In This Article

What Is a Virtual Asset Service Provider (VASP)?
Why VASPs Matter in the Crypto Ecosystem?
Types of Virtual Asset Service Providers (With Real Examples)
Why Are VASPs Regulated?
VASP Compliance Requirements: AML, KYC & Travel Rule
VASP Licensing & Registration by Jurisdiction
Consequences of VASP Non-Compliance
How to Register or Get Licensed as a VASP? Step-by-Step Guide
Conclusion

If you have ever bought Bitcoin on an exchange, sent crypto through a wallet app, or converted digital currency into cash, you have used a VASP without even knowing it. So, what are Virtual Asset Service Providers? A VASP is any business that exchanges, transfers, or stores virtual assets like cryptocurrency on behalf of someone else. Crypto exchanges, custodial wallets, Bitcoin ATMs, they all fall under this umbrella.

Regulators worldwide are cracking down on how these businesses operate. The Financial Action Task Force (FATF) introduced the VASP framework in 2018, and since then, governments across the US, EU, UK, and beyond have built entire licensing and compliance regimes around it. This guide covers everything you need to know.

Key Takeaways

A VASP is any business that exchanges, transfers, or stores cryptocurrency on behalf of others.
The term was defined by FATF in 2018 and is now used by regulators in 200+ countries.
VASPs include crypto exchanges, custodial wallets, Bitcoin ATMs, OTC desks, and payment processors.
All VASPs must comply with AML, KYC, and the Travel Rule, non-compliance means heavy fines or shutdown.
Licensing varies by country, FinCEN in the U.S., MiCA in the EU, VARA in Dubai, but standards are converging globally.
DeFi platforms may also qualify as VASPs depending on who controls them.

What Is a Virtual Asset Service Provider (VASP)?

A Virtual Asset Service Provider, or VASP, is any business or individual that provides services involving virtual assets, such as cryptocurrencies, on behalf of someone else. Think of a VASP as the crypto world’s equivalent of a bank or a money transfer service. Just as banks help people store, send, and exchange regular money, VASPs help people store, send, and exchange digital money like Bitcoin or Ethereum.

What does VASP stand for — Source: Pexels

The term was formally introduced by the Financial Action Task Force (FATF), the global body that sets anti-money laundering (AML) standards, in 2018, when it extended its financial crime prevention rules to cover the world of virtual assets.

Official FATF Definition of VASP

According to FATF, a virtual asset service provider is:

Any natural or legal person who is not covered elsewhere under the FATF Recommendations and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

Exchange between virtual assets and fiat currencies
Exchange between one or more forms of virtual assets
Transfer of virtual assets
Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets
Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset”

A few things worth noting here. First, the definition is intentionally broad. FATF says it should be interpreted expansively so that no crypto business can easily claim it falls outside the rules.

Second, you only need to perform one of those five activities as a business to qualify as a VASP. Third, it has to be done on behalf of someone else, not just for yourself. FATF also clarifies who is not a VASP. Software developers who simply create tools or protocols that others use are generally not VASPs. Individual miners using crypto for their own benefit, individual P2P traders, and consumers making personal transactions are also excluded.

VASP vs. CASP: What Is the Difference?

You will often see the terms VASP and CASP (Crypto-Asset Service Provider) used interchangeably, but there is a meaningful difference. Here is how they compare:

Feature	VASP (FATF term)	CASP (EU MiCA term)
Defined by	FATF (global policy body)	EU MiCA Regulation
Scope	Broad, includes NFTs if used for payment/investment	Narrower, excludes most NFTs
Used where	Globally (FATF member countries)	European Union only
Licensing	Varies by country	Harmonized EU-wide license
Compliance rules	AML/CTF per FATF	AML/CFT + consumer protection, governance

The key takeaway, VASP is the global term used by FATF. CASP is the equivalent term used within the European Union under MiCA. If you operate in the EU, your compliance framework will use CASP language. If you operate anywhere else, or globally, you will deal with VASP requirements.

Benefits & Risks of Virtual Asset Service Provider

VASPs offer important infrastructure that helps make crypto more accessible and compliant, but they also introduce certain trade-offs around privacy, control, and centralization.

