The Rule on ‘Confidentiality of SIM Data’
March 26, 2026The Rule on ‘BSP Guidelines on Cryptocurrency and Wallets’
March 26, 2026| SUBJECT: The Concept of ‘The Virtual Asset Service Providers’ (VASP) Rules’ |
I. Introduction
This memorandum provides an exhaustive analysis of the concept of Virtual Asset Service Provider (VASP) rules within the Philippine legal framework. The proliferation of virtual assets (VAs) and virtual asset service providers has necessitated the development of a specialized regulatory regime to address the attendant risks, particularly money laundering (ML), terrorist financing (TF), and proliferation financing (PF). This memo will trace the legal development of VASP rules, define key concepts, outline the regulatory framework, and discuss compliance obligations, enforcement mechanisms, and comparative approaches.
II. Legal Development and Genesis of VASP Rules
The regulatory approach to VASPs in the Philippines evolved from a general anti-money laundering (AML) framework to a targeted, sector-specific regime. The foundational law is Republic Act No. 9160, as amended, or the Anti-Money Laundering Act of 2001 (AMLA). Initially, the AMLA did not cover VASPs. The critical turning point was the amendment introduced by Republic Act No. 11521 in 2021, which explicitly included VASPs as covered persons under Section 3(a). This legislative change mandated the Anti-Money Laundering Council (AMLC) to issue the necessary implementing rules and regulations. Consequently, the AMLC issued AMLC Resolution No. 44, Series of 2021, which was subsequently amended by AMLC Resolution No. 23, Series of 2023, providing the detailed regulatory framework for VASPs.
III. Definition of Key Terms
Virtual Assets (VAs): A digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. This includes cryptocurrencies like Bitcoin and Ethereum, and other digital assets that are not legal tender, central bank digital currencies (CBDCs), or financial assets under existing securities regulations.
Virtual Asset Service Provider (VASP): Any natural or legal person that conducts one or more of the following activities or operations for or on behalf of another natural or legal person: (1) exchange between virtual assets and fiat currencies; (2) exchange between one or more forms of virtual assets; (3) transfer of virtual assets; (4) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and (5) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
Covered Persons: Entities mandated to comply with the AMLA, including VASPs, banks, securities dealers, and others.
Designated Non-Financial Businesses and Professions (DNFBPs): A category of covered persons that includes VASPs, requiring them to adhere to AML/CFT standards.
IV. The Regulatory Framework and Governing Authorities
The primary regulatory framework is established by the AMLA and its Implementing Rules and Regulations (IRR), as supplemented by the AMLC Resolutions specific to VASPs. The Anti-Money Laundering Council (AMLC) is the principal regulator for AML/CFT compliance of VASPs. However, other agencies have complementary roles:
The Bangko Sentral ng Pilipinas (BSP) regulates VASPs that also function as remittance and transfer companies* under its circulars.
The Securities and Exchange Commission (SEC) has authority over VASPs whose activities constitute the offer and sale of securities or involve investment contracts as defined under the Securities Regulation Code*.
The Cagayan Economic Zone Authority (CEZA) has its own framework for fintech* businesses operating within the zone, though its operators must still comply with AMLC rules.
This creates a potential for overlapping jurisdiction, which the AMLC seeks to harmonize through coordination mechanisms.
V. Registration and Licensing Requirements
No person or entity may operate as a VASP in the Philippines without prior registration with the AMLC. The process involves:
The AMLC maintains a VASP Registry of all registered entities. Registration is not a one-time event; VASPs must report any material changes to their business operations or ownership structure. Failure to register constitutes operating without authority and is a violation of the AMLA.
VI. Core Compliance Obligations for VASPs
Registered VASPs are subject to the full suite of AML/CFT obligations imposed on covered persons:
Customer Due Diligence (CDD): Mandatory customer identification and verification (CIV) for all customers. Enhanced Due Diligence (EDD) is required for high-risk customers, including politically exposed persons* (PEPs), and for complex, unusually large transactions, or unusual patterns of transactions.
Record Keeping*: Preservation of all records of transactions, customer identification data, and business correspondence for a period of five (5) years from the date of transaction.
Suspicious Transaction Reporting* (STR): Mandatory reporting to the AMLC, within the prescribed period, of any transaction that has no underlying legal or trade obligation, purpose, or economic justification.
Covered Transaction Reporting* (CTR): Mandatory reporting of single transactions exceeding Five Hundred Thousand Philippine Pesos (PHP 500,000.00).
Risk-Based Approach (RBA): Implementation of policies, procedures, and controls commensurate with the VASP’s risk profile, based on a National Risk Assessment (NRA) and the VASP’s own risk assessment*.
