Fintech Fall Fashion

Unique and actionable content only.

Adam Atlas Attorneys at Law laying out all the fintech and crypto that’s fit to wear this fall.

1. BAAS APIs. A Banking-As-A-Service (BAAS) API is an API that allows a fintech or other platform to seamlessly roll banking into their services. Long ago, fintechs spent millions on money transmitter licenses, then, a new generation spent hundreds of thousands of dollars to find a bank and build an integration. Now, they spend a few thousand a month to tag along one someone else’s integration. From grand-daddy Synapse to second acts like ColumnMercury and Solid, there seems to be a new API bank launched every week. While the OCC (that regulates banks) favors digitization, it and the Fed are paying close attention to these integrations and the risks they pose for consumers and banks.

2. Fintech-As-A-Service (FAAS) is the broader suite of platforms that offer more than just bank accounts, they also offer card issuing, ACH processing, money transmission, crypto custody or exchange, lending and even custody of securities. Leading institutions behind the smorgasbord of offerings are Silicon Valley Bank (for well funded startups that like the FBO model), Evolve Bank & TrustPrime TrustMetropolitan Commercial BankCross River BankSignature Bank (backing Circle‘s stablecoin USDC), Emigrant Bank and increasingly Zero Hash and Wyre along with Prime Trust for crypto-focused projects. (ps a Stablecoin laugh over here). Caselaw from these new models includes a claim concerning funds in an FBO account, a dispute over frozen fundsissues over state licensing of a trust.

3. Acquiring Consolidation. The boomer acquiring universe continues its cannibalistic consolidation which is putting more fear into market participants than excitement. Lawyers (like us) and investment bankers are, however, earning great fees. The payfac was supposed to spur creativity in acquiring. Payfacs have sometimes had a hard time competing against dominant players like PaypalStripe and Adyen. It seems payfac has settled into a new onramp for ISOs. The payfac model did spawn a clutch of platform integrations that help new payfacs avoid the high cost of tech including PayrixFinix and Infinicept and it gave new life to established gateway platforms like NMI. Btw, congrats to our alumni USAePay and IRISCRM who were both recently acquired by NMI. Everyone and their uncle has an issuing program now, so we won’t reheat that story in this update.

4. Privacy-As-a-Service. PAAS is tomorrow today; it is the first tangible step towards the inevitable automation of law. Why pay us piles of money to read the CCPA and GDPR rules when you can have it done for you on subscription. (Btw, US entities that hold data on EU persons need to comply with GDPR.) We are only too pleased to allow this part of our practice to be automated. As with sanction screening automation privacy policy and practice automation is a step in the right direction. We expect this to eventually become mandatory. Don’t worry, we’ll find another way to add value. 

5. Crypto Winter II: Featuring the Coldest Rug-pulls Ever! When our tally of frozen or lost crypto in the current winter reached $83 billion, we stopped counting. Implosions of CelsiusVoyagerLuna and others are comforting to the platforms that are taking the long route by spending millions to pick up and maintain state money transmitter and virtual currency licenses. As hodlers burn their furniture to keep warm and run their mines this winter, our Altas (haha) of now has a bit on Crypto Skeptics for a few laughs under the blankets: Tolly McTrollface was the pioneer in that space and is now being succeeded by Amy Castor her partner David Gerard, the Crypto Critics’ Corner podcast by
Cas Piancey and Bennett Tomlin
 and a handful of others. No fintech movement is complete without an association, so the crypto skeptics have one also – the Center for Emerging Technology Policy. They also had what Cointelegraph called a ‘haters’ conference which was as funny as it was serious and really a perfect way to begin a plummet to the next bottom.

6. Oh Canada! Thanks to the freedom convoy of truckers, there has been a lot of clucking about increased regulation of payments in Canada. Four highlights emerge: (1) Oddly, Crowfunding platforms need an MSB registration – even if they do not touch funds. (2) Payment processors are supposed to call Fintrac (which now has a youtube channel) and ask if they are MSBs or not; Canadian MSB law and regs are not clear enough, hence the need for a regulator judgment call on each model. (3) Sometime in the next year or so, payment processors (MSB or not) and MSBs will have to register with the Bank of Canada under the new Retail Payments Activities Act. (4) We’ve summarized Canadian crypto law here.Please say hi to us at Money2020 Oct 24-24, we spent all our tooth fairy money on admission.Adam Atlas Attorneys at Law is licensed in New York and Quebec. This email is ATTORNEY ADVERTISING. Nothing in this e-mail should be construed as a legal opinion or commentary on laws other than in the two jurisdictions where the author is admitted.

