Virtual Assets Services Provider (VASP) License
What Is a VASP License and How to Apply for One
Obtaining a VASP license is the legal prerequisite for operating a crypto exchange, custody service, or any other business that handles virtual assets on behalf of third parties. Without it, you cannot access Tier-1 banking, attract institutional capital, or operate in most regulated jurisdictions without facing enforcement action. LegalBison advises crypto founders and compliance leads on the full licensing process: entity structure, substance requirements, AML/KYC infrastructure, and jurisdiction selection, so operators can build on a defensible regulatory foundation from day one.
Explore our crypto licensing services or contact the team to discuss your specific business model.
What is a VASP License?
A Virtual Asset Service Provider (VASP) license is a regulatory authorization granted by a national financial regulator that permits a business to offer specific crypto-related services to clients. Most jurisdictions have converged on a common definition, drawing on the language used in the FATF (Financial Action Task Force) Recommendations. Under that framing, a VASP is any natural or legal person that conducts, as a business, one or more of the following activities on behalf of another person:
- Exchange between virtual assets and fiat currencies;
- Exchange between one or more forms of virtual assets;
- Transfer of virtual assets;
- Safekeeping or administration of virtual assets or instruments enabling control over them;
- Participation in and provision of financial services related to an issuer’s offer or sale of a virtual asset.
The scope is broad by design. FATF published these standards to close regulatory gaps that allowed crypto businesses to operate without the AML/CTF obligations that govern traditional financial institutions. Jurisdictions implement the framework differently: some through dedicated MiCA regulation, others through existing financial services law.
The underlying logic is consistent: if your business touches client funds or assets in any of the categories above, a license is required.
Who needs a VASP License?
Any business that offers virtual assets related services needs a license. The following business types are the most common license applicants.
Centralised Exchanges (CEX)
A centralised exchange matches buy and sell orders for crypto assets and typically holds client funds in custodial wallets during the trading process.
This custody element, even if only for the duration of settlement, brings the business squarely within VASP scope.
Crypto exchange licensing requirements apply in virtually every major jurisdiction.
Brokerages and OTC Desks
Firms that execute large-volume trades directly with counterparties, rather than through an order book, perform the exchange and transfer functions defined by FATF. OTC desks that settle in fiat also trigger fiat-on/off-ramp licensing requirements in some jurisdictions.
Custodial Wallets and Custody Providers
Any service that holds private keys on behalf of clients, whether a standalone custody product or a wallet integrated into an exchange, requires authorization. The safekeeping definition under FATF is explicit. Non-custodial wallets, where the user controls their own keys, sit outside this scope.
Crypto Payment Processors and Gateways
Businesses that enable merchants to accept crypto and settle in fiat, or that route crypto payments between parties, perform asset transfers on behalf of third parties. Most FATF-compliant jurisdictions treat this as a licensed activity.
On/off-ramp services specifically require attention to cross-border payment regulations alongside VASP licensing.
Issuance-Related Services (ICOs, IEOs, Launchpads)
Platforms that facilitate the offer or sale of a virtual asset on behalf of an issuer, including token launchpads, IEO platforms, and certain token issuance services, fall within VASP scope under the FATF framework.
The licensing requirement applies to the intermediary, not only the issuer.
Crypto P2P Platforms
Peer-to-peer platforms that match buyers and sellers and facilitate settlement, even without taking custody themselves, may be classified as VASPs depending on the jurisdiction and the level of control the platform exerts over the transaction flow.
Where the platform holds escrow during the transaction, the custody argument becomes stronger.
Crypto Casinos and Gaming Platforms
Online gaming and gambling operators that accept, hold, or pay out in crypto assets are subject to VASP requirements in a growing number of jurisdictions, independently of any gaming license they may hold. The VASP obligation attaches to the crypto-handling function, not the gambling activity.
GameFi and play-to-earn platforms sit in the same regulatory space, with additional complexity where in-game assets have real-world value and are transferable on-chain.
