Academy, Bitcoin, Ethereum

What is a Virtual Asset Service Provider? – Definition of VASP

What is a Virtual Asset Service Provider? - Definition of VASP

There are numerous terms for the same concept. For example, cryptocurrency, digital assets, and convertible virtual currency are the same thing. In addition, cryptocurrency exchange, Virtual Asset Service Provider, Virtual Asset Entity, Digital Asset Customer, and Money Service Business are the same thing. 

Depending on the context, some people might call all entities that deal with virtual assets VASPs. Just like they might call all virtual assets “crypto.” Nonetheless, there are some key differences between various types of Digital Asset Entities that affect their regulatory framework

Understanding the definitions of Virtual Assets  and Virtual Asset Service Providers is crucial for distinguishing the regulatory approaches applied to various entities. The new definitions of VAs and VASPs from Financial Action Task Force Standards are crucial to determining which crypto assets and services anti-money laundering and countering the financing of terrorism should cover globally. The FATF recommends interpreting their definitions broadly and believes that all financial assets, regardless of format, should meet FATF standards. 

What are Virtual Assets?

A virtual asset is a non-unique digital representation of value that can be exchanged. It serves purposes such as investments or means of payment. These assets can be traded and transferred in a digital format. A digital copy of a fiat currency, security, or other financial instrument does not count as a virtual asset. 

Cryptocurrencies like Bitcoin, Ether, Solana, Tether, and Litecoin are the most well-known types of virtual assets. Many compliance solutions on the market only cover a small number of kinds of VAs. Which according to FATF may not be considered compliant. VASPs who want to follow the rules should choose a Travel Rule compliance solution that works from start to finish and covers all virtual assets.

According to FATF, VAs are: “A virtual asset is a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, or other financial assets that are already covered elsewhere in the FATF Recommendations.”

What is a Virtual Asset Service Provider

What is a Virtual Asset Service Provider. Source: Ciphertrace

What Are Virtual Asset Service Providers?

A Virtual Asset Service Provider (VASP) is a person who offers virtual asset services to a third party. AML/CFT and other obligations may apply to a digital asset entity. Only, if it engages in certain financial activities involving virtual assets in its capacity as a money transmitter. Depending on the regulatory or policy-making authority, these digital asset entities may be referred to as Virtual Asset Service Providers or money transmitters engaged in convertible virtual currency.

According to FATF, VASPs are: “A Virtual asset service provider (VASP) means any natural or legal person who is not covered elsewhere under the Recommendations and as a business, conducts one or more of the following activities or operations for or on behalf of another natural or legal person: 

  • the exchange between virtual assets and fiat currencies;
  • the exchange between one or more forms of virtual assets;
  • transfer of virtual assets;
  • safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
  • participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.”

This definition includes exchanges, ATM operators, wallet custodians, and hedge funds, among other types of crypto companies. FATF also says that VASPs should have to follow the same strict AML/CTF and Know Your Customer (KYC) rules as regular financial institutions.

FATF’s definition of VASP is meant to cover specific financial activities and functions.  It doesn’t rely on the type of entity but on “how the person uses the [virtual assets] and for whose benefit.” FATF says that a person or company is a VASP if they do any of the activities in the list above “for or on behalf of another person” as part of their business, no matter what kind of technology they use to do the covered VA activities.

Miners, for instance, might or might not be VASPs depending on their activities and functions. An individual miner might not be enough to classify as a VASP, but a mining pool does. Moreover, a mining pool operator who transfers virtual assets to pool members or contract purchasers to share earnings is not a money transmitter under FinCEN requirements “as these transfers are integral to the provision of services.” However, if the leader combines managing and renting with hosting virtual currency wallets for pool members, the leader would be considered a money transmitter for account-based money transmission.

Example of VASPs

Examples of VASPs that must follow the FATF’s Crypto Travel Rule are custodians, mining pools, wallet providers, brokerage services that issue and sell VAs on behalf of natural or legal persons, and ATMs and kiosks for Bitcoin that let you exchange virtual assets for real money or other virtual assets.

Digital Asset Entity (DAE)

A Digital Asset Entity encompasses a range of businesses operating within the realm of cryptocurrency transactions. This category includes VASPs such as cryptocurrency exchanges and ATMs, which function as independent financial institutions. Additionally, it encompasses gambling sites, incubators, and other entities that utilize cryptocurrencies but may not always be classified as financial institutions. Virtual Asset Entity and Crypto Asset Entity are other names for it.

