Skip to content
All insights
ComplianceJune 28, 2026 · 5 min read

What is a VASP? Virtual Asset Service Providers and their obligations

What is a VASP? A clear definition of a Virtual Asset Service Provider, the activities that trigger the status, and the AML obligations such firms carry.

By StableNet Compliance Team
Key takeaways
  • A VASP, or Virtual Asset Service Provider, is any business that exchanges, transfers, safeguards or issues virtual assets such as stablecoins on behalf of others.
  • VASP status is defined functionally by the activity performed, not by the label a firm gives itself, and it brings the same anti-money-laundering duties expected of regulated financial institutions.
  • Core obligations include registration or licensing, KYC and KYB, transaction monitoring, sanctions screening, the Travel Rule, and recordkeeping and reporting.

A VASP, or Virtual Asset Service Provider, is any natural or legal person that, as a business, conducts one or more virtual-asset activities on behalf of another party. In practice, the question “what is a VASP” is answered by looking at function rather than form: if a firm exchanges, transfers, safeguards or issues virtual assets such as stablecoins for customers, it is almost certainly a Virtual Asset Service Provider and falls within the scope of anti-money-laundering and counter-terrorist-financing regulation.

What activities make a business a VASP

A Virtual Asset Service Provider is identified by the services it offers rather than the technology it uses. A business generally becomes a VASP when it performs any of the following as a commercial activity for or on behalf of others.

  • Exchange between virtual assets and fiat currencies, such as converting a stablecoin to dollars or euros.
  • Exchange between one or more forms of virtual assets.
  • Transfer of virtual assets from one address or account to another.
  • Safekeeping or custody of virtual assets, or of the instruments that enable control over them.
  • Participation in and provision of financial services relating to the issuance or sale of a virtual asset, including stablecoin issuance.

How FATF defines a Virtual Asset Service Provider

The term originates with the Financial Action Task Force, the FATF, the global standard-setter for anti-money-laundering and counter-terrorist-financing measures. FATF defines a VASP functionally so that the obligation attaches to the activity, not to a particular corporate structure or product name. This matters because a firm cannot avoid the designation simply by describing itself as a technology provider; if it conducts a covered virtual-asset activity for customers, the VASP obligations apply.

A VASP is defined by what it does, not by what it calls itself — once a firm exchanges, transfers, custodies or issues virtual assets for others, the full weight of financial-crime obligations follows.

What obligations VASPs carry

Because a Virtual Asset Service Provider sits in the same risk position as a traditional financial institution, it is expected to operate a comparable compliance programme. The principal obligations include the following.

  • Registration or licensing with the relevant national authority before offering services.
  • Customer due diligence through KYC for individuals and KYB for business clients, including verification of beneficial ownership.
  • Ongoing transaction monitoring, often described as KYT, to detect unusual or suspicious on-chain and off-chain activity.
  • Sanctions screening of customers and counterparties against applicable watchlists.
  • Compliance with the Travel Rule, which requires originator and beneficiary information to accompany qualifying transfers between obliged entities.
  • Recordkeeping and reporting, including the filing of suspicious activity or transaction reports to financial intelligence units.

How VASPs relate to MSBs and banks

The VASP category overlaps with established financial designations. Many money services businesses, or MSBs, that handle stablecoins are also VASPs, and a single firm may hold both registrations depending on its jurisdiction and product mix. Banks that custody, issue or settle in virtual assets can likewise take on VASP-equivalent duties for those lines of business. The practical consequence is that virtual-asset firms and regulated financial institutions are increasingly held to a single, consistent standard of due diligence, monitoring and reporting.

How to operationalise VASP compliance

Meeting these obligations is less about any single control and more about connecting them into one auditable flow. Identity verification, sanctions screening, transaction monitoring and Travel Rule data exchange should travel with each settlement rather than sitting in disconnected systems. Firms that treat compliance as an attribute of the payment itself — captured, checked and recorded as value moves — find it far easier to demonstrate to supervisors that every transfer was screened and documented.

StableNet is built for precisely this model, attaching Travel Rule, KYC, KYB, KYT and sanctions-screening data to stablecoin settlement so that banks, MSBs and fintechs can meet their Virtual Asset Service Provider obligations without bolting compliance on after the fact.

Related on StableNet

See it on your corridors

Book a working session and we’ll map StableNet’s compliance and settlement to one of your live payment flows.

Keep reading
Compliance7 min read

Stablecoin regulation: what banks and MSBs need to know

A principles-level guide to stablecoin regulation for banks, MSBs and fintechs — the global themes converging on reserves, licensing, AML and the Travel Rule, and what to do now.

Read
Technology6 min read

Settlement finality in stablecoin payments, explained

Settlement finality is the moment a payment becomes irrevocable and funds are usable. Here is what it means for stablecoin settlement, and how institutions should define a finality policy.

Read