Frequently Asked Questions

A Virtual Asset Service Provider (VASP) is any business that conducts one or more of the following activities on behalf of customers: exchange between virtual assets and fiat currencies, exchange between virtual assets, transfer of virtual assets, safekeeping or administration (custody), or participation in token issuance/financial services related to virtual assets.

The term comes from the Financial Action Task Force (FATF), which established the global baseline definition in 2019. However, each country implements the VASP concept differently — some use the exact FATF definition, others expand or narrow it. For example, Singapore uses "Digital Payment Token service provider" under the Payment Services Act, while Japan uses "Crypto-Asset Exchange Service Provider" (CAESP) under the Payment Services Act.

CASP stands for Crypto-Asset Service Provider — the term used under the EU's Markets in Crypto-Assets (MiCA) regulation. While functionally similar to VASP, MiCA defines nine specific service categories:

1. Custody and administration of crypto-assets 2. Operation of a trading platform 3. Exchange of crypto-assets for funds 4. Exchange of crypto-assets for other crypto-assets 5. Execution of orders 6. Placing of crypto-assets 7. Reception and transmission of orders 8. Providing advice on crypto-assets 9. Portfolio management of crypto-assets

Each category has specific capital requirements ranging from EUR 50,000 to EUR 150,000. Once authorized as a CASP in any EU member state, you can passport services across all 27 member states.

If you exchange, transfer, custody, or issue crypto assets on behalf of others as a business, you almost certainly need a license in most jurisdictions. The key word is "on behalf of others" — if you are providing services to customers involving their virtual assets, regulators consider you a VASP/CASP.

You generally do NOT need a license for: personal use of crypto, self-custody of your own assets, peer-to-peer transactions (in most jurisdictions), or developing blockchain software without handling customer funds.

The threshold for licensing is typically any commercial activity involving customer virtual assets. Operating without a required license can result in criminal penalties, fines, and enforcement actions. Over 70 jurisdictions now have active VASP/CASP licensing regimes.

Key factors to evaluate when choosing where to license:

Regulatory clarity — Jurisdictions with established frameworks (EU/MiCA, Singapore, Switzerland, UAE) reduce legal uncertainty. Avoid jurisdictions still developing rules.

Licensing timeline — Singapore MAS: 6-12 months. EU MiCA: 6-18 months. US state-by-state MTLs: 12-24 months per state. UAE VARA: 3-9 months.

Capital requirements — EU: EUR 50K-150K. UAE VARA: AED 1M-15M. Singapore: SGD 250K+. US: varies by state surety bond requirements.

Passporting — EU MiCA authorization enables passporting across all 27 member states. No equivalent exists in Asia or the Americas.

Tax treatment — UAE: 0% capital gains, 0% personal income tax. Singapore: no capital gains tax. Portugal: favorable regime for individuals. US: comprehensive taxation.

Local substance — Most jurisdictions require local directors, offices, and sometimes servers. Factor in relocation and staffing costs.

Travel Rule thresholds — EUR 0 in EU (no minimum), $3,000 in US, SGD 1,500 in Singapore, CHF 1,000 in Switzerland.

VASP (Virtual Asset Service Provider) is the global term established by the FATF. CASP (Crypto-Asset Service Provider) is the EU-specific term under MiCA. Functionally, they describe the same type of business — entities providing crypto services to customers.

The key differences are in specificity and scope. FATF's VASP definition is intentionally broad, leaving implementation details to national regulators. MiCA's CASP definition is precise, with nine enumerated service categories, each with defined capital requirements and operational standards.

Outside the EU, you will typically see "VASP" used by regulators (Singapore, UAE, Japan, etc.). Inside the EU, "CASP" is the legal term. Some jurisdictions use neither — the US, for example, uses "Money Services Business" (MSB) at the federal level and "Money Transmitter" at the state level.

Timelines vary significantly by jurisdiction and the completeness of your application:

Fast track (3-9 months): UAE VARA (especially MVP phase), Bermuda, Cayman Islands

Standard (6-12 months): Singapore MAS, Hong Kong SFC, Switzerland FINMA

Extended (6-18 months): EU MiCA (varies by member state NCA), UK FCA, Australia AUSTRAC

Lengthy (12-24+ months): US state-by-state Money Transmitter Licenses, Japan FSA (CAESP registration)

These are estimates for well-prepared applications. Incomplete submissions, regulatory backlogs, or complex business models can double these timelines. Pre-application engagement with the regulator (where available) typically accelerates the process.

Capital requirements vary dramatically across jurisdictions:

EU MiCA: EUR 50,000 (custody, order execution) to EUR 150,000 (exchange, trading platform). ART issuers: EUR 350,000.

