MSB vs. VASP vs. PSP: Which Registration Category Applies to You
Three acronyms describe one business, and almost nobody has explained the difference between them in a way that actually helps you register correctly.

Founders hear all three (Money Services Business, Virtual Asset Service Provider, Payment Service Provider) thrown around in the same funding pitch, the same compliance memo, sometimes the same sentence, and walk away no clearer than when they started.
That confusion is not a minor inconvenience, because registering under the wrong category, or failing to register under the right one, is the kind of mistake that surfaces during a bank's onboarding review, a payment processor's compliance audit, or worse, a regulatory examination, and by the time it surfaces it is an operational problem.
You need to know what each category actually means, who decides which one applies to you, and how to stop guessing.
Why the Confusion Exists in the First Place
The overlap between these categories exists for structural reasons rather than through any oversight on the part of a single regulator.
MSB, VASP, and PSP were not built as three neat, mutually exclusive boxes, but rather by different regulatory bodies, in different eras, targeting different concerns, which is why they were never fully reconciled with each other:
FinCEN built the MSB category around the Bank Secrecy Act decades before crypto existed, FATF built the VASP category specifically to capture virtual asset activity that MSB frameworks were not designed to address, and the EU and UK built the PSP category around payment services and e-money, largely independent of both of the others.
A single business, particularly one touching digital assets and moving value across borders, can trigger obligations under more than one of these frameworks simultaneously, and that is the part almost nobody tells you plainly, since the question is rarely "which one applies to me" but usually "which ones apply to me, and in what order do I need to handle them."
MSB: The U.S. Framework Built on Activity
A Money Services Business is a category defined by FinCEN under the Bank Secrecy Act. It captures businesses engaged in specific financial activities, regardless of whether the value being moved is dollars, another fiat currency, or a digital asset.
The activities that trigger MSB status include money transmission, currency exchange, check cashing, issuing or selling money orders and traveler's checks, and operating as a prepaid access provider. Money transmission is the category that captures most crypto and stablecoin businesses, because moving value on behalf of a customer, in any form, is money transmission under FinCEN's interpretation.
This is the point that trips up a lot of digital asset founders, because FinCEN does not care that the asset in question is a token rather than a dollar, and if your business accepts value from one person and transmits it to another, you are very likely a money transmitter, which means you are very likely an MSB.
MSB registration happens at the federal level with FinCEN, but it does not stop there. Most states require a separate money transmitter license on top of federal MSB registration, each with its own application, bond requirements, and net worth thresholds. A business operating nationally in the U.S. may need federal MSB registration plus licenses in dozens of individual states before it can legally operate.
If your business is based in the United States, or serves U.S. customers, and you move value on their behalf, MSB status is the starting point of your analysis rather than the whole of it, because there is very likely more to work through beyond federal registration alone.
VASP: The Framework Built Specifically for Digital Assets
Virtual Asset Service Provider is a category that originated with the Financial Action Task Force, the international body that sets global AML standards. FATF created the VASP designation because it recognized that existing frameworks, including MSB-style categories, were not adequately capturing the specific risks of virtual asset activity.
FATF's definition of a VASP covers businesses that conduct, on behalf of another person, one or more of the following activities as a business: exchange between virtual assets and fiat currencies, exchange between one or more forms of virtual assets, transfer of virtual assets, safekeeping or administration of virtual assets, and participation in financial services related to an issuer's offer or sale of a virtual asset.
VASP is not a single registration you file once, but rather a FATF standard that individual countries implement through their own national frameworks: the European Union implemented it through the Markets in Crypto-Assets Regulation, creating the Crypto-Asset Service Provider category, the UK implemented it through its own registration regime under the Financial Conduct Authority, and Singapore, Japan, the UAE, and dozens of other jurisdictions each built their own version as well.
This means asking "am I a VASP" is really asking "which country's implementation of the VASP standard applies to my business, and have I registered under that specific national framework." A business operating in the EU needs MiCA authorization, while a business operating in the UK needs FCA crypto-asset registration, and these two are not interchangeable, since holding one does not satisfy the requirements of the other.
If your business exchanges, transfers, custodies, or administers virtual assets, and you operate in or serve customers in jurisdictions that have implemented FATF's VASP standard, you need to identify every relevant jurisdiction and register under each one's specific implementation.
PSP: The Framework Built Around Payment Services
Payment Service Provider is a category most commonly associated with European regulation, specifically the Payment Services Directive, along with equivalent frameworks in the UK and other jurisdictions that modeled their payment regulation on the EU approach.
PSP status is triggered by providing payment services as defined under PSD2 and its successors, which includes executing payment transactions, issuing payment instruments, acquiring payment transactions, and operating payment accounts. Critically, PSP frameworks were built primarily around fiat currency movement and traditional payment rails.
Here is where the overlap with stablecoins becomes genuinely complicated, because a stablecoin that functions as an e-money token under MiCA can trigger payment services obligations in addition to VASP-style crypto-asset service provider obligations, which means the business is not choosing between VASP and PSP but may need both, layered on top of each other, since the regulation was built to capture the same underlying activity, value transfer, from two different angles depending on how the asset itself is classified.
A business that started as a straightforward payments company and later added stablecoin functionality often discovers that PSP status was the easy part, and that the addition of a digital asset component is what pulls in a second registration category the original compliance program was never built to handle.
