A VASP (Virtual Asset Service Provider) is a business that provides crypto-related services such as exchange, transfer, custody or trading of digital assets. FATF requires VASPs to follow AML and KYC regulations similar to financial institutions.

Which businesses are considered VASPs?

Examples of VASPs include crypto exchanges, custodial wallet providers, OTC desks, brokers, payment processors, certain NFT platforms, DeFi platforms with central control, and crypto ATM operators.

What is the best certification for VASP compliance?

The C3O – Certified Crypto Compliance Officer is the gold-standard credential for VASP compliance. C2AO focuses on crypto AML, and C2KO strengthens KYC and onboarding skills for VASP operations.

Home › Crypto Compliance Glossary › What is a VASP?

What is a VASP? 2025 Beginner Guide

A VASP (Virtual Asset Service Provider) is a business that provides services involving digital or virtual assets, such as cryptocurrency exchanges, custodial wallets, brokers or platforms that move, store or trade crypto.

The term “VASP” was introduced by the Financial Action Task Force (FATF) to ensure that crypto businesses follow the same AML, KYC and financial crime compliance standards as banks and traditional financial institutions.

FATF Definition — What Exactly Is a VASP?

According to FATF, a business is considered a VASP if it performs any of the following activities:

Exchange between virtual assets and fiat currencies
Exchange between one virtual asset and another
Transfer of virtual assets (moving assets between wallets)
Safekeeping or custody of virtual assets or private keys
Participation in or operation of a virtual asset service (e.g., trading, settlement, brokering)

If a business performs any of the above, it is treated as a VASP — even if it is fully online and global.

Examples of VASPs

Centralized crypto exchanges (Binance, Coinbase, Kraken)
Custodial wallet providers
OTC desks and brokers
NFT marketplaces (some cases)
Crypto payment processors
DeFi platforms with centralized control (hybrid VASPs)
Crypto ATM operators
Token issuance platforms

What Are VASP Compliance Requirements?

VASPs must follow the same AML/KYC rules as banks — plus additional crypto-specific requirements.

KYC / CDD / EDD: Full customer identification and verification.
Sanctions screening: OFAC, UN, EU, UK and local lists.
Crypto transaction monitoring: Tracking wallet behaviour and on-chain patterns.
Travel Rule compliance: Sharing sender/receiver data for VASP transfers.
Blockchain analytics: Risk scoring wallets and detecting illicit flows.
SAR/STR reporting: Reporting suspicious activity to regulators.
Recordkeeping: Audit-proof logs for 5–10 years depending on jurisdiction.

Why Do Regulators Consider VASPs High-Risk?

Crypto transactions are:

Instant
Cross-border
Pseudonymous
High-volume
Technically complex

Because of this, VASPs must implement stronger AML controls than typical fintech platforms.

Who Works in VASP Compliance?

Crypto Compliance Officers
AML Investigators
Blockchain Analytics Specialists
KYC / CDD Analysts
Travel Rule Compliance Leads
VASP Registration Managers

These roles require a unique mix of AML, KYC, crypto technology and regulatory knowledge.

Best Certifications for Working in VASP Compliance

AC3O provides globally recognized training aligned with FATF VASP requirements and trusted across 180+ countries.

AC3O – ONRIGA Accredited Certifications

C3O – Certified Crypto Compliance Officer (Gold Standard): Full-scope VASP compliance — AML, KYC, Travel Rule, DeFi risk and blockchain investigations. View C3O →
C2AO – Certified Crypto AML Officer: Ideal for AML-focused roles inside VASPs — monitoring, red flags and STR reporting. View C2AO →
C2KO – Certified Crypto KYC Officer: Perfect for onboarding analysts supporting VASP customer due diligence. View C2KO →

Start Your C3O VASP Compliance Training →

What is a VASP? – AC3O (2025 Guide)

A complete beginner guide for compliance, fintech and crypto professionals — updated for 2025.