 Adam Atlas Attorneys at Law Fintech Toolbox   Payments Business Ideas

Adam Atlas Attorneys at Law

What to be Thankful for in Payments and Crypto

At Adam Atlas Attorneys at Law we are thankful to our clients for engaging us for legal advice in support of their visionary ideas.

1. Digital Payments Explosion. With Covid rendering cash dirtier than usual (‘lol’) nearly everyone in electronic payments is breaking records, including AmazonShopifyPaypalAdyen and Square. Rapid migration from f2f to online sales has created a lot of activity for new and existing payfacsISOs and other payment processors.

2. Wirecard. Other than producing one of the top three payments videos of all time (the other two being about lawyers who help launder money and the unforgettable and classic bitconnect video), the Wirecard fiasco has given all investors and payments companies alike a stiff reminder that they too must answer to reality. It has also created opportunities for investors to pick up some of the good parts of Wirecard.

3. Cryptocurrency Enforcement Framework from the U.S. Department of Justice. Author of the framework, Attorney General William Barr said, “Cryptocurrency is a technology that could fundamentally transform how human beings interact, and how we organize society.  Ensuring that use of this technology is safe, and does not imperil our public safety or our national security, is vitally important to America and its allies.” To that end, the framework sets out the threats, illicit uses and enforcement strategies under the law. Here is a short summary of the framework. At a minimum, crypto businesses should adhere to BSA best practices in AML and risk mitigation and take advantage of the many third party services that help scrub addresses and users for sanctionsdark web and illegal activity.

4. DeFi. For those who missed Bitcoin’s early leaps in value, or the ICO moment, there is now DeFi. Decentralized finance platforms, such as Uniswap and Curve offer the theoretically irresistible opportunity to eliminate centralized exchanges and their fees by allowing users to trade peer-to-peer at a discount through secure and trustless contracts mostly on the Ethereum blockchain. Meanwhile, liquidity providers for the platform earn fees (governance tokens) in consideration for allowing their assets to serve as liquidity in the decentralized exchange. Here is a list of the sixteen largest DeFi platforms together with some notes on them. Like all new crypto services, DeFi has had a handful of blunders, such as the hack at Harvest and the other hack at bzx. A lot of legal work remains to be done (by us 😉 on these platforms.

5. Banks Taking Crypto. The OCC has published guidance expressly permitting banks to accept fiat as reserves for stablecoins. This is a tip-of-the-hat to stablecoins that have already been licensed in states like New York are building impressive balances and backing eye-watering transactions on a daily basis. The OCC guidance does not, however address the many stablecoins that do not track who actually holds them, in the way that a bank account tracks who holds an account.  Wyoming has become the darling of crypto by granting charters to Special Purpose Depository Institutions that can take Bitcoin and other crypto on deposit. There is no news on whether those institutions will end up also needing other state MSB licenses as some other trusts have learned. Here is our running tally of – there are 5.

Wishing you a very Happy Thanksgiving and Holiday Season!

Financial Services Essential; Force Majeure And More For Payments And Crypto In Covid

First, we wish you and your team the best of health and safety at this difficult time. 

While keeping a distance from people, getting up close and cozy with digital payments is the order of the day.

1. Financial Services are an Essential Service. If you wish to confirm the local legal status of your payments or crypto business, please refer to our list of all state-level banking department orders to the effect that payments are an essential service. These state-level updates mirror action taken at the federal level, including the Federal ReserveCFPBCSBS and CISA.

3. Stimulus for Payments Businesses. The Coronavirus Aid, Relief and Economic Security (CARES) Act, of March 27, 2020 provides $2 trillion in funds for the economy, some of which are accessible to payments businesses.  There is $349 billion in low-interest, forgivable loans for small business and 1099s may be eligible for up to 39 weeks of benefits.The Green Sheet has published an article discussing this topic as it relates to ISOs.

2. New York – Financial Services in the Empire State.  Our thoughts are with New Yorkers who are right now weathering the eye of this storm. New York Governor Cuomo instituted Executive Order 202.6 on March 18, 2020. The Executive Order extends the provisions of Executive Order 202 which declared a state of emergency in New York state. Under E.O. 202.6, any essential businesses in the state will not be subject to the mandated restrictions including work from home mandates and reduced work forces in order to limit the spread of Covid-19. “Banks and related financial institutions” have been included in the enumerated essential business and services in E.O. 202.6. The guidance includes banks, insurance, payroll, accounting and services related to financial markets. Businesses may also apply to be deemed essential by the Empire State Development Corporation.Since it is not explicit that money services businesses qualify as essential services, it is recommended that any money service business operating in New York state apply to be deemed an essential service. 