Targeted Financial Sanctions (TFS): Immediate freezing of assets, funds, or property of individuals and entities designated under relevant United Nations Security Council Resolutions* (UNSCRs) related to TF and PF.
VII. Comparative Analysis of VASP Regulatory Approaches
A comparative analysis highlights the Philippines’ positioning relative to international standards set by the Financial Action Task Force (FATF) and approaches in other jurisdictions.
| Jurisdiction / Framework | Regulatory Model | Defining Legislation / Guidance | Primary Regulator(s) | Key Features / Emphasis |
|---|---|---|---|---|
| Philippines | Activity-based licensing under AML/CFT law, with sectoral regulators. | Anti-Money Laundering Act (RA 9160 as amended), AMLC Resolutions. | Anti-Money Laundering Council (AMLC), with BSP & SEC for specific functions. | Registration with AMLC is mandatory. Strong focus on AML/CFT compliance as covered persons. Evolving coordination among multiple agencies. |
| Financial Action Task Force (FATF) | Risk-based international standards. | FATF Recommendation 15 (Revised 2018) and its Interpretive Note. | N/A (Standard-Setter). | Applies Travel Rule (Recommendation 16) to VASPs. Requires licensing/registration, CDD, STR reporting. The global benchmark for national regulations. |
| United States | Fragmented, multi-agency approach based on asset characterization. | Bank Secrecy Act (BSA), rules by FinCEN; SEC and CFTC regulations. | Financial Crimes Enforcement Network (FinCEN), SEC, CFTC, state regulators. | VASPs are Money Services Businesses (MSBs) under FinCEN rules. Heavy emphasis on securities laws enforcement by SEC. Complex regulatory landscape. |
| European Union | Unified, comprehensive licensing regime across member states. | Markets in Crypto-Assets (MiCA) Regulation. | National competent authorities (e.g., BaFin in Germany, AMF in France) overseen by EBA & ESMA. | MiCA provides a full harmonized framework for issuance and service provision, going beyond AML/CFT to include prudential, consumer protection, and market integrity rules. |
| Japan | Registration-based system with a single financial regulator. | Payment Services Act (PSA), Financial Instruments and Exchange Act (FIEA). | Financial Services Agency (FSA). | Distinct categories for crypto-asset exchange services and crypto-asset custody services. Strong consumer protection measures and capital requirements. |
VIII. Enforcement and Penalties for Non-Compliance
The AMLC and other relevant agencies possess broad investigative and enforcement powers. Penalties for violations by VASPs can be severe:
Administrative Sanctions: Issued by the AMLC, including fines of up to One Hundred Thousand Philippine Pesos (PHP 100,000.00) for each violation, and/or issuance of a cease and desist order*.
Criminal Penalties*: Under the AMLA, imprisonment and fines for money laundering offenses and for willful failure to file STRs or CTRs.
Supervisory Actions*: The AMLC may suspend or revoke a VASP’s registration for serious or repeated violations.
Other Liabilities*: VASPs may also face sanctions from the BSP or SEC for violations of their respective rules, including license revocation.
IX. Current Challenges and Legal Issues
The VASP regulatory landscape faces several ongoing challenges:
Technological Neutrality: The rapid evolution of decentralized finance (DeFi) protocols, non-custodial wallets, and peer-to-peer* (P2P) platforms tests the boundaries of the current VASP definition.
Jurisdictional Overlap*: Clarifying the boundaries between the AMLC, BSP, and SEC remains a work in progress, potentially leading to regulatory arbitrage or duplication.
Implementation of the Travel Rule: Compliance with the FATF Travel Rule*, which requires VASPs to transmit originator and beneficiary information during transfers, is technically complex and requires industry-wide solutions.
Consumer Protection*: While AML/CFT is the primary focus, a comprehensive consumer protection and market conduct framework specific to VAs is still underdeveloped.
X. Conclusion and Recommendations
The Philippines has established a definitive legal concept for Virtual Asset Service Providers centered on their inclusion as covered persons under the AMLA. The regulatory framework, spearheaded by the AMLC, imposes rigorous AML/CFT obligations to mitigate systemic risks. The comparative analysis shows the Philippines aligns with FATF standards but operates a distinct model focused on AML/CFT registration, differing from the unified licensing of the EU or the multi-agency fragmentation of the US. Moving forward, stakeholders should:
The VASP rules represent a critical and evolving component of the Philippines’ special laws, essential for integrating the digital asset economy into the formal financial system while safeguarding its integrity.