When you want to buy more bitcoin and sell off some altcoins, where do you go? Probably a VASP. And when you receive that bitcoin, where do you end up sending it? Probably also a VASP. A Virtual Asset Service Provider (VASP) is almost any platform you use to buy, sell, exchange, or manage virtual assets (VA), otherwise known as cryptocurrencies.
VASP is a term that was coined by the Financial Action Task Force (FATF), an international intergovernmental organization who releases financial standards that promote regulation to prevent money laundering the financing of terrorism.
Falling under the VASP umbrella and operating in a jurisdiction that adheres to FATF standards means your project will need to understand what regulatory frameworks apply to you and how. We’ve created this guide to help you understand what a Virtual Asset Service Provider is and how they will work in permissioned blockchain environments like the Facebook-backed Diem project, as well as how it applies to permissionless blockchains.
Table of contents
According to the Financial Action Task Force (FATF), a Virtual Asset Service Provider (VASP) is any natural or legal person that exchanges, sells, or transfers virtual assets (VA), as well as provides instruments to control virtual assets for another natural or legal person. Essentially, if a platform lets you exchange, buy, or sell crypto for either fiat or other crypto, as well as hold your digital assets, it is likely a VASP.
The FATF added definitions for virtual asset and virtual asset service provider in 2018. They define what they are in order for all of those within an FATF jurisdiction to impose proper AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism) requirements on them, and make sure that they actually comply with the obligations.
Due to the need to comply with these requirements, private, permissioned blockchains such as the Facebook-backed upcoming Diem blockchain must adhere to this regulatory framework as they fall in an FATF jurisdiction. This means that centralized and decentralized apps that want to operate on the permissioned Diem blockchain will need to prove compliance due diligence.
If a business carries out any of these operations, they are classified as a VASP and therefore must comply with regulations in FATF jurisdictions. Hong Kong falls under FATF jurisdiction, and last year they proposed a new licensing regime for VASPs in order to implement FATF recommendations. But their new regime is only for what they define as VASPs, which does not include decentralized exchanges (DEX), crypto wallets, ICO platforms, among others.
But if we look at the criteria to be considered a VASP by the FATF, it includes most exchanges and NFT marketplaces that custody assets. They themselves exchange virtual assets for other virtual assets or fiat currency, most wallets meet the criteria as well because they allow you to hold and manage currency as well as transfer virtual assets, as well as ICO platforms because they offer virtual assets. Bitcoin ATMs, OTC Desks, and even some gambling platforms can all be considered Virtual Asset Service Providers because they all carry out at least one Virtual Asset Service.
Peer-to-peer (P2P) transactions are currently not covered under Virtual Asset Services because there is no intermediary financial institution between the individuals transacting. Generally the task force places the obligations on the financial system and the third-party, but since it’s individuals interacting here without that, the task force has given additional guidelines on how to hedge the risk of P2P transactions but they do not consider them VASPs.
Facebook’s permissioned Diem blockchain will face a high level of regulation and scrutiny, evidenced by the fact that they had to change the project from its original name. Their blockchain will enable Virtual Asset Services and therefore, VASPs that operate on the network will need to comply with regulations in order to be a part of the Diem Association.
According to the whitepaper, any entities that perform exchange, custody, or other similar financial services on the Diem blockchain will be regulated and required to undergo a risk-based due diligence process. The VASP will need to prove that they are a registered or licensed VASP in a FATF member jurisdiction.
If a VASP is not within a non-FATF jurisdiction or within one that does not have FATF regulations, they will still be allowed to operate on the Diem network without transaction or balance limits. But in order to do so, they will need to go through a certification process by the Diem Association that is consistent with FATF guidelines.
In short, it depends. A DEX is a VASP if it falls under the definition of providing Virtual Asset Services. Since DEXs generally allow you to exchange cryptos, they fall under the definition of a VASP and should be regulated as such. The only way a DEX would not fall under the definition is if the exchange does not facilitate trades.
Some peer-to-peer trading platforms that consider themselves DEXs don’t quite qualify as providing Virtual Asset Services because they do not hold the virtual assets or conduct the transactions. If the platform simply matches trades which then take place outside of the system, it is not considered a VASP.
This means that in many regulated economies, DEXs that wish to facilitate trades and operate within those jurisdictions must be registered or licensed. This would be in compliance with Anti-Money Laundering and Countering of Financial Terrorism laws in the regulated jurisdiction. dApps themselves, meaning the software, do not fall under the definition of a VASP, but the owners or operators of the dApp might if they facilitate the exchange or transfer of a virtual asset for customers.
P2P platforms and unhosted wallets transacting on Diem will still face regulation though. Even though they are not technically VASPs, they will still be subject to control through transaction and balance limits as well as other controls.
