• BVI VASP — Mandatory Requirements

Mandatory Requirements for BVI VASP Licence Holders

What Crypto Businesses Must Have in Place to Operate Legally in the British Virgin Islands. Launching a crypto business in the BVI requires more than simply registering a company — your business must comply with a detailed set of regulatory requirements under the VASP Act, 2022.

Book a BVI Crypto Licence Call
Get BVI Crypto Licence Guide
Six Core Requirement Categories

👥

Mandatory roles and approved persons

🔄

Registration and core authorisations

🏦

Ongoing regulatory and prudential obligations

🔑

AML / CFT and Travel Rule compliance

🛡️

Client asset protection and marketing standards

🏛️

Local presence and regulatory cooperation

These requirements ensure that crypto businesses operating in or from the BVI meet global standards for governance, compliance, and financial integrity. Below is a practical breakdown of the mandatory roles, systems, and controls every VASP must have in place before and after registration.

1

Mandatory Roles and Approved Persons

One of the first things the regulator evaluates is who is running the business. The BVI framework requires certain key positions to be filled before a VASP can operate. The regulator must approve any appointment of directors or senior officers in advance.

🏛️

Board of Directors & Senior Management

Every VASP must appoint at least two individual directors who satisfy the FSC's fit-and-proper requirements. In some cases, a BVI-resident director may also be required.

  • Relevant experience in the sector
  • Integrity and good standing
  • Capability to oversee the crypto business
  • Responsibility for AML/CFT and Travel Rule implementation

🤝

Authorised Representative (AR)

Unless your company has a significant operational presence in the BVI, you must appoint an FSC-approved Authorised Representative as your regulatory interface.

  • Maintaining regulatory records locally
  • Receiving official communications from the FSC
  • Assisting with regulatory filings and supervision

🔍

Approved Auditor

Every licensed VASP must appoint an independent auditor approved by the FSC. The auditor must have access to company records and must be formally notified to the regulator shortly after appointment.

  • FSC-approved independent auditor required
  • Access to all company financial records
  • Formal notification to regulator on appointment

🛡️

Compliance Officer & MLRO

A compliant VASP must appoint two key compliance roles that form the backbone of the company's financial crime prevention framework.

  • Compliance Officer — oversees the full compliance framework and internal policies
  • MLRO — manages AML reporting and submits suspicious activity reports to the BVI Financial Investigation Agency

2

Registration and Core Authorisations

Before providing crypto services, the company must be registered with the FSC as a Virtual Asset Service Provider. The registration requirement applies to businesses operating directly within the BVI, or through a BVI entity providing services abroad. Even operating from premises located in the BVI can bring the business within the regulatory scope.

⚠️

Even operating from premises located in the BVI can bring the business within the regulatory scope — the geographic reach is broad and applies to both onshore and offshore operations.

The Application Dossier Must Include

Core Disclosures

  • Directors and senior officers
  • Shareholders and beneficial owners
  • BVI physical address
  • Authorised Representative details
  • Proposed auditor

Business Plan Details

  • Operational structure
  • Staffing and human resources
  • Technology infrastructure
  • Marketing strategy
  • Outsourcing arrangements
  • Financial projections and capital

Additional Requirements

  • Enterprise risk assessments
  • Compliance manuals
  • Cybersecurity safeguards
  • Client-asset handling systems

3

Ongoing Regulatory and Prudential Obligations

Obtaining a VASP licence is only the beginning. Licensed companies must comply with ongoing regulatory duties that apply for the entire duration of the licence.

💰 Financial Soundness

The company must remain financially stable at all times. If financial stability is threatened, the FSC must be notified immediately.

📊 Periodic Regulatory Reporting

VASPs must provide information to the regulator when requested.

  • Compliance status reports
  • Client exposure information
  • Operational metrics
  • Complaints and dispute resolution

🔄 Ownership & Control Changes

Companies must obtain prior FSC approval before selling or acquiring a significant ownership stake, or restructuring in a way that changes control.

📢 Notification of Material Changes

The regulator must be informed of significant operational changes, including:

  • Changes in directors
  • Changes in company address
  • Appointment of new auditors
  • Changes to the business model
  • Company name changes (require prior approval)

🏛️

Changes in ownership or company name require prior regulatory approval — not just notification. Acting without this approval constitutes a breach of the VASP licence conditions.

