What the Curaçao Gaming Authority's June 2026 crypto policy means for operators: prohibitions, governance, the phased timeline, and the banking payoff.
In June 2026 the Curaçao Gaming Authority (CGA) issued a crypto policy guideline that, for the first time, sets out exactly what controls it expects from licensed operators accepting crypto-assets. It is not a new statute — it is a guideline of expected controls under the LOK reform — but it carries a phased compliance timeline with hard prohibitions already live. For any operator running deposits, wagering, withdrawals or treasury in crypto, this is the document that now defines the gap between "licensed" and "compliant".
This guide breaks down who the policy applies to, the governance and accountability it demands, the "not a financial institution" rule, the phased operator roadmap, and — crucially for your banking — why getting this right makes you materially more bankable.
The June 2026 guideline from the Curaçao Gaming Authority is a statement of expected controls for licensees that touch crypto-assets. It sits under the LOK framework — the Landsverordening op de kansspelen, Curaçao's reformed gaming legislation that replaced the old master/sub-licence model with direct CGA supervision.
The distinction matters. This is a guideline, not primary legislation. The CGA is telling operators what it now expects to see, how it will assess crypto controls during supervision, and the timeline against which it will measure adoption. The official source is the Curaçao Gaming Authority itself.
It also does not exist in a vacuum. The guideline explicitly does not replace Curaçao's separate Virtual Asset Service Provider laws. If your group does anything that looks like a regulated VASP activity, those laws apply independently — the gaming licence does not absorb or override them. This is a recurring theme in the policy: crypto does not get a softer treatment because it sits inside a gambling product.
For operators weighing Curaçao against other jurisdictions, this guideline is a net positive for credibility. A regulator with a written, enforced crypto-controls expectation is easier to bank around than one with silence. See our Malta MGA vs Curaçao banking comparison for how the two regimes now stack up.
The policy applies to CGA business-to-consumer ("B2C") licence holders — referred to throughout as "Licensees" — operating under the LOK reform. If you hold a direct CGA licence and accept crypto in any part of your operation, you are in scope.
"In scope" is deliberately broad. The guideline reaches every crypto-asset workflow, not just player deposits:
It also captures all group entities that support the licensed operation. You cannot move a crypto-handling function into a sister company or a holding entity and treat it as out of scope. If the activity supports the licensed B2C operation, the CGA's expectations follow it. For operators using offshore holding structures, this has real design consequences — see our note on offshore corporate structuring and the banking implications below.
What it does not do is convert you into a crypto firm in the regulator's eyes. As above, the guideline sits alongside Curaçao's separate VASP laws rather than replacing them. Two regimes, both live.
This is the part operators most often underestimate. The CGA wants crypto controls owned at the top of the business, documented, and reviewed on a schedule — not bolted on by the payments team.
The crypto policy itself must be:
Beyond the policy document, any material change to your crypto setup requires a fresh, documented risk assessment and sign-off. That includes:
Each of those is a decision the CGA expects to see evidenced, with a rationale and an owner.
Operators must run blockchain analytics and transaction monitoring capable of identifying prohibited assets and prohibited patterns. When the system flags prohibited activity, the operator must be able to reject, freeze or return the funds, report the incident, keep documented procedures, and train staff on them.
The single most important line in the governance section is this: the risk assessment may be outsourced; visibility and accountability may not. You can buy in a Chainalysis or TRM Labs capability, or contract a monitoring provider — but the CGA holds the Compliance Officer accountable for the outcome regardless of who runs the tooling. The deep mechanics of how this works in practice are covered in our sibling guide on crypto AML and blockchain analytics for iGaming.
This is the conceptual spine of the whole guideline. The CGA is emphatic that a Licensee is a gambling operator that happens to accept crypto — it is not a financial institution, and must not behave like one.
Specifically, Licensees must not act as:
Operators accept crypto for gambling services only. And they must make it explicit to players that the operator is not responsible for any third-party exchange the player chooses to use to obtain or convert crypto. The relationship is: player brings crypto, player wagers, player withdraws crypto. Nothing else.
In practical terms, the guideline draws a hard line around activities operators must not offer:
This is where many existing crypto casinos will need to redesign. If your product currently lets players hold a balance, convert between assets, or move funds around for reasons unrelated to wagering, that functionality now sits on the wrong side of the line. The broader operational reality of running crypto-in / crypto-out gambling — treasury, off-ramps, exchange relationships — is covered in our crypto casino banking guide.
