Since 2016 I have been building COREDO as a team that turns complex regulatory challenges into working operational models. During this time we have carried out dozens of projects in the EU, the United Kingdom, Singapore and Dubai, as well as in a number of offshore and mid‑shore jurisdictions in Africa and Asia. Today entrepreneurs and CFOs increasingly come to me with one request: how to strategically choose between the Seychelles and Mauritius for a VASP license, accelerate the VASP 2026 licensing process and at the same time ensure AML/CFT compliance, bankability and a stable project economy. In this article I have compiled our practical experience, working checklists and a view of trends for 2024–2026 so that you can make an informed decision and move toward ROI without unnecessary iterations.
Choosing a VASP jurisdiction in 2026
Regulators are increasing their focus on virtual assets, and investors — on the quality of corporate governance and operational resilience. A strong VASP license is not only a legal foundation but also a gateway to correspondent banking relationships, access to PSPs and institutional clients. The key to success: aligning VASP 2026 requirements, economic presence (substance), technological maturity and transparent AML processes.
In recent years the COREDO team has implemented projects in the Seychelles and Mauritius for exchanges and brokers as well as for custodial providers. COREDO’s practice confirms: a properly designed
corporate structure for an offshore VASP, preparation for fit and proper tests and precise implementation of the Travel Rule and KYT provide a significant advantage during licensing and launch.
Comparison of Seychelles and Mauritius for VASP
For VASP the strategic comparison of jurisdictions of the Seychelles and Mauritius focuses not so much on the attractiveness of the locations as on differences in regulation and practical compliance with requirements. Let’s review the key differences in the regulatory frameworks and approaches of the FSA and FSC to understand what risks and advantages each system carries.
Regulatory frameworks: FSA vs FSC
In the Seychelles supervision of VASPs is exercised by the Seychelles Financial Services Authority. The regulator relies on the local law on virtual asset service providers and general AML standards oriented to FATF recommendations for virtual assets. For VASP registration in the Seychelles the applicant prepares internal policies, appoints a responsible MLRO, describes custody architecture and demonstrates operational readiness.
In Mauritius
Licensing is carried out by the Mauritius Financial Services Commission (FSC) under dedicated virtual assets and token services legislation. FSC requirements detail the functional classification of VASPs: exchange, broker, wallet (custodian), advisory, marketplace. For VASP registration in Mauritius the regulator expects a mature compliance program, management procedures and proven processes for sanctions screening and PEP checks.
Capital requirements and presence
VASP capital requirements in the Seychelles are structured by activity classes and are confirmed by paid-up share capital and liquid reserves. Economic presence in the Seychelles includes local control and reporting, availability of responsible persons and enforceability of service agreements.
VASP capital requirements in Mauritius depend on the licensed function and scale of operations, as well as assessment of operational risk and custody plans. Economic presence of a VASP in Mauritius is interpreted more broadly: a real office, local directors, a compliance officer and MLRO, regular board meetings on the territory, storage of key documentation and management records. In a number of projects the solution developed by COREDO provided for hiring key personnel with work permits and local SLAs for critical IT services.
Taxation, DTA and the impact of substance
Taxation for VASPs in Mauritius and the Seychelles differs significantly. Mauritius has a strong network of international double tax avoidance agreements (DTA) and a developed practice of applying OECD BEPS rules. This helps to structure inbound capital and cash flow, reduce the risks of double taxation and manage withholdings on cross-border payments. DTAs and Mauritius’s tax advantages are realized in a model with sufficient substance: real management, an office, local directors and compliance with economic tests.
In the Seychelles the tax regime is oriented toward international cooperation, participation in the CRS (automatic exchange of information) and meeting transparency requirements. The impact of economic substance on a VASP’s tax status in both jurisdictions is growing, especially in light of the Pillar Two initiatives (global minimum tax). Our experience at COREDO has shown: thorough documentation on risk management, transfer pricing and substance is the basis for a positive position in tax audits.
Banking services and bankability
Banking services for offshore VASPs are the main operational challenge. Correspondent banking relationships depend on FATF status, the bank’s understanding of the VASP model and the quality of AML/KYC/KYB processes. In Mauritius bankability is noticeably higher when holding an FSC license and providing transparent reporting, including audits and on-site inspections. In the Seychelles banking is also solvable, but more often through specialized EMIs/PSPs and a multi-layered cash flow scheme.
In COREDO projects we develop an account roadmap: an operational account in a local bank, accounts in international EMIs, escrow for custody and segregation of funds, as well as integration with payment gateways and PSPs with demonstrable compliance with the Travel Rule.
