---
title: "Curaçao Crypto Policy for iGaming Operators (2026): Compliance Guide"
slug: curacao-crypto-policy-igaming
excerpt: "What the Curaçao Gaming Authority's June 2026 crypto policy means for operators: prohibitions, governance, the phased timeline, and the banking payoff."
category: iGaming
color: "#00D17A"
featured: false
readTime: 13 min read
publishedAt: 2026-06-29T09:00:00Z
seoTitle: "Curaçao Crypto Policy for iGaming (2026)"
seoDescription: "The Curaçao Gaming Authority's June 2026 crypto policy for iGaming operators: prohibitions, governance, the phased timeline, and how it improves bankability."
author: GetBanked Editorial Team
---

In June 2026 the **Curaçao Gaming Authority** (**CGA**) issued a crypto policy guideline that, for the first time, sets out exactly what controls it expects from licensed operators accepting crypto-assets. It is not a new statute — it is a guideline of expected controls under the **LOK** reform — but it carries a phased compliance timeline with hard prohibitions already live. For any operator running deposits, wagering, withdrawals or treasury in crypto, this is the document that now defines the gap between "licensed" and "compliant".

This guide breaks down who the policy applies to, the governance and accountability it demands, the "not a financial institution" rule, the phased operator roadmap, and — crucially for your banking — why getting this right makes you materially more bankable.

## Table of Contents

1. [What the CGA Crypto Policy Is](#what-the-cga-crypto-policy-is)
2. [Who It Applies To](#who-it-applies-to)
3. [Governance and Accountability](#governance-and-accountability)
4. [The "Not a Financial Institution" Rule](#the-not-a-financial-institution-rule)
5. [AML and KYC Are Not a Carve-Out](#aml-and-kyc-are-not-a-carve-out)
6. [Crypto Is Treated as High Risk](#crypto-is-treated-as-high-risk)
7. [The Phased Compliance Timeline](#the-phased-compliance-timeline)
8. [Walking Through the Operator Roadmap](#walking-through-the-operator-roadmap)
9. [Why This Matters for Your Banking](#why-this-matters-for-your-banking)
10. [Common Mistakes Operators Make](#common-mistakes-operators-make)
11. [FAQ](#faq)
12. [Related Articles](#related-articles)

---

## What the CGA Crypto Policy Is

The June 2026 guideline from the **Curaçao Gaming Authority** is a statement of expected controls for licensees that touch crypto-assets. It sits under the **LOK** framework — the Landsverordening op de kansspelen, Curaçao's reformed gaming legislation that replaced the old master/sub-licence model with direct **CGA** supervision.

The distinction matters. This is a **guideline**, not primary legislation. The **CGA** is telling operators what it now expects to see, how it will assess crypto controls during supervision, and the timeline against which it will measure adoption. The official source is the [Curaçao Gaming Authority](https://www.curacaogamingauthority.com/) itself.

It also does not exist in a vacuum. The guideline explicitly does **not** replace Curaçao's separate Virtual Asset Service Provider laws. If your group does anything that looks like a regulated **VASP** activity, those laws apply independently — the gaming licence does not absorb or override them. This is a recurring theme in the policy: crypto does not get a softer treatment because it sits inside a gambling product.

For operators weighing Curaçao against other jurisdictions, this guideline is a net positive for credibility. A regulator with a written, enforced crypto-controls expectation is easier to bank around than one with silence. See our [Malta MGA vs Curaçao banking comparison](/blog/mga-vs-curacao-banking) for how the two regimes now stack up.

---

## Who It Applies To

The policy applies to **CGA** business-to-consumer ("B2C") licence holders — referred to throughout as "**Licensees**" — operating under the **LOK** reform. If you hold a direct **CGA** licence and accept crypto in any part of your operation, you are in scope.

