SVG VASP License Requirements – Practical Overview

Obtaining a VASP licence in SVG (St. Vincent & the Grenadines) is an attractive option for many Web3, crypto and fintech founders – but the regulatory expectations are more serious than “just registering a company.

This guide gives a practical, non-exhaustive overview of the typical SVG VASP licence requirements, so you can understand what the regulator will look at before you apply.

For a full overview of SVG VASP licensing – including process, timelines and costs – see our main SVG VASP Licence Guide.

1. What Is a VASP License in SVG?

The Virtual Asset Business Act (VABA)

In SVG, virtual asset activities are regulated under the Virtual Asset Business Act 2022 (VABA), which sets the framework for:

• who must be licensed,

• what “virtual asset business” includes, and

• the ongoing obligations of licensed entities.

  
  

The Financial Services Authority (FSA) is the main regulator responsible for authorising and supervising Virtual Asset Service Providers (VASPs).

2. Activities Covered by an SVG VASP License

While the precise classification depends on the law and FSA guidance, a VASP licence in SVG typically covers activities such as:

• Exchange between virtual assets and fiat currencies

• Exchange between one or more forms of virtual assets

• Transfer of virtual assets on behalf of clients

• Safekeeping and administration of virtual assets (custody)

• Participation in and provision of financial services related to the offer or sale of a virtual asset

  
  

Depending on the model, the FSA may treat ancillary activities as part of VASP business as well.

3. Who Typically Applies for an SVG VASP License?

Common applicants include:

• Centralised exchanges (CEX) and OTC desks

• Brokers and liquidity providers

• Wallet and custody providers

• Certain DeFi front-ends and protocols with a central operator

• Token/investment platforms that facilitate client flows in or out of virtual assets

  
  

If your business handles client funds or client virtual assets, or facilitates virtual asset transactions in a professional way, you should carefully assess whether a VASP licence in SVG is required.

Corporate and Ownership Requirements

Legal Entity Type

The FSA generally expects that VASP activities are carried out through a local entity incorporated in SVG – typically a Business Company (BC) or Limited Liability Company (LLC)

Key points:

• The VASP licence is issued to the SVG entity, not to an individual or foreign branch.

• Group structures can exist (e.g. holding company elsewhere), but the local licensed entity must be clearly defined and properly capitalised.

  
  

Shareholding and Control

The regulator will look closely at who ultimately owns and controls the licensed entity. Expect:

• Disclosure of all Ultimate Beneficial Owners (UBOs), usually natural persons.

• A clear ownership chain (no unexplained shell layers).

• Identification of any significant shareholders and persons exercising control.

Opaque or overly complex structures are likely to receive more scrutiny.

“Fit and Proper” Criteria

Directors, senior management and significant shareholders must be assessed as “fit and proper”, typically considering:

• Criminal record and integrity

• Financial soundness and bankruptcy history

• Professional competence and experience

• Any history of regulatory sanctions or misconduct

The FSA wants to see that the individuals behind the VASP are able and willing to run a compliant financial business, not just a speculative project.

4. Capital and Financial Requirements

Minimum Capital Expectations

Depending on the category of VASP and the business model, the FSA may expect:

• A minimum paid-up capital to be held by the SVG entity; and/or

• Evidence that the entity has sufficient financial resources to support its operations and risk profile.

Even where a strict minimum is not explicitly stated, in practice the authority will want to see that your business is properly funded, not operating on a shoestring.

Ongoing Financial Soundness

After the licence is granted, the VASP must remain financially sound, which may involve:

1. Maintaining capital above a certain threshold

2. Preparing audited financial statements once the business reaches scale

3. Demonstrating that the company can meet its obligations to clients and third parties

It is common for the regulator to request updated financial information during supervision.

5. Substance and Local Presence Requirements

Registered Office and Local Representative

A licensed VASP will normally need:

• A registered office in SVG, and

• An approved local representative / corporate services provider to support regulatory communication and basic local administration.

This ensures the FSA has a clear contact point inside SVG.

Key Functions and Where They Can Be Located

Some functions can be performed outside SVG, especially in distributed or remote teams, but the FSA still expects:

• Clear allocation of responsibilities and reporting lines

• Demonstrable control and oversight from the licensed entity

• Sufficient knowledge and decision-making capacity at the SVG level

• Personal principal representative resident in SVG

Outsourcing and Third-Party Providers

Many VASPs rely on external providers for:

• Cloud infrastructure

• KYC/identity verification

• Transaction monitoring and analytics

• Wallet infrastructure and custody technology

Outsourcing is generally permitted, but the licensed entity must:

• Retain ultimate responsibility for compliance

• Have written agreements in place with providers

• Monitor their performance and manage outsourcing risks

The FSA may ask for details of key third-party providers as part of the application.

6. Governance and Key Personnel Requirements

Board and Senior Management

The SVG VASP licence regime expects a credible governance structure, which may include:

• A board of directors with a mix of business, compliance and technical experience

• Senior managers responsible for key functions (operations, tech, compliance, risk)

The regulator will want to see that the people making decisions:

• Understand financial services and virtual assets

• Have relevant track records

• Can oversee the risks inherent in the business model

Compliance Officer / MLRO

Most VASP regimes, including SVG, will expect the appointment of at least one Compliance Officer / MLRO (Money Laundering Reporting Officer) with:

• Knowledge of AML/CFT requirements

• Authority and independence to escalate issues

• Responsibility for reporting suspicious activities to the relevant authorities

In some cases, a Deputy MLRO or supporting compliance staff may also be required, depending on the scale and complexity of the business.

Other Key Roles

Even if not explicitly prescribed by law, it is good practice (and often expected in serious applications) to define:

• A Risk function or risk officer

• An Operations/COO function responsible for day-to-day running

• An IT/security lead for cybersecurity and platform integrity

Smaller firms might combine some roles in one person, but should be able to demonstrate that each function is actually performed.

