.png)
When a merchant application lists "crypto services" or "digital asset platform", the operational model determines the risk profile, regulatory obligations, and appropriate underwriting controls. The model is not immediately apparent from business descriptions.
This guide provides the framework we use to classify crypto merchants into distinct operational categories based on custody structure, transaction flows, and compliance posture. We examine who holds customer funds, how fiat and crypto are exchanged, trading mechanisms, leverage exposure, geographic controls, and licensing documentation to determine the merchant's actual role in the crypto economy.
Payment processors, acquiring banks, and marketplaces face different risk exposures, regulatory requirements, and monitoring obligations depending on whether the merchant operates as a broker, custodial wallet, non-custodial wallet, or exchange. Misclassification creates compliance gaps, financial liability, and regulatory scrutiny.
The crypto services market includes fundamentally different business models:
Broker: Facilitates crypto purchases for customers but does not hold crypto custody long-term. Customers receive crypto to external wallets controlled by the customer. The broker acts as an intermediary between fiat payment systems and crypto liquidity providers. Risk profile depends on custody duration, Know Your Customer (KYC) implementation, and transaction monitoring.
Custodial wallet: Holds and controls crypto assets on behalf of customers. Customers do not possess private keys. The wallet provider has full custody and operational control over assets, creating trust and security obligations. Subject to money transmission licensing in most jurisdictions.
Non-custodial wallet: Software enabling customers to control their own private keys and crypto assets. The wallet provider does not have custody or control over customer funds. Lower regulatory burden in many jurisdictions, but risks around facilitating illicit transactions, sanctions violations, and privacy coin usage persist.
Exchange (centralized): Operates an order book or automated market maker (AMM) for crypto-to-crypto or crypto-to-fiat trading. Holds custody of assets during trading. Provides liquidity and price discovery. Subject to money transmission, Money Services Business (MSB), and securities regulations depending on jurisdiction and tokens offered.
Decentralized exchange (DEX) front-end: Provides user interface for decentralized trading protocols. Does not hold custody. Regulatory treatment varies by jurisdiction and involvement in protocol operations.
According to Chainalysis' 2024 Crypto Crime Report, illicit crypto transaction volume reached $24.2 billion in 2024, representing 0.34% of total transaction volume. This demonstrates why payment processors and acquiring banks must implement model-specific risk controls during merchant onboarding.
The Financial Action Task Force (FATF) updated guidance in 2021 requires Virtual Asset Service Providers (VASPs) to implement the "travel rule". This rule requires transmission of originator and beneficiary information for transactions above specified thresholds, creating compliance differentiation between custodial and non-custodial models.
Understanding the fundamental differences between brokers, wallets, and exchanges is critical for determining appropriate underwriting, monitoring, and compliance requirements.
Operational definition: Facilitates crypto purchase or sale transactions on behalf of customers. Customers provide fiat payment, broker sources crypto from liquidity providers or exchanges, and delivers crypto to customer's external wallet (or converts crypto to fiat for sales). Broker may hold crypto briefly during transaction settlement but does not provide long-term custody services.
Key characteristics:
Regulatory classification: Typically classified as MSB in the United States, requiring registration with the Financial Crimes Enforcement Network (FinCEN). May require state-level money transmission licenses depending on custody duration and operational model. Bank Secrecy Act (BSA) obligations include Customer Identification Program (CIP), transaction monitoring, and Suspicious Activity Report (SAR) filing.
Risk profile: Medium risk. Transaction monitoring requirements, potential for layering schemes (buying crypto to obscure fiat origins), reliance on downstream exchanges for compliance controls, and geographic arbitrage if broker operates cross-border.
Example: A merchant operates a platform where users pay via credit card or bank transfer to purchase Bitcoin. The platform sources Bitcoin from a liquidity provider, holds it briefly during transaction confirmation (typically 10-30 minutes), and sends Bitcoin to the customer's external wallet address. The merchant does not offer trading, long-term custody, or portfolio management. This is a broker model.