"In scope" is deliberately broad. The guideline reaches every crypto-asset workflow, not just player deposits:

- **Deposits** — crypto coming in from players
- **Wagering** — crypto used as the betting medium
- **Withdrawals** — crypto paid out to players
- **Treasury** — the operator's own holding, conversion and movement of crypto

It also captures **all group entities** that support the licensed operation. You cannot move a crypto-handling function into a sister company or a holding entity and treat it as out of scope. If the activity supports the licensed B2C operation, the **CGA**'s expectations follow it. For operators using offshore holding structures, this has real design consequences — see our note on [offshore corporate structuring](/blog/offshore-corporate-structuring) and the banking implications below.

What it does not do is convert you into a crypto firm in the regulator's eyes. As above, the guideline sits alongside Curaçao's separate **VASP** laws rather than replacing them. Two regimes, both live.

---

## Governance and Accountability

This is the part operators most often underestimate. The **CGA** wants crypto controls owned at the top of the business, documented, and reviewed on a schedule — not bolted on by the payments team.

The crypto policy itself must be:

- **Signed off by the Licensee's Compliance Officer** — named accountability, not a committee
- **Board-approved** — the policy is a governance document, not an operational memo
- **Dated with an effective date**, a stated **review frequency**, and explicit **triggers for unscheduled review** (a new asset, a new partner, a regulatory change, an incident)

Beyond the policy document, any material change to your crypto setup requires a fresh, documented risk assessment and sign-off. That includes:

- Adding or removing any **accepted crypto asset**
- Adding or removing any **VASP** — exchange or wallet provider — in your stack
- Changing a **risk threshold** in your monitoring or acceptance rules

Each of those is a decision the **CGA** expects to see evidenced, with a rationale and an owner.

### Transaction monitoring and blockchain analytics

Operators must run **blockchain analytics** and transaction monitoring capable of identifying prohibited assets and prohibited patterns. When the system flags prohibited activity, the operator must be able to **reject, freeze or return** the funds, report the incident, keep documented procedures, and train staff on them.

The single most important line in the governance section is this: the **risk assessment may be outsourced; visibility and accountability may not**. You can buy in a Chainalysis or TRM Labs capability, or contract a monitoring provider — but the **CGA** holds the **Compliance Officer** accountable for the outcome regardless of who runs the tooling. The deep mechanics of how this works in practice are covered in our sibling guide on [crypto AML and blockchain analytics for iGaming](/blog/crypto-aml-blockchain-analytics-igaming).

---

## The "Not a Financial Institution" Rule

This is the conceptual spine of the whole guideline. The **CGA** is emphatic that a Licensee is a gambling operator that happens to accept crypto — it is **not** a financial institution, and must not behave like one.

Specifically, Licensees must **not** act as:

- An **exchange**
- A **payment services provider**
- A **VASP**

Operators accept crypto for **gambling services only**. And they must make it explicit to players that the operator is **not responsible** for any third-party exchange the player chooses to use to obtain or convert crypto. The relationship is: player brings crypto, player wagers, player withdraws crypto. Nothing else.

In practical terms, the guideline draws a hard line around activities operators must not offer:

- **No crypto-to-crypto or crypto-to-fiat conversion for users** — you cannot swap a player's Bitcoin into USDT or into euros as a service
- **No trading, swapping or exchange services** — you are not a venue for players to deal in assets
- **No custody, transfer or wallet services outside the gambling transaction itself** — you hold crypto only as far as the wager requires it

This is where many existing crypto casinos will need to redesign. If your product currently lets players hold a balance, convert between assets, or move funds around for reasons unrelated to wagering, that functionality now sits on the wrong side of the line. The broader operational reality of running crypto-in / crypto-out gambling — treasury, off-ramps, exchange relationships — is covered in our [crypto casino banking guide](/blog/crypto-casino-banking).

---

## AML and KYC Are Not a Carve-Out

A common misreading of crypto acceptance is that it somehow sidesteps anti-money-laundering obligations. The **CGA** closes that door directly: its **AML** policy applies **equally to fiat and crypto**. There is no lighter regime because the value arrived on a blockchain.