4

AML / CFT and Travel Rule Compliance

Anti-money laundering compliance is a core pillar of the BVI VASP regime. Every licensed VASP must comply with the jurisdiction's AML laws and the AML Code of Practice. Directors and senior officers are personally responsible for ensuring compliance systems are properly implemented.

🔎

Financial Crime Prevention

Companies must implement systems that address all components of the financial crime prevention framework.

  • Customer due diligence
  • Enhanced due diligence for high-risk clients
  • Suspicious activity reporting
  • Staff training programmes

📤

Travel Rule Compliance

The Travel Rule requires VASPs to collect and transmit identifying information for certain crypto transfers. Third-party Travel Rule technology providers must also be assessed.

  • Originator and beneficiary data collection
  • Transaction data transmission
  • Counterparty VASP assessment
  • Director-level accountability

🚫

Sanctions Screening

VASPs must screen customers and transactions against applicable sanctions lists. Time-sensitive obligations apply to updates and matches.

  • Sanctions list updates processed within 24 hours
  • Matches reported immediately to relevant authorities
  • Ongoing monitoring of all clients and counterparties

5

Client Asset Protection and Marketing Standards

The FSC places strong emphasis on protecting customers and maintaining market integrity. These requirements apply to all VASP activity categories.

🔐

Client Asset Safeguarding

VASPs must maintain systems that ensure client assets are properly safeguarded, segregated from company assets, and protected from misuse. Any interference with client assets must be reported promptly to both customers and the regulator.

📁

Record Keeping

The company must maintain accurate and complete records of all transactions, customer interactions, and compliance procedures — allowing the regulator to verify compliance with applicable laws at any time.

📢

Fair Marketing Practices

Crypto businesses must avoid misleading advertising or business names. The FSC has the authority to require companies to change names or marketing materials that could mislead the public.

6

Local Presence and Regulatory Cooperation

Every VASP must maintain a physical address in the BVI and ensure regulatory accessibility. This is a fundamental requirement — not simply an administrative formality.

Effective regulatory cooperation is a key expectation of all licensed firms, and extends beyond the FSC to multiple BVI authorities.

VASPs Must Also Cooperate With

  • The Financial Investigation Agency
  • Law enforcement agencies
  • The Governor's Office
  • Tax authorities where relevant

📌

Local presence enables the FSC and other BVI authorities to access your business efficiently. Failing to maintain a genuine physical address is a material breach of licence conditions.

How We Help

How CRYPTOVERSE Legal Supports Your BVI VASP Licence

Obtaining a VASP registration involves far more than submitting an application. Our team helps crypto founders and Web3 companies build a regulator-ready compliance framework that meets every mandatory requirement.

👥

1. Approved-Persons Strategy

We structure the people side of your application — ensuring your key roles are filled, fit-and-proper assessments are prepared, and all regulatory approvals are in order.

  • Director structures and resident director options
  • AR selection and onboarding
  • Auditor engagement
  • Compliance Officer and MLRO placement

🔒

2. Compliance Architecture

We design and implement the full compliance infrastructure required for FSC approval and ongoing regulatory operation.

  • AML/CFT frameworks and manuals
  • Travel Rule implementation
  • Sanctions screening controls
  • Regulatory reporting procedures

⚙️

3. Operational Readiness

We prepare the operational documentation and systems required to demonstrate readiness to the regulator from day one.

  • Cybersecurity policies
  • Outsourcing assessments
  • Custody controls and asset protection procedures
  • Reporting templates for regulatory review

A Regulator-Ready Compliance Framework — Built for Approval

  • We structure your approved persons — directors, AR, auditor, Compliance Officer and MLRO
  • We prepare the complete application dossier including business plan, risk assessments and compliance manuals
  • We implement your AML/CFT framework, Travel Rule procedures, and sanctions controls
  • We ensure ongoing regulatory obligations are built into your operational model from launch
With the right legal strategy, the BVI provides a credible and efficient path to building a regulated crypto business.

Ready to Build Your Compliance Framework?

Speak With a Crypto Lawyer Today

If you're planning to launch a crypto exchange, custody service, or Web3 platform in the BVI, understanding the mandatory regulatory framework is essential. Let us help you build a structure the FSC will approve.

Speak to a Crypto Lawyer