Operational definition: Provides long-term storage and management of crypto assets on behalf of customers. Holds customer crypto using private keys controlled by the wallet provider. Customers access balances through wallet interface but do not possess keys. May offer additional services such as staking, yield generation, or integrated purchasing.
Key characteristics:
Regulatory classification: Subject to money transmission licensing in most U.S. states. Some jurisdictions classify custodial wallets as trust companies or fiduciaries. Licensing varies significantly by state and token types (securities vs. non-securities). The SEC issued guidance in 2020 indicating that certain crypto custody services may constitute broker-dealer activity depending on services offered.
Risk profile: Medium to high risk. Full custody creates operational risk (hacking, fraud, misappropriation), trust obligations (customers rely on wallet's security), regulatory complexity (multi-state licensing, potential securities custody), and potential commingling of customer and company assets.
Example: A merchant operates a mobile wallet application where users purchase crypto (via credit card or bank account) and store it within the app. The wallet provider holds all private keys in secure storage, and customers access their balances via login credentials. Customers can send or receive crypto through the app interface, but the wallet provider controls the underlying keys. This is a custodial wallet.
Operational definition: Software or interface enabling customers to generate, store, and manage their own private keys. The wallet provider does not have access to private keys or control over customer assets. Customers have full control and responsibility for their assets.
Key characteristics:
Regulatory classification: Regulatory treatment varies significantly by jurisdiction. In the United States, non-custodial wallets typically do not require money transmission licenses because the provider never has control over funds. However, certain operations (such as facilitating transactions or providing fiat on-ramps) may trigger licensing requirements. The Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash in August 2022, demonstrating that even non-custodial tools can face enforcement if deemed to facilitate sanctions evasion.
Risk profile: Low to medium risk depending on features. Privacy-focused wallets or those integrating with mixing services face sanctions and Anti-Money Laundering (AML) scrutiny. Non-custodial wallets enabling access to Decentralized Finance (DeFi) protocols may expose users to smart contract risk, but this is generally customer risk rather than payment processor risk. Primary concern is whether wallet facilitates illicit transactions or sanctions violations.
Example: A merchant provides a browser extension wallet that generates private keys locally on the user's device using client-side code. The wallet does not transmit keys to servers. Users can connect the wallet to decentralized exchanges and execute trades peer-to-peer. The merchant has no custody or control over user funds. This is a non-custodial wallet.
Operational definition: Operates a trading platform where customers deposit crypto (or fiat), execute trades against an order book or liquidity pool, and withdraw assets. Exchange holds custody during trading. Provides price discovery, liquidity, and often margin or derivatives trading.
Key characteristics:
Regulatory classification: Subject to money transmission licensing, MSB registration, and potentially securities regulations depending on tokens offered. The SEC has taken enforcement action against multiple exchanges for offering unregistered securities. Classification depends on whether tokens meet the Howey Test criteria (investment of money in a common enterprise with expectation of profits derived from efforts of others). Exchanges offering derivatives face additional Commodity Futures Trading Commission (CFTC) oversight.
Risk profile: High risk. Concentrated custody of large asset pools (hacking target), market manipulation risks, liquidation cascades during volatility, potential securities violations, cross-jurisdictional regulatory complexity, and operational failures during high-volume periods.
Example: A merchant operates a trading platform where customers deposit Bitcoin and Ethereum, trade between the two using an order book, and withdraw profits. The exchange holds custody of all deposited assets in segregated wallets and settles trades internally on its ledger. Customers can also deposit U.S. dollars via wire transfer to purchase crypto. This is a centralized exchange.
Operational definition: User interface for interacting with decentralized trading protocols deployed on blockchains. The front-end does not hold custody or control trading. Users connect non-custodial wallets and execute peer-to-peer or protocol-based trades.
Key characteristics:
Regulatory classification: Regulatory treatment is evolving. DEX front-ends generally do not require money transmission licenses because they lack custody. However, regulatory uncertainty exists regarding liability for protocol operations.