In concrete terms, operators must detail their **crypto controls** within the **AML**/**CFT** policy they submit on the **CGA** Portal. Your **KYC**, **CFT** (countering the financing of terrorism), source-of-funds and monitoring obligations all extend to crypto flows, and the regulator expects to see the crypto-specific detail spelled out — not a fiat policy with "and also crypto" appended.

This is a brief treatment here by design, because the depth belongs elsewhere. The full mechanics — delayed **KYC** thresholds, **EDD** triggers, **SAR** filing on crypto activity, and how blockchain analytics feed the **AML** programme — are the subject of our dedicated guide on [crypto AML and blockchain analytics for iGaming](/blog/crypto-aml-blockchain-analytics-igaming). The principle to carry from this article: AML is one programme covering both rails, and the crypto half must be written down and submitted.

---

## Crypto Is Treated as High Risk

The **CGA** classifies crypto-assets as **high risk** by default. That classification drives an **asset-specific risk assessment** requirement: you cannot accept a basket of tokens under one blanket policy. Each accepted asset needs its own documented assessment of the laundering, sanctions, volatility and traceability risk it carries.

The guideline signals a clear preference for **fiat-backed, regulated stablecoins** over volatile or opaque assets. A regulated **stablecoin** with transparent reserves and a known issuer is materially easier to risk-assess — and to bank around — than a privacy coin or a thinly-traded token with an unclear provenance.

This is, again, a brief treatment. The detailed asset-tiering logic, wallet-ownership controls and treasury segregation that flow from the high-risk classification are covered in our sibling deep-dive on [iGaming crypto wallet segregation](/blog/igaming-crypto-wallet-segregation). The takeaway for the pillar view: high risk is the starting assumption, asset-by-asset assessment is mandatory, and regulated stablecoins are the preferred medium.

---

## The Phased Compliance Timeline

The centrepiece of the guideline is a phased timeline. The **CGA** has not demanded full implementation overnight — but it has made the immediate prohibitions live from June 2026, with documented milestones over the following twelve months. This is the operator roadmap.

| Phase | Deadline | What the CGA Expects |
|---|---|---|
| **Immediate** | June 2026 | Prohibitions live: no sanctioned wallets, no mixers/tumblers, no prohibited crypto assets, no personal or **UBO**-linked wallets, and no acting as an exchange, **PSP** or **VASP**. |
| **Within 3 months** | September 2026 | Upload a crypto policy to the **CGA** Portal with a clear adoption/compliance timeline. Prioritise building crypto knowledge — internal upskilling or hiring. |
| **Within 6 months** | December 2026 | Complete documented crypto risk assessments, **VASP** due diligence, wallet-ownership controls, transaction-monitoring procedures and staff training. |
| **Within 12 months** | June 2027 | Fully implement wallet segregation, **blockchain analytics** capability, reconciliation processes, withdrawal whitelisting (or equivalent) and audit-ready record-keeping. |

One caveat sits above the whole table: the **CGA** may require **earlier implementation** where it identifies material risks at a specific operator. The deadlines are ceilings, not entitlements. An operator with weak controls and high-risk flows should not assume it has until June 2027 to act.

---

## Walking Through the Operator Roadmap

The table sets the deadlines; here is what each phase actually demands of your business.

### Immediate (June 2026): the prohibitions are already live

These are not future obligations — they apply now. The hard stops are:

- **Sanctioned wallets** — any address connected to a sanctioned entity or jurisdiction
- **Mixers and tumblers** — Tornado Cash and equivalents that break transaction traceability
- **Prohibited crypto assets** — anything your risk assessment or the **CGA** rules out
- **Personal or UBO-linked wallets** — operator funds must not flow through directors' or ultimate-beneficial-owners' personal addresses
- **Acting as an exchange, PSP or VASP** — the "not a financial institution" line, enforced from day one

If any of these are live in your operation today, they are the first thing to fix. There is no grace period on the prohibitions.

