Introduction
Earlier this month, 180 delegates from over 75 jurisdictions were in Malta for the “VASPs Risk-Based Supervision Training Symposium”. Hosted by the FIAU in close collaboration with the Egmont Group’s Technical and Training Assistance Working Group (TATWG), the event, brought together a diverse group of subject-matter experts from FIUs, national competent authorities, law enforcement and the private sector, to unpack the rapidly evolving array of challenges surrounding effective supervision of virtual asset (VA) and virtual asset service providers (VASPs). The insights and sharing of country-specific experiences, were nothing short of eye-opening, especially given the vast breadth of jurisdictions present with vastly different sector ecosystems and resource capacities.
Yet, one message stood out from all the rest, which can be summed up by the following –
“As virtual assets transcend national borders and continue to integrate within the business models of other sectors, the global fight against crypto-related crime has reached a critical inflection point. To stand a chance, regulators must prioritise adopting a globally unified, well-coordinated response that fosters cross-border collaboration, breaks down internal silos and leverages the synergies of private-public partnerships (PPPs) with obliged entities across multiple sectors, not limited to just VASPs.”
In this article, I will draw on points mentioned during the symposium, addressing the practical considerations and policy implications necessary to act on this message.
The Importance of National Coordination and Cross-Border Collaboration
Effective supervision of the VASP sector cannot occur in isolation whether within national systems or across borders. As was discussed during one of our panels, regardless of whether a jurisdiction adopts a registration model, a bespoke licensing framework, or integrates VASP oversight into existing structures, coordination among FIUs, supervisory authorities, and law enforcement is essential. A unified domestic approach becomes particularly critical when tackling challenges such as identifying unregistered or offshore VASP activity, which continues to be a key area of concern highlighted by the FATF.
This level of domestic coordination must also extend internationally, as the borderless nature of virtual assets demands collaborative cross-border investigations and joint supervisory actions. While multilateral AML supervisory colleges have primarily been implemented within the European context, this collaborative model offers significant potential for broader adoption globally, strengthening cross-border coordination and enhancing the collective ability to tackle emerging risks in the VASP sector. Additionally, peer-to-peer engagement between regulators, exchanging practical insights on supervisory models, risk typologies, and implementation challenges, remains a valuable mechanism for enhancing collective regulatory capacity.
In this context, both national alignment and international cooperation are not merely beneficial, they are essential for meaningful and sustained progress in VASP supervision.
Breaking down internal silos
Most delegates were in agreement that the supervision of VASPs does not necessarily mean reinventing the wheel. However, it does require rethinking how the wheel turns. We mentioned how whilst certain methods of supervision used for other sectors remain effective, the VASPs sector brings new, complex risks that require regulators to break down internal silos and adopt a more interdisciplinary lens, both in how they structure their teams and the technologies to implement their supervisory plans.
Firstly, from a human resources perspective, several jurisdictions shared that where specialised expertise in virtual assets was lacking, the most successful capacity-building efforts often began with identifying staff who demonstrated genuine curiosity and initiative in this field. By empowering these individuals through structured training and targeted mentorship, authorities were able to cultivate internal knowledge from the ground up, fostering a dynamic, agile supervisory capacity less dependent on external hires.
But building effective supervision doesn’t stop with people, it also requires tools that can enhance and scale those human capabilities. As regulators face increasing complexity and data volumes, technology becomes a critical enabler of more targeted and efficient oversight. The emergence of novel suptech tools, especially in blockchain analytics, has opened new doors for regulators to apply a more robust risk-based approach to VASP supervision. However, these must be approached with caution. While they offer powerful insights, there is a real risk that they become ‘black boxes’, where automated outputs are accepted without question, and critical supervisory decisions are made without clarity on how conclusions were reached. Ensuring these tools remain transparent, explainable, and fully integrated into a broader strategic understanding is essential. Doing so prevents overreliance on opaque systems and encourages cross-functional collaboration between technical teams, analysts, and decision-makers.
Together, these developments underscore a deeper, systemic imperative: breaking down internal silos is not simply a matter of improving efficiency, it is about enabling supervisors to operate at the intersection of technology, policy, and operations.
Leveraging synergies through PPPs with VASPs and other sectors where VAs are present
A crucial extension of breaking down internal silos is recognising the value of structured, ongoing collaboration between public authorities and the private sector. As highlighted in our discussions, VASPs and other obliged entities operating within the virtual asset space are often on the front lines, confronting risks in real time and developing operational insights that regulators may not yet have visibility into. As a result, establishing feedback loops between these obliged entities and supervisory authorities is critical to ensure that regulatory guidance remains timely, practical, and responsive to emerging threats.
However, to fully leverage the potential of public-private partnerships, these must be structured with clear objectives, supported by concrete mechanisms for information exchange, and regularly evaluated to ensure they lead to tangible improvements in risk mitigation and compliance outcomes.
Conclusion
The reality is, the path forward is complex and layered, demanding not only significant resources and political resolve but also a fundamental shift in the way regulators think and operate. As with any meaningful transformation, it begins with a single, deliberate step, acknowledging that change must be strategic, incremental, and adaptable to the evolving landscape.
However, this transformation cannot be achieved in isolation. Global coordination and mutual support among regulators are essential to address the inherently cross-border nature of virtual assets and financial crime, ensuring no jurisdiction becomes a weak link in the chain. It is precisely through events like this symposium and many others that such cooperation is encouraged and actively cultivated, offering a platform for shared learning, open dialogue, and the building of trusted relationships across borders.
The stakes are high, but so is the opportunity to strengthen the financial ecosystem through effective supervision and global cooperation, ensuring its long-term integrity and resilience against emerging risks.
Article written by:
Karl Wismayer, Associate – Investments, VFAs and Gaming Supervision, FIAU Malta