Risk profile: Low to medium risk for payment processors (depending on front-end monetization model and involvement in protocol governance). Primary concerns are sanctions compliance (ensuring front-end blocks sanctioned addresses), securities violations (if protocol trades unregistered securities), and whether front-end operator has legal exposure for protocol activity.
Why it matters: Who holds customer funds determines regulatory obligations, operational risk, and liability exposure. Custody is the single most important factor differentiating crypto business models.
Custody analysis reveals whether the merchant operates as a fiduciary (custodial wallet), intermediary (broker), infrastructure provider (non-custodial wallet), or market operator (exchange).
Ambiguous custody language:
Why this is critical risk: Merchants who cannot clearly articulate custody structure either do not understand their own operations (operational risk) or are deliberately obscuring custody to avoid licensing requirements (compliance risk). Ambiguous custody language requires immediate clarification before proceeding.
Example: A merchant states "We offer secure wallets for your crypto" but cannot answer whether customers possess private keys. When questioned, they explain "Customers control their funds through our platform" but also state "We hold assets in secure cold storage for customer protection". These statements contradict each other. Either the merchant holds keys (custodial), or customers do (non-custodial). This ambiguity indicates either operational confusion or intentional vagueness.
Partial custody claims:
Why this is high risk: Claims of "temporary" custody or partner custody often conceal that merchant has full operational control and should be licensed accordingly. If the merchant can freeze, reverse, or delay transactions, they have custody regardless of technical architecture.
Example: A merchant claims they are "non-custodial" but explains they use a "2-of-3 multi-signature setup where we hold two keys and the customer holds one key". This is custodial. The merchant controls the majority of keys and can unilaterally move funds. True non-custodial arrangements would be 1-of-1 (customer holds only key) or 2-of-3 where customer holds two keys and merchant holds one (customer controls majority).
Custodial model without licensing:
Why this is critical risk: Operating custodial crypto services without appropriate licensing violates state money transmission laws in most U.S. jurisdictions. This creates direct regulatory risk for payment processors facilitating their operations.
Clear custodial disclosure with licensing:
Clear non-custodial disclosure:
Broker model with minimal custody duration:
Custody structure
Licensing
Custody partners
Insurance and bonding
Controls
Red flag threshold:
Why it matters: How customers convert fiat to crypto (on-ramp) and crypto to fiat (off-ramp) determines payment risk, chargeback exposure, and regulatory obligations. Fiat payment integration creates direct risk for payment processors.
On-ramp and off-ramp mechanisms reveal transaction flow, fraud risk, and whether the merchant is subject to payment card network rules (if accepting credit or debit cards).
Credit card on-ramps without chargeback mitigation:
Why this is critical risk: In our experience, credit card crypto purchases create elevated chargeback exposure compared to typical merchant categories. Instant delivery to external wallets makes recovery impossible after chargebacks occur.
Example: A broker allows customers to purchase Bitcoin using credit cards with no account history requirements or verification delays. Bitcoin is delivered to customer wallets within 15 minutes. A customer disputes the charge 30 days later claiming unauthorized use. The Bitcoin has been transferred through multiple wallets and is irretrievable. The broker absorbs the full chargeback amount plus associated fees. Payment processors face card network scrutiny for facilitating transactions with insufficient fraud controls.
Peer-to-peer (P2P) off-ramps:
Why this is high risk: P2P models create money laundering, sanctions evasion, and fraud risks. Platform claims of being "only a marketplace" do not eliminate money transmission obligations if the platform facilitates or controls fiat payments between users.
Example: A platform connects Bitcoin sellers with buyers. Sellers deposit Bitcoin to the platform's escrow. Buyers send fiat payment directly to sellers via bank transfer or Venmo. Platform releases Bitcoin upon seller confirmation of fiat receipt. Despite claiming to be "just a marketplace", the platform controls Bitcoin during transactions and facilitates fiat payments. This constitutes money transmission in most U.S. states.
Unverified off-ramp destinations:
Why this is high risk: Allowing fiat withdrawals to unverified accounts enables money laundering, structuring, and payment to illicit actors. AML obligations require verification that withdrawal destinations are controlled by the verified customer.
