A Virtual Asset Service Provider (VASP) is a business that conducts activities involving virtual assets like cryptocurrencies or stablecoins. The term was introduced by the Financial Action Task Force (FATF), the global standard-setter for anti-money laundering and counter-terrorism financing, and is now widely used in regulatory frameworks worldwide.

Virtual assets are digital representations of value that can be traded, transferred, and used for payment or investment purposes, including cryptocurrencies like Bitcoin and Ethereum, stablecoins like USDC and USDT, and certain tokens. The VASP designation focuses on businesses that provide services for these assets, not software publishers who create new virtual assets.

What services do VASPs provide?

According to the FATF definition, a VASP is any person or business that conducts one or more of these activities:

• Exchange between virtual assets and fiat currencies: Platforms that convert cryptocurrencies to government-issued money (USD, EUR, etc.) and vice versa
• Exchange between virtual assets: Trading one cryptocurrency or stablecoin for another
• Transfer of virtual assets: Moving digital assets between wallets or across blockchain networks
• Safekeeping and administration: Custody services that hold or manage virtual assets or instruments enabling control over them
• Participation in financial services related to issuance or sale: Supporting token launches, fundraising, or promotion of virtual assets

These activities encompass the core services that connect traditional finance with the digital asset ecosystem. Common types of VASPs include centralized exchanges (CEXs) like Coinbase and Binance, custodial wallet providers, OTC desks, crypto ATMs, payment processors, and on-ramp/off-ramp providers that enable fiat-to-crypto conversions.

What regulatory requirements do VASPs need to follow?

Since 2019, FATF has extended its Recommendation 15 to specifically address VASPs, requiring these entities to follow the same robust AML/CFT standards as traditional financial institutions.

Core compliance obligations for VASPs include:

• Registration and licensing: VASPs must register with financial regulatory authorities in their operating jurisdictions
• KYC and AML procedures: Identity verification, customer onboarding, and ongoing transaction monitoring
• Travel Rule compliance: Collection and transmission of sender and recipient information for transactions over certain thresholds (typically $1,000 or €1,000)
• Suspicious transaction reporting: Filing reports to authorities when transactions meet specific risk criteria
• Customer due diligence: Ongoing monitoring of customer transactions to detect and assess risks
• Record keeping: Maintaining detailed records of customer identities and transaction histories

These requirements vary by jurisdiction. The EU's Markets in Crypto-Assets (MiCA) regulation uses the term Crypto-Asset Service Provider (CASP), while Australia uses Digital Currency Exchange Provider (DCEP).

How do VASP regulations differ by region?

Regulatory approaches to VASPs differ across jurisdictions, though most align with FATF guidance.

Major regulatory frameworks include:

• European Union (MiCA): Comprehensive regulation requiring licensing, governance, risk management, AML/CFT protocols, and consumer protection. CASPs must meet extensive compliance obligations with capital requirements ranging from €50,000 to €150,000 depending on services offered
• United States: State-by-state regulation through money transmitter licenses, with additional federal oversight from FinCEN and the SEC for securities-related tokens
• United Kingdom (FCA): Comprehensive registration and AML/KYC requirements with strong consumer protection measures
• Singapore (MAS): Payment Services Act licensing with robust AML/CFT frameworks
• Hong Kong (SFC): Licensing for virtual asset trading platforms with minimum HKD 3 million liquid capital requirements
• UAE (VARA): Dubai's Virtual Assets Regulatory Authority enforces strict licensing and compliance standards

How do VASPs help prevent financial crime?

VASPs play a crucial role in combating money laundering and terrorism financing within the cryptocurrency ecosystem. Law enforcement agencies interact with VASPs to access KYC information, transaction records, and user data during investigations.

Common enforcement mechanisms include:

• Subpoenas: Requiring VASPs to provide specific user data or transaction details
• Search warrants: Granting access to accounts when criminal activity is suspected
• Freeze orders: Mandating account freezes linked to illicit activities
• Suspicious Activity Reports (SARs): VASPs file reports that help law enforcement prioritize high-risk cases

Blockchain analytics providers like Elliptic, TRM Labs, and Chainalysis offer tools that help VASPs detect hidden illicit activity, assess counterparty risk, and maintain compliance programs. Research shows that the cryptocurrency industry has successfully reduced illicit activity, with estimates suggesting less than 1% of all transactions involve criminal activity, partly due to increased VASP compliance.

‍