New Delhi, Apr 01 : Globally, the virtual digital asset (VDA) space is emerging as one of the fastest-growing and most innovative sectors. Yet, it continues to face persistent challenges, including a lack of regulatory clarity, legal uncertainty, skepticism, and high taxation. A recent report by the Financial Action Task Force (FATF) highlights another growing concern for the industry: virtual asset platforms that operate across borders while remaining largely out of reach of regulators.
These platforms, known as offshore Virtual Asset Service Providers (oVASPs), are exchanges or platforms that are registered in one country but serve customers in another, often without proper registration, consumer protections, or safeguards against illicit activity. The FATF cautions that such operations expose a structural gap in the global financial system, increasing vulnerability to risks like money laundering and terrorist financing.
The core issue here is regulatory evasion. While countries that follow FATF standards require VASPs to register with financial regulators, verify user identities, and report suspicious transactions, oVASPs often sidestep these requirements entirely. Their operations are typically fragmented, with senior management, servers, and compliance functions spread across jurisdictions, far from where their services are actually used. This makes it difficult for enforcement authorities to establish contact, obtain information, and ensure compliance—especially when such platforms are based in countries with weak virtual asset laws.
There are two types of oVASPs, those that may not fully understand the rules that apply to them and those that deliberately design their operations to avoid oversight. The latter pose a far greater risk. The FATF report notes that such entities are often non-responsive to enforcement authorities, deny their legal obligations, or appoint “dummy” compliance representatives who lack the authority or information to engage meaningfully.
To evade scrutiny, these platforms use a range of tactics, including onboarding users through local affiliates, encouraging VPN usage, and falsifying information. They may also rely on complex corporate structures to obscure accountability, making it difficult to identify a responsible entity and causing delays for authorities. This becomes even more concerning when oVASPs are suspected of enabling on-chain illicit activities such as large-scale money laundering and terrorist financing.
India’s experience illustrates how oVASPs can undermine regulations for commercial advantage. Despite requirements for platforms serving Indian users to maintain a physical presence in the country, offshore operators continue to onboard users with diluted KYC norms, gaining a pricing edge over compliant platforms. A significant share of users has shifted to these exchanges, which continue to accept UPI deposits and enable withdrawals into Indian bank accounts through intermediaries—while remaining outside India’s regulatory reach.
The report also acknowledges progress in some jurisdictions. India, for instance, has improved detection capabilities, reinforced physical presence requirements, and established better domestic coordination mechanisms. However, challenges remain. The FATF recommends that countries actively identify oVASP activity, adopt risk-based supervision, and strengthen cooperation with both domestic and international authorities. Home jurisdictions must supervise the global operations of locally registered VASPs and respond promptly to information requests, while host jurisdictions should require oVASPs to obtain local licenses and share intelligence with home regulators.
For the private sector, the responsibility is equally important. Banks, payment platforms, and VASPs must assess and limit their exposure to unlicensed offshore entities and report any suspicious activity to regulators.
oVASPs thrive in the gaps between jurisdictions, agencies, and regulations. Closing these gaps will require stronger cross-border supervision, more accountable platforms, and a coordinated global approach that treats virtual asset risks as a shared responsibility.