Cross-border fiat flows without compliance controls:
Why this is critical risk: Cross-border crypto operations must screen for sanctions, implement geographic controls, and monitor for sanctions evasion patterns. Lack of controls creates direct legal liability for payment processors.
Risk-mitigated card on-ramps:
KYC-verified off-ramps:
Licensed payment rails:
On-ramp methods
Off-ramp procedures
Chargeback and fraud controls
Sanctions and geographic controls
Red flag threshold:
Why it matters: Trading operations, particularly with margin or derivatives, exponentially increase risk exposure, regulatory obligations, and potential for customer losses. Leverage magnifies losses and creates liquidation risk during volatility.
Trading and leverage analysis reveals operational complexity, market risk, and whether the merchant faces securities or derivatives regulations beyond basic money transmission.
High leverage without sophistication controls:
Why this is critical risk: Extreme leverage on volatile assets creates predictable customer losses, leading to complaints, chargebacks, and regulatory action. We observe that platforms offering leverage above 20x to retail customers without sophistication verification face substantially elevated complaint rates and regulatory scrutiny.
Example: A platform advertises "Trade Bitcoin with 125x leverage" and accepts customers with no trading experience verification. During a 5% Bitcoin price movement (routine intraday volatility), leveraged positions are automatically liquidated at total loss. A customer deposits $1,000, opens a $125,000 position, and loses the entire deposit in 20 minutes during normal market fluctuation. The customer files complaints with the payment processor, state attorney general, and CFTC. This pattern creates direct reputational and regulatory risk for payment facilitators.
Derivatives trading without registration:
Why this is critical risk: Crypto derivatives that are commodity-based fall under CFTC jurisdiction. Operating derivatives platforms without proper registration violates federal law. Payment processors facilitating unregistered derivatives trading face regulatory liability.
Opaque liquidation mechanisms:
Why this is high risk: Liquidation mechanisms that favor the platform over customers suggest conflicts of interest or manipulative practices. This creates litigation exposure and reputational damage.
Example: An exchange offers 50x leverage on Bitcoin. A customer's position is liquidated when Bitcoin reaches $42,100 on the exchange's platform, but public exchanges (Coinbase, Kraken, Binance) show Bitcoin only dropped to $42,500 at that timestamp. The $400 discrepancy suggests the exchange's liquidation engine uses unfavorable pricing. Multiple customers report similar patterns. This indicates systematic liquidation issues requiring investigation.
Token listing without vetting:
Why this is medium to high risk: Listing tokens that meet the SEC's definition of securities (under the Howey Test) creates enforcement risk for the exchange. Privacy coins create AML and sanctions compliance challenges. Scam tokens create customer losses and reputational damage.
Spot trading only (no leverage):
Moderate leverage with controls (if offered):
Registered derivatives platform (if applicable):
Token vetting and compliance:
Trading capabilities
Leverage and margin
Derivatives registration
Token listing policies
Customer complaints
Red flag threshold:
Why it matters: Where a crypto merchant operates and who they serve determines regulatory obligations, sanctions compliance, and jurisdictional risk. Geographic inconsistencies reveal unlicensed operations or sanctions violations.
Geographic analysis reveals whether the merchant complies with multi-jurisdictional licensing requirements, implements proper sanctions controls, and avoids prohibited markets.
Serves U.S. customers without U.S. licensing:
Why this is critical risk: Any crypto service providing custodial services, money transmission, or exchange services to U.S. customers must comply with federal and state requirements. Claims of being "offshore" or "decentralized" do not exempt the business from U.S. jurisdiction when serving U.S. persons.
Example: A crypto exchange operates from the Cayman Islands and actively markets to U.S. customers through U.S.-based social media advertising. They have no U.S. licenses and claim "As a foreign company, we are not subject to U.S. regulations". This claim is incorrect. FinCEN guidance FIN-2013-G001 clarifies that foreign-located MSBs conducting business wholly or in substantial part within the United States must register with FinCEN and comply with BSA requirements. Serving U.S. customers creates U.S. regulatory obligations regardless of incorporation location.