Banking Institutions Offering Crypto Asset Services
Traditional banks and electronic money institutions (EMIs) entering the crypto space are not automatically exempt by virtue of their existing authorization. In most jurisdictions, offering crypto exchange, custody, or transfer services requires either a separate VASP authorization or an extension of the existing license scope.
This applies equally to neobanks and FinTech payment providers expanding into digital asset products.
Who does not need a VASP license
- Pure software developers building non-custodial tools;
- Self-custody wallet providers where users retain control of private keys;
- Blockchain infrastructure providers that do not handle client assets.
Such business models are generally outside VASP scope. The line is custody and control, not proximity to crypto.
Why do you need a VASP License?
Regulatory compliance is not the only reason to obtain a license. It is the most immediate, but it is not the most commercially important.
Banking and on/off-ramping
This is the practical bottleneck for most operators. Tier-1 banks and major payment processors (Stripe, Checkout.com, and their equivalents) will not open accounts for, or process payments, on behalf of unlicensed crypto businesses.
A valid VASP license is a prerequisite, not a differentiator. Without it, off-ramping client funds to fiat is virtually impossible.
Enforcement exposure
Operating without a required license exposes founders and the entity to cease-and-desist orders, asset freezes, substantial fines, and in some jurisdictions, criminal liability.
Regulators in the EU, UAE, Singapore, and the UK have all pursued unlicensed operators aggressively in recent years.
Institutional capital and client trust
Venture funds performing due diligence on crypto businesses require regulatory standing as a baseline.
High-net-worth clients and institutional counterparties operate under their own compliance obligations and cannot engage with unregulated entities.
A license signals that the business has been audited, that AML/CTF frameworks are in place, and that management meets fit-and-proper standards.
Market access and geographic expansion
Certain jurisdictions restrict crypto services to licensed entities only, by law. Others do not prohibit unlicensed activity explicitly but make it commercially non-viable through banking restrictions.
For businesses with cross-border ambitions, the licensing question is also a market access question.
- A CASP license issued under MiCA, for example, opens 27 EU member states from a single authorization;
- A Cayman Islands VASP registration carries international recognition that facilitates relationships with global prime brokers and custodians. Jurisdiction selection is not only about compliance cost. It determines the markets you can serve.
Requirements to obtain a VASP License
Requirements vary by jurisdiction, but the following represent the core demands across most FATF-implementing regimes.
Local substance
Though it used to be the norm, it is becoming increasingly rare to find regulators who allow VASPs to operate without physical presence in the country.
Regulators now require genuine economic presence in the jurisdiction: a physical office, locally resident directors, and a qualified Money Laundering Reporting Officer (MLRO) who is on the ground and accountable to the regulator. Substance requirements are enforced at application and through ongoing supervision.
AML/KYC and Travel Rule compliance
Applicants must demonstrate an operational AML/CTF compliance framework, not a policy document. This means deployed KYC/AML software, transaction monitoring, and Travel Rule solutions.
The FATF Travel Rule requires VASPs to transmit originator and beneficiary information alongside transfers above the applicable threshold. Regulators expect to see a named Travel Rule provider and integration evidence at application.
Capital adequacy
Capital requirements vary significantly by jurisdiction and service scope. Some frameworks set a fixed minimum; others assess capital adequacy relative to the business model and operational risk profile.
A number of offshore regimes impose no statutory minimum at all.
What most regulators do require is evidence that the entity has sufficient working capital to operate, meet its obligations to clients, and absorb foreseeable compliance costs. Where a minimum is prescribed, working capital is typically required to be held in a local bank account, which means the banking relationship must be established before the license is granted.
LegalBison coordinates this sequencing as part of the application process.
Governance and fit-and-proper assessments
Directors and beneficial owners are subject to background checks and fit-and-proper assessments.
Regulatory histories, criminal records, and financial history are all reviewed. Structuring the ownership and management layer correctly before application avoids delays during the review phase.
How much does a VASP license cost?
Cost depends on the jurisdiction, the scope of services being licensed, and the complexity of the corporate structure. The following jurisdictions are given as broad examples, with cost ranges reflecting typical professional fees and state charges combined.
