber, N.  (2025). Introduction to Liechtenstein due diligence law. Zurich: Schulthess Verlag.

Bergt, J. (2020). Tokens as dematerialized Securities & Token Offerings and decentralized Trading Venues. BoD Verlag.

EBA, Opinion of the European Banking Authority on the interplay between Directive (EU) 2015/2366 (PSD2) and Regulation (EU) 2023/1114 (MiCA) in relation to crypto‑asset service providers that transact electronic money tokens (EBA/Op/2025/08)

ESMA, Guidelines on the conditions and criteria for the qualification of crypto‑assets as financial instruments (ESMA75453128700‑1323)

Raschauer/Stern et al., MiCAR Commentary, Jan Sramek Verlag, Vienna (2024)

Sild, Fundamental Questions of the Liechtenstein TVTG, Jan Sramek Verlag, Vienna (2021)

Stern, Crypto‑asset or Financial Instrument: Does Art. 2(5) MiCAR Solve the Boundary Problem? ZFR 2024/182

Stern, The asset reserve – liquidity regulation for token issuers in MiCAR, ZFR 2023/124.

Originally published by Beaumont Capital Markets.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.