Gaps in overseeing offshore virtual asset service providers ( VASPs ) are being exploited to facilitate global large-scale fraud, money laundering and terrorism financing, according a recent report.

Notably, 46% of jurisdictions have adopted an activity-based approach to regulation and supervision, meaning they require licensing or registration of activities in one jurisdiction – irrespective of where the VASP is based, finds The Understanding and Mitigating the Risks of Offshore VASPs report published by the Financial Action Task Force ( FATF ), a global money-laundering watchdog that looks at how such service providers structure their activities to avoid or evade regulatory obligations, and how illicit actors exploit these vulnerabilities. 

Offshore VASPs operate under the laws of one jurisdiction – with or without a physical presence –  and provide services to clients residing in another jurisdiction.

Differences in regulation, the Paris-based watchdog, notes “can create gaps that criminals exploit and which significantly complicate authorities’ abilities to effectively supervise and cooperate internationally”.

Scam compounds

The movement of illicit proceeds can be obscured, the report notes,  “including by dispersing victim funds across multiple addresses, routing transactions through layered intermediary wallets and using multiple blockchains or bridges to increase obfuscation”. 

The report describes how offshore VASPs are used “to convert illicit proceeds from scam compounds and provide financial support to terrorist groups, and how nested relationships can be misused, whereby offshore, unlicensed VASPs access services from a licensed VASP by posing as a private individual customer”.

Offshore VASPs, Elisa de Anda Madrazo, FATF’s president, states “create blind spots that criminals are clearly exploiting, to scam vulnerable people through fraud or fuel terror around the world. I urge all countries and the private sector to act on the good practice we have identified. As virtual assets move across borders in seconds, strong compliance, supervision and international cooperation are essential to address these risks.”

Good practices

To mitigate risks, activity-based approaches, sanctions, inter-agency task forces, public-private partnerships and the use of supervisory channels “to the fullest extent possible” are recommended by the report.

Financial institutions, the report adds, should assess their exposure to unlicensed or unregistered offshore VASPs and apply “clear and consistent rules” to ensure that no group entity operates abroad outside regulatory oversight, and “refrain from establishing or maintaining business relationships with unlicensed or unregistered providers”.

Case studies from Nigeria ( with one VASP-linked wallet holding some US$600 million ), Indonesia ( financing terrorist groups in Syria ), Britain, New Zealand, India, the Cayman Islands and Abu Dhabi are included in the report.

“India’s Sahyog portal demonstrates how structured channels with platforms enable quicker action against unlawful content,” the report highlights, adding that such actions include taking down websites linked to unregistered offshore VASPs.