VASP Registration Requirements by Jurisdiction

A Virtual Asset Service Provider (VASP) is any natural or legal person that conducts 1 or more of 5 virtual asset services defined by the Financial Action Task Force (FATF) under Recommendation 15. The FATF introduced the VASP definition in June 2019 as part of its updated guidance on virtual assets, establishing the global baseline for crypto business registration. Every jurisdiction implementing FATF standards requires entities meeting the VASP definition to register with or obtain a license from a designated national authority before commencing operations. The compliance requirements for VASP registration vary significantly across jurisdictions, but the FATF framework provides the common foundation.

What Is VASP Registration and Why Do Crypto Businesses Need It?

VASP registration is the regulatory process by which a crypto business obtains formal authorization from a national competent authority to provide virtual asset services within that jurisdiction. The FATF defines 5 categories of VASP services under Recommendation 15:

1. Exchange between virtual assets and fiat currencies — Converting crypto-assets to government-issued currency and vice versa.
2. Exchange between 1 or more forms of virtual assets — Converting one crypto-asset to another (e.g., Bitcoin to Ethereum).
3. Transfer of virtual assets — Conducting transactions on behalf of another person that move virtual assets from one address to another.
4. Safekeeping and/or administration of virtual assets — Custodial services including private key management.
5. Participation in and provision of financial services related to a virtual asset issuer’s offer and/or sale — Services connected to initial coin offerings, token sales, and similar issuance events.

Any entity performing 1 or more of these 5 services is classified as a VASP under the FATF framework. Over 200 jurisdictions participate in the FATF or FATF-Style Regional Bodies (FSRBs), and each implements the VASP definition into domestic law through national legislation. Registration serves as the gateway to anti-money laundering and counter-terrorist financing (AML/CTF) supervision — unregistered entities operate outside the regulated perimeter and face enforcement action, criminal penalties, or both.

The FATF conducts mutual evaluations of member jurisdictions to assess compliance with its 40 Recommendations. Jurisdictions that fail to implement adequate VASP supervision risk placement on the FATF “grey list” (jurisdictions under increased monitoring), which restricts access to correspondent banking and increases transaction costs for all entities domiciled in that jurisdiction.

What Are the EU VASP Registration Requirements Under MiCA?

The Markets in Crypto-Assets Regulation (MiCA) replaced all national VASP registration regimes across the European Union’s 27 member states with a single authorization framework. Before MiCA, each EU member state operated its own VASP registration system — France required PSAN registration with the Autorité des Marchés Financiers (AMF), Germany mandated BaFin crypto custody licensing, and the Netherlands required De Nederlandsche Bank registration. MiCA eliminated that fragmentation.

Under MiCA (Regulation (EU) 2023/1114), crypto-asset service providers (CASPs) obtain authorization from the national competent authority (NCA) of the member state where the entity maintains its registered office. Authorization grants a “passport” to provide services across all 27 member states and the broader European Economic Area without additional national registrations. The European Securities and Markets Authority (ESMA) maintains the public register of all authorized CASPs.

MiCA’s CASP authorization process operates on a defined timeline. The NCA confirms application completeness within 25 working days and conducts substantive assessment within 40 working days, extendable to 90 working days for complex applications. Minimum own funds requirements range from EUR 50,000 (Class 1 services including advice and order transmission) to EUR 150,000 (Class 3 for trading platform operation).

What Are the UK VASP Registration Requirements?

The United Kingdom requires all crypto-asset businesses operating in or targeting UK customers to register with the Financial Conduct Authority (FCA) under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). The FCA has maintained one of the strictest VASP registration regimes among major financial centers.

FCA Registration Under the Money Laundering Regulations

FCA crypto-asset registration applies to entities providing 3 categories of services: exchanging crypto-assets for money or money for crypto-assets, exchanging 1 crypto-asset for another, and operating a crypto-asset automated teller machine. The registration is not a full license — the FCA registration confirms only that the entity meets AML/CTF standards. Broader conduct-of-business regulation falls outside the current MLR registration scope, though the UK government published a consultation in 2025 proposing a comprehensive regulatory regime.

The FCA’s approach to VASP registration has been notably restrictive. Between January 2020 and March 2026, the FCA rejected or returned approximately 87% of crypto-asset registration applications. That rejection rate reflects the FCA’s emphasis on AML/CTF controls, governance standards, and beneficial ownership transparency. Approval requires demonstrating robust customer due diligence procedures, transaction monitoring systems, staff training programs, and clear beneficial ownership structures.