Operates in sanctioned jurisdictions:
Why this is critical risk: Providing financial services (including crypto services) to sanctioned jurisdictions violates OFAC sanctions regulations. Payment processors facilitating these operations face civil and potentially criminal liability.
Inconsistent licensing across operating states:
Why this is high risk: State money transmission laws generally require licensing in each state where the business has customers (with limited exemptions for specific activities or business models). Operating without proper state licensing creates regulatory enforcement risk.
No KYC or weak verification:
Why this is critical risk: All U.S.-regulated crypto businesses (brokers, custodial wallets, exchanges) must implement KYC programs under BSA requirements. Operations without KYC are per se unlicensed and create AML violations.
Proper U.S. licensing:
Sanctions compliance:
Clear geographic scope:
Robust KYC implementation:
Licensing
Geographic scope
Sanctions compliance
KYC and verification
Regulatory examinations
Red flag threshold:
Why it matters: Many crypto merchants operate multiple services under related entities. A merchant may describe themselves as a "wallet" but also operate an exchange, broker, or DeFi protocol under related entities. Understanding the full ecosystem is critical for accurate risk assessment.
We map all domains, entities, and services operated by the same ownership or management to identify undisclosed operations, regulatory arbitrage structures, and hidden risks.
Wallet-exchange integration:
Why this matters: Integrated trading functionality transforms a wallet into an exchange for regulatory purposes. If the merchant provides only wallet licensing documentation but operates trading, they likely lack proper exchange licensing. The substance of operations determines classification, not the merchant's self-description.
Example: A merchant applies for payment processing describing their service as a "crypto wallet". During technical review, the wallet includes a "Swap" feature allowing users to exchange Bitcoin for Ethereum at quoted prices. Investigation reveals the merchant operates the liquidity pool and earns spreads on swaps. This is exchange functionality requiring exchange licensing, not simple wallet services.
Broker with custodial holding:
Why this matters: Temporary custody during transaction settlement (minutes to hours) aligns with broker classification. However, long-term custody (days, weeks, indefinite) constitutes custodial wallet services requiring money transmission licenses in most states.
Example: A merchant describes their service as "crypto brokerage" and states custody is "only temporary during settlement". Terms of service reveal customers can leave crypto in merchant wallets indefinitely. Analytics show average customer balance remains in merchant custody for 87 days. This is custodial wallet service, not brokerage settlement custody.
Related entity arbitrage:
Why this matters: Corporate structure arbitrage (using offshore entities to avoid U.S. licensing) does not eliminate U.S. regulatory obligations if customers are U.S.-based and operations substantially occur in the U.S. Payment processor risk extends to the entire ecosystem, not just the applying entity.
Example: U.S. entity "CryptoWallet USA LLC" provides non-custodial wallet software. Related entity "CryptoExchange Ltd" (Cayman Islands, same beneficial owners) operates exchange accessible through the wallet interface. U.S. customers interact with one brand and move funds seamlessly between entities. Despite corporate separation, the integrated operation serves U.S. customers with exchange services lacking proper U.S. licensing.
DeFi front-end with centralized operations:
Why this matters: Marketing as "decentralized" to avoid regulation while maintaining operational control is regulatory arbitrage. Actual custody and control determine licensing requirements, not technical architecture descriptions or marketing language.
Related entities
Integrated services
Corporate structure
Fund flows between entities
Red flag threshold:
Payment processors and acquiring banks frequently misclassify crypto merchants due to reliance on merchant self-description rather than operational verification. These errors create compliance gaps and financial liability.
The mistake: Applying identical underwriting controls to brokers, wallets, and exchanges because all are categorized as "crypto merchants".
The consequence: Brokers, custodial wallets, and exchanges have fundamentally different regulatory obligations, risk profiles, and monitoring requirements. A broker with 15-minute custody during transaction settlement requires different controls than a custodial exchange offering 50x leverage trading. Undifferentiated controls either inappropriately restrict low-risk merchants or insufficiently control high-risk operations.