A common misreading of crypto acceptance is that it somehow sidesteps anti-money-laundering obligations. The CGA closes that door directly: its AML policy applies equally to fiat and crypto. There is no lighter regime because the value arrived on a blockchain.
In concrete terms, operators must detail their crypto controls within the AML/CFT policy they submit on the CGA Portal. Your KYC, CFT (countering the financing of terrorism), source-of-funds and monitoring obligations all extend to crypto flows, and the regulator expects to see the crypto-specific detail spelled out — not a fiat policy with "and also crypto" appended.
This is a brief treatment here by design, because the depth belongs elsewhere. The full mechanics — delayed KYC thresholds, EDD triggers, SAR filing on crypto activity, and how blockchain analytics feed the AML programme — are the subject of our dedicated guide on crypto AML and blockchain analytics for iGaming. The principle to carry from this article: AML is one programme covering both rails, and the crypto half must be written down and submitted.
The CGA classifies crypto-assets as high risk by default. That classification drives an asset-specific risk assessment requirement: you cannot accept a basket of tokens under one blanket policy. Each accepted asset needs its own documented assessment of the laundering, sanctions, volatility and traceability risk it carries.
The guideline signals a clear preference for fiat-backed, regulated stablecoins over volatile or opaque assets. A regulated stablecoin with transparent reserves and a known issuer is materially easier to risk-assess — and to bank around — than a privacy coin or a thinly-traded token with an unclear provenance.
This is, again, a brief treatment. The detailed asset-tiering logic, wallet-ownership controls and treasury segregation that flow from the high-risk classification are covered in our sibling deep-dive on iGaming crypto wallet segregation. The takeaway for the pillar view: high risk is the starting assumption, asset-by-asset assessment is mandatory, and regulated stablecoins are the preferred medium.
The centrepiece of the guideline is a phased timeline. The CGA has not demanded full implementation overnight — but it has made the immediate prohibitions live from June 2026, with documented milestones over the following twelve months. This is the operator roadmap.
| Phase | Deadline | What the CGA Expects |
|---|---|---|
| Immediate | June 2026 | Prohibitions live: no sanctioned wallets, no mixers/tumblers, no prohibited crypto assets, no personal or UBO-linked wallets, and no acting as an exchange, PSP or VASP. |
| Within 3 months | September 2026 | Upload a crypto policy to the CGA Portal with a clear adoption/compliance timeline. Prioritise building crypto knowledge — internal upskilling or hiring. |
| Within 6 months | December 2026 | Complete documented crypto risk assessments, VASP due diligence, wallet-ownership controls, transaction-monitoring procedures and staff training. |
| Within 12 months | June 2027 | Fully implement wallet segregation, blockchain analytics capability, reconciliation processes, withdrawal whitelisting (or equivalent) and audit-ready record-keeping. |
One caveat sits above the whole table: the CGA may require earlier implementation where it identifies material risks at a specific operator. The deadlines are ceilings, not entitlements. An operator with weak controls and high-risk flows should not assume it has until June 2027 to act.
The table sets the deadlines; here is what each phase actually demands of your business.
These are not future obligations — they apply now. The hard stops are:
If any of these are live in your operation today, they are the first thing to fix. There is no grace period on the prohibitions.
By September you need a crypto policy uploaded to the CGA Portal with a credible adoption timeline showing how you will hit the six- and twelve-month milestones. The regulator is not expecting full implementation at this stage — it is expecting a documented, board-approved plan and evidence you are building the crypto knowledge to execute it, whether by training existing staff or hiring.
This is where the substance lands. By December you must have completed documented crypto risk assessments (asset-by-asset), VASP due diligence on every exchange and wallet provider in your stack, wallet-ownership controls, transaction-monitoring procedures, and staff training on all of it. This is the bulk of the compliance build.
The final phase is about operating at audit-ready maturity: full wallet segregation between operational and player funds, live blockchain analytics capability, reconciliation processes that tie on-chain movements to your ledger, withdrawal whitelisting (or an equivalent control limiting where funds can go), and record-keeping that would survive a regulator's inspection.
Operators who treat these as four separate fire-drills will struggle. The smarter approach is to design the December and June-2027 controls now, and use the September policy submission to commit to them — because the same architecture underpins your banking case.
Here is the part most compliance commentary misses. Everything the CGA now expects — wallet segregation, VASP due diligence, blockchain analytics, asset-specific risk assessment, board-level accountability — is exactly what banks, EMIs and acquirers already demand before they will touch a crypto-accepting gambling operator.
