Offshore VASPs: What They Are, Why They’re Risky, and How AI Can Help

Offshore Virtual Asset Service Providers (oVASPs) are a growing source of financial crime risk for institutions worldwide. In March 2026, the FATF published a dedicated report documenting how oVASPs have been used to launder criminal proceeds, finance terrorism, and enable large-scale investment fraud. In each case regulated domestic institutions were used as the point of entry or exit, meaning that, for compliance teams, understanding this risk and the measures needed to address it is now a regulatory expectation, not a best practice.

What Is an Offshore VASP?

An offshore VASP (oVASP) is a Virtual Asset Service Provider incorporated in one jurisdiction, its home jurisdiction, that actively provides services to clients residing in other jurisdictions, known as host jurisdictions, with or without physical presence there.

Crucially, an oVASP is not simply a VASP with foreign customers. It is one that:

• Solicits clients in markets where it holds no licence.

• Onboards users despite local registration requirements.

• Routes transactions through domestic payment infrastructure without authorisation.

The FATF identifies two types:

• Unintentional oVASPs — providers that misunderstand which regulatory frameworks apply to their cross-border activities.

• Intentional oVASPs — providers that wilfully circumvent registration as a business model, deliberately fragmenting group structures and routing activity through affiliates to obscure regulatory accountability.

Why Do oVASPs Create Disproportionate Compliance Risk?

1. Regulatory arbitrage. OVASPs route activity through jurisdictions with weaker AML requirements, converting lower compliance costs into pricing advantages. Many actively market minimal KYC requirements to attract customers from regulated platforms.

2. Limited physical presence. Compliance functions, key personnel, and data infrastructure are typically located outside the jurisdictions where customers are based. This severely limits supervisors’ ability to gain information or conduct oversight. Some oVASPs appoint nominal ‘dummy’ principal officers with no meaningful access to customer data.

3. Nested exchange relationships. Documented by The FATF’s Estonia case, OVASPs access regulated markets by opening accounts at licensed onshore VASPs and posing as retail users. The oVASP’s automated, high-frequency trading was visible in aggregate, but invisible to individual-transaction detection logic. In this case, the host VASP bore full AML exposure with no visibility over what was transacting through its infrastructure.

4. Travel Rule gaps (the Sunrise Issue). Where oVASPs operate from jurisdictions that have not yet implemented the Travel Rule (which mandates that financial institutions and VASPs share originator and beneficiary information for transactions above a €/$1000 threshold), authorities lack a legal basis to request participant information on cross-border transfers. Fragmented global implementation timelines create blind spots that oVASPs actively target.

These risks are not theoretical. Nigeria’s FIU documented an investment fraud scheme in which victim funds were channelled through multiple, uniquely generated wallet addresses, with offshore exchanges as cash-out points. One linked wallet held approximately USD 600 million at the time of analysis.

Indonesia’s FIU identified terrorism financing routed from a regulated local VASP to offshore platforms, exploiting looser KYC to reach foreign terrorist fighters in Syria. In each case, an oVASP was the mechanism, exploiting the vulnerability of a regulated domestic entity.

Why Do Traditional AML Controls Fail to Detect oVASP Activity?

Rules-based transaction monitoring fails against oVASPs because it evaluates alerts one transaction at a time. Standard detection logic looks for unusual transaction sizes, structuring patterns, and atypical counterparties. An oVASP operating through a nested account triggers none of these. Individual transactions appear routine, the account holder may have passed KYC, and no single data point presents as suspicious.

The behaviours that do signal oVASP activity: automated trading patterns, repetitive timing, and algorithmic counterparty characteristics, are only visible in aggregate, across the full pattern of account activity over time. Static, rules-based systems are structurally incapable of performing that analysis.

How Does Agentic AI Improve oVASP Detection?

Agentic AI directly addresses the detection failures that oVASPs exploit, thanks to four primary capabilities. 

1. Behavioural analysis across transactions and time. Agentic AI assesses cumulative account behaviour, identifying whether activity is consistent with a stated customer profile or indicative of nested or unlicensed VASP activity. This kind of analysis would have aided in surfacing the automated trading patterns in the Estonia case before the exposure occurred.

2. Network and entity resolution at scale. Agentic AI surfaces connections invisible in individual transaction data, such as shared beneficial owners, overlapping wallet histories, and common counterparty networks, at volumes no manual investigation team can match.

3. Consistent nested relationship assessment. Agentic AI standardises FATF Recommendation 13-style due diligence across every nested VASP relationship. It applies uniform assessment logic and flagging behavioural shifts that indicate a changing risk profile, without relying on periodic manual review.

4. Explainable, audit-ready outputs. Regulators now expect institutions not only to detect oVASP exposure, but to demonstrate how detection decisions were made. Agentic AI produces structured reasoning traceable from input data through applied policy logic to outcome, an audit trail that static systems struggle to match.

Key Takeaways for Compliance Teams

• OVASPs are a formally defined and actively enforced risk category, not an emerging or niche concern.

• Every institution interacting with the virtual asset ecosystem has potential oVASP exposure through customers, counterparties, or nested VASP relationships.

• Rules-based detection cannot reliably identify oVASP activity; behavioural signals are only visible in aggregate, not transaction-by-transaction.

• Agentic AI closes this gap through pattern-level analysis, network resolution, consistent due diligence, and explainable decisioning.

• Regulatory expectations now include demonstrating how detection decisions were made.

The technology to manage oVASP risk does exist. The question is whether institutions deploy it before regulators determine that they should have.