Why B2B SaaS Infrastructure Providers Are Not VASPs Under FATF Guidance
- FATF Recommendation 15 defines a VASP by four specific activities — software infrastructure providers meet none of them.
- Non-custodial, fixed-fee SaaS architecture sits structurally outside the VASP perimeter under current guidance.
- Operators deploying on Fexr infrastructure retain their own compliance obligations — this briefing helps them understand the distinction.
When enterprise legal teams encounter a platform that touches blockchain infrastructure, their first instinct is often to ask: "Are you a Virtual Asset Service Provider?" It's a reasonable question. But it conflates what a VASP is — under the internationally recognised FATF framework — with what a software infrastructure company does. The two are not the same, and the distinction matters enormously for how a bank, regulator, or compliance officer should evaluate a vendor.
What FATF Actually Says
The Financial Action Task Force (FATF) defines a VASP in its Recommendation 15 as any natural or legal person that conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
- Exchange between virtual assets and fiat currencies
- Exchange between one or more forms of virtual assets
- Transfer of virtual assets
- Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets
- Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset
The operative phrase throughout is "for or on behalf of another person." This is not incidental language — it is the jurisdictional anchor that separates a service provider from a tool maker.
Where Software Infrastructure Falls
A B2B SaaS provider that deploys non-custodial smart contract infrastructure does not exchange, transfer, or safekeep virtual assets. It does not hold private keys. It does not initiate transactions. It builds the rails — and then hands those rails entirely to the operator and their end users.
The analogy is a company that manufactures and licenses point-of-sale terminals. That company is not a payment processor. It does not hold merchant funds, settle transactions, or assume liability for what flows through its hardware. It charges a licence fee for the tool. The merchant assumes the regulatory relationship with their acquirer and their customers.
The same logic applies here. Fexr builds and licences smart contract deployment tooling. The operator configures it, deploys it, and governs it. Fexr charges a fixed software licence fee. No assets move through Fexr. Fexr holds no keys.
The "Facilitation" Question
FATF guidance does acknowledge that facilitation can, in some circumstances, bring an entity within scope. The key test is whether the entity has "control or sufficient influence" over the virtual asset activity. FATF's 2021 Updated Guidance for a Risk-Based Approach specifically notes that developers of self-executing smart contracts where the developer has no ongoing control are generally not VASPs.
Fexr's architecture is designed precisely around this line. Once a contract is deployed, Fexr retains zero admin keys, zero upgrade privileges, and zero custodial control. The operator governs the contract. The smart contract logic executes autonomously. Fexr cannot reverse, modify, or intervene in any transaction.
What This Means for Operators
Understanding Fexr's non-VASP status does not eliminate an operator's own compliance obligations. Operators deploying loyalty or participation infrastructure that involves virtual assets must conduct their own legal analysis in their jurisdiction. What this briefing establishes is that the infrastructure provider — Fexr Technologies — is not inserting a VASP layer beneath your program. You are not inheriting Fexr's regulatory status, because Fexr does not have a VASP regulatory status to inherit.
For operators in regulated industries or jurisdictions with clear virtual asset frameworks (UAE, Singapore, EU under MiCA), this distinction simplifies the vendor due diligence conversation considerably. The question is not "does your vendor have a VASP licence?" The question is "does your vendor custody assets or control transactions?" The answer, for Fexr, is verifiably no.
The Practical Takeaway
If your legal team receives a question about VASP status, the response is straightforward: Fexr Technologies is a B2B SaaS infrastructure provider operating under a fixed Usage-Based Software Licensing fee model. It does not exchange, transfer, or safekeep virtual assets for or on behalf of any person. Its smart contract infrastructure is non-custodial by design, with no admin keys or upgrade privileges retained post-deployment. Under FATF Recommendation 15 and its associated guidance, this architecture does not constitute a VASP activity.
That response should be in writing, on the vendor's own domain, backed by the legal counsel who helped design the structure. Which is precisely why this briefing exists.