VASP vs CASP: Understanding the Difference (FATF vs MiCA)

A VASP is a Virtual Asset Service Provider, the global AML/CFT classification created by the Financial Action Task Force (FATF). A CASP is a Crypto-Asset Service Provider, the full financial authorisation introduced by the EU's Markets in Crypto-Assets Regulation (MiCA). They are not rival licences. One is an anti-money-laundering baseline; the other is a complete EU authorisation that sits on top of it.

If you searched "vasp vs casp" expecting two competing licences you must choose between, that premise is worth correcting before anything else. A firm operating in the EU is usually both at once: a CASP for its financial authorisation, and a VASP for AML purposes. Below we contrast the two terms across legal nature, supervisor, scope, capital and the EU passport, cite the exact MiCA articles and FATF instruments behind each fact, and finish with a decision aid for the founder asking "do I need a VASP or a CASP?"

VASP vs CASP at a glance: the one-line difference

VASP is the FATF AML/CFT term: a global, registration-level standard that asks whether your crypto firm is supervised for money-laundering risk. CASP is the EU MiCA term: a full financial authorisation covering capital, governance, conduct, consumer protection and an EU passport. VASP is the AML floor; CASP is the complete EU regime built above it. Regulation (EU) 2023/1114 (MiCA) FATF Recommendation 15

The two terms answer different questions. "VASP" answers "are you AML-supervised?" "CASP" answers "are you fully authorised to operate a crypto-asset business in the EU?" Understanding that distinction is the whole point of this comparison, and it is where most explainers, including the page this one replaces, go wrong.

What is a VASP (Virtual Asset Service Provider)?

A VASP, or Virtual Asset Service Provider, is the term defined in the FATF Glossary and underpinned by FATF Recommendation 15 ("New technologies"). FATF is an international standard-setting body, not a regulator. Its Recommendations are a policy standard, not law: they bind member states, which then implement them through national anti-money-laundering legislation. The FATF framework governs AML/CFT only, money-laundering and terrorist-financing risk, registration or licensing for AML purposes, supervision, and the Travel Rule.

Because the VASP concept is a global standard rather than a single statute, a VASP-equivalent regime exists in almost every FATF or FATF-style regional body jurisdiction: the United States, the United Kingdom, Switzerland, the UAE, Singapore and many more. For the deep version of this side, see our FATF VASP definition page.

The FATF definition and the 5 VASP activities

Under the FATF Glossary, a virtual asset service provider is any natural or legal person not already covered elsewhere in the Recommendations who, as a business, conducts one or more of the following 5 activities for or on behalf of another person: FATF Updated Guidance for a Risk-Based Approach to Virtual Assets and VASPs (2021)

1. (i) exchange between virtual assets and fiat currencies;
2. (ii) exchange between one or more forms of virtual assets;
3. (iii) transfer of virtual assets;
4. (iv) safekeeping and/or administration of virtual assets, or instruments enabling control over virtual assets;
5. (v) participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

These five functions are the AML baseline. FATF imposes no minimum capital and creates no passport. A jurisdiction may register or licence a VASP, but the bar is comparatively low and scoped to AML: a "fit and proper" test plus an effective AML programme.

Who supervises a VASP (and why it is not "FATF")

This is the single most common error in VASP-vs-CASP explainers, including the page this one replaces: a firm is not "regulated by FATF." FATF assesses countries, not firms, and issues no licences at all. The actual supervisor of a VASP is a national AML authority or financial intelligence unit (FIU) in the jurisdiction where the firm operates. FATF's job is to set the standard and grade how well each country implements it. FATF Recommendation 15

The Travel Rule, FATF Recommendation 16 applied to virtual assets, flows from the same framework and is enforced by these national supervisors. Our guide to the Travel Rule for VASPs covers that obligation in detail.

What is a CASP (Crypto-Asset Service Provider)?

A CASP, or Crypto-Asset Service Provider, is defined in Regulation (EU) 2023/1114 (MiCA) at Article 3(1)(15) as a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide those services in accordance with Article 59. Unlike a FATF standard, MiCA is directly applicable EU law: the same text applies in all 27 member states without national transposition.

A CASP authorisation is not an AML add-on. It is a full prudential and conduct authorisation covering market integrity, consumer protection, governance, own funds and custody safeguards, with AML handled separately through the EU AML package. For the dedicated treatment of this side, see CASP under MiCA, and for the wider regime, the MiCA regulation explained.