The price tag doesn’t tell the whole story and we insist that discussing your individual case with an expert is the safest way to know about the costs and duration of VASP licensing for your activity.
| Jurisdiction | Approximate Total Cost | Timeline |
|---|---|---|
| Lithuania (before MiCA) | around 30,000 EUR | 3–6 months |
| Seychelles | from 50,000 EUR | 4+ months |
| Cayman Islands | from 35,000 EUR | 4–7 months |
| BVI | from 25,000 EUR | 6+ months |
| Dubai (VARA) | from 180,000 EUR | 6–12 months |
These ranges reflect entity setup, regulatory filing fees, substance costs, and professional advisory. Ongoing annual compliance costs, including audits, regulatory reporting, and MLRO retention, add materially to the total cost of operation and should be modeled from the outset.
For founders weighing jurisdiction options, LegalBison provides comparative analysis tied to the client’s specific business model, target markets, and growth trajectory. The cheapest license is rarely the optimal one.
They trusted LegalBison for support with VASP licensing
As a result of the fruitful cooperation with LegalBison, Yellow Card obtained a VASP registration, fast and without any legal complications.
LegalBison excels at adapting to challenges and demonstrates a perfect understanding of our business needs.
Quick set-up and straightforward process. It was a smooth process, we are happy to have chosen LegalBison as our Partner for incorporations, globally.
Where to incorporate your VASP business
Jurisdiction selection is the most consequential early decision in a crypto licensing process.
The right answer depends on your business model, your client base, your banking needs, and your appetite for ongoing compliance cost. It also depends on your growth trajectory: a jurisdiction appropriate for a pre-revenue startup may not be the right domicile once the business is processing significant volume or seeking institutional relationships.
Below are examples based on an easy to grasp classification. This, however, shouldn’t constitute the basis of your actions. We strongly recommend discussing your project with a regulation specialist from our team of experts.
Tier 1: High prestige, higher cost and timeline:
- Dubai (VARA): The VARA regulatory framework has matured into one of the most complete crypto regulatory regimes globally. Dubai offers strong banking access, a commercially sophisticated environment, and growing institutional credibility. Best suited for businesses targeting MENA and institutional clients, or those building toward a major fundraise;
- EU (MiCA/CASP): The MiCA regulation creates a passportable authorization across all EU member states from a single licensing jurisdiction. Lithuania and Poland are both active MiCA authorization markets. Timeline is longer, as MiCA applications are thorough, but the output is a license recognized across 27 countries;
- Singapore (MAS): The Monetary Authority of Singapore runs a stringent licensing process with high substance requirements. Singapore is the benchmark jurisdiction for Asian market access and is the preferred domicile for businesses with APAC ambitions.
Tier 2: Faster, more accessible, mid-range cost:
- Canada (MSB): FINTRAC-regulated, no fees, no minimum capital, Foreign MSB option for non-Canadian entities, North American credibility;
- Georgia: NBG VASP framework (2023), broadest activity scope in its class (including ICOs), with a low licensing fee and 3–4 month timeline. Crypto-friendly jurisdiction with Eurasian positioning;
- Cayman Islands: Preferred for funds and custody providers with a global client base. Strong legal infrastructure, no capital gains tax, and broad international recognition.
Offshore/Niche:
- BVI: The fastest route to a VASP registration for businesses that need speed and flexibility. BVI is appropriate as a starting jurisdiction for pre-revenue projects, often combined with a licensing roadmap to a Tier 1 jurisdiction as the business scales and banking requirements tighten;
- Seychelles: Comparable to BVI in terms of speed and cost. The Seychelles Financial Services Authority has processed a significant volume of crypto registrations. Appropriate for specific business models, particularly those with non-EU, non-US client bases, but the jurisdiction carries less banking recognition than Cayman or EU-licensed entities.
How LegalBison can help you obtain a VASP license
LegalBison is a boutique legal and business consultancy specializing in crypto licensing, FinTech regulation, and cross-border corporate structuring. The firm has advised exchanges, custodians, OTC desks, payment processors, and token issuers across the world.