Market access (passporting) and risks
A comparison of VASP licenses in the Seychelles and Mauritius from the perspective of market access reveals an important nuance: the jurisdictions do not provide direct passporting to the EU or the UK. However, Mauritius, thanks to its ties with Africa and its status as a reliable financial center, facilitates access to African markets and interaction with institutional investors. The Seychelles follow a different strategy: focusing on flexibility, speed and the cost of compliance, which suits global digital models with a distributed client base.
The impact of MiCA on offshore VASP licenses is increasing: targeted marketing in the EU will require MiCA compliance and adherence to national regulator regimes. COREDO’s practice confirms: correct marketing policy and clauses in client documents reduce the risks of breaching local rules.
VASP License 2026: from application to go-live
obtaining a license VASP in 2026 is a multi-stage procedure covering the path from application submission to actual go‑live and requiring coordinated work of lawyers, compliance and IT. Below we will analyze key timelines and stages in detail to help plan the process and minimize the risk of delays.
Stages and timelines
The standard route includes preliminary diagnostics, preparation of policies and procedures, gathering registration documents, submission to the FSC or FSA, responses to queries, conditional approval and the final go‑live with verification of operational readiness. Timelines and stages of obtaining a license for VASP depend on the category, custody complexity and chosen providers. In our practice in Mauritius the typical horizon is 4–6 months to conditional approval and another 1–2 months to fulfil the conditions; in the Seychelles: comparable with good preliminary preparation.
Checklist of registration documents
- corporate documents, charter and the share capital structure;
- disclosure of beneficiaries (UBO) for VASP, compliance with UBO register rules;
- business plan, financial models, OPEX calculation and liquidity reserves;
- VASP compliance program 2026, AML/CFT policies, sanctions procedures and screening;
- technological requirements for VASP licensing: key management, custody, BCP/DRP;
- agreements with critical providers: KYC/KYB, KYT, blockchain forensics, custody insurance.
The COREDO team structures the document package so that the regulator can see the connectivity: risks – controls, metrics – reporting.
Fit and proper, UBO and background checks
Requirements for directors and fit and proper tests imply competencies in risk management, financial reliability and relevant experience. Fit and proper procedures and background checks include verification of biographical information, conflicts of interest and sanctions lists. For UBOs, transparent tracing of ownership is important, including through trusts or foundations, as well as
compliance with requirements for corporate governance.
In COREDO projects we perform an internal pre‑screen in advance to mitigate potential FSC/FSA queries and to justify the appointment of the MLRO, CTO and key functions.
AML/CFT 2026: operational control
In the context of AML/CFT 2026 it is critical to shift the focus from drafting policies to real operational control that actually reduces risks. This requires strengthening KYC, KYB, sanctions screening and regular PEP checks at all stages of client interaction.
KYC, KYB, sanctions screening and PEP
KYC and KYB for VASP are fundamental. Regulators expect a risk‑based approach (RBA), client segmentation, geographic risk assessment and appropriate limits. Sanctions and screening in VASP operations must cover UN lists and major sanctions regimes, and PEP checks should take into account family and business ties. We usually integrate two providers for failover and to reduce false positives.
AML requirements for VASPs in Mauritius and AML requirements for VASPs in the Seychelles converge in spirit: demonstration of effectiveness, not only policies on paper. Regular AML training and employee testing with documented results help here.
Travel rule, KYT and blockchain forensics
The travel rule and its technical implementation: a sensitive element. For transmitting sender/recipient attributes we use compatible protocols and providers, taking into account privacy and local data laws. KYT (Know Your Transaction) practice is built on behavioral rules, thresholds and risk lists. For blockchain forensics and wallet attribution Chainalysis, Elliptic or CipherTrace are suitable – their correlation with SAR thresholds and internal typologies improves the quality of investigations.
AML implementation transaction monitoring for VASP relies on scenarios and manual reviews. At COREDO we set up performance metrics: escalation speed, average time to close an alert, and the share escalated to SAR.
MLRO and SAR: interaction with the regulator
The MLRO and the AML officer role include independence, access to the board of directors and the authority to stop transactions. SAR and the procedure for filing suspicious transactions are formalized with clear SLAs. In dialogue with the FSC/FSA, structured reporting, a log of decisions and regular AML/CFT 2026 effectiveness self-assessments for VASP management are helpful.
Requirements for VASP
Technological and operational requirements for VASP define a set of standards and practices that ensure security and compliance when working with crypto assets. Special attention is paid to hot/cold wallet architecture, multi‑sig schemes, custodial governance models and insurance — these solutions form the foundation of operational resilience and client protection.
Hot/cold wallet and multi-signature architecture
Requirements for hot and cold wallets boil down to the principle of minimizing exposure and separating duties. Multi‑sig, cold wallet and hot wallet architectures are complemented by segregation of user funds and custody rules. For significant volumes I recommend custody insurance and independent cold storage audits, including a technical assessment of key protection (key management).