The MiCA definition and the 10 crypto-asset services

MiCA Article 3(1)(16) defines a "crypto-asset service" as any of the following services and activities relating to any crypto-asset, the 10 services (a) to (j): Regulation (EU) 2023/1114 (MiCA), Art. 3(1)(16)

• (a) providing custody and administration of crypto-assets on behalf of clients;
• (b) operation of a trading platform for crypto-assets;
• (c) exchange of crypto-assets for funds;
• (d) exchange of crypto-assets for other crypto-assets;
• (e) execution of orders for crypto-assets on behalf of clients;
• (f) placing of crypto-assets;
• (g) reception and transmission of orders for crypto-assets on behalf of clients;
• (h) providing advice on crypto-assets;
• (i) providing portfolio management on crypto-assets;
• (j) providing transfer services for crypto-assets on behalf of clients.

Offering any one of these ten services to clients in the EU requires CASP authorisation before you operate.

Who authorises a CASP (BaFin, AMF, CySEC and ESMA)

A CASP is authorised by a designated national competent authority in the member state of its registered office, for example BaFin in Germany, the AMF in France or CySEC in Cyprus. Those national authorities act under MiCA, with the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) providing EU-level coordination. As with the VASP side, the correction matters: a firm is not "regulated by MiCA." MiCA is the law; the national competent authority is the regulator. Regulation (EU) 2023/1114 (MiCA)

VASP vs CASP: the full side-by-side comparison

The clearest way to hold the two terms apart is a direct comparison. Note especially the rows on legal nature, supervisor and capital, where the two diverge most sharply.

Regulation (EU) 2023/1114 (MiCA) FATF Updated Guidance (2021)

Legal nature: a global standard vs a binding EU regulation

The deepest difference is one of legal status. The FATF VASP framework is a policy standard. It binds states, which must put it into their own AML law, and FATF then assesses how well each country has done so. MiCA, by contrast, is a binding EU regulation that applies directly to firms, with identical wording in every member state and no transposition step. So a VASP requirement reaches your firm only through your national legislator's implementation; a CASP requirement reaches you straight from the EU statute. Regulation (EU) 2023/1114 (MiCA) FATF Recommendation 15

Geographic reach: worldwide concept vs EU/EEA only

VASP is a worldwide concept: every FATF or FATF-style regional body jurisdiction maintains a VASP-equivalent registration or licence. CASP is narrower and sharper: it exists only across the EU and EEA. That single fact drives most of the "vasp or casp" decision, because the question almost always reduces to whether the business serves clients inside the EU. Regulation (EU) 2023/1114 (MiCA)

How many activities define each? The FATF 5 vs the MiCA 10

A frequent point of confusion is the activity count. A VASP is defined by 5 FATF functions; a CASP is defined by 10 MiCA services. The two lists are not a clean one-to-one mapping. MiCA splits what FATF bundles, so the higher number does not mean MiCA covers more ground, it means MiCA describes the same ground more finely. Regulation (EU) 2023/1114 (MiCA) FATF Updated Guidance (2021)

Why MiCA splits what FATF bundles

The split-mapping is easiest to see by example. FATF function (ii), exchange between forms of virtual assets, becomes two MiCA services split by counterparty: (c) exchange of crypto-assets for funds and (d) exchange of crypto-assets for other crypto-assets. FATF function (v), financial services related to an issuer's offer or sale of a virtual asset, fans out into MiCA (e) execution of orders, (f) placing, (g) reception and transmission of orders, (h) advice and (i) portfolio management. MiCA is finer-grained because it layers MiFID-style conduct categories on top of the AML baseline FATF defines. Regulation (EU) 2023/1114 (MiCA)

Minimum capital and the EU passport: where CASP goes further

Two CASP features have no VASP equivalent at all: a minimum-capital floor and a single-market passport. The FATF standard imposes neither. MiCA imposes both, through Article 67 and Annex IV for own funds and Article 65 for the passport. This is where "CASP is the higher bar" stops being a slogan and becomes a balance-sheet and market-access fact. Regulation (EU) 2023/1114 (MiCA), Art. 65, 67, Annex IV

CASP own-funds classes (Annex IV: EUR 50k / 125k / 150k)

MiCA's own-funds requirement is set in Article 67 and detailed in Annex IV, which sorts CASPs into three capital classes by the services they perform. The own-funds floor is the higher of the fixed capital figure or one quarter of the prior year's fixed overheads.

Regulation (EU) 2023/1114 (MiCA), Annex IV

By contrast, FATF imposes no capital minimum on a VASP. Any capital requirement a non-EU VASP faces comes from its own national regime, not from the FATF standard.