The fix: Classify merchants based on actual operational model using custody analysis, transaction flow mapping, and trading capability assessment per this guide. Apply model-specific underwriting criteria, monitoring frequency, and reserve requirements.
The mistake: Merchant self-describes as "decentralized" or "non-custodial", and payment processor accepts this characterization without technical verification, assuming these labels reduce risk and regulatory obligations.
The consequence: Merchants claim "non-custodial" status to avoid licensing requirements while maintaining operational control through smart contract admin keys, multi-signature arrangements they dominate, or terms of service allowing fund freezing. If the merchant can freeze accounts, reverse transactions, or control private keys, they have custody regardless of self-description.
The fix: Test custody claims with specific control questions. "Can you freeze a customer account under any circumstance?" "Can you prevent or delay a withdrawal?" "Do you possess, generate, or have access to any customer private keys?" If any answer is yes, the merchant has custody and must be licensed accordingly. Review smart contract code for admin functions and upgradeability.
The mistake: Assessing only the specific entity applying for payment processing services without investigating related domains, affiliated platforms, or shared ownership structures.
The consequence: Merchants structure operations across multiple entities to segregate legal liability, avoid jurisdiction-specific licensing, or conceal high-risk services. A "non-custodial wallet" entity may integrate seamlessly with a related offshore exchange. The payment processor's risk exposure extends to the entire ecosystem, not merely the applying entity.
The fix: Map all domains and entities controlled by the same beneficial owners or management. Assess licensing and compliance posture across the complete ecosystem. Decline merchants using multi-entity structures primarily for regulatory arbitrage rather than legitimate business purposes.
The mistake: Merchant provides money transmission licenses, and payment processor assumes full compliance and appropriate risk management without verifying operations align with license scope.
The consequence: Possession of licenses does not guarantee operational compliance. Licensed entities can operate beyond license scope (e.g., licensed for 10 states but serving customers in 40 states), implement insufficient AML controls, or operate in prohibited jurisdictions. Licensing is necessary but not sufficient for risk acceptance.
The fix: Verify operational compliance in addition to license possession. Check sanctions screening implementation, transaction monitoring capabilities, and geographic restriction enforcement. Confirm licensed states match actual customer locations. Review regulatory examination history for compliance deficiencies.
The mistake: Focusing assessment on crypto operations (custody model, trading features) while treating fiat payment integration as standard payment processing requiring standard controls.
The consequence: We observe that fiat on-ramps, particularly credit card crypto purchases, create elevated chargeback and fraud risk compared to traditional merchant categories. Instant delivery of crypto to customer-controlled external wallets makes chargebacks completely unrecoverable. Off-ramps allowing withdrawals to unverified bank accounts facilitate money laundering and structuring.
The fix: Apply crypto-specific payment controls. Require hold periods for new customers before allowing external wallet transfers (24-72 hours is common). Mandate verified withdrawal bank accounts matching customer identity. Implement enhanced transaction monitoring specifically on fiat-crypto conversion points. Establish realistic chargeback rate expectations based on the business model and fraud controls.
Crypto merchant underwriting requires operational depth that goes beyond surface-level business descriptions. Risk teams need to determine custody structure, analyze licensing across federal and state jurisdictions, map related entities and domains, and verify compliance controls while maintaining efficient onboarding timelines.
Ballerine provides the infrastructure to make this complex underwriting process manageable. We automate license verification across federal and state registries, monitor regulatory status changes in real-time, provide risk scoring calibrated to specific crypto business models, and deliver alerts when merchant operations change or regulatory actions occur.
Our platform surfaces the critical questions from this framework directly in analyst workflows, ensuring consistent collection of custody documentation, on-ramp controls verification, and ecosystem mapping across all crypto merchant applications. We integrate with blockchain analytics providers to monitor transaction patterns and verify that operational flows match stated business models.
Learn more about Ballerine's merchant underwriting capabilities
.png){kind=logo}
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.png)
.png)
