Crypto License in Seychelles
Seychelles’ Dual Appeal – Flexibility and Regulation
The Seychelles Islands, renowned for their sophisticated financial services sector and forward-thinking regulatory environment, have firmly established themselves as a premier jurisdiction for virtual asset businesses. The introduction of the Virtual Asset Service Providers Act, 2024 (VASP Act), which became effective in late 2024, marks a pivotal shift, requiring all entities conducting Virtual Asset Service Provider (VASP) activities in or from Seychelles to obtain a mandatory license from the Financial Services Authority (FSA). This strategic legislative move aligns Seychelles with global standards set by the Financial Action Task Force (FATF), enhancing the jurisdiction’s reputation and attracting serious, institutional-grade crypto and FinTech operations.
Securing a Seychelles Crypto License is now the definitive pathway for global crypto exchanges, wallet providers, and brokerage firms seeking regulatory clarity, competitive tax structures, and demonstrable substance. The new VASP Act is designed to mitigate Money Laundering (ML) and Terrorist Financing (TF) risks while fostering responsible innovation within the digital asset space. This extensive guide provides an in-depth analysis of the VASP Act, outlining the licensing categories, minimum capital requirements, rigorous substance requirements, and the comprehensive operational compliance framework essential for a successful application in 2025.
The Legislative Landscape: VASP Act 2024 and FSA Oversight
The Virtual Asset Service Providers Act, 2024, along with its subsidiary regulations (e.g., Capital and other Financial Requirements Regulations, Safekeeping and Management of Client’s Assets Regulations, and Cybersecurity Requirements Regulations), forms the regulatory cornerstone.
Defining the Scope of Virtual Asset Services (VASPs)
The Act provides a clear and comprehensive definition of a Virtual Asset (VA) and mandates licensing for a defined list of services. A VA is broadly defined as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes (excluding digital representations of fiat currency).
The following activities, when conducted for or on behalf of another person as a business, require a VASP License:
Exchange: Exchange between virtual assets and fiat currencies or between one or more forms of virtual assets.
Transfer: Transfer of virtual assets.
Custody: Safekeeping or administration of virtual assets or instruments enabling control over virtual assets (e.g., providing crypto custody solutions).
Financial Services: Participation in and provision of financial services related to an issuer’s offer or sale of a virtual asset.
Entities that fall under the VASP Act must immediately cease all unlicensed operations or apply for the appropriate FSA VASP license by the stipulated regulatory deadline.
The Role of the Financial Services Authority (FSA)
The FSA is the sole designated regulatory body responsible for the licensing, supervision, and enforcement of the VASP Act. The FSA’s responsibilities are extensive:
Reviewing and approving VASP applications, including conducting Fit and Proper Assessments.
Monitoring ongoing compliance with AML/CFT obligations and cybersecurity requirements.
Issuing guidelines, conducting compliance inspections, and taking enforcement actions.
Registering promoters of Initial Coin Offerings (ICOs) and Non-Fungible Tokens (NFTs).
VASP License Categories and Minimum Capital
The VASP Act establishes four distinct license categories, each associated with different risks and, consequently, different minimum paid-up capital requirements. A VASP intending to provide multiple services must satisfy the capital requirement for each authorized activity, and the capital must be totalled.
VASP Licensing Categories and Initial Capital
The required capital must be held in the form of cash, bonds, or other approved securities and maintained at a bank licensed under the Financial Institutions Act or an equivalent financial institution.
| VASP License Type | Description of Virtual Asset Service | Initial Paid-Up Capital (USD Equivalent) |
| Type A: Virtual Asset Wallet Provider | Provides virtual asset wallet services, including the safekeeping of private keys. | $75,000 |
| Type B: Virtual Asset Exchange Operator | Operating a platform that facilitates trading and exchange between VAs or VAs and fiat currency (e.g., crypto-to-fiat exchange). | $100,000 |
| Type C: Virtual Asset Broker | Facilitating the purchase or sale of VAs for clients (e.g., OTC desk). | $50,000 |
| Type D: Virtual Asset Investment Provider | Providing investment services related to VAs, such as advisory or portfolio management. | $25,000 |
This tiered capital structure demonstrates the FSA’s risk-based approach, reserving the highest capital barrier for Virtual Asset Exchanges due to their systemic importance and high client asset exposure.