### Within 3 months (September 2026): policy and people

By September you need a crypto policy uploaded to the **CGA** Portal with a credible adoption timeline showing how you will hit the six- and twelve-month milestones. The regulator is not expecting full implementation at this stage — it is expecting a documented, board-approved plan and evidence you are building the **crypto knowledge** to execute it, whether by training existing staff or hiring.

### Within 6 months (December 2026): the control framework

This is where the substance lands. By December you must have completed documented crypto risk assessments (asset-by-asset), **VASP** due diligence on every exchange and wallet provider in your stack, wallet-ownership controls, transaction-monitoring procedures, and staff training on all of it. This is the bulk of the compliance build.

### Within 12 months (June 2027): full operational maturity

The final phase is about operating at audit-ready maturity: full **wallet segregation** between operational and player funds, live **blockchain analytics** capability, reconciliation processes that tie on-chain movements to your ledger, **withdrawal whitelisting** (or an equivalent control limiting where funds can go), and record-keeping that would survive a regulator's inspection.

Operators who treat these as four separate fire-drills will struggle. The smarter approach is to design the December and June-2027 controls now, and use the September policy submission to commit to them — because the same architecture underpins your banking case.

---

## Why This Matters for Your Banking

Here is the part most compliance commentary misses. Everything the **CGA** now expects — wallet segregation, **VASP** due diligence, blockchain analytics, asset-specific risk assessment, board-level accountability — is exactly what banks, **EMI**s and acquirers already demand before they will touch a crypto-accepting gambling operator.

The institutions that bank crypto iGaming are vanishingly few, and they are conservative. When a bank's compliance team assesses you, they are looking for the same controls the **CGA** has just written down: can you prove funds are segregated, can you show you screen for sanctioned and mixer-tagged wallets, can you name the person accountable, and can you produce an audit trail. An operator who has done the **CGA** work has, in effect, pre-built the banking file.

This is the strategic point. The June 2026 guideline is not just a compliance cost — it is a **bankability upgrade**. Operators who get crypto controls, wallet segregation and **VASP** due diligence right become materially easier to onboard, hold and retain as banking clients. The ones who treat it as a box-ticking exercise will find their off-ramp options narrowing exactly as banks and exchanges tighten their own crypto-gambling risk thresholds.

The flip side is also true: weak controls now read as a banking red flag, not just a regulatory one. A bank that sees no segregation, no analytics and no named owner does not see a gap to be fixed — it sees a decline. For the foundational banking context, start with our [Curaçao gaming licence and banking guide](/blog/curacao-gaming-licence-banking) and the broader [iGaming licence comparison](/blog/gaming-licence-comparison).

At GetBanked, this is precisely the work we do: helping operators build crypto and banking infrastructure that satisfies both the regulator and the bank at the same time, because the requirements have converged. The detailed treasury and **VASP** mechanics live in our guides on [crypto business banking and VASP compliance](/blog/crypto-business-banking-vasp) and [crypto casino banking](/blog/crypto-casino-banking).

---

## Common Mistakes Operators Make

**Treating the prohibitions as future work.** The June 2026 stops — sanctioned wallets, mixers, **UBO**-linked wallets, acting as a **VASP** — are live now. There is no phase-in on these.

**Assuming the gaming licence absorbs VASP law.** It does not. The guideline explicitly sits alongside Curaçao's separate **VASP** regime. If a group entity does **VASP**-like activity, those laws apply independently.

**Outsourcing accountability with the tooling.** You can buy in blockchain analytics; you cannot buy out the **Compliance Officer**'s accountability. The **CGA** holds the named individual responsible for the outcome.

**Letting crypto skip the AML policy.** Crypto controls must be written into the **AML**/**CFT** policy submitted on the **CGA** Portal. A fiat-only policy with crypto bolted on informally will not satisfy supervision.