The application is a one page form, where the applicant must include:
Contact information
Number of employees 
Description of business
Description of why business fits within the parameters of E.O. 202.6

E.O. 202.6 can be found here.
The application form can be found here

Executive Order 202.9, dated March 21, 2020 gives powers to the Superintendent to promulgate emergency regulations for the period of the emergency that the fees for using ATMs, overdraft and credit card late fees may be restricted or modified to take into account the financial impacts on New York consumers and the safety and soundness of the licensed or regulated entities. 

3. Force Majeure Clauses in Payments and Crypto ContractsSadly, because of the Covid-19 pandemic, some participants in the payments industry will be unable to meet their contractual obligations. The purpose of this newsletter is to give some guidance to people on either side of that terrible turn of events.  Specifically, I want to discuss force majeure clauses that are the clauses that are most likely to apply to a pandemic-caused contractual default.

Force Majeure Clause

The force majeure clause in contracts is usually buried in the general provisions at the end of the agreement and is rarely negotiated or even read. The pandemic has suddenly given great importance of force majeure clauses. Case law borne out of this pandemic will be cited for decades to come.  

A typical force majeure clause in a payment processing agreement reads as follows:

“Force Majeure.  No Party shall be liable for any default or delay in the performance of its obligations under this Agreement if such default or delay is caused, directly or indirectly, by an Act of God, fire, flood, earthquake, conditions or events of nature, war, terrorism, riots, pestilence, civil disturbances, work stoppages, equipment failures, power failures, governmental orders, or any other similar cause or event beyond the reasonable control of the affected party (provided the non-performing Party is without material fault in causing such default or delay).”

The key legal question when facing a force majeure clause is to determine whether it relieves the party of default for non-performance. In other words, but for the force majeure event, would the failure of the party place them in default. For example, without a tornado, I would have delivered the garden shed you ordered. Because of the tornado, I can’t.

Force majeure clauses in contracts are included to allow one or more parties to an agreement to not fulfill their obligations should certain circumstances arise. The event contributing to the application of the force majeure clause should not only be unforeseeable, but also beyond the control of the parties. Unforeseeable here, means unforeseeable at the time the contract was entered into. As in the typical clause example above, force majeure clauses outline the types of situations where the clause may excuse non performance. Since such clauses are a construct of the parties, the meaning and scope shall be those given by the parties in creating the agreement. Where clauses are lacking or where there is room for interpretation, courts will apply common law principles. 

What if the force majeure clause does not list ‘pandemic’?

Many drafters of force majeure clauses include “catch-all” phrases to extend the provision to non-enumerated situations by including words such as “other” etc. Courts tend to apply the ejusdem generis (Latin for ‘of the same kind’) theory when determining if a given situation fits within the catch all phrasing. Ejusdem generis dictates that when general terms follow an enumerated list of two or more items, then the general terms must apply only to items of the same class as those enumerated. The potential application of ejusdem generis to a force majeure clause must be kept in mind not only when drafting such clauses, but also when formulating argumentation to either defend or argue the non-applicability of a force majeure clause. 

When analyzing force majeure clauses, courts will often ask three questions:

  • Is the event in question a force majeure event (as defined by the clause)? 
  • Was the event beyond the reasonable control of the party evoking the clause?
  • How does the event affect the obligation the party is seeking to be excused from? 

Case Study 1: ISO can’t make minimums because of Codiv 19

Taking an extreme but illustrative example, if an ISO has focused on selling merchant services to amusement parks, and all amusement parks are closed by order of the state, even if the force majeure clause in the ISO agreement does not expressly mention pandemics, generic wording on factors beyond the control of the ISO would likely support the ISO in being relieved from its liability for minimums. Most ISOs, however, do not sell to only amusement parks, and will face a challenge of proving that the circumstances are a force majeure, in particular given that online sales are surging right now.

Case Study 2: Crypto platform inoperable because of Covid-19.