Reserve Assets and Ongoing Capital Adequacy
Beyond the initial paid-up capital, the VASP Regulations impose two crucial financial obligations:
Reserve Assets: A licensee must maintain reserve assets or monies equivalent to 100% of the liabilities owed to clients with respect to client assets held by the VASP. These must be segregated into separate accounts.
Turnover-Based Capital: Starting from the third year of operation, the VASP must maintain a capital amount equal to the greater of the initial paid-up capital or 2.5% of its annual turnover.
Seychelles Substance Requirements: Directors and Physical Office
A cornerstone of the new VASP Act is the requirement for demonstrable local substance in Seychelles, moving beyond simple registration to ensure operations are actively managed and controlled within the jurisdiction.
Corporate Structure and Local Management
The licensing vehicle must be a Seychelles incorporated entity (either a domestic company or an International Business Company (IBC)). The management structure must meet specific criteria:
Minimum Two Directors: The company must have at least two individual directors.
Resident Director Mandate: At least one director must be a resident of Seychelles. This is critical for demonstrating management control within the jurisdiction.
Local Officer/Staff: The VASP must employ qualified and experienced staff to manage the local office and operations.
Board and Management Meetings: The Act mandates that the VASP hold at least two board meetings and at least four management meetings annually in Seychelles.
Physical Presence and Record Keeping
The requirement for a fully manned physical office is non-negotiable and subject to FSA inspection.
Physical Office: The VASP must secure a physical office space suitable for regulatory inspections and secure record-keeping. Proof of premises (e.g., a lease agreement) is mandatory for the application dossier.
Local Accessibility of Records: All records and documentation required by the VASP Act must be maintained and readily accessible from the concerned local office in Seychelles. This ensures the FSA can conduct effective oversight and monitoring of the VASP’s operational activities.
Complaint Handling: The VASP must establish a mechanism for handling client complaints in Seychelles, further solidifying local operational presence.
The Fit and Proper Test and Key Personnel
The integrity and competence of the VASP’s key personnel are rigorously scrutinized under the FSA’s Code for Fit and Proper criteria. This applies to all directors, principal officers, and persons holding a significant interest (shareholders).
Assessment Criteria
Applicants must submit detailed personal information for all relevant individuals, including:
Integrity and Honesty: Demonstrable history of integrity, character, and honesty, often verified by Police Clearance Certificates.
Competence and Experience: Proven qualifications and experience relevant to the financial and technological demands of a VASP business.
Financial Soundness: The financial status of the individuals and the VASP itself must confirm stability and ability to meet financial obligations.
Reputation and Judgement: Consideration of the individual’s reputation and track record in business.
Mandatory Compliance Functionaries
The VASP must appoint dedicated officers, who must also pass the Fit and Proper Test:
Compliance Officer (CO): Responsible for the VASP’s overall compliance with the VASP Act and all related regulations.
Money Laundering Reporting Officer (MLRO): The key person responsible for the company’s Anti-Money Laundering (AML) procedures and for reporting Suspicious Activity Reports (SARs) to the Seychelles Financial Intelligence Unit (FIU). The MLRO must possess specialized knowledge of virtual asset ML/TF risks and local reporting obligations.
Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) Framework
Compliance with the Seychelles Anti-Money Laundering and Countering the Financing of Terrorism Act, 2020 (AML/CFT Act) is mandatory. The VASP Act specifically names VASPs as Reporting Entities, placing them under the direct supervision of the FIU for AML purposes.
The Risk-Based Approach (RBA)
The VASP must develop a comprehensive AML/CFT Manual that implements an Enterprise-Wide Risk Assessment (EWRA).
Customer Due Diligence (CDD): Robust KYC procedures (Know-Your-Customer), including identity verification of all customers and beneficial owners.
Enhanced Due Diligence (EDD): Applied to high-risk customers, such as Politically Exposed Persons (PEPs), those involved in large-volume transfers, or those using non-transparent virtual asset typologies.
Transaction Monitoring: Implementing systems to monitor transactions for suspicious patterns, including structuring, layering, and integration of illicit funds. The VASP must demonstrate the use of blockchain analytics tools appropriate to its risk profile.