UAE VARA (Dubai): Exchange: AED 15M (~$4.1M). Broker-Dealer/Custody/Transfer: AED 5M each. Advisory: AED 1M.

UAE ADGM: Exchange: $2M+ base capital. Custody: $500K-$1M+.

Singapore MAS: SGD 250,000 base capital for Major Payment Institution license.

US: Varies by state — surety bond requirements range from $10,000 to $5,000,000+. New York BitLicense has no fixed amount but requires substantial capital demonstrated through financial statements.

Switzerland: FinTech license: CHF 300,000. Full banking license: CHF 10M+.

Japan: CAESP registration: JPY 10M (~$67,000) minimum.

Budget EUR 100,000-500,000 per jurisdiction for legal, compliance, and application fees on top of capital requirements.

The Travel Rule (FATF Recommendation 16) requires VASPs to collect, hold, and transmit originator and beneficiary information when transferring virtual assets. It is the crypto equivalent of wire transfer rules in traditional banking.

When a customer sends crypto through your platform to another VASP, you must share: originator name, account number, and physical address (or national ID or date/place of birth); and beneficiary name and account number.

Thresholds vary by jurisdiction: - EU (TFR recast): EUR 0 — no de minimis threshold - United States: $3,000 - Singapore: SGD 1,500 - Hong Kong: HKD 8,000 - Switzerland: CHF 1,000 - Japan: JPY 0 — no threshold - United Kingdom: GBP 0 — no threshold

The trend is toward lower or zero thresholds. Technical solutions include TRISA, OpenVASP, Notabene, and Chainalysis Travel Rule.

Web3 Compliance AI uses autonomous AI research workers to gather, verify, and publish regulatory compliance data across 207 jurisdictions. The pipeline works in three stages:

1. Research: GPU-powered AI workers continuously scan official regulator websites, government gazettes, FATF evaluations, and legal databases. Research tasks are distributed via Cloud Pub/Sub to a fleet of Ollama-powered workers across a 4-node GPU cluster.

2. Verification: Every fact is cross-referenced against primary legislation and assigned an evidence grade (A–F). A self-healing pipeline automatically detects stale or low-confidence data and re-dispatches research tasks on a continuous cycle.

3. Publication: Verified facts are structured into peer-reviewed article format and published to this website and the MCP API. Country profiles, risk scores, and regulatory forecasts are regenerated daily. An admin editorial dashboard provides oversight of all published content.

All data is available programmatically via the MCP server for AI-native access.

Every fact on this site is sourced from primary legislation, official regulator websites, and authoritative bodies like the FATF. Our reliability approach includes:

Evidence grading (A–F): Every fact is assigned an evidence grade. Grade A = direct primary legislation citation. Grade B = official regulator source. Lower grades indicate secondary or unverified sources. Only A and B grade facts are published without caveats.

Peer-review article format: Research output is structured as peer-reviewed articles with explicit source citations, methodology notes, and evidence grades — not just raw data dumps.

Verification cycle: A self-healing pipeline continuously re-verifies facts. Sources are checked for availability and content changes. Stale or low-confidence data is automatically re-dispatched for fresh research.

Editorial oversight: An admin editorial dashboard provides human review of all published content, evidence grades, and source quality before articles go live.

Transparency: Every fact includes its source URL, collection date, evidence grade, and verification history. You can inspect the full source chain for any data point.

Limitations: Regulatory landscapes change rapidly. While we aim for daily updates, there may be a lag between a regulatory announcement and its reflection on this site. Always verify critical compliance decisions with local legal counsel.

See our full methodology for details on sourcing, verification, and quality assurance.

We welcome community input to improve data accuracy:

Report incorrect facts: Every country page has a Report Issue mechanism. If you spot an error, outdated information, or missing regulation, let us know with a source reference.

Support infrastructure: Running AI research workers, GPU compute, and daily verification pipelines has real costs. Visit /support to help sustain the project.

Share expertise: If you are a compliance professional, regulator, or legal practitioner with jurisdiction-specific knowledge, your insights help calibrate our confidence scores and verify edge cases.

The MCP (Model Context Protocol) server provides AI-native access to all compliance data on this site. Any MCP-compatible client — Claude, GPT, or custom agents — can connect and query regulatory facts, country profiles, and compliance requirements programmatically.

What you can do: - Query regulatory status for any of 207 jurisdictions - Look up licensing requirements, capital thresholds, and timelines - Check Travel Rule adoption and thresholds - Access structured compliance facts with source citations - Compare jurisdictions side by side

How to connect: Point your MCP client to mcp.web3compliance.ai. See the MCP documentation for setup instructions and available tools.