The institutions that bank crypto iGaming are vanishingly few, and they are conservative. When a bank's compliance team assesses you, they are looking for the same controls the CGA has just written down: can you prove funds are segregated, can you show you screen for sanctioned and mixer-tagged wallets, can you name the person accountable, and can you produce an audit trail. An operator who has done the CGA work has, in effect, pre-built the banking file.
This is the strategic point. The June 2026 guideline is not just a compliance cost — it is a bankability upgrade. Operators who get crypto controls, wallet segregation and VASP due diligence right become materially easier to onboard, hold and retain as banking clients. The ones who treat it as a box-ticking exercise will find their off-ramp options narrowing exactly as banks and exchanges tighten their own crypto-gambling risk thresholds.
The flip side is also true: weak controls now read as a banking red flag, not just a regulatory one. A bank that sees no segregation, no analytics and no named owner does not see a gap to be fixed — it sees a decline. For the foundational banking context, start with our Curaçao gaming licence and banking guide and the broader iGaming licence comparison.
At GetBanked, this is precisely the work we do: helping operators build crypto and banking infrastructure that satisfies both the regulator and the bank at the same time, because the requirements have converged. The detailed treasury and VASP mechanics live in our guides on crypto business banking and VASP compliance and crypto casino banking.
Treating the prohibitions as future work. The June 2026 stops — sanctioned wallets, mixers, UBO-linked wallets, acting as a VASP — are live now. There is no phase-in on these.
Assuming the gaming licence absorbs VASP law. It does not. The guideline explicitly sits alongside Curaçao's separate VASP regime. If a group entity does VASP-like activity, those laws apply independently.
Outsourcing accountability with the tooling. You can buy in blockchain analytics; you cannot buy out the Compliance Officer's accountability. The CGA holds the named individual responsible for the outcome.
Letting crypto skip the AML policy. Crypto controls must be written into the AML/CFT policy submitted on the CGA Portal. A fiat-only policy with crypto bolted on informally will not satisfy supervision.
Designing each phase in isolation. The December control framework and the June-2027 maturity build share one architecture. Operators who plan them together — and commit to it in the September policy submission — finish faster and produce a cleaner banking file. Operators who fight four separate fire-drills usually miss a deadline.
Ignoring the bankability dividend. The biggest strategic error is seeing this purely as cost. The same controls that satisfy the CGA are the ones that get you banked. Build once, satisfy both.
No. It is a guideline of expected controls issued by the Curaçao Gaming Authority under the LOK framework, not a new statute. That said, it carries a phased compliance timeline with hard prohibitions already live from June 2026, and the CGA will assess your crypto controls against it during supervision. Treat it as binding in practice even though it is technically guidance.
No. The guideline explicitly does not replace Curaçao's separate Virtual Asset Service Provider laws. If any entity in your group carries out regulated VASP activity, those laws apply independently of the gaming licence. The two regimes run in parallel — the gaming licence does not override or absorb the VASP rules.
No. Under the "not a financial institution" rule, Licensees must not act as an exchange, payment services provider or VASP. That means no crypto-to-crypto or crypto-to-fiat conversion for users, no trading or swapping services, and no custody or wallet services beyond the gambling transaction itself. Operators must also tell players explicitly that the operator is not responsible for any third-party exchange the player uses.
Within three months — by September 2026. The uploaded policy must include a clear adoption and compliance timeline showing how you will meet the six-month (December 2026) and twelve-month (June 2027) milestones. The CGA also expects evidence at this stage that you are building crypto knowledge through staff upskilling or hiring.
Yes, favourably. The CGA treats crypto as high risk by default and requires an asset-specific risk assessment for each accepted asset, but it signals a clear preference for fiat-backed, regulated stablecoins over volatile or opaque assets. A transparent, regulated stablecoin is easier to risk-assess and to bank around. The detailed asset-tiering logic is covered in our crypto wallet segregation guide.
Significantly, and positively if you do it well. The controls the CGA now expects — wallet segregation, VASP due diligence, blockchain analytics, named accountability, audit-ready records — are the same controls banks, EMIs and acquirers require before onboarding a crypto-accepting operator. Doing the CGA work effectively pre-builds your banking file. Weak controls, by contrast, read as a banking red flag.
Related Articles
Submit a free pre-approval in 2 minutes and we will tell you, within 24 hours, exactly which banks and EMIs will work with your Curaçao crypto setup.
Get Free Pre-ApprovalSubmit a free pre-approval in 2 minutes. We respond within 24 hours with a realistic outcome.
Get Free Pre-Approval