If your business processes payments, issues payment instruments, or operates payment accounts, particularly in the EU or UK, PSP obligations are likely already relevant, independent of whether digital assets are involved at all.

The Framework for Figuring Out Which Applies to You
Rather than starting with the acronym, it helps far more to start with three questions instead.
What activity are you actually performing?
This covers money transmission, currency exchange, custody, exchange between assets, payment processing, and e-money issuance, and the goal is to write down every activity your business performs without trying to guess which regulatory category it falls under first, since the activity is what determines the category rather than the other way around.
What asset type is involved?
Fiat currency alone typically points toward MSB or PSP frameworks depending on jurisdiction, while virtual assets, including cryptocurrencies and most stablecoins, pull in VASP-style obligations, which means a business that touches both fiat and virtual assets in the same transaction flow should expect to face obligations from more than one framework at once.
Where do you operate, and where are your customers located?
This is the question that gets skipped most often, and it is the one that causes the most expensive mistakes, since MSB is fundamentally a U.S. framework, VASP is a global standard implemented differently in each country, and PSP is primarily European in origin but has analogues elsewhere, which means a business serving customers in the U.S., the EU, and the UK simultaneously is not choosing one category but very likely managing obligations under all three, each administered by a different regulator, each with its own application process and ongoing compliance requirements.
Once you have honest answers to those three questions, the applicable categories become far less ambiguous, and most businesses discover they need more than one, which is not a failure of the framework but simply what operating across borders with digital assets actually requires.
What Happens When Businesses Get This Wrong
The consequences of getting this wrong rarely show up immediately, and instead tend to surface later, at the worst possible moment.
A stablecoin issuer registers as an MSB with FinCEN, assumes that covers its European operations, and only discovers otherwise when a European banking partner's compliance team flags the absence of MiCA authorization during an onboarding review. A payments company adds crypto functionality without realizing it has crossed into VASP territory, and finds out when a regulator issues an inquiry after a routine market scan of registered entities. A crypto exchange registers as a VASP in one jurisdiction and assumes that satisfies its obligations everywhere its app is downloadable, then faces an enforcement action in a country where it never filed anything at all.
In every one of these situations, the business had genuine compliance intentions, and the failure was not negligence so much as an incomplete map of which categories actually applied, assembled too late to fix cleanly.
Banking partners, payment processors, and institutional counterparties increasingly ask for proof of the correct registrations before they will onboard a digital asset business at all, and an incomplete or mismatched registration profile does not just create regulatory risk, it closes doors that a business needs open in order to operate at all.
What to Do With This Information
- Map your activities before you map your registrations, listing every function your business performs, including money movement, custody, exchange, payment processing, and issuance, without assuming which category any of them belongs to until the full list is down on paper.
- Map your jurisdictions with the same discipline, since every country where you operate, and every country where your customers are meaningfully located, needs to be identified specifically, and broad statements like "we serve international customers" are not precise enough to build a registration strategy on.
- Cross-reference activities against jurisdictions by determining, for each activity, which regulatory category, in which specific jurisdiction, is actually triggered, since this is the step most businesses skip and the step that actually produces an accurate answer.
- Prioritize by risk and by blocking relationships, since some registrations are urgent because a banking partner is requiring proof before continuing an existing relationship, while others are important but not immediately blocking, and the work should be sequenced accordingly rather than treating every registration as equally time sensitive.
- Build ongoing monitoring into the plan rather than just the initial filing, because registration categories are not static, and a product change, a new market, or a shift in how an asset is classified can pull a business into a new category it was not previously subject to, which means the map needs to be revisited periodically rather than filed away and forgotten.
Get In Touch
MSB, VASP, and PSP were never designed to be simple, since they were built by different regulators, in different decades, for different reasons, and left for businesses to reconcile on their own, which is why most businesses discover the overlap the hard way, usually through a banking partner's compliance review or a regulator's inquiry, rather than through a deliberate mapping exercise done in advance.
The businesses that get this right are not the ones with the most legal budget, but rather the ones who started with the activity and the jurisdiction, rather than starting with the acronym, and built their registration strategy from there.
If you are still asking which category applies to you, that is the right question to be asking, and it just needs a real answer rather than a guess.
Book a Discovery Call to map your specific activities against every applicable registration category, in every jurisdiction where you operate, before a banking partner or a regulator forces the question.
These AMLI services are most directly relevant to businesses working through this exact decision:
- MSB and Money Transmitter Licensing: Federal FinCEN registration and state-by-state money transmitter licensing for businesses whose activities meet the money transmission definition.
- VASP and Crypto-Asset Authorization: Registration support across FATF-implementing jurisdictions, including MiCA authorization in the EU and FCA crypto-asset registration in the UK, for businesses exchanging, transferring, or custodying virtual assets.
- PSP and Payment Institution Licensing: Authorization support for businesses providing payment services, issuing payment instruments, or operating payment accounts under PSD2 and equivalent frameworks.
- CAMLO and MLRO Services: Active compliance function ownership across all three categories, for businesses that need a named, qualified compliance officer managing multi-jurisdictional obligations without hiring one full-time per market.
🌐 amlincubator.com
📧 hello@amlincubator.com




