The federal government has officially finalised the Virtual Asset Service Provider (Governance and Operations) Regulations 2025. These new rules introduce the strictest monitoring framework yet for Pakistan’s digital finance sector.
According to official documents acquired by TechJuice, the government aims to align the local virtual asset market with international standards. Consequently, these measures prioritise safety, transparency, and strict oversight.
To curb illicit financial flows, the government has set a strict verification threshold. Now, verification is mandatory for every virtual asset transfer exceeding Rs. 1 million.
Furthermore, Pakistan is fully integrating the FATF Travel Rule. Virtual Asset Service Providers (VASPs) must now collect and store complete details of both the sender and the receiver. This ensures full transparency for every transaction.
Additionally, the regulations target unhosted wallets. Authorities will strictly monitor these private wallets and conduct mandatory due diligence on all overseas parties. To support this, the government will utilise advanced blockchain analytics to screen for and identify suspicious transactions.
The new framework imposes rigorous financial safeguards on companies operating in this space. For licensing and operational security, VASPs must deposit 30 per cent of their paid-up capital with the State Bank of Pakistan (SBP).
Moreover, companies cannot simply change hands without oversight. Any major change in a VASP’s ownership structure now requires prior approval from the regulatory authority. To maintain public trust, VASPs must also publish all relevant legal information prominently on their official websites.
Recognising digital threats, the regulations mandate robust technical standards. Every VASP must maintain a cybersecurity policy that is updated annually.
Simultaneously, continuous testing and auditing of IT systems are now mandatory. This ensures resilience against potential cyberattacks. However, to facilitate business operations, the regulations do allow cross-border outsourcing for specific operational functions.
These policies mark a significant shift in Pakistan’s approach to crypto, moving from ambiguity to a regulated, monitored environment.