Application Process and Timeline

FCA crypto-asset registration follows a multi-stage process. Applicants submit a detailed application through the FCA Connect portal, including a business plan, AML/CTF risk assessment, organizational structure chart, details of beneficial owners and key personnel, and evidence of transaction monitoring capabilities. The FCA assigns a dedicated case officer and conducts interviews with senior management and the nominated Money Laundering Reporting Officer (MLRO).

Processing time for FCA crypto-asset registration ranges from 6 to 12 months. Complex applications involving multiple service lines or novel business models extend toward the longer end. The FCA charges an application fee of GBP 2,000 and an annual regulatory fee based on the firm’s income bracket. Registered firms appear on the FCA’s public register of crypto-asset businesses.

What Are the US VASP Registration Requirements?

The United States applies a dual-layer regulatory framework to virtual asset service providers: federal registration with the Financial Crimes Enforcement Network (FinCEN) as a Money Services Business (MSB), plus state-level money transmitter licensing in each state where the entity operates.

FinCEN Money Services Business (MSB) Registration

FinCEN classifies entities that accept and transmit virtual currency as money transmitters under the Bank Secrecy Act (BSA). Every money transmitter operating in the United States registers with FinCEN as a Money Services Business within 180 days of commencing operations. Registration is submitted electronically through FinCEN’s BSA E-Filing system. The registration itself is a notification — FinCEN does not approve or deny MSB registrations, but all registered MSBs are subject to BSA compliance obligations.

BSA obligations for registered MSBs include implementing an AML/CTF compliance program, filing Suspicious Activity Reports (SARs) for transactions of USD 2,000 or more involving suspicious activity, filing Currency Transaction Reports (CTRs) for cash transactions exceeding USD 10,000, maintaining records of transmittals of funds of USD 3,000 or more, and complying with the FinCEN Travel Rule for transmittals of USD 3,000 or more.

FinCEN MSB registration is renewed every 2 years. Failure to register constitutes a federal crime under 18 U.S.C. Section 1960, carrying penalties of up to 5 years imprisonment and fines of up to USD 250,000.

State Money Transmitter Licensing

State-level money transmitter licensing operates independently from federal MSB registration. Each US state (except Montana) requires a separate money transmitter license (MTL) for entities transmitting virtual currency to or from residents of that state. The total number of state licenses required for nationwide operation is 49 — covering 49 states plus the District of Columbia, excluding Montana which does not regulate money transmission.

State MTL requirements vary significantly. New York’s BitLicense, administered by the Department of Financial Services (NYDFS), imposes the most stringent requirements: detailed business plans, cybersecurity programs (23 NYCRR 500), surety bonds, and capital adequacy standards. Processing time for a New York BitLicense ranges from 12 to 24 months. California enacted the Digital Financial Assets Law (AB 39) effective July 1, 2025, creating a dedicated licensing framework for digital asset businesses.

The Nationwide Multistate Licensing System (NMLS) streamlines the multi-state application process. Applicants submit through NMLS and manage license renewals, reporting, and surety bond documentation through a single portal. Surety bond requirements range from USD 10,000 to USD 5,000,000 depending on the state and transaction volume.

What VASP Requirements Apply in Asia-Pacific?

Asia-Pacific jurisdictions have adopted varied approaches to VASP regulation, ranging from comprehensive licensing frameworks in Singapore and Hong Kong to outright prohibitions in mainland China.

Singapore — MAS Payment Services Act

The Monetary Authority of Singapore (MAS) regulates digital payment token (DPT) services under the Payment Services Act 2019 (PS Act). Entities providing DPT services — including dealing in or facilitating the exchange of DPTs, and DPT transfer services — obtain a Major Payment Institution (MPI) license or a Standard Payment Institution (SPI) license from MAS.

MAS licensing under the PS Act requires demonstrating adequate AML/CTF controls, technology risk management, and business continuity planning. The application process takes 3 to 6 months from submission of a complete application. MAS imposes ongoing supervisory requirements including annual audits, regular reporting, and adherence to Notice PSN02 on Prevention of Money Laundering and Countering the Financing of Terrorism.