The issuance of virtual assets can affect both the issuer of the asset, as well as any VASP that provides services in regards to the issuance, offer, sale, distribution, and trading of that virtual asset. So if you have an ICO, both you and the entity that helps sell or distribute your token could be subject to scrutiny depending on who actually handles the VAs.
If you are offering or selling your virtual asset to receive fiat currency or a different crypto, then you are considered a VASP, likewise any platform that facilitates the sale or offering of your asset, even if they have no affiliation with you, is considered a VASP. It’s important to note that even if your virtual asset is not available right away and is being sold to be delivered at a later date, you still fall under the category of a VASP.
Again, money must be handled on the platform or by your project to be considered a VASP. If all a platform does is facilitate P2P, but it does not touch any of the money itself, then it does not provide any Virtual Asset Services to be considered a provider.
Exchanging and transferring virtual assets constitute two different actions. Exchanging virtual assets means any service in which they can be given in exchange for a fiat currency or a different virtual asset. Most exchanges fall under this definition as they allow you to exchange crypto for fiat or other crypto. Many exchanges that fall in FATF jurisdictions must have Know Your Customer procedures in place to verify the identity of those using the exchange.
Bitcoin ATMs also fall under this definition, but who would the local government contact to enforce regulations? The manufacturer of the ATM is not the entity that necessarily operates the ATM, so the responsibility of being the VASP falls to the operator of the machine.
The transfer of virtual assets refers to any service that allows users to transfer ownership or control of virtual assets to another user. This includes crypto wallets that hold their users’ private keys for them. If the wallet is unhosted, meaning a wallet not hosted by a third-party financial system, all private keys are generated and managed on the user’s end. This would mean that it does not fall under this definition seeing as the unhosted wallet does not control or manage any assets.
An important distinction to make with the exchange and transfer of virtual assets is that it does not affect those who are doing it for themselves, meaning you are not considered a VASP for using an unhosted wallet. It only applies to businesses or individuals doing it on behalf of other people.
But there are still certain nuances to take into account when determining if an unhosted wallet is a VASP because while the FATF might not include it in the definition, one of their jurisdictions might still have regulations that apply to it like they would for a VASP. For example, US regulators FINCEF have proposed new requirements for Money Service Businesses, which are businesses that do several things includings transmitting money and dealing and exchanging currency — VASPs fall under this definition. These new regulations affect VASPs transacting with unhosted wallets and will require client due diligence if the transactions are over $3,000.
The terms virtual asset (VA), digital asset, and cryptocurrency are all pretty much interchangeable. They all mean the same thing in the end. But not all jurisdictions call them the same thing, leading to confusion. Since definitions vary by country, it can be helpful to know how virtual assets and VASPs are defined wherever you are because sometimes the terms are not completely interchangeable. We made a chart of the common ways to describe VASPs and VAs by popular entities:
Commonly, when you see anything about VASPs and the FATF, you are also likely to see the acronyms AML and CFT, which stand for Anti-Money Laundering and Countering the Financing of Terrorism respectively. The reason you see these acronyms is because the Financial Action Task Force’s main purposes are to examine and develop measures to combat money laundering and terrorist financing. The task force sets standards and promotes effective implementation of laws and regulations that combat those threats.
Pontem Network is an experimentation platform to test your app before you port it to the Facebook-backed permissioned Diem blockchain. Any app that wants to apply to operate on the Diem blockchain will need to prove their history of complying with regulatory standards. Pontem will be the place to build that product, test product market fit, and build user adoption.
Pontem is fully compatible with the Diem platform because it uses a similar code base that compiles to a Move Virtual Machine, which is what Diem uses. The fist use case of our platform, Pontem Blocks, will allow app developers to create their own products and services using pre-built smart contracts. Some of these services could end up being Virtual Asset Services and will therefore need to comply with regulations if they ever want to move to the permissioned Diem network.
Pontem is building tools in order to help VASPs to adhere to regulations. For example, our platform will integrate APIs and tools of KYC compliant providers and analytics companies. These will allow VASPs to be registered or certified, helping developers towards their goal of moving from a permissionless to a permissed blockchain one day.
The role of VASPs is crucial in the crypto industry as they help facilitate and speed up mass adoption. And since crypto and blockchain are only in their infancy, the regulatory framework around them is sure to change in the upcoming years. Complying with these regulations is necessary to operate in countries that adhere to them. Many of these procedures help users feel safer. That’s why the Diem project released how they will comply with these standards in their whitepaper, and it’s also why Pontem Network will provide ways to adhere to them while you use our public platform before migrating to Diem.
Regulation can make customers feel more secure, but strict regulations can hinder usage. Which is why it’s crucial for mass adoption and the future of the crypto world that platforms provide ways to work within regulations. Pontem Network provides that framework so potential VASPs can fully test in a real-world environment and ensure product market fit, providing a streamlined process and helping speed up adoption.