Custody rules and crypto asset storage imply detailed procedures for access, logging and emergency scenarios. The solution developed at COREDO often includes hardware modules, version control and regular drill tests.
Cybersecurity: SOC2, ISO27001, ISAE
Cybersecurity for crypto businesses in offshore jurisdictions: a mandatory block. SOC 2 and ISO 27001 security requirements increase trust from banks and institutions. ISAE 3000 / ISAE 3402 audits are appropriate for service providers. In COREDO projects we perform a pre‑assessment, close critical controls and plan certification together with licensing.
Operational resilience BCP/DRP
Operational resilience and BCP/DRP plans are reviewed by the regulator for plausibility: RTO/RPO, provider failure scenarios, crisis communications. Requirements for reserve capital and liquidity depend on the VASP class and risk profile. We build buffers for stress scenarios, test the failure of key systems and document the results.
Structuring and tax model
A well-designed corporate structuring directly determines the practical applicability of the chosen tax model and the level of legal risk for the business. In the following subsections we will examine in detail the options for organizing a VASP offshore, the related tax consequences and practical measures to minimize risks.
VASP structure in offshore jurisdictions
Corporate matters include the choice between exchange, custody and broker as distinctions of licenses: exchange vs custodian vs broker. Corporate governance (corporate governance) provides for independent directors, a risk committee, regular meetings and minutes. We take into account issues of hiring local personnel and work permits, especially for the CTO and compliance officer.
The administration of trust structures and foundations is possible for holding IP or reserve assets, provided there is UBO transparency and compliance with the UBO register.
Transfer pricing, CRS, BEPS, Pillar Two
CRS (automatic exchange of information) and OECD BEPS rules require proper documentation of intercompany services and rates. Transfer pricing and transactional schemes must reflect substance and market conditions. Pillar Two — the global minimum tax — becomes a factor when planning profits and royalties.
Capital, investments and exit/M&A
Structuring incoming capital and investments includes convertible instruments and pre-set investor rights. Exit strategy and preparation for M&A depend on the soundness of compliance, audits and the contractual framework. Our experience at COREDO has shown: early preparation of the data room shortens deal timelines and increases valuation.
COREDO case studies and takeaways
COREDO’s practice is based on real cases and concise extracts of experience that help quickly identify practical solutions and risks. In the first subsection we will analyze VASP registration in Mauritius and the key findings useful for similar tasks.
VASP registration in Mauritius
One client entered as a broker and exchanger with the prospect of custodial services. We built a roadmap: licensing crypto exchangers and exchanges in Mauritius, economic presence of the VASP in Mauritius, integration with two PSPs. Result – stable account openings, proper reporting, first institutional clients and a transparent ROI of the VASP license in Mauritius.
Cryptocurrency exchange licensing in the Seychelles
Another project included
licensing of crypto exchanges in the Seychelles with a focus on speed and modular architecture. We accounted for AML requirements for VASPs in the Seychelles, arranged custody insurance and cold storage audits, implemented Chainalysis and sanctions screening. The client entered the Asian and African markets with a careful marketing policy without violating European regulations.
Bank servicing and integration with PSPs
In both cases we built correspondent banking relationships and banking coverage through a combination of a local bank,
EMI and PSP, and also provided for restrictions on marketing and attracting EU/UK clients in accordance with MiCA and local rules. COREDO’s practice confirms: preparing a FATF compliance dossier for a VASP increases the speed of account openings.
Cost of compliance and ROI
Assessing the cost of compliance is not only about initial investments but also an ongoing burden on the budget that directly affects expected ROI. To properly calculate returns, OPEX, licensing fees and annual payments must be analyzed separately.
OPEX and annual licensing fees
The cost of compliance and operating OPEX includes the licensing fee and annual payments, audit costs, AML/KYT platforms, cybersecurity and personnel. Add office expenses, substance and external consultants. We set budgets by stages so that funding proceeds in sync with regulatory progress.
VASP license ROI in Mauritius vs Seychelles
The advantages of a VASP license in Mauritius are reflected in better banking, DTAs and attractiveness to institutions. The drawbacks of a VASP license in the Seychelles include more scrutiny from banks and the need to combine EMIs/PSPs, but there are lower entry barriers and greater flexibility. ROI analysis: the time to profitability for a VASP depends on marketing, product depth and customer acquisition cost; the right jurisdiction reduces operational frictions.
Regional expansion and scaling
Scaling operations and regional expansion require pre-planned modularity: additional licenses, the availability of regional accounts, and expansion of the compliance team. Passporting and access to African and EU markets are achieved through local licenses and partnerships, not through a “universal” offshore license.
