Virtual Asset Service Providers (VASPs) are businesses that conduct activities involving digital or virtual assets, such as cryptocurrencies, on behalf of customers. Examples include exchanges that allow the purchase of crypto using bank payments, wallet providers, and certain custodial services.

VASPs play a pivotal role in the global financial system because they enable the exchange and safekeeping of virtual assets. At the same time, the pseudonymous nature of digital currencies makes them appealing to criminals who want to launder money, fund terrorism, or evade sanctions.

Recognising these risks, the Financial Action Task Force (FATF) has established standards requiring VASPs to comply with anti-money laundering (AML) and counter-terrorist financing (CTF) obligations. These include customer due diligence (CDD), sanctions screening, transaction monitoring, and suspicious activity reporting, particularly where fiat money flows in or out of the ecosystem.

Definition Of Virtual Asset Service Providers (VASPs)

The FATF defines a Virtual Asset Service Provider as any person or business that, on behalf of another, carries out one or more of the following activities:

• Exchanging virtual assets for fiat currencies.

• Exchanging one form of virtual asset for another.

• Transferring virtual assets.

• Safekeeping or administering virtual assets.

• Providing financial services related to an issuer’s sale of a virtual asset.

This definition ensures VASPs are subject to the same AML/CFT obligations as traditional financial firms, aligning them with banks and payment providers under global regulation. The FATF 2021 guidance emphasises that jurisdictions must treat VASPs equivalently to other financial institutions—requiring licensing, supervision, and the full suite of preventive measures

Why VASPs Are Central To AML Compliance

VASPs are critical because they are the main entry and exit points for virtual assets into the regulated financial system.

Customer Due Diligence

VASPs must verify and screen customer identities when accounts are opened. Using tools like FacctView, Customer Screening, onboarding processes can check names against sanctions lists, politically exposed persons (PEPs), and adverse media to identify high-risk clients.

Sanctions And Watchlist Screening

Sanctions obligations require VASPs to block transactions or accounts linked to prohibited individuals or jurisdictions. FacctView, Customer Screening supports this by enabling accurate, real-time screening of customer names and accounts, with FacctList, Watchlist Management ensuring the underlying watchlist data remains accurate and up to date.

Transaction Screening Of Fiat Payments

The highest compliance risk often arises when fiat money is used to purchase or sell crypto. Screening these payments with FacctShield, Payment Screening allows VASPs to identify red flags such as unusual transaction sizes, patterns, or high-risk geographies.

Market Stability And Trust

By applying these measures, VASPs demonstrate accountability to regulators and customers alike. The IMF stresses that widespread adoption of crypto assets in the absence of effective regulation and supervision could undermine monetary policy, fiscal frameworks, and capital flow measures, and threaten financial stability.

The Regulatory Landscape For VASPs

Regulation of VASPs varies across jurisdictions but continues to converge around FATF standards, mandating licensing or registration and AML/CTF oversight similar to traditional financial firms.

Global Standards

FATF’s 2021 guidance mandates that jurisdictions require VASPs to be licensed or registered, supervised, and subject to AML/CTF measures comparable to banks and payment institutions

UK Regulation

In the UK, the Financial Conduct Authority (FCA) requires crypto‑asset firms to register with the regulator and comply with AML obligations, including customer due diligence, transaction monitoring, and reporting

United States

Under the Bank Secrecy Act, the Financial Crimes Enforcement Network (FinCEN) classifies many VASPs as money services businesses (MSBs). Consequently, these entities must register with FinCEN, establish AML programmes, maintain records, and submit Suspicious Activity Reports (SARs), aligning them with traditional money transmission service obligations

European Union

The Markets in Crypto‑Assets Regulation (MiCA) introduces a harmonised framework for crypto‑asset service providers (now termed Crypto‑Asset Service Providers, or CASPs) across the EU. MiCA requires CASPs to obtain authorisation, submit to supervision, and comply with AML, KYC, transparency, and consumer protection standards. MiCA entered into force in June 2023 and became fully applicable to CASPs on 30 December 2024.

Compliance Challenges For VASPs

Even with clear obligations, VASPs face unique hurdles in achieving compliance.

Customer Identification Difficulties

Blockchain transactions are recorded via wallet addresses, which often lack identifiable customer data. This makes CDD and sanctions screening more complex than in traditional finance.

Cross-Border Variability

VASPs operate globally, but regulatory frameworks differ between jurisdictions. This creates inconsistencies and additional costs in maintaining compliance programmes.

False Positives In Screening

Name screening and payment monitoring can generate very high volumes of alerts. Poor calibration inflates false positives and overloads teams. Peer-reviewed research reports that in rules-based AML systems around 90–95% of alerts are false positives, underscoring the need for better tuning and risk-based controls

Best Practices For AML Compliance In VASPs

To address these challenges, VASPs should adopt structured, technology-enabled compliance strategies.

• Embed Customer Screening: Deploying FacctView, Customer Screening ensures CDD is robust from the first point of contact.

• Apply Accurate Watchlist Management: FacctList, Watchlist Management enables precise sanctions screening with fewer false positives.

• Screen Fiat Transactions At On-Ramp: FacctShield, Payment Screening provides real-time monitoring of fiat payments entering or leaving the system.

• Adopt Real-Time Monitoring: FacctGuard, Transaction Monitoring applies behavioural analysis of payment flows to detect hidden risks.

• Train Compliance Teams: Staff education on crypto-related AML risks ensures human oversight complements automated systems.

The Future Of VASP Compliance

The regulatory outlook for VASPs points towards greater alignment with mainstream financial institutions. Key trends include:

• More countries adopting FATF’s VASP framework.

• Increasingly stringent licensing regimes.

• Enhanced monitoring of fiat flows alongside crypto activities.

• Greater use of artificial intelligence to detect unusual behaviour.

As regulations expand, VASPs that embed robust fiat-side compliance processes will be better positioned to scale safely and maintain customer trust.