**Designing each phase in isolation.** The December control framework and the June-2027 maturity build share one architecture. Operators who plan them together — and commit to it in the September policy submission — finish faster and produce a cleaner banking file. Operators who fight four separate fire-drills usually miss a deadline.

**Ignoring the bankability dividend.** The biggest strategic error is seeing this purely as cost. The same controls that satisfy the **CGA** are the ones that get you banked. Build once, satisfy both.

---

## FAQ

### Is the CGA crypto policy a new law?

**No.** It is a guideline of expected controls issued by the **Curaçao Gaming Authority** under the **LOK** framework, not a new statute. That said, it carries a phased compliance timeline with hard prohibitions already live from June 2026, and the **CGA** will assess your crypto controls against it during supervision. Treat it as binding in practice even though it is technically guidance.

### Does the crypto policy replace Curaçao's VASP laws?

**No.** The guideline explicitly does not replace Curaçao's separate Virtual Asset Service Provider laws. If any entity in your group carries out regulated **VASP** activity, those laws apply independently of the gaming licence. The two regimes run in parallel — the gaming licence does not override or absorb the **VASP** rules.

### Can a Curaçao operator convert crypto to fiat for its players?

**No.** Under the "not a financial institution" rule, Licensees must not act as an exchange, **payment services provider** or **VASP**. That means no crypto-to-crypto or crypto-to-fiat conversion for users, no trading or swapping services, and no custody or wallet services beyond the gambling transaction itself. Operators must also tell players explicitly that the operator is not responsible for any third-party exchange the player uses.

### What is the deadline to upload a crypto policy to the CGA Portal?

**Within three months — by September 2026.** The uploaded policy must include a clear adoption and compliance timeline showing how you will meet the six-month (December 2026) and twelve-month (June 2027) milestones. The **CGA** also expects evidence at this stage that you are building crypto knowledge through staff upskilling or hiring.

### Are stablecoins treated differently under the CGA policy?

**Yes, favourably.** The **CGA** treats crypto as high risk by default and requires an asset-specific risk assessment for each accepted asset, but it signals a clear preference for fiat-backed, regulated **stablecoins** over volatile or opaque assets. A transparent, regulated stablecoin is easier to risk-assess and to bank around. The detailed asset-tiering logic is covered in our [crypto wallet segregation guide](/blog/igaming-crypto-wallet-segregation).

### How does the crypto policy affect my chances of getting banked?

**Significantly, and positively if you do it well.** The controls the **CGA** now expects — wallet segregation, **VASP** due diligence, blockchain analytics, named accountability, audit-ready records — are the same controls banks, **EMI**s and acquirers require before onboarding a crypto-accepting operator. Doing the **CGA** work effectively pre-builds your banking file. Weak controls, by contrast, read as a banking red flag.

---

**Related Articles**

- [Curaçao Gaming Licence & Business Banking](/blog/curacao-gaming-licence-banking)
- [Malta MGA vs Curaçao Gaming Licence: Banking Comparison](/blog/mga-vs-curacao-banking)
- [Crypto Casino Banking: How No-KYC Operators Actually Cash Out](/blog/crypto-casino-banking)
- [Crypto Business Banking & VASP Compliance](/blog/crypto-business-banking-vasp)
- [iGaming Licence Comparison: Which Jurisdiction Is Right for You?](/blog/gaming-licence-comparison)
- [iGaming Crypto Wallet Segregation](/blog/igaming-crypto-wallet-segregation)
- [Crypto AML & Blockchain Analytics for iGaming](/blog/crypto-aml-blockchain-analytics-igaming)

**CTA:** Submit a free pre-approval in 2 minutes and we will tell you, within 24 hours, exactly which banks and EMIs will work with your Curaçao crypto setup.


---
Source: https://www.getbanked.co/blog/curacao-crypto-policy-igaming