A Cayman-based client whose core business was already regulated came to us with a question that appeared straightforward: would accepting crypto deposits from their existing client base make them a Virtual Asset Service Provider (VASP) under Cayman’s regulatory framework?

VASP status is not triggered by using or accepting crypto in isolation. What matters is the nature of the activity – custody arrangements, intermediation, third-party involvement and the relationship to an existing licence all affect the analysis. Firms can drift into regulated activity through incremental operational decisions, often without realising it until a regulatory query arrives.

We worked through the client’s proposed activity in detail, identifying what genuinely sat ancillary to their existing licence and the specific points at which custody arrangements, intermediation or third-party involvement would shift the regulatory analysis.

The question was not purely about what the rules said. It was about helping the client understand where their operating boundary sat, and why – in terms they could explain to their board and, if required, to the regulator.

The client had a defined, defensible position on their crypto activity. Not a yes or no answer, but a clear understanding of the line and the reasoning behind it.

That clarity gave them confidence to proceed within scope and a documented basis for future decisions as their activity evolves.