Benefits

Simplifies access to crypto for everyday users
Enables fiat on-ramps and off-ramps
Provides custodial security solutions
Supports liquidity and active trading markets
Facilitates institutional participation through compliance

Risks

May require KYC and identity verification
Centralization introduces counterparty risk
Transactions may be monitored or restricted
Potential for account freezes due to compliance checks
Reduced user privacy compared to self-custody

Why VASPs Matter in the Crypto Ecosystem?

Virtual Asset Service Providers play a foundational role in making crypto usable, scalable, and accessible to the broader public. While blockchain technology enables peer-to-peer transactions, VASPs provide the infrastructure that allows everyday users and institutions to interact with digital assets safely, as discussed above.

Accessibility for Mainstream Users

VASPs simplify complex blockchain processes by offering user-friendly platforms where people can buy, sell, and store crypto without needing deep technical knowledge. This lowers the barrier to entry and supports wider adoption.

Liquidity & Market Functionality

Crypto markets rely on VASPs to provide trading environments that enable price discovery and asset exchange. Without these intermediaries, it would be difficult to maintain active and efficient markets.

Fiat On-Ramps & Off-Ramps

VASPs connect traditional finance with digital assets by allowing users to convert fiat currency into crypto and vice versa. This bridge is essential for bringing new participants into the ecosystem.

Security & Custodial Services

Many users prefer platforms that manage private keys and safeguard funds on their behalf. VASPs offer custodial solutions that reduce the risks associated with self-storage, such as lost keys or user error.

Institutional Participation

Regulated VASPs provide the compliance infrastructure that institutions require before engaging with crypto markets. This includes AML controls, reporting mechanisms, and governance standards.

Regulatory Integration

VASPs serve as the main touchpoint between crypto innovation and financial regulation. By implementing AML, KYC, and reporting requirements, they help align the ecosystem with global compliance expectations.

Types of Virtual Asset Service Providers (With Real Examples)

Virtual Asset Service Providers (VASPs) come in many forms, from crypto exchanges and custodial wallets to payment processors and token platforms. Each plays a role in helping users access, move, and manage digital assets. Below, we explore the main types of VASPs, along with real-world examples of how they function.

Cryptocurrency Exchanges

Crypto exchanges are the most well-known type of VASP. They are platforms where users can buy, sell, and trade virtual assets, either swapping crypto for fiat money (like USD), or trading one crypto for another. Centralized exchanges (CEXs) act as intermediaries and hold custody of user funds. They typically require full identity verification (KYC) from users. Examples: Coinbase, Binance, Kraken, OKX.

Pro Tip: Take a look at the top-rated crypto exchanges of June 2026

Custodial Wallet Providers

Custodial wallet providers hold your private keys on your behalf. In other words, they keep your crypto safe, similar to how a bank holds your money. Because they have control over virtual assets owned by others, they fall squarely within the VASP definition. Used heavily by institutional investors and crypto funds. Examples: Coinbase Custody, BitGo, Fireblocks.

Crypto ATMs (Bitcoin ATMs)

Bitcoin ATMs allow customers to exchange cash for cryptocurrency and, in many cases, sell crypto back for cash. Since they involve exchanging virtual assets for fiat currencies, they are classified as VASPs. There are over 38,000 Bitcoin ATMs operating globally.
They are subject to the same AML and KYC rules as crypto exchanges.

OTC (Over-the-Counter) Desks

OTC desks handle large cryptocurrency trades privately, outside of public exchanges. Wealthy investors and institutions use these services when they want to buy or sell large amounts of crypto without affecting the market price. They must comply with AML/KYC regulations just like regular exchanges. High risk for money laundering due to the size and privacy of transactions.

Peer-to-Peer (P2P) Exchanges

P2P platforms connect buyers and sellers directly, without a central intermediary. If the platform facilitates the transaction and takes fees, it qualifies as a VASP. Note individual users conducting P2P trades privately are not VASPs. Examples: LocalBitcoins (now closed), Paxful, Bisq.