Compliance with the FATF Travel Rule
In line with FATF Recommendation 16 (the Travel Rule), Seychelles VASPs are obliged to collect and transmit specific information for virtual asset transfers above a certain threshold (typically USD 1,000).
Information Collection: For qualifying transfers, the VASP must obtain and hold the originator’s name, account number (or wallet address), and the beneficiary’s corresponding information.
TRSP Implementation: The VASP must demonstrate a technical solution (often via a Travel Rule Solution Provider (TRSP)) that ensures secure, timely, and compliant data sharing with counterparty VASPs.
Technology, Cybersecurity, and Operational Reliability
The Virtual Asset Service Provider (Cyber Security Requirements) Regulations 2024 impose strict standards to protect client assets and data, reflecting the high-risk nature of the virtual asset industry.
Cybersecurity and IT Governance
The VASP’s technical infrastructure must be subject to rigorous control and regular review.
Comprehensive Policies: The VASP must have a detailed IT and Cyber Risk Policy, covering hardware, software, internal network, and data encryption standards.
Disaster Recovery and BCP: Mandatory development and regular testing of a Business Continuity Plan (BCP) and a Disaster Recovery (DR) plan to ensure minimal service disruption in the event of a system failure or attack.
Independent Audit: The FSA may require an independent cybersecurity audit by an approved expert to confirm the integrity, security, and robustness of the VASP’s technical systems before and during licensing.
Client Asset Safekeeping and Management
VASPs providing custodial services are subject to specific regulations aimed at preventing the commingling and loss of client funds.
Asset Segregation: Client virtual assets must be clearly identifiable, properly accounted for, and strictly segregated from the VASP’s own proprietary assets.
Private Key Security: The VASP must employ secure procedures for the safekeeping and administration of private keys, including the use of multi-signature technologies, cold storage solutions, and multi-geographical distribution of key fragments.
Insurance Coverage: The FSA may require the VASP to maintain adequate Professional Indemnity Insurance (PII) or similar insurance coverage to cover potential risks of loss or theft of client assets.
The Seychelles VASP License Application Process: A Checklist
The application process is thorough, requiring meticulous preparation of the dossier to satisfy the FSA’s stringent requirements. The average processing time is typically 3 to 6 months from the date of submission of a complete package.
Critical Application Stages
Pre-Application Planning: Define the exact VASP service category and confirm the minimum paid-up capital.
Company Incorporation: Incorporate the Seychelles entity (e.g., IBC) and set up the physical office and hire the resident director.
Documentation Assembly: Prepare the entire suite of compliance and operational manuals.
Submission and Fees: Submit the complete application dossier to the FSA, along with the required Application Fee (e.g., SCR 75,000, approx. USD 5,750).
FSA Review: Respond promptly to the FSA’s requests for clarification (RFIs).
Approval and Grant: Upon satisfaction, the FSA grants the VASP License.
Mandatory Application Dossier Checklist
The applicant must submit a comprehensive set of documents proving both corporate stability and operational readiness.
| Document Category | Required Documents and Submissions |
| Corporate/Legal | Certificate of Incorporation, Memorandum & Articles of Association (explicitly permitting VASP activities), Corporate Structure Chart, Proof of Registered Office and Physical Office Lease Agreement. |
| Personnel | Personal Questionnaire Forms for all directors/officers/shareholders, CVs, Police Clearance Certificates, Proof of Funds/Wealth for UBOs, Fit and Proper Declarations. |
| Financial | Proof of minimum paid-up capital deposit, Three-Year Financial Projections (forecast), Source of Funds for initial capital, Proof of adequate PII (if required). |
| Operational/Compliance | Detailed Business Plan, Comprehensive AML/CFT Manual, IT & Cybersecurity Policy, Data Protection Policy, Business Continuity Plan (BCP), Enterprise-Wide Risk Assessment (EWRA). |
Request more information
Taxation and Economic Benefits
Seychelles offers a compelling tax framework for International Business Companies (IBCs) and VASP licensees, enhancing its attractiveness as a base for global operations.
Tax Framework for VASPs
The tax regime for a Seychelles VASP largely depends on whether the income is sourced locally or internationally.
Corporate Tax: Seychelles imposes a Corporate Tax of 0% on foreign-sourced revenue. Income derived locally (e.g., from local clients or local business) is subject to a rate of 15% (for income up to SCR 1 million) and 25% (for income exceeding SCR 1 million). Most international VASPs benefit significantly from the zero tax rate on foreign-sourced income.