Impact of MiCA on 2024–2026 trends
New regulatory trends during 2024–2026 are substantially changing requirements for the digital assets market, and MiCA’s influence is already setting benchmarks for enforcement and compliance. In the following subsections we will examine how these changes are reflected in European rules for VASPs and what service providers will need to take into account.
MiCA: EU rules for virtual asset service providers
MiCA and European rules for VASPs raise the bar for operational maturity: segregation of funds, customer protection, reporting and IT‑controls. MiCA’s impact on offshore VASP licenses: the need to combine offshore operations with an EU registrar or partners to work with EU residents.
Virtual assets, FATF recommendations
FATF compliance for VASPs is an informal “currency of trust”. Regulators expect a clear linkage between risks and controls, including Due Diligence providers for VASPs, scenario monitoring and SAR‑procedures. The COREDO team pays attention to country‑risk models and periodic risk reassessment.
Regulatory sandboxes and innovation
A regulatory sandbox for crypto firms in Mauritius and in a number of other countries helps test new models at a limited scale. It is suitable for stablecoin‑mechanics, on‑chain custody and integration with e‑money providers. We use the sandbox as a step toward a full license, especially for complex technology stacks.
Risk checklists
Risk management and regular checklists help to identify vulnerabilities in advance and reduce the likelihood of non-compliance during inspections. Next we’ll review compliance with FSC/FSA requirements and practical steps for preparing for on-site inspections.
On-site inspection for FSC/FSA
Regulatory reviews and on-site inspections include interviews, selective transaction reviews, testing of BCP/DRP and verification of reporting. Reporting requirements in FSC / FSA cover regular reports, audits and VASP inspections. Our checklist includes a self-assessment of key controls and readiness for spot-checks.
Nominee directors
Nominee directors and the risks of abuse are a separate topic. I recommend real directors with relevant expertise and time to perform their duties. Corporate governance issues are addressed through committee charters, authority matrices and independent audits.
Marketing restrictions in the EU and Britain
Restrictions on marketing and customer acquisition in the EU/UK require a legal opinion and correct implementation of disclaimers. Cross-border operations and VASP compliance include review of local rules, specifics of financial advertising and withholding taxes. In COREDO projects, legal memoranda and practical guides reduce the risk of violations.
COREDO Licensing Roadmap
When building the COREDO licensing roadmap, COREDO focuses on aligning business processes and technical solutions to minimize risks and accelerate engagement with regulators. Within this strategy, the choice of technology stack and vetted due diligence providers that ensure compliance and transparency at every stage is especially important.
Stack and due diligence providers
We select technology stacks for VASP (KYC/AML vendors) taking into account performance, accuracy and cost. We integrate Chainalysis / Elliptic / CipherTrace, two KYC/KYB providers, a travel-rule platform and sanctions screening. For payments: integration with PSPs, account segregation, reconciliation and limit controls.
AML training and compliance program
The VASP 2026 compliance program is built as a living system: policies, playbooks, metrics, training. AML training and employee testing are mandatory for all roles, including product and support. We prepare VASP reporting, audits and inspections in a format convenient for regulators, banks and investors.
Hybrid models: custody, broker, exchange
The functional classification of a VASP defines the scope of the license: exchange, wallet, custody. For hybrid models, boundaries of responsibility, requirements for reserve storage, cold storage audits and custody insurance are important. We also evaluate opportunities for licensing stablecoin and e‑money through partnership schemes and local licenses.
Brief risk profile Seychelles vs Mauritius
- Seychelles: speed, flexibility, affordable compliance costs; greater focus on EMIs/PSP; important to carefully establish AML/KYT and demonstrate the effectiveness of controls.
- Mauritius: strong DTA network, developed banking sector, focus on substance; higher requirements for an office and team; a convenient platform for Africa and institutional flows.
Reputational risks when choosing a VASP jurisdiction are reduced with a transparent structure, quality audits, and clear communication with banks and partners.
Key takeaways
Licensing a VASP is not “getting a piece of paper” but building an operating system trusted by clients, banks and regulators. Seychelles offers speed and flexibility; Mauritius: stability and a tax-treaty network. The choice depends on the product, target markets, appetite for banking and the willingness to invest in substance.
The COREDO team has gone through this journey with different models: from crypto exchanges to custodians. I see how proactive AML/CFT planning, technological discipline, a proper corporate structure and respect for regulators’ requirements transform a launch from a ‘risk’ into an ‘investment’. If you are building a VASP in 2026, start with a risk map, define target markets taking into account MiCA and FATF, assemble a strong team of directors and an MLRO, and then sequentially close out issues related to custody, banking and reporting. COREDO’s practice confirms: this approach shortens timelines, reduces OPEX and accelerates the path to sustainable ROI.