Digital Asset Customer (DAC)

Any Digital Asset Entity that works with a bank or other official financial institution is a Digital Asset Customer. In early 2020, the US Department of the Treasury’s OCC enforcement case against M.Y. Safra Bank was the first time that the term “DAC” was used to describe a large group of customers who used cryptocurrency. This was the first time the OCC took action against a U.S. bank because of cryptocurrency. The enforcement action was a cease and desist order. It was all about the bank’s deficit of anti-money laundering (AML) policies for monitoring and compliance with DAC.

According to FATF, Are NFT platforms VASPs ?

Even though the technology behind non-fungible tokens isn’t new, they started in 2013 with Colored Coins, a colorful version of bitcoin coins. In 2021, the number of NFT trades spiked, and news about NFT purchases were all over the headlines.

How does FATF determine if NFT is a VA?

According to the updated guidance from October 2021, the FATF addressed the rise of NFTs and laid out a framework to help users figure out if NFTs qualify as VAs:

  • Is the digital product unique, or can it be swapped out for something else? 
  • Is the digital object more of a collectible than a way to pay for something or an investment?

The assets in question do not qualify as VA, if the answers to these questions are yes. Hence, whether or not NFTs are VAs will depend on how they work in the real world.


Because the answers to the above questions depend on the context, it will be hard to come up with clear rules for how to control activities related to NFT, like issuance and secondary sale services. Until it’s possible to make rules that apply to all situations, it’s likely that regulatory requirements will be looked at case by case, like they are in other areas, like token offers.

Regarding the first question, Gabriel Shapiro, a crypto lawyer, argues that NFTs are not unique or rare by nature since they do not give their owners copyright. Hence, nothing stops other people from copying. Shapiro is right when he says, “there is nothing on the blockchain layer to prevent another person from creating many more NFTs with the same exact metadata.” Shapiro also argues that NFTs are not necessarily non-fungible because this is a “context-relative” concept.

Different buyers will have different motivations for purchasing an NFT. Which will make it difficult to generalize about whether or not it is being used as a collectible or for payment and investment.

  • Some people will amass NFTs to utilize in games or as part of their online identity.
  • Other people will “sweep the floors” of any NFT project that has the potential to be appreciated and may change over time.

However, the FATF has made it clear that NFTs will qualify as VAs even if they can be used as collectors if, in practice, they are being utilized as interchangeable assets purchased for investment purposes. In turn, this suggests that exchanges that facilitate the issuance and secondary sales of NFTs with such characteristics are also VASPs.

According to FATF, Are Stablecoin Providers VASP?

Stablecoins are a major source of concern for regulators because of their potential for widespread adoption. Stablecoins eliminate the problems with price fluctuations seen in other crypto assets, making them a suitable payment method. 

Decentralized control of stablecoins is possible. As a VASP or FI, FATF will regulate the centralized governing body if it exists. Finding the accountable party for anti-money laundering and counter-terrorist financing (AML/CTF) gets more complicated when decentralized entities control the stablecoin.

The FATF expects countries to “take a functional approach to identify obliged entities” and “mitigate the relevant risks based on a risk-based approach (RBA) regardless of institutional design and names.”

According to the FATF, the following types of organizations could be subject to regulation or supervision:

  • The first thing that led to the creation and start of a system that will eventually become decentralized
  • One that helps people trade stablecoins
  • Services for custodial wallets that support stablecoins

According to FATF, Is Decentralized Finance (DeFi) VASP?

Decentralized finance does not need any intermediaries in a number of financial services, like lending and selling assets. Instead, code that is put on blockchains runs these services. Decentralized applications are digital apps or programs that run on a blockchain or peer-to-peer network of computers instead of a single computer.

In 2021, the number of people using DeFi protocols and apps grew at a rate that had never been seen before. As a result, the number of intermediaries in crypto transactions decreased at an exponential rate. Existing AML/CTF frameworks depend on financial intermediaries to enforce the necessary controls. However, in the DeFi situation, there are no such intermediaries, so applying the same frameworks is not easy. 

According to FATF, “A DeFi application (i.e. the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology (see paragraph 82 below). However, creators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services.”

At the same time, the following entities that have “control or sufficient influence” over a DeFi protocol should have to follow AML/CTF rules if they provide or facilitate VASP services like:

  • Keeping in business with the people who use a DeFi protocol
  • Profiting off of the DeFi service
  • Parameters of DeFi’s interface are set or changed.

