In March 2026, the Financial Action Task Force (FATF) published a detailed report examining the risks associated with Offshore virtual asset service providers (oVASPs). UK law enforcement, particularly those involved in economic crime, cyber investigations and asset recovery should be well aware of the contents within.
The report highlights how gaps in global regulation are being exploited by criminals to facilitate fraud, money laundering and terrorism financing at scale. It also outlines practical approaches for jurisdictions to detect, supervise and take action against non-compliant providers.
For investigators, the report reinforces a key reality, that while blockchain transactions are transparent, the surrounding ecosystem of service providers is often fragmented, unevenly regulated and increasingly used to obscure illicit activity.
What Are Offshore VASPs and Why Do They Matter?
Offshore Virtual Asset Service Providers are crypto service providers established under the laws of one jurisdiction but offering services to users in another. They may operate with or without a physical presence in the jurisdictions they serve.
These entities are significant because they often fall outside the direct regulatory reach of the countries where their customers are located, creating opportunities for regulatory arbitrage and limits the ability of authorities to supervise or enforce compliance effectively.
Key Risks Identified by FATF
The FATF report identifies several ways in which oVASPs are being exploited:
Regulatory Gaps and Arbitrage – Fewer than half of jurisdictions globally have adopted an activity-based regulatory approach. This means many VASPs operating offshore can provide services in multiple markets without being subject to local licensing or supervision. Criminals take advantage of these inconsistencies by routing activity through providers in less regulated jurisdictions.
Evasion Techniques – Offenders commonly distribute funds across multiple wallet addresses to make tracking more difficult. They also use intermediary wallets to layer transactions, adding complexity and obscuring the origin of funds. In addition, assets may move assets across multiple blockchains using cross-chain bridges, further complicating tracing efforts and delaying investigative progress.
Nested Relationships – A particularly important typology is the use of “nested” or intermediary relationships. Unlicensed offshore VASPs may access services from regulated exchanges by posing as individual customers, effectively bypassing due diligence controls.
Use in Serious Crime – The report links oVASPs to large-scale fraud schemes, as well as to fund flows associated with ransomware and scams. It also identifies connections to terrorist financing networks and cross-border money laundering operations. In several cases, offshore providers have served as key conversion or “cash-out” points for illicit proceeds.
International Case Examples and Lessons
The FATF report includes a number of case studies that illustrate how these risks manifest in practice:
- Large-scale fraud operations have used offshore VASPs and layered transaction chains to move and obscure victim funds, sometimes involving millions of dollars in a single wallet cluster.
- Terrorist financing cases have demonstrated the use of virtual assets to convert, transfer and rapidly disperse funds through offshore platforms and unhosted wallets.
- Cross-border investigations have shown the value of international cooperation, where Financial Intelligence Units (FIUs) and regulators share beneficial ownership and transactional data to identify individuals behind wallet activity.
- Enforcement actions, including those in the UK, have led to disruption of unregistered providers and associated scam infrastructure, including large-scale website takedowns coordinated through regulatory and law enforcement channels.
These examples underline the importance of combining blockchain analysis with intelligence sharing and regulatory engagement.
Regulatory and Supervisory Approaches
The FATF identifies several measures jurisdictions can adopt to address the risks associated with oVASPs including activity based regulated, effective enforcement action, inter-agency collaboration and cooperation and private sector engagement.
Implications for UK Law Enforcement
From an operational perspective, oVASPs introduce several challenges. These include difficulties in identifying the true operators behind offshore entities and a limited ability to compel disclosure from unregulated providers.
Investigators must also rely more heavily on international cooperation, while facing greater complexity in tracing and attributing funds. In addition, there is a higher prevalence of layered transactions and activity involving multiple blockchains.
However, the FATF report also emphasises that investigative opportunities still exist. The transparency of blockchain technology, combined with identifiable points of interaction such as exchanges and custodial services, continues to provide valuable leads.
How can Comlyport Help
Gentium, part of Complyport and ComplyMAP Group, can assist in bridging these gaps by providing dedicated support, targeted training and guidance with regard to the aspects of all types of criminal investigation.
Complyport can support firms in a number of areas, including:
- Law Enforcement Support and Investigations Training;
- Cyber Investigation and Awareness Training;
- Expert Witness and Consultancy Reports and testimony regarding financial crime and virtual currency; and
- Vetting and Due Diligence.
Get in Touch
If your organisation requires support in managing the risks associated with virtual assets or enhancing investigative capabilities, Complyport’s Subject Matter Experts are here to help.
Contact us today to discuss your requirements or book a meeting with one of our specialists.
Ask ViCA, your Virtual Compliance Assistant. Claim your complimentary 20 queries today! Register here: https://vica.chat
