Mandate (framework lens)
Defines licensing categories, control expectations, and structured disclosures for virtual asset activities, with emphasis on due diligence compatibility.
About the Framework
Neves Crypto License presents a structured licensing framework for virtual asset activities. The framework is designed for cross-border market operators and is organized around governance accountability, AML/CFT controls, safeguarding expectations, and technology risk management.
Mandate, scope, and operating principles
The framework is presented as a structured reference for licensing categories and operating expectations. It is designed to help firms understand baseline governance and compliance controls expected for virtual asset activities, and to support consistent documentation practices.
Scope
Addresses exchange, custody, brokerage, issuance, stablecoin operations, and infrastructure services where these are material to client risk.
Operating principles
Evidence-led controls, clear accountability, proportional requirements, and consistent publication and recordkeeping expectations.
Governance and supervisory approach
The framework emphasizes governance ownership and the ability to demonstrate control effectiveness. Firms should be prepared to document how controls operate in practice, including monitoring, testing, escalation paths, and incident handling.
Governance structure (control ownership)
Firms are expected to define responsibilities across leadership, compliance functions, risk ownership, and operational teams. Governance statements should be supported by artefacts (policies, logs, testing results, committee minutes where relevant).
- Board / leadership oversight and accountability mapping
- Compliance and risk function independence and escalation design
- Conflicts management and client communication controls
- Third-party management and outsourcing governance
Supervision focus (risk-based)
Supervisory focus scales with risk profile: custody exposure, leverage/derivatives complexity (where applicable), cross-border flows, technology dependencies, and client base characteristics.
- Client asset safeguarding model and recovery readiness
- AML / sanctions architecture and monitoring effectiveness
- Market integrity measures and surveillance capability
- Cyber resilience and incident response maturity
How the framework connects to applications
The framework is organized to support a structured application pathway. Applications are document-led and expected to align with category-specific evidence requirements, including policies, technical documentation, internal controls, and governance artefacts.
1
Category scoping
Confirm the intended activities and map them to the correct licensing category and risk modules.
2
Evidence checklist preparation
Prepare governance, AML, safeguarding, and technology documents with clear version control and ownership.
3
Submission pathway
Applications are packaged via registered agents where required by process, including controlled representations and supporting artefacts.
4
Assessment readiness
Be prepared to demonstrate how controls operate in practice: monitoring, escalation, audits, and incident handling.
Next: licensing categories and eligibility
Review category scope, baseline requirements, and the obligations that attach to each activity type.