The firm’s approach to VASP licensing covers the full cycle:
- Business model analysis and jurisdiction selection: Before any application is filed, LegalBison maps the client’s activities against the regulatory frameworks of candidate jurisdictions and identifies the optimal path based on timeline, cost, banking viability, and market access objectives;
- Entity setup and corporate structuring: The legal entity and ownership structure must be designed to pass fit-and-proper review. LegalBison handles incorporation, directorship arrangements, and beneficial ownership documentation;
- Substance and operational infrastructure: Local office, resident director, and qualified MLRO requirements are coordinated through the firm’s established network in each jurisdiction;
- AML/CTF and compliance framework build-out: Application packages require substantive compliance documentation. LegalBison builds or audits the AML/CTF program, including Travel Rule provider selection and KYC/AML software integration;
- Application preparation and regulator communication: The firm prepares the full application package and manages regulator correspondence through the review period. Average review periods run 3 to 9 months depending on the jurisdiction; LegalBison sets realistic expectations and manages the timeline;
- Post-licensing compliance: A VASP license is not a one-time exercise. Ongoing obligations include annual audits, regulatory reporting, capital adequacy monitoring, and framework updates as regulations evolve. In several jurisdictions, the regulator conducts periodic supervisory reviews and can revoke authorization for compliance failures. LegalBison supports clients through the full operational lifecycle, including annual compliance reviews, regulatory change monitoring, and coordination with local MLROs and auditors as the business scales.
LegalBison’s network spans over 50 jurisdictions across Europe, the Middle East, Asia, Latin America, and the Caribbean. The firm’s cross-border corporate structuring capability means that licensing is designed in coordination with the wider group structure, not in isolation. Tax positioning, substance planning, and banking strategy are addressed as part of the same engagement, not as afterthoughts once the license is in hand.
When to Start Your VASP License Application
The timing question is simple: start before you need the license, not after.
The consequences of going live without authorization (legal liability, access to banking) make early application a necessity, not a formality.
Preparation phase
Entity setup, documentation assembly, AML/CTF framework drafting, and substance arrangements all precede the formal application.
This work takes time and cannot be compressed without quality risk.
Regulatory review
Review timelines vary. BVI and Seychelles are at the short end; MiCA applications and VARA reviews are at the long end.
During the review period, the regulator may issue requests for additional information, which extend the timeline if not addressed promptly.
Market entry window
Most crypto businesses launch a marketing push or a product ahead of the license approval. This is a material risk.
Banking relationships cannot be established without regulatory standing, on/off-ramping (fiat-crypto transactions) cannot be activated, and institutional clients cannot onboard. Starting the licensing process 6 to 12 months before the planned commercial launch is the standard advisory position.
Secure your VASP license today with LegalBison
To continue exploring on the topic of VASP licensing (and related authorizations), here is a selection of proven frameworks.
We encourage founders to get in touch with our experts for a dedicated and individualized consultation.
Crypto License in the Cayman Islands
on request-
0% Taxes
-
Crypto-Friendly
-
Minimal requirements
Crypto License in British Virgin Islands
on request-
0% Taxes
-
Fast set-up
-
Easy to start
Crypto License in the Seychelles
on request-
Wide coverage of virtual asset services
-
Reputed offshore jurisdiction
-
Synergy with other licenses
-
Top EU country for crypto
-
Business friendly jurisdiction
-
Formerly most popular license
Crypto License in Dubai VARA
on request-
One of the best reputed license
-
High range of crypto activities
-
Dedicated regulator
Crypto License in Singapore
on request-
Elite finance country
-
Prestigious
-
Provide electronic money
VASP License vs Other Crypto License Types
The term “VASP license” is a FATF-derived classification that most jurisdictions have implemented, but the label used by each regulator differs.