Pro Tip: Check out 10 Best P2P Crypto Exchanges of 2026

Payment Processors

Some businesses act as bridges between merchants and the crypto world, allowing merchants to accept cryptocurrency payments. These payment processors handle virtual asset transfers and therefore qualify as VASPs. Examples: BitPay, NOWPayments, CoinGate. Take a look at our Top 5 Crypto Payment Gateways guide for more information.

Token Issuers and ICO Platforms

Businesses that help launch and sell tokens on behalf of issuers, such as through Initial Coin Offerings (ICOs) or Security Token Offerings (STOs), may also qualify as VASPs when they provide financial services related to that issuance.

DeFi Platforms (Potentially)

Decentralized Finance (DeFi) platforms are a gray area. If there is an identifiable person or company that controls or substantially influences a DeFi protocol, FATF says that entity may be classified as a VASP. However, purely decentralized protocols with no controlling party may not fall under the definition. This area of regulation is still evolving.

Why Are VASPs Regulated?

The explosive growth of cryptocurrency brought significant regulatory challenges. Because virtual assets can be transferred pseudonymously across borders in seconds, they became attractive for criminals looking to move dirty money or finance illegal activities without detection. FATF’s decision to extend its AML and counter-terrorism financing (CTF) standards to VASPs in 2018 was driven by three key concerns:

Money laundering: Crypto’s pseudonymous nature made it easy to layer and obscure the origins of illicit funds.
Terrorism financing: Virtual assets could be used to fund terrorist operations across borders without triggering traditional financial monitoring systems.
Sanctions evasion: Countries and entities under international sanctions could potentially use crypto to access the global financial system.

By bringing VASPs under the same AML/CTF umbrella as traditional banks and money transmitters, regulators aim to close these loopholes without shutting down legitimate crypto innovation.

VASP Compliance Requirements: AML, KYC & Travel Rule

VASPs operate under strict compliance frameworks designed to prevent financial crime and improve transparency in the crypto ecosystem. This typically includes Anti-Money Laundering measures, Know Your Customer verification, and adherence to the FATF Travel Rule, all of which shape how users interact with regulated crypto platforms.

Know Your Customer (KYC)

KYC is the process of verifying the identity of your customers before they can use your services. It is the first line of defense against fraud, money laundering, and terrorism financing. A typical KYC process for VASPs includes:

Collecting a government-issued ID (passport, national ID, driver’s license).
Verifying the customer’s name, date of birth, and address.
Screening against global sanctions lists (OFAC, UN, EU).
Ongoing monitoring as the customer relationship continues.

Anti-Money Laundering (AML) Program

An Anti-Money Laundering (AML) program is a core requirement for VASPs to detect, prevent, and report suspicious financial activity. It includes transaction monitoring, risk assessments, and internal controls designed to stop the misuse of crypto platforms for illicit purposes.VASPs must maintain a full AML program that covers:

Customer Due Diligence (CDD): Standard identity checks for all customers.
Enhanced Due Diligence (EDD): Deeper checks for high-risk customers, politically exposed persons (PEPs), or large transactions.
Transaction monitoring: Ongoing surveillance of user activity to flag unusual patterns.
Suspicious Activity Reports (SARs): Filing reports with financial regulators when suspicious transactions are detected.
Record-keeping: Maintaining transaction and customer records for a specified period (usually 5 years).

The VASP Travel Rule

The Travel Rule is one of the most discussed and challenging compliance requirements for VASPs. Formally known as FATF Recommendation 16, it requires VASPs to collect and share key information about the sender and receiver whenever a virtual asset transfer crosses a set threshold.

When a VASP sends a virtual asset transfer above the threshold amount, it must pass along the following information to the receiving VASP:

Originator (sender) full name.
Originator’s wallet address or account number.
Originator’s physical address or national ID number.
Beneficiary (receiver) full name.
Beneficiary’s wallet address or account number.

The threshold varies by jurisdiction. FATF recommends USD/EUR 1,000. The U.S. sets the bar higher at USD 3,000. The EU, under its Transfer of Funds Regulation (TFR) effective from December 30, 2024, applies a zero threshold, meaning every single crypto transaction between two CASPs requires full Travel Rule compliance.