Other Taxes: There are generally no capital gains, inheritance, or withholding taxes. VAT is 15% but is usually not mandatory for IBCs conducting entirely international business.
Reputation and Banking Access
Obtaining the Seychelles VASP License significantly elevates a company’s standing in the international financial community.
Global Reputation: The FSA’s commitment to FATF standards and the rigorous substance requirements mean the license is viewed as credible, which is vital for building trust with global partners and institutional clients.
Banking Facilitation: While opening bank accounts for crypto businesses remains challenging globally, a licensed Seychelles VASP with demonstrably strong AML/CFT frameworks and local substance has a significantly higher chance of securing global and correspondent banking services compared to unlicensed entities.
Ongoing Compliance, Auditing, and Reporting
A VASP Registration is not static; it is contingent upon continuous adherence to regulatory standards, which includes annual reporting and regular audits.
Annual Renewal and Statutory Filings
Licensees must meet numerous annual and periodic obligations to maintain their status.
| Obligation | Key Submission / Regulator |
| License Renewal Fee | Annual payment of the required license renewal fee (varies by VASP type). Regulator: FSA. |
| Annual Audit Report | Annual submission of financial accounts audited by an FSA-approved auditor. Regulator: FSA. |
| Compliance Form | Annual detailed report on compliance status with the VASP Act and all related regulations. Regulator: FSA. |
| Substance Requirement Report | Annual report confirming continued adherence to local presence rules (Local Substance): physical office, resident director, and local board/management meetings. Regulator: FSA. |
| Cyber Security Report | Annual report detailing the status and effectiveness of IT controls and cybersecurity measures. Regulator: FSA. |
Failure to comply with these ongoing reporting obligations can result in penalties, suspension, or the ultimate revocation of the VASP license.
Prohibited and Restricted Activities
The VASP Act explicitly prohibits certain high-risk activities to protect the integrity of the jurisdiction:
-
Prohibition: The Act strictly prohibits the operation of mining facilities, mixing or tumbling services, and validator services in or from Seychelles.
-
ICOs and NFTs: The promotion of Initial Coin Offerings (ICOs) and Non-Fungible Tokens (NFTs) is regulated under the VASP Act and requires FSA registration of the promoter, subject to specific guidelines.
Advanced Risk Management and Consumer Protection
The FSA places significant emphasis on the VASP’s ability to manage market, operational, and consumer risks effectively.
10.1. Internal Audit and Governance
A robust governance structure is essential for demonstrating effective control to the FSA.
Internal Compliance Reviews: The VASP must conduct and document regular internal reviews of its AML/CFT and operational compliance functions, testing the effectiveness of its controls and providing a report to the Board.
Conflict of Interest Policy: A detailed policy is required to manage and disclose potential conflicts of interest, particularly concerning proprietary trading versus client trading activities.
10.2. Consumer Protection Measures
The VASP Act mandates specific measures to protect retail clients.
Clear Disclosure: VASPs must provide clients with clear, non-misleading, and easily understandable information about the risks associated with virtual assets, the services provided, and the contractual terms.
Safeguarding Client Assets: The strict rules regarding the segregation and safekeeping of client assets (100% reserve assets) are the ultimate consumer protection measure, ensuring client funds are protected even in the event of VASP insolvency.
Deep Dive into AML/CFT: FIU Engagement and Reporting Dynamics
The integration of the VASP Act 2024 with the AML/CFT Act 2020 mandates stringent reporting mechanisms, placing the Financial Intelligence Unit (FIU) at the heart of the VASP’s compliance lifecycle. Proactive and accurate reporting is non-negotiable for maintaining the Seychelles Crypto License.
Reporting to the Financial Intelligence Unit (FIU)
VASPs are categorized as Reporting Entities and must register on the FIU’s designated platform, typically goAML, to fulfill their mandatory reporting duties.
Suspicious Activity Reports (SARs): The core obligation is the filing of Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs). The VASP’s Money Laundering Reporting Officer (MLRO) must establish a clear internal process for identifying, assessing, and promptly reporting any activity or attempted activity that raises suspicion of ML/TF, regardless of the transaction amount.