Understanding the mapping matters when comparing jurisdictions or evaluating a competitor’s regulatory claim.
| License Type | Applicable Jurisdiction(s) | Notes |
|---|---|---|
| VASP License | BVI, Seychelles, Panama, Bahrain, and others adopting FATF language directly | The generic FATF-framework label |
| CASP License (MiCA) | EU member states | CASP replaces prior national VASP regimes for in-scope businesses under MiCA |
| VARA License | Dubai | Administered by the Virtual Assets Regulatory Authority |
| MAS License | Singapore | Major Payment Institution or other category under the Payment Services Act |
| VDA License | South Africa | Virtual Digital Asset Service Provider, aligned with FATF standards |
| VASP Registration | (formerly) Estonia, Czech Republic, Slovakia (all overturned by MiCA) | Registration-based rather than authorization-based; lighter requirements |
For businesses targeting EU markets specifically, the MiCA regulation introduced the CASP (Crypto-Asset Service Provider) designation as the successor to national VASP frameworks. A CASP license issued in one EU member state passports across the entire European Economic Area.
GameFi and play-to-earn platforms operate in a distinct regulatory environment where VASP licensing may intersect with gaming licensing requirements, depending on jurisdiction and mechanics.
VASP License vs Other Crypto License Types
The term “VASP license” is a FATF-derived classification that most jurisdictions have implemented, but the label used by each regulator differs.
Understanding the mapping matters when comparing jurisdictions or evaluating a competitor’s regulatory claim.
| License Type | Applicable Jurisdiction(s) | Notes |
|---|---|---|
| VASP License | BVI, Seychelles, Panama, Bahrain, and others adopting FATF language directly | The generic FATF-framework label |
| CASP License (MiCA) | EU member states | CASP replaces prior national VASP regimes for in-scope businesses under MiCA |
| VARA License | Dubai | Administered by the Virtual Assets Regulatory Authority |
| MAS License | Singapore | Major Payment Institution or other category under the Payment Services Act |
| VDA License | South Africa | Virtual Digital Asset Service Provider, aligned with FATF standards |
| VASP Registration | (formerly) Estonia, Czech Republic, Slovakia (all overturned by MiCA) | Registration-based rather than authorization-based; lighter requirements |
For businesses targeting EU markets specifically, the MiCA regulation introduced the CASP (Crypto-Asset Service Provider) designation as the successor to national VASP frameworks. A CASP license issued in one EU member state passports across the entire European Economic Area.
GameFi and play-to-earn platforms operate in a distinct regulatory environment where VASP licensing may intersect with gaming licensing requirements, depending on jurisdiction and mechanics.
FAQ
A VASP license is a regulatory authorization that permits a business to offer virtual asset services, including exchange, transfer, custody, and certain issuance-related activities, on behalf of clients.
Most jurisdictions base their definition on the FATF Recommendations and implement the requirement through domestic financial services legislation.
Any business that handles virtual assets on behalf of third parties as a commercial activity: centralized exchanges, OTC desks, custodial wallet providers, crypto payment processors, P2P platforms, and token issuance intermediaries.
Non-custodial software providers and pure infrastructure businesses generally fall outside scope, but confirmation from legal experts is always advisable.
The process involves selecting the appropriate jurisdiction, setting up a compliant corporate entity, building the required AML/CTF infrastructure, securing local substance (office, resident director, MLRO), meeting capital requirements, and submitting a formal application to the relevant financial regulator.
LegalBison manages this process end to end on your behalf.
If you are selling crypto on behalf of other people, as a broker, exchange, or marketplace, yes. If you are selling your own crypto holdings as an individual investor, the position varies by jurisdiction.
If you are issuing a token to the public, token issuance-specific rules apply. These rules overlap with, but are distinct from VASP licensing obligations.
Professional guidance for VASP licensing
It’s not easy to know where to begin the VASP licensing process when you’re overwhelmed by developing an innovative solution and coordinating multiple aspects of your business.
That’s why LegalBison offers comprehensive support to its clients. Based on your project and its specific requirements, our team implements solutions tailored to your budget and time constraints.
Stop viewing the legal authorization stage as a constraint, but as a milestone that can propel your project forward, with our professional support.
Experts in fintech and crypto licensing worldwide.
Consulting Manager, delivering corporate advisory and regulatory strategy across crypto, FinTech, trading, and international corporate structuring verticals for clients worldwide.