Suppose key officers (e.g. CIO, CCO) at a crypto wallet or exchange were all out of action because of Covid-19 for an extended period of time. Suppose as well that, despite having (often legally required) disaster recovery and business continuity plans, those plans were ineffective because other key personnel were out of commission. The crypto business grinds to a halt.  Customers will be frustrated because they are not able to get support or possibly access their assets. Here, a court might look to the crypto operator to have had a more robust disaster recovery plan.  Assuming the problems are not caused by infrastructure (e.g. Amazon down) or orders to close by the state, the crypto business will have a harder time arguing that they were legally relieved of their obligations on account of force majeure. The reason for this is that, in this case, the causes are not external to the business. 

Cases decided on the basis of the Covid-19 pandemic will be studied in law schools for the next 100 years. I hope none of our readers are the basis of that new law.

Community Service: Pro Bono Advice on Force Majeure Clauses

As our way of giving back to the payments and crypto community that sustains us, we will provide free review of any force majeure clause in payments or crypto.

4. Stay Healthy and Safe, Electronic Payments and Crypto Surge (?), Atlas Team Publishing Tools to Help

Our whole team is actively researching solutions for the financial services sector for these difficult time and we will share all useful information as and when we collate it. (Regular readers know how much we love listscharts and more lists). In the meantime, stay healthy and safe in anticipation of (hopefully) a surge in electronic payments and crypto after Covid-19 like none of us could have ever imagined – when the crisis is over.

Adam Atlas Attorneys at Law is licensed in New York and Quebec.

US MSB Risk Assessment Tool

Fintechs spend a lot of time trying to understand their US MSB risk. Our firm believes in open source legal information. So, we created the first and only regtech AI MSB risk assessment bot tool. Give it a try and tell us what you think:

US MSB Risk Assessment Tool

The tool is not legal advice, but it might help guide early stage fintechs and help them avoid potholes.

Bank as API: Open banking in America

Bank as API: Open banking comes to America in 2020. An explanation by Adam Atlas Attorney at Law, fintech lawyer.

While the financial press is busy obsessing over WeWork and ignoring the anti-trust oligopoly forming in payments, let’s look at another topic with too little discussion in U.S. financial press: the Bank as API. Neobanking or open banking is all the rage in Europe. It’s not clear why U.S. banks have been slow to open their API’s, but one does sense the whiff of a lack of competition in U.S. banking, (a subject that is the central thesis of Thomas Philippon‘s excellent book, The Great Reversal, How America Gave up on Free Markets).

Now, in Europe, open banking starts from the premise that users of financial services have a right to compare like providers, access data and easily switch from one to another, a bit like phone service providers. In the US, the difficulty in accessing and comparing financial service data has created a market for non-bank solutions for accessing bank services such as Yodlee, providing consumers with account information, Geezeo connecting APIs of a limited set of participating banks, through to Synapse sitting between a bank and fintechs to enable fintechs to offer everything from DDAs to virtual cards with ease. There is now a run on picking up the technical slack of US banks coupled with the lack of competition in US banking that is driving a good number of new entrants. (Even we, quite shamelessly, picked-up a year ago).

(Ok boomer,) US neobanking players fall into three categories.

1. Financial Institutions where APIs Come First. These are licensed US banks, trust companies or MSBs that position API access as a key distinguishing feature. SVBBBVAEvolve Bank and TrustPrime TrustDwolla and Bitgo. The opportunity for these suppliers is that they can serve large numbers of new clients via API with assistance from fintechs as agents. The risk for these suppliers is that they may each be operating dozens of different business models that present a challenge for 

2. Technology Platforms Between FIs and Fintechs. These entities avoid taking control or possession of transaction funds and remain primarily data-only gateways Examples include Plaid and Synapse. (Some financial institutions have preferred to own the IP to the APIs that connect to their accounts, a leading example of that would be Stripe). The opportunity for these entities is to earn a piece of transaction volume without having to pay the price of being regulated entities. The risk for these suppliers is that regulators will find them to be MSBs despite their carefully avoiding possession of transaction funds. Because of their tight integration with financial institutions, these platforms make ‘classic’ boomer gateways, like and  NMI, look quaint. 

3. Fintechs. These entities navigate gingerly between avoiding regulation by relying on their financial partners (see Item 1 above) and being regulated as MSBs. These 50 or so fintechs use APIs of the FI’s identified above to operate their businesses. We have indicated which are the most likely financial services that each has outsourced to the FI indicated and they include DDA, Card issuing, ACH, crypto custody and money transmission. The opportunity for these entities is to decrease the cost of compliance (using FI’s identified in Item 1), decrease the cost of development (using technology identified in Item 2 above) and focus on the business of selling their service. The risk for these entities is excessive reliance on third parties for compliance and technology and the risk that regulators will perceive them as MSBs, even though licensed financial institutions take legal liability for the movement of client funds.