Virtual Asset Suspicious Activity Reporting (VASAR): The FIU has provided specific VASAR Documentation and XML schema for batch submissions, reflecting the unique nature and volume of virtual asset transactions. The VASP’s IT infrastructure must be capable of generating data in the required FIU format for efficient submission, particularly concerning large volumes of reports.
Red Flags Indicators: The VASP must incorporate the Virtual Assets Red Flags Indicators Guidance Notes issued by the FSA/FIU into its transaction monitoring system. These indicators specifically target common crypto-related schemes, such as the use of mixer/tumbler services (which are explicitly prohibited by the Act), rapid movements of funds to high-risk wallets, or attempts to circumvent KYC thresholds.
Ongoing Training and MLRO Autonomy
The quality of SARs relies heavily on the competence of the compliance team. The VASP must ensure its MLRO has sufficient autonomy and authority to act independently of the commercial interests of the VASP.
Continuous Education: Mandatory and documented annual training must be provided to all staff, focusing specifically on the latest regulatory amendments, emerging virtual asset crime typologies, and the VASP’s internal reporting protocols.
MLRO Resource Allocation: The VASP must allocate adequate resources to the MLRO function, ensuring that the officer is not only qualified but also has access to necessary blockchain analytics tools and sufficient staffing to conduct thorough investigations before filing a SAR. Demonstrating this commitment to the MLRO’s independence is a key factor the FSA assesses during compliance inspections.
Registration and Oversight of ICOs and NFTs
While the VASP Act primarily regulates service providers, it also extends the FSA’s authority to cover the promotion of virtual assets, specifically ICOs and NFTs, emphasizing consumer protection and market integrity.
Promoter Registration Requirements
The Act and its subsequent regulations require the registration of promoters of ICOs and certain NFTs with the FSA. This is a critical distinction from the VASP License itself.
Focus on Promotion: The FSA’s oversight targets the entities promoting or marketing the virtual asset, especially when Seychelles-based vehicles or infrastructure are utilized.
Required Disclosure: The promoter must submit comprehensive documentation, often including a White Paper or similar disclosure document, detailing the terms of the offering, the technology, the risks, and the use of proceeds. The aim is to prevent the promotion of fraudulent or highly opaque offerings to the public.
Safeguarding Proceeds: Regulations require the promoter to specify where the funds (fiat or virtual assets) raised from the offering will be transferred or deposited, and to detail the policies and procedures for monitoring the issuance and offering cycle.
Regulatory Implications for Security Tokens
If an ICO or virtual asset token (including an NFT) qualifies as a “security” or “investment” under the Seychelles Securities Act, 2007, the promoting entity or the platform facilitating its trade may be subject to additional, stricter licensing requirements under the Securities Act, not just the VASP Act. A legal opinion on the classification of the token is highly recommended during the pre-application phase to ensure all regulatory bases are covered.
Regulatory Audits, Inspections, and Enforcement
The FSA’s supervisory role includes conducting both on-site and off-site inspections to verify the ongoing compliance and operational reality of the licensed VASP.
Thematic and Risk-Based Inspections
The FSA utilizes a risk-based supervision model, meaning VASPs with higher inherent risks (e.g., high transaction volume, large custody holdings, or services involving complex derivatives) will face more frequent and deeper scrutiny.
On-Site Inspections: The FSA may conduct unannounced or scheduled on-site inspections of the VASP’s physical office in Seychelles. Inspectors will review the physical accessibility of records, interview key local staff (including the Resident Director and MLRO), and verify the operational functionality of the office.
Verification of Substance: A primary goal of these inspections is to verify the reality of the VASP’s declared substance requirements, checking meeting minutes, payroll records for local employees, and the validity of the lease agreement.
Cybersecurity Audit: The VASP must be prepared for the FSA to mandate an external cybersecurity audit at any time if technical vulnerabilities are suspected.
Enforcement and License Revocation
Non-compliance with the VASP Act is treated severely and can lead to immediate enforcement actions.
Penalties: The FSA has the power to issue substantial administrative fines for breaches of the Act or regulations (e.g., failure to maintain minimum capital or breach of AML/CFT duties).
Remediation and Conditions: For less severe breaches, the FSA may impose specific remediation conditions on the VASP, such as requiring the injection of new capital or the immediate replacement of the MLRO.