Singapore adopted the FATF Travel Rule through MAS Notice PSN08, requiring DPT service providers to collect and transmit originator and beneficiary information for all DPT transfers. The notice took effect on January 28, 2025.

Hong Kong — SFC Licensing

Hong Kong introduced a mandatory licensing regime for virtual asset trading platforms (VATPs) under the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Ordinance 2022. The Securities and Futures Commission (SFC) administers the licensing regime, which took effect on June 1, 2023. All centralized virtual asset exchanges operating in or marketing to Hong Kong residents are required to obtain an SFC license.

The SFC licensing framework imposes requirements covering custody of client assets, cybersecurity, market surveillance, listing criteria for tokens, and investor compensation arrangements. Licensed platforms are permitted to offer services to both retail and professional investors, subject to conditions including client suitability assessments and risk disclosures. The SFC published detailed Guidelines for Virtual Asset Trading Platform Operators specifying operational and financial requirements.

Dubai’s Virtual Assets Regulatory Authority (VARA), established in 2022, operates as a dedicated regulator for virtual asset activities in the Dubai emirate. VARA registration takes 2 to 4 months and covers 7 categories of virtual asset activities including advisory, broker-dealer, custody, exchange, lending, transfer, and management services.

What Ongoing Obligations Do Registered VASPs Face?

Registered VASPs face 5 categories of ongoing compliance obligations across all major jurisdictions:

1. AML/CTF program maintenance — Continuous operation of customer due diligence (CDD), transaction monitoring, and suspicious activity reporting systems. Programs are updated annually or whenever material changes occur in the business model, customer base, or risk environment.
2. Regulatory reporting — Periodic filing of financial returns, transaction volume reports, customer complaint summaries, and material change notifications with the supervising authority. Reporting frequency varies from monthly (Singapore MAS) to annual (UK FCA).
3. Record-keeping — Retention of all transaction records, CDD documentation, and internal correspondence for a minimum of 5 years (FATF standard). The EU Transfer of Funds Regulation extends the retention requirement to 5 years following the end of the business relationship.
4. Staff training and competency — Regular training programs for all staff on AML/CTF obligations, sanctions compliance, and emerging typologies. Training records are maintained as evidence of compliance and presented during regulatory examinations.
5. External audits and assessments — Independent audits of AML/CTF controls, financial statements, and technology systems. MiCA-authorized CASPs in the EU undergo annual financial audits. UK FCA-registered firms submit annual financial crime returns.

Non-compliance with ongoing obligations triggers enforcement actions. Penalties range from administrative fines to license revocation. The FCA revoked or cancelled 11 crypto-asset registrations between 2021 and 2025. FinCEN imposed civil money penalties totaling USD 185 million against non-compliant MSBs between 2020 and 2025.

How Does VASP Registration Connect to AML/CTF and Tax Reporting?

VASP registration serves as the entry point into a jurisdiction’s AML/CTF supervisory framework. Registration itself is not the end obligation — the registration designates the entity as a supervised person subject to ongoing AML/CTF requirements and, increasingly, tax reporting duties.

The connection between VASP registration and tax reporting has strengthened significantly since 2024. The OECD Crypto-Asset Reporting Framework (CARF) establishes a global standard for automatic exchange of crypto-asset transaction data between tax authorities. The EU implemented CARF through DAC8, with reporting obligations effective January 1, 2026. Every entity authorized as a CASP under MiCA automatically falls within DAC8’s reporting scope — VASP authorization and tax reporting are coupled by design.

The United States links MSB registration to tax reporting through the IRS Form 1099-DA regime. Crypto brokers and exchanges registered as MSBs with FinCEN are also subject to IRS broker reporting requirements, filing Form 1099-DA for customer dispositions beginning with tax year 2025. The dual registration creates parallel obligations: AML/CTF compliance under the BSA and tax information reporting under the Internal Revenue Code.

The accounting standards governing fair value measurement of digital assets (FASB ASU 2023-08 under US GAAP, IFRS developments) further intersect with VASP obligations. Registered VASPs holding client assets or proprietary crypto positions maintain accounting records consistent with applicable standards, supporting both financial statement preparation and regulatory reporting. A unified crypto subledger that captures every transaction with jurisdiction-specific tax attributes, counterparty identification, and AML flags bridges the gap between VASP registration obligations and the operational record-keeping that satisfies supervisory authorities across multiple jurisdictions simultaneously.