Whether the OCC clamps down on FI’s in the space or state banking regulators deem tech platforms to be MSBs, there is an overwhelming momentum in the US neobanking space that is driven by real demand for competition and variety in consumer and business financial services that we think will be met ever more in 2020. At Adam Atlas Attorneys at Law, we provide commercial and compliance advice for US neobanks, such as they may be.

Do Non-US Payment Institutions need to comply with U.S. law?

Money services businesses (such as money transmitters, prepaid card program managers, currency exchangers and providers of virtual currency) (“MSBs”) that operate outsider of the United States are likely familiar with the laws applicable to them in their home jurisdictions. Given the electronic nature of many MSB businesses, it is altogether likely that a non-U.S. MSB will wish to provide services to residents of the U.S. without having accounts, offices or any other presence in the U.S. Doing so requires compliance with U.S. law. Whether a given MSB is an MSB for the purposes of U.S. federal or state law is a matter of U.S. law. At the federal level, MSB status in the U.S. is determined pursuant to the Bank Secrecy Act (“BSA”), its regulations (“Regulations”) and the Financial Crimes Enforcement Network, of the United States Department of the Treasury (“FinCEN”). FinCEN is the U.S. equivalent of, for example, the FCA in the U.K. or FINTRAC in Canada.

An entity that is deemed an MSB under the BSA has to register with FinCEN, for AML and transaction reporting purposes and may also be required to obtain money transmitter licenses from each individual state in which the MSB has customers.

Being entirely foreign to the U.S. and having no accounts, office or employees in the U.S. does not diminish the application of the BSA to an MSB that services U.S. residents. This information often comes as a surprise to the many thousands of non-U.S. MSBs that, de facto, service U.S. residents.

By way of example, the UK money transmitter in the flow of funds described below that takes funds from a U.S. resident and forwards those funds, as a money transmitter, to a payee or recipient in Germany, is required to be registered with FinCEN and licensed as a money transmitter in the state where the US payer is located:

No alt text provided for this image

We provide more discussion of US MSB compliance at

This bulletin does not constitute a legal opinion and may not apply to your specific circumstances.

Adam Atlas Attorney at Law is licensed in the State of New York and advises on U.S. crypto and payments businesses from his offices in Montreal.

Competition in Payments

Competition in Payments

Our recent post to LinkedIn of the US Payments Family Tree generated record feedback. There is thirst for a above-the-tree-line view on who is who the payments landscape. Once upon a time, everyone read the Nilson Report that amazingly published regular figures on the volume of processing at each US acquirer. Divining competitors is not that easy anymore. Here are a few reasons why the competitive landscape is more complex and interesting:

1. ‘Big hat, no cattle’ processors. With bountiful capital (2017 fintech investments $31 billion2018 $39.6 billion and the first half of 2019, $27.9 billion), fintech startups have had the luxury of being unprofitable. Square and Stripe exemplify fintechs for which profit is a difficult question. Possibly profitless market-leaders like UberAirbnb and WeWork had investors mesmerized by the idea of losing a lot of money for a chance to capture a whole market. It’s hard to assess competition in payments when some of the ostensibly largest players do not answer to the real world of profit. All that glitters is not gold; some of the putative payment market leaders might not be real-world leaders.

2. Eventually, price matters. A lot of merchants operate on very thin margins, with pre-tax profits close to 3%. Processor fees such as Square 3.5%Stripe 2.9% and Shopify 2.9% are perhaps not sustainable even if they do excel at UI and service. Operating on ever-tigher margins and in a potentially recessionary economy, merchants might tire of easy-to-use, but expensive processing in favor of the old standards, like First DataWorldPayTSYS, Global Payments and Elavon. Expensive competitors might not last.

3. Processor Consolidation. Speaking of old standards, where there was once about 13 large US processors, now there are about half that number. The chart above keeps alive some of the old, now consolidated brands, to give you a sense of the dramatic reduction in US processing competition. The FTC has a large mandate, including its Bureau of Competition. If you are an ISO shopping for a processor, or a bank shopping for a processor for your card issuing business, or a merchant shopping for payment processing, the last year has seen a material reduction in the number of competitors for your business. The FTC has brought recent cases against fraudulent or dishonest processors, but it has yet to bring a case concerning the reduction in US payment processing. Perhaps the titans of US processing are circling the wagons in the face of competition from novel payment methods, such as crypto. Too much consolidation, however, is illegal.