The MiCA passport (Art. 65): one authorisation, all of the EU/EEA

The passport is the prize the VASP world cannot match. A single CASP authorisation in one member state, combined with the notification procedure under Article 65, lets the firm serve clients across all EU and EEA states without seeking a fresh authorisation in each one. In the VASP world there is no equivalent: every jurisdiction is a separate registration. For the mechanics, see MiCA passporting across the EU. Regulation (EU) 2023/1114 (MiCA), Art. 65

Do you need a VASP registration or a CASP licence?

This is the decision behind the "vasp or casp" search. The logic is simpler than it looks once geography is the hinge: the question is essentially whether you serve clients inside the EU/EEA. The decision tree below walks the three main paths, including the Switzerland case our clients face most often.

Serving EU/EEA clients: you need CASP authorisation

If you provide any one of the 10 MiCA crypto-asset services to clients in the EU or EEA, you need CASP authorisation under Article 59 before you operate. Serving EU residents from outside the bloc does not let you escape MiCA: the reverse-solicitation exemption is narrow and cannot be relied on for active marketing. If the EU is in your client base, plan for CASP. Regulation (EU) 2023/1114 (MiCA), Art. 59

Operating outside the EU: the local VASP-equivalent regime

If your business operates entirely outside the EU, MiCA does not apply and CASP is not your route. You fall under the local VASP-equivalent regime of the jurisdiction where you operate, which sets its own registration or licensing, AML programme and any capital requirement. Each jurisdiction is a separate registration, so a multi-country footprint means multiple VASP-equivalent applications. FATF Recommendation 15

Swiss firms serving the EU: you need an EU CASP entity

Switzerland is not in the EU or EEA, so a Swiss FINMA or SRO-supervised firm is a VASP-equivalent, not a CASP. A Swiss licence does not passport into the EU. To serve EU clients, a Swiss firm must establish an EU-based entity and obtain CASP authorisation there. This is the core decision the cross-border "vasp or casp" searcher faces, and the one we see most as a Zug-based advisory. For the Swiss side, see our Swiss FINMA/SRO crypto licence guide. Regulation (EU) 2023/1114 (MiCA)

From our practice. Founders most often arrive convinced they must pick one term over the other. In reality the work is sequencing: confirm the AML baseline first, then map the in-scope MiCA services against the 10 categories, then decide where the EU entity sits. The questions that decide the outcome are rarely "VASP or CASP" in the abstract. They are "which of the 10 services are you actually offering, and to clients in which countries." Get those two answers right and the regime usually selects itself.

CASP is also a VASP: why MiCA does not replace FATF

The biggest misconception baked into "vasp vs casp" is that they are mutually exclusive. They are layered, not opposed. An EU CASP is also, in substance, a VASP for AML purposes: it must satisfy the same FATF-derived anti-money-laundering obligations as any other virtual-asset business. MiCA does not switch FATF off; it adds prudential and conduct duties on top of the AML floor that remains in force. Regulation (EU) 2023/1114 (MiCA) FATF Updated Guidance (2021)

AML/CFT still applies to EU CASPs (AMLR + Travel Rule)

For EU CASPs, the FATF-derived AML obligations now flow through the EU AML package, including the EU Anti-Money Laundering Regulation, and the Travel Rule applies via the EU Transfer of Funds Regulation. So a CASP carries two layers at once: the MiCA financial authorisation and the AML/CFT compliance that the VASP concept describes. They are complementary, not alternatives. For the AML obligation in depth, see Travel Rule for VASPs. Regulation (EU) 2023/1114 (MiCA)

The MiCA transition: when a VASP must become a CASP

MiCA's CASP regime applied from 30 December 2024. Firms already lawfully providing crypto-asset services under a national regime before that date were given a transitional, or "grandfathering," window to keep operating while they pursue full CASP authorisation. The maximum length of that window is set by MiCA, but each member state could shorten it, so the windows vary and several close during 2025 and 2026. Exact per-state end dates are time-sensitive and must be confirmed against ESMA and the relevant national authority before relying on them. Regulation (EU) 2023/1114 (MiCA)

By contrast, the VASP world has no comparable cut-over date. Each jurisdiction sets and changes its own AML registration timeline independently. For a concrete member-state example of the transition in practice, see the VASP-to-CASP transition in Lithuania.

Application route: Art. 62 to Art. 63 to Art. 65

For a firm applying from scratch, the MiCA route runs through three articles in sequence. You apply under Article 62, the competent authority assesses the application and grants or refuses authorisation under Article 63, and once authorised you notify under Article 65 to passport your services across the EU and EEA. To anchor the whole journey, link up to the pillar on how to become a licensed VASP and across to the MiCA regulation explained. Regulation (EU) 2023/1114 (MiCA), Art. 62, 63, 65