7. AML, CFT and KYC Framework Requirements

Written Policies and Procedures

An SVG VASP licence application is not complete without a comprehensive AML/CFT framework, usually including:

• AML/CFT policy and risk assessment

• Customer Due Diligence (CDD/KYC) procedures

• Enhanced Due Diligence (EDD) standards for high-risk clients

• Transaction monitoring and suspicious activity reporting procedures

• Sanctions, PEP and adverse media screening policies

• Record-keeping and data retention rules

• Staff training policy

  
  

These documents must be tailored to the specific business model and risk profile, not lifted from generic templates.

Risk-Based Customer Due Diligence

The FSA will expect you to demonstrate a risk-based approach, including:

• Classification of clients by risk (e.g. low / medium / high, or retail / institutional / HNW)

• Different levels of information and verification depending on risk

• Clear triggers for EDD (e.g. high-risk jurisdictions, complex structures, unusual patterns)

Transaction Monitoring and Reporting

You will need to show how you will:

• Monitor client activity for unusual or suspicious patterns

• Use manual review and/or automated tools to identify red flags

• Escalate and document potential suspicious transactions

• File reports with the appropriate authority when required

8. Technology, Security and Wallet Management Requirements

Wallet and Private Key Management

Where the VASP has control over client virtual assets, the FSA will expect:

• Clear policies for hot vs cold storage

• Strong private key management (e.g. multi-signature arrangements, secure hardware)

• Segregation of client wallets from the company’s own wallets

Cybersecurity and IT Controls

Key expectations include:

• Access controls and role-based permissions

• Encryption (in transit and at rest) where appropriate

• Regular backups and secure storage of critical data

• Protection against common attack vectors (phishing, malware, DDoS)

  
  

For more complex operations, the regulator may inquire about third-party security audits or penetration testing.

Business Continuity and Disaster Recovery

You should also have a documented Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) which describe:

• How quickly operations can resume after a disruption

• How client data and assets are protected if primary systems fail

• Communication procedures in case of a major incident

9. Client Asset Protection and Segregation of Funds

Segregated Accounts and Wallets

A core requirement across most VASP regimes – including SVG – is that client

assets are segregated from company funds.

In practice, this may involve:

• Dedicated bank/EMI accounts for client fiat funds

• Segregated client wallets or omnibus wallets with robust reconciliation

• Prohibitions or limitations on using client assets for the VASP’s own account

Reconciliation and Internal Controls

The VASP must have controls to:

• Reconcile on-chain balances with internal records

• Reconcile bank/EMI statements with client ledger balances

• Detect discrepancies or unauthorised movements promptly

Proper segregation and reconciliation systems are focal points in both licensing and ongoing supervision.

10. Documentation Required for an SVG VASP Application

    
    

While exact lists vary by case and law, you should expect to provide:

Corporate Documents

• Certificate of incorporation and constitutional documents

• Register of shareholders and directors

• Board resolutions approving the licence application

• Group structure chart (if part of a larger group)

Personal KYC for UBOs and Key Persons

• Certified ID and proof of address

• Curriculum vitae and track record

• Banking and/or professional reference letters (where requested)

• Clean police / criminal record certificates (depending on jurisdiction)

Business Plan and Financial Projections

• 2–3 year financial projections

• Detailed explanation of services and revenue streams

• Target markets and client profiles

• Scaling plan and key milestones

Compliance and Risk Documentation

• AML/CFT policies and risk assessment

• Compliance monitoring plan

• Internal governance and reporting framework

Technology and Security Documentation

• High-level system architecture

• Overview of wallet infrastructure

• Cybersecurity measures and BCP/DRP summaries

• List of key third-party providers and their roles

11. Ongoing Obligations After Obtaining an SVG VASP Licence

Reporting and Notifications

Licensed VASPs will generally need to:

• Submit periodic reports (financial and compliance-related)

• Notify the FSA of material changes (e.g. UBOs, directors, services, risk profile)

• Keep internal records up to date for inspection

Audits, Reviews and Inspections

Depending on size and activity, VASPs may be subject to:

• Annual or periodic financial audits

• Regulatory reviews of AML/CFT systems

• Possible on-site or remote inspections by the FSA or other authorities

Keeping Policies and Controls Current

Your business and the regulatory environment will evolve. Regulators expect that:

• AML/CFT manuals and risk assessments are reviewed and updated regularly

• New products or markets are assessed before launch

• Staff receive ongoing training on risks and compliance obligations

12. Are You Ready to Apply for a VASP Licence in SVG?

Before approaching the FSA, ask yourself:

• Do we have a clear and coherent business model and client profile?

• Are our UBOs, directors and key staff ready to undergo due diligence?

• Do we have credible funding and capital for the first 12–24 months?

• Are our AML/CFT and risk frameworks at least in solid draft form?

• Can we explain and defend our technology, wallet and security setup?

• Do we know how we will handle banking/EMI relationships?

If several of these answers are “no”, you may want to work on your internal preparation first.

13. How Consultrio Helps With SVG VASP Licence Requirements

Navigating SVG VASP licence requirements on your own can be time-consuming and risky. At Consultrio, we support Web3, fintech and crypto founders with:

• Structuring advice – choosing the right entity and group structure

• Entity incorporation in SVG and related jurisdictions

• Licence application support – documentation, forms, regulator liaison

• Compliance frameworks – shaping or reviewing AML/CFT policies and risk assessments

• Banking/EMI strategy – identifying plausible options and preparing application packs

We help you translate your product and roadmap into a bankable, compliant structure regulators can understand.

If you’re considering a VASP licence in SVG, you can book a short assessment call to discuss your model, readiness and next steps.