The Travel Rule was originally designed for traditional wire transfers back in the 1990s. Extending it to crypto is technically complex because unlike banks, there is no universal messaging system like SWIFT connecting all VASPs. This has led to a fragmented ecosystem of competing Travel Rule compliance solutions.

VASP Licensing & Registration by Jurisdiction

Unlike traditional banking licenses, there is no single global VASP license. Every country that has implemented FATF’s standards has done so in its own way, with different registration requirements, timelines, and regulators. Here is a country-by-country snapshot:

Jurisdiction	Regulator	License/Framework	Key Requirements
United States	FinCEN + State	MSB / BitLicense (NY)	BSA compliance, state-level licenses
European Union	National NCA + EBA	MiCA / CASP license	Authorization, AML/CFT, consumer protection
United Kingdom	FCA	FCA Registration	AML/KYC compliance, ongoing monitoring
UAE (Dubai)	VARA	VARA License	Strict licensing, AML/CTF, local compliance
Singapore	MAS	Major Payment Institution	PSA registration, Travel Rule since Jan 2020
Japan	FSA	CAEX Registration	Mandatory registration, AML rules
Hong Kong	SFC	VATP License	Mandatory licensing since June 2023

In the United States, most VASPs qualify as Money Services Businesses and must register with the Financial Crimes Enforcement Network. They also need to comply with the Bank Secrecy Act (BSA). New York State has its own additional requirement, the BitLicense, which is considered one of the strictest crypto licenses in the world.

In the European Union, the Markets in Crypto-Assets (MiCA) regulation came into full effect in late 2024 and replaced the patchwork of national rules with a single, harmonized framework across all EU member states.

Consequences of VASP Non-Compliance

Failing to comply with VASP regulations is not just a regulatory inconvenience, it can be business-ending. Here is what VASPs risk when they do not follow the rules:

Heavy financial penalties: Regulators can impose large fines for AML, KYC, and Travel Rule violations.
License revocation: Authorities can pull a VASP’s operating license, forcing the business to shut down.
Criminal charges: Executives of non-compliant VASPs can face personal criminal prosecution.
De-banking: Banks and payment processors can cut ties with non-compliant VASPs, making it impossible to operate.
Reputational damage: Once a company is publicly sanctioned, regaining user trust is incredibly difficult.
Blacklisting: VASPs found to be facilitating illicit finance can be added to global sanctions lists.

Real-World Example

In 2023, Binance, one of the world’s largest crypto exchanges, agreed to pay over $4.3 billion in fines to settle charges with the U.S. Department of Justice, FinCEN, and OFAC, related to AML and sanctions compliance failures. CEO Changpeng Zhao pleaded guilty and stepped down. This remains one of the largest corporate penalties in U.S. financial crime history.

How to Register or Get Licensed as a VASP? Step-by-Step Guide

The exact steps to become a licensed VASP depend heavily on the jurisdiction in which you operate. That said, most registration and licensing processes share common elements. Here is a general roadmap:

Determine if You Are a VASP
Review your business activities against the FATF definition and local regulations to confirm you fall within scope.
Choose Your Jurisdiction
Decide where to incorporate and operate based on regulatory clarity, licensing costs, and market access.
Build a Compliance Program
Develop your AML/KYC policies, transaction monitoring systems, and Travel Rule solution before applying.
Appoint a Compliance Officer
Most regulators require a named individual responsible for AML compliance.
Submit Your Application
File with the relevant authority (FinCEN, FCA, MAS, VARA, etc.) along with required documentation, business plan, and compliance program details.
Maintain Ongoing Compliance
Once licensed, VASPs must continue to report, monitor, and update their compliance programs as regulations evolve.

Conclusion

Virtual Asset Service Providers sit at the center of the crypto ecosystem. They are the companies and platforms that make it possible for millions of people around the world to access, trade, and use digital assets. But with that role comes significant responsibility.
As regulators around the world accelerate their efforts to bring VASPs under proper oversight, the compliance burden is only going to grow. Understanding what makes a business a VASP, and what that means in terms of KYC, AML, Travel Rule compliance, and licensing, is no longer optional for anyone operating in this space.