Revocation: Severe or persistent non-compliance, particularly involving failures in AML/CFT controls or the loss of client assets, can ultimately lead to the revocation of the Seychelles VASP License. This is the ultimate sanction, effectively terminating the VASP’s legal ability to operate in the jurisdiction.
Strategic Advantages: Why Choose Seychelles?
The updated regulatory framework in Seychelles offers a unique blend of compliance and operational flexibility, making it highly competitive against other jurisdictions.
Regulatory Clarity and FATF Alignment
The implementation of the VASP Act addresses the previous regulatory ambiguity, providing a clear, dedicated legal framework for virtual asset businesses.
By aligning with the FATF recommendations, Seychelles strengthens its position, making its license a preferred choice for businesses targeting institutional clients who demand jurisdictional compliance and regulatory maturity.
Competitive Capital Requirements
Compared to higher-tier jurisdictions, the minimum paid-up capital requirement (ranging from $25,000 to $100,000) is highly competitive, making Seychelles an accessible entry point for well-funded startups and medium-sized enterprises.
The ability to maintain a zero corporate tax rate on non-Seychelles income combined with the manageable capital requirement offers an exceptional cost-efficiency advantage.
Dual Corporate Options
The ability to use either a domestic company or an International Business Company (IBC) allows for flexible corporate structuring while still satisfying the required local substance elements (resident director, physical office).
The Strategic Necessity of Early-Stage Planning
Given the comprehensive nature of the VASP Act, securing the Seychelles Crypto License requires detailed, early-stage strategic planning, treating the license acquisition as a major operational project.
Proof of Funds for Capital: Applicants must secure and demonstrate the origin of the minimum paid-up capital early in the process, as the FSA scrutinizes the source of funds/wealth for both the capital and the ultimate beneficial owners (UBOs).
Banking Pre-Arrangement: While final corporate bank account opening occurs post-license grant, pre-application discussions with potential banking partners are vital to confirm they will onboard a Seychelles VASP license holder, mitigating the significant operational risk of being licensed but unbanked.
A Trusted Hub for Digital Finance
The Seychelles Crypto License, governed by the rigorous VASP Act 2024, solidifies the nation’s status as a respected, compliant, and commercially attractive jurisdiction for the global digital asset industry. The FSA’s commitment to substance, high AML standards, and technological security provides licensees with a robust platform to operate with global credibility. For any serious player in the virtual asset space, obtaining this license is no longer optional—it is a mandatory and strategic declaration of integrity and longevity in the market.
FAQ
No. Unlike some jurisdictions, Seychelles does not have a dedicated VASP Act. Crypto regulation relies on applying existing laws, primarily the Securities Act and the AML/CFT Act, overseen by the Seychelles FSA.
The Securities Dealer License Seychelles is the most common and robust pathway, particularly for platforms that deal with security tokens or act as broker-dealers in virtual assets.
No. A simple Seychelles IBC for crypto registration is for corporate structuring only. To conduct regulated activities (exchange, custody, brokerage), you must secure formal authorization/licensing from the Seychelles FSA under the relevant financial law.
The required Minimum Capital requirements Seychelles FSA are determined by the specific license type (e.g., Securities Dealer License) and the risk profile of the VASP. Applicants must demonstrate that this capital is unimpaired and fully available.
Yes. To satisfy international standards and the FSA, licensed VASPs must demonstrate genuine local substance, including a physical office, local staff, and ensuring that Core Income Generating Activities (CIGA) are conducted from Seychelles.
The Timeline for Seychelles crypto license approval generally ranges from 6 to 9 months following a complete and high-quality submission. This duration reflects the rigorous due diligence and query phase conducted by the FSA.
The primary AML requirements Seychelles crypto firms must satisfy include implementing a Risk-Based Approach (RBA), appointing an independent MLRO, conducting rigorous KYC/CDD (including Source of Funds/Wealth verification), and deploying automated transaction monitoring systems.
Very favorable. IBCs deriving income solely from outside Seychelles are generally exempt from local corporate income tax. However, these Seychelles crypto tax benefits are conditional upon meeting the local economic substance requirements.
Yes, securing stable Banking for crypto in Seychelles remains a significant challenge. Most local banks are highly risk-averse. VASPs typically rely on a hybrid model using international FinTech banks and payment institutions for high-volume fiat transfers.