A Virtual Asset Service Provider (VASP) is a term defined by the Financial Action Task Force (FATF) to describe any natural or legal person that conducts one or more of the following activities: exchange between virtual assets and fiat currencies, exchange between different forms of virtual assets, transfer of virtual assets, safekeeping or administration of virtual assets, and participation in or provision of financial services related to the issuance or sale of virtual assets.
Why VASP Matters
The VASP definition is the cornerstone of global crypto regulation. When FATF adopted its Updated Guidance on Virtual Assets and VASPs in 2019 (and updated it in 2021), it effectively mandated that over 200 jurisdictions worldwide must regulate, license or register, and supervise businesses meeting the VASP definition. This has driven the global wave of crypto regulation, from the EU's MiCA (using the term CASP) to individual country licensing regimes. For any crypto business operating internationally, the VASP designation determines which regulatory obligations apply.
Licensing/registration: Countries must require VASPs to be licensed or registered, with the specific requirements varying by jurisdiction.
AML/CFT compliance: VASPs must implement full AML/CFT programs, including customer due diligence, transaction monitoring, suspicious activity reporting, and record keeping.
Travel Rule: VASPs must comply with FATF Recommendation 16 (the Travel Rule), exchanging originator and beneficiary information for qualifying transfers.
Risk-based supervision: Regulators must apply risk-based supervision to VASPs, including onsite and offsite monitoring.
Sanctions screening: VASPs must screen customers and transactions against applicable sanctions lists.
Fit and proper tests: Individuals who own, control, or manage VASPs must meet fit and proper criteria.
How VASP Relates to Compliance Monitoring
VASP regulation continues to evolve as FATF refines its guidance and individual jurisdictions implement or update their frameworks. The scope of what constitutes a VASP is actively debated, particularly regarding DeFi protocols, NFT platforms, and cross-border operations. RegPulse tracks VASP-related regulatory developments globally, ensuring your team stays ahead of changing definitions, requirements, and enforcement priorities.
VASP (Virtual Asset Service Provider) is a term defined by the FATF and used in international AML/CFT standards. CASP (Crypto-Asset Service Provider) is the EU-specific term used under MiCA. While both describe businesses providing crypto-related services, CASPs have specific obligations under MiCA that go beyond FATF VASP standards — including prudential requirements, conduct of business rules, and EU passporting rights. Essentially, all EU CASPs are VASPs, but the CASP framework adds EU-specific regulatory layers.
FATF guidance indicates that the VASP determination depends on whether there is an identifiable entity or person providing the virtual asset services, not the underlying technology. Fully decentralized protocols with no controlling entity may fall outside the VASP definition. However, FATF has noted that many so-called DeFi protocols have elements of centralization (governance tokens, development teams, administrative keys) that could make their operators VASPs. Jurisdictions are taking varying approaches to this question.
As of 2026, more than 75 jurisdictions have implemented some form of VASP licensing or registration requirement, with many more in the process of developing frameworks. Major jurisdictions with VASP regulation include the EU (MiCA/CASP framework), the US (MSB/FinCEN registration), the UK (FCA registration), Japan, Singapore, South Korea, Australia, Canada, and the UAE. FATF's mutual evaluation process continues to push remaining jurisdictions toward implementation.