The FATF expects countries to decide on a case-by-case basis whether a person is a VASP under the DeFi arrangement. This approach aligns with a comprehensive interpretation of the definitions outlined in FATF’s standards. Moreover, the FATF also says: 

  • It may not be possible to find an entity that controls or has enough influence over a DeFi arrangement. Hence, the VASP might not exist. In these situations, countries should evaluate the risks posed by these activities and take steps to reduce them. Such step would involve requiring regulated VASPs to participate in the activities of the DeFi arrangement.
  • Those who hold the governance tokens of a DeFi protocol do not qualify as VASPs as long as they cannot control or significantly affect the protocol’s governance.

According to FATF, Is Decentralized Exchange (DEX) VASP?

FATF guidance says that Decentralized Exchanges are VASPs and should be controlled as such. If a DEX or any other decentralized app (DApp), its owner/operator, or both fit the description of a VASP, then they are considered to be VASPs if they “facilitate or conduct the exchange or transfer of value (whether in VA or traditional fiat currency)…”

Also, a person who develops a DEX could be a VASP if they run a business that helps or does one of the activities mentioned above on behalf of a natural or legal person. Countries need to be able to figure out how to reduce the risks that come with centralized and decentralized VASP business models. 

According to FinCEN’s May 2019 guidance, “the same regulatory interpretation that applies to mechanical agencies such as CVC kiosks applies to DApps that accept and transmit value, regardless of whether they operate for profit. Accordingly, when DApps perform money transmission, the definition of money transmitter will apply to the DApp, the owners/operators of the DApp, or both.”

VASPs Are Money Service Businesses (MSBs)

While there may not be much difference in interchanging the terms digital asset, virtual asset, and crypto. Calling an unhosted-wallet a VASP when it isn’t implies certain AML obligations that the entity may not actually have. Understanding the different typologies can give clarity to the different obligations each digital asset entity has. For instance, according to FATF standards, a VASP would also be classified as a MSB according to FinCEN standards. Meaning they have specific AML obligations under the BSA. Conversely, not all VASPs fall into the EU’s AMLD5 regulations on cryptocurrency.

When making new rules, the act of picking right terms from an existing pool can help in clearing up confusion.  This practice will prevent the creation of new terms or definitions that conflict those already established. Here are some ways that people often talk about VASPs and cryptocurrencies:

  • Financial Action Task Force (FATF) – Virtual Assets (VAs); Virtual Asset Service Provider (VASP)
  • Securities Exchange Commission (SEC) – Digital asset; Digital Asset Trading Platform
  • Financial Crimes Enforcement Network (FINCEN) – Money Transmitter/Money Service Business; convertible virtual currency 
  • U.S. Commodity Futures Trading Commission (CFTC) – Virtual currency; Designated Contract Markets (DCMs)
  • EU AMLD5 – Providers engaged in exchange services between virtual currencies and fiat currencies; virtual currency


  • The definitions of VAs and VASPs from the Financial Action Task Force Standards are important to understand in order to determine which crypto assets and services should be covered globally. 
  • Virtual assets are digital representations of value that can be traded and transferred digitally. 
  • Compliance solutions on the market only cover a small number of kinds of VAs, so VASPs should choose a Travel Rule compliance solution that covers all virtual assets. 
  • FATF defines Virtual Asset Service Providers as any natural or legal person who conducts activities or operations for or on behalf of another natural or legal person.
  • VASPs should follow the same strict AML/CFT and KYC rules as regular financial institutions. 
  • Miners, mining pools, wallet providers, brokerage services that issue and sell VAs on behalf of natural or legal persons, and ATMs and kiosks for Bitcoin are all examples of VASPs that must follow the FATF’s Crypto Travel Rule. 
  • Digital Asset Entities include VASPs like cryptocurrency exchanges and ATMs, as well as gambling sites, incubators, and other entities that use crypto but aren’t always considered financial institutions. 
  • DeFi application is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology.
  • Whether or not non-fungible tokens are VAs will depend on how they work in the real world.
  • Regulators should control decentralized exchanges as Virtual Asset Service Providers.

About Dren Hima

Being exposed to the crypto industry for the last few years has given me valuable experience with market analyses (technical and fundamental) as well as blockchain technology in general. As the content editor and a market analyst of Walletor, I strive to share the latest developments of the crypto industry, while also providing a unique educational experience for all Crypto & FinTech enthusiasts.

Related Posts