Whether you are a crypto entrepreneur, a compliance professional, an investor, or simply someone trying to understand how crypto regulation works, knowing the VASP landscape is essential. The rules are complex, they vary by country, and they are evolving fast, but the core principle is simple: if you handle virtual assets on behalf of others as a business, regulators expect you to know who your customers are and to keep the financial system clean.

See Also:

FAQs

What is VASP in crypto?

In crypto, a VASP (Virtual Asset Service Provider) is any business that helps people buy, sell, transfer, or store cryptocurrencies on their behalf. Crypto exchanges like Coinbase and Binance, custodial wallets, Bitcoin ATMs, and OTC desks are all VASPs. They are regulated under global AML and KYC rules set by FATF.

What tools provide reliable VASP due diligence?

Several platforms are widely used for VASP due diligence. Chainalysis and Elliptic are the most well-known, offering blockchain analytics, transaction monitoring, and risk scoring. CipherTrace provides AML monitoring and a dedicated VASP intelligence database, while Coinfirm, Merkle Science, and Crystal Blockchain cover everything from AML/CTF analytics to on-chain investigation. Most of these tools help you verify whether a counterparty VASP is licensed, assess their risk level, and ensure Travel Rule compliance before transacting with them.

Does a crypto startup automatically become a VASP?

Not necessarily. A crypto startup only becomes a VASP if it performs one or more of the five FATF-defined activities on behalf of others as a business. A software company that builds blockchain tools without handling assets directly may not be a VASP.

What is the difference between a VASP and a Money Services Business (MSB)?

An MSB is the U.S.-specific term for businesses that provide financial services including money transmission, currency exchange, and check cashing. In the United States, most VASPs qualify as MSBs and must register with FinCEN. The two terms overlap significantly in the U.S. context, though MSB is a broader category that also covers non-crypto money services.

Do DeFi protocols need to comply with VASP rules?

Possibly. FATF says that if there is a person or entity that controls or substantially influences a DeFi protocol, they may be classified as a VASP. However, truly decentralized protocols with no controlling party may fall outside the definition. This area remains legally unsettled globally.

What is a VASP license?

A VASP license is official regulatory authorization that allows a business to legally operate as a Virtual Asset Service Provider in a given jurisdiction. The requirements, process, and name of the license vary widely, it could be an MSB registration in the U.S., an FCA registration in the UK, a VARA license in Dubai, or a MiCA-based CASP authorization in the EU.

Can an individual be a VASP?

Yes, technically. The FATF definition covers both natural persons (individuals) and legal persons (companies). If an individual routinely facilitates crypto exchanges for others as a business, not just as a personal hobby, they may qualify as a VASP and face the same compliance obligations as a formal company.

References

Johns Hopkins University. What Is Open Source Software? Johns Hopkins Open Source Programs Office, June 2024.
https://ospo.library.jhu.edu/wp-content/uploads/sites/60/2024/06/OSPO-Explainer_-What-is-Open-Source-Software-Slides.pdf
University of Maryland, Robert H. Smith School of Business. The Pros and Cons of Open Source.
https://www.rhsmith.umd.edu/research/pros-and-cons-open-source
Office of Financial Sanctions Implementation. Threat Assessment: Cryptoassets. HM Treasury, July 2023,
assets.publishing.service.gov.uk/media/687e6362791bb4d8c309a06e/OFSI_Cryptoassets_Threat_Assessment.pdf

Why you can trust 99Bitcoins

10+ Years

Established in 2013, 99Bitcoin’s team members have been crypto experts since Bitcoin’s Early days.

90hr+

Weekly Research

100k+

Monthly readers

50+

Expert contributors

2000+

Crypto Projects Reviewed

How We Review Projects

Manisha Mishra

Editor-in-Chief

Manisha is a writer and analyst focused on the online betting and crypto gambling space. She covers betting platforms and privacy-focused sportsbooks with a clear and practical approach. Her work centers on how these platforms perform in real use, with... Read More

Read Manisha Mishra Articles