Understanding and Mitigating the Risks of Offshore Virtual Asset Service Providers (oVASPs)

Publication details

Language

English

Country
Understanding and Mitigating the Risks of Offshore Virtual Asset Service Providers (oVASPs)

Understanding and Mitigating the Risks of Offshore Virtual Asset Service Providers (oVASPs)

Filename
Understanding-Mitigating-Risks-Offshore-VASPs.pdf
Size
4 MB
Format
application/pdf
Download the report

Paris, 11 March 2026 — A new report from the Financial Action Task Force highlights how gaps in oversight of offshore Virtual Asset Service Providers (oVASPs) are exploited to facilitate large-scale fraud, money laundering, and terrorism financing. It also presents good practices to detect, license or register and supervise oVASPs, as well as sanction non-compliant ones.

Offshore VASPs are VASPs created under the laws of one jurisdiction, with or without a physical presence, that provide services to clients residing in another jurisdiction. The report analyses how oVASPs structure their activities to avoid or evade regulatory obligations and how illicit actors exploit these vulnerabilities.

Understanding and Mitigating the Risks of Offshore VASPs identifies that under half (46%) of jurisdictions have adopted an activity-based approach to regulation and supervision - this means jurisdictions extending licensing or registration requirements to VASPs based on the activities they perform in their jurisdiction, regardless of where those VASPs are created or located. This brings activities provided in their markets by offshore providers under counter-illicit finance supervision.

Differences in how jurisdictions regulate oVASPs can create gaps that criminals exploit and which significantly complicate authorities' abilities to effectively supervise and cooperate internationally. The report describes methods used to obscure the movement of illicit proceeds, including by dispersing victim funds across multiple addresses, routing transactions through layered intermediary wallets, and using multiple blockchains or bridges to increase obfuscation.

The report highlights how oVASPs have been used to convert illicit proceeds from scam compounds, provide financial support to terrorist groups, and how nested relationships can be misused, whereby offshore, unlicenced VASPs access services from a licensed VASP by posing as a private individual customer.

FATF President Elisa de Anda Madrazo said: “This report exposes how oVASPS create blind spots that criminals are clearly exploiting, to scam vulnerable people through fraud or fuel terror around the world. I urge all countries and the private sector to act on the good practice we have identified – as virtual assets move across borders in seconds, strong compliance, supervision and international cooperation are essential to address these risks."

Addressing vulnerabilities

Identified measures for jurisdictions to mitigate risks include:

  • Detecting, licensing or registering oVASPs using activity-based approach;
  • Enforce sanctions for non-compliance with AML/CFT/CPF obligations;
  • Build a shared understanding and improve coordination through inter-agency task forces and public-private partnerships;
  • Use to the fullest extent possible supervisor to supervisor channels and FIU to FIU cooperation to speed up access to information and coordinate enforcement.

The report also highlights the important role that financial institutions and VASPs can have in addressing risks linked to oVASPs. It recommends that they assess their exposure to unlicensed or unregistered oVASPs, apply clear and consistent AML/CFT/CPF rules across all entities in their group, ensure that no group entity operates as an oVASP abroad outside regulatory oversight, and refrain from establishing or maintaining business relationships with unlicensed or unregistered providers.

The report identifies case studies that highlight innovative approaches to mitigating risks, including:

  • In a high-profile investment fraud scheme, analysis by Nigeria's FIU identified how oVASPs and opaque corporate structures were used to facilitate large-scale fraud, cross-border movement of illicit proceeds, and financial obfuscation, with victim funds channelled through multiple intermediary “funnel addresses". The analysis showed that offshore VASPs were used as final cash-out points. One global VASP-linked wallet held approximately USD 600 million at the time of analysis.
  • Indonesia’s FIU identified VA-based financial support to terrorist groups in Syria involving several foundations and individuals in Indonesia. Terrorist financiers were found to be using oVASPs to convert between different types of virtual assets and to rapidly cover their traces before funds were moved to unhosted wallets.
  • Nigerian supervisors (SEC), through the country’s FIU and the Egmont Group platform (FIU.net) obtained critical information from foreign counterparts on the beneficial ownership of oVASPs, allowing them to confirm criminal investigations involving suspected oVASP operators and identify real-world identities behind wallets flagged through blockchain analytics.
  • Following the introduction of clear rules for oVASPs promoting services to UK residents and to address persistent non-compliance by oVASPs, the UK's Financial Conduct Authority has undertaken a series of enforcement and disruption measures, including driving the takedown of more than 1000 scam websites.
  • Strengthened multi‑agency coordination: New Zealand’s Virtual Assets Investigation Resource Group (VAIRG) and India’s multi‑agency VA Sub‑Group show how formal mechanisms for cross‑government coordination support knowledge‑sharing, identification of oVASPs, and more coherent supervisory and enforcement strategies.
  • Cross‑border supervisory and enforcement cooperation: Direct collaboration between the Cayman Islands Monetary Authority and Abu Dhabi Global Market Financial Services Regulatory Authority uncovered governance failures, unlicensed activities, and misuse of structures across jurisdictions, resulting in cancellation of registration, significant penalties, and sanctions on individuals.
  • Collaboration with social‑media and online service providers: India’s Sahyog portal demonstrates how structured channels with platforms enable quicker action against unlawful content, including the takedown of websites linked to unregistered oVASPs.

Related materials

  • 3 Mar 2026

    Targeted report on Stablecoins and Unhosted Wallets - Peer-to-Peer Transactions A new report from the Financial Action Task Force (FATF) highlights illicit finance risks linked to criminals' misuse of stablecoins, particularly through peer-to-peer (P2P) transactions via unhosted wallets, and sets out recommended actions for countries and the private sector to strengthen controls to protect the integrity of the financial system.
  • 26 Jun 2025

    FATF urges stronger global action to address Illicit Finance Risks in Virtual Assets In its sixth targeted update on the global implementation of anti-money laundering and counter-terrorist financing (AML/CFT) measures to virtual assets (VA) and virtual asset service providers (VASPs), FATF highlights where stronger action is needed to safeguard the integrity of the international financial system.
  • 9 Jul 2024

    Virtual Assets: Targeted Update on Implementation of the FATF Standards on VAs and VASPs This report provides the fifth update on jurisdictions’ compliance with FATF’s Recommendation 15 and its Interpretative Note (R.15/INR.15). Recommendation 15 was updated in 2019 to apply anti-money laundering and counter-terrorist financing (AML/CFT) measures to virtual assets (VA) and virtual asset service providers (VASPs).
  • 27 Jun 2023

    Virtual Assets: Targeted Update on Implementation of the FATF Standards on VA and VASPs This report provides an update on implementation of the FATF's anti-money laundering and counter terrorist financing standards on virtual assets and virtual assets service providers. This is the fourth update since the FATF extended its Standards to this sector. The report finds that global implementation of these strengthened measures remains relatively poor. The lack of regulation creates significant loopholes for criminals to exploit. Closing the gaps in global regulation of virtual assets is an urgent priority. The FATF calls on all countries to apply the AML/CFT rules to virtual assets service providers, without further delay.
  • 28 Oct 2021

    Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers This updated guidance forms part of the FATF’s ongoing monitoring of the virtual assets and VASP sector.