4. Crypto Displacing Money Transmitters? Crypto, most prominently, Bitcoin and Ripple / XRP, have been promising to displace money transmitters and other payments businesses including. Greyscale, for example, promises to replace gold as a store of value with bitcoin, a service promoted through their now classic ‘drop gold’ video. More recently one FANG and a bunch of other gig-economy players created Libra, a kind of company-town scrip that promises more of the same. Meanwhile, the traditional remittance market and others under theoretical threat from crypto are posting losses and layoffs. Is Ripple’s investment in remittance player moneygram the reason? Probably not, but note that that investment might be fueled by excessively cheap capital in the form of Ripple’s own XRP issuance, and not necessarily by efficiency or long-term promise of profit.

5. Neobanking, Open banking, Payments as API. There was a time when a payor knew their financial institution and chose them for their brand, relationship and location. That time is over. Now, the financial service provider has been moved into the background in support of neobanking fintechs that provide the consumer-facing service related to bank accounts, card issuing, bill payment and other traditional bank services. Five examples from a growing list come to mind: Evolve Bank & Trust, a bank that is integrated with Synapse, an API platform, Prime Trust, a Nevada trust that provides both crypto and fiat custodial services, Silvergate Bank, a cornerstone of crypto banking now branded as being API driven, Cross River Bank, focusing on fintech with a history of supporting new lending models and arivalbank, that boasts reinventing the bank and an upcoming US launch. By outsourcing technology to startups and keeping the core banking function in-house, these financial institutions are perhaps in a strong position to challenge the older brick-and-mortar / brand-based banking incumbents. The key question for neobanking is, how far into the background will the OCC let financial institutions go.

At Adam Atlas Attorneys at Law, we advise on the commercial and compliance aspects of all of the above and more.

Last gasp of centralized payments: Facebook Libra and FIS Mergers

For better or for worse, centralized control of value (and values 😉 is eroding. It takes less than an hour to launch a crypto currency. For example, there are a million Adam Atlas Coin in existence. (They have no value and are not for sale.) As a defensive measure, the established players are circling the wagons (or should I say, building centralized ledgers) into various controlling portions of the market. Taken together, the market looks like it’s admitting defeat to decentralized exchanges of value (i.e. virtual currency) and attempting to extract one last round of return before a more complete paradigm shift. 

Single Suppler for Credit Card Processing?

There now exists a single predominant payment processor in the US and, perhaps, the world following the recent mergers of WorldPayVantiv,First DataBluePayCardConnect into FIS. A small band of outliers are still going it alone, including TSYSElavonPaysafe and Sage. The anti-trust implications of these mergers are substantial and we are already witnessing decreased competition for ISO relationship opportunities. None of the merged entities have an interest in competing with the others as they are all part of a predominant supplier of payment processing in the US. The competitive impacts should be monitored by merchants, ISOs, but also issuing banks that would probably prefer greater competition in transaction processing. 

Libra payment processing: Facebook and sharing economy eating from bank deposit balances

Libra is not just a way for Facebook, and its partners etc… to get an equity bump from claiming association with #crypto.  Instead, it is a way to shift payment processing floats from issuing and acquiring banks to the token hodlers of the new interest-bearing Libra securities token. Assuming substantial success for Libra, there will be a transfer of some billions of dollars of processing float from issuing and acquiring banks to the Libra Association. This indicates a win for Libra and a loss for traditional banks for payment processing. In the long-run, interest on processing floats is not a winning business model.

Libra Money Transmission: Crypto’s promise of free transmission of funds?

If money transmission were free, no one would be in the business of money transmission. The promise of Bitcoin and other virtual currencies has been to allow more or less free P2P and B2B payment transactions on a secure and fast blockchain. Perhaps because most crypto users today are wealthy western or eastern speculators and gamblers, that promise has not yet come true. Libra drives past the worldwide smorgasbord of crypto to create what its visionaries believe will marry the best of crypto technology together with their omnichannel ability to tip the scales into their network of users.

It won’t be long before exchanges will pair Libra with USD and Bitcoin, making Libra just another stablecoin – but more complicated than those pegged to the USD. The irony of Libra and all crypto-based money transmission models is that, logically, they should become ever more efficient and therefore ever less profitable per unit transacted. In money transmission, Libra is a race to the bottom of fees. The bottom, of course, is crypto itself where fees are negligible (on some chains).

Facebook and the other partners in the Libra Association might generate more value by simply enabling existing crypto on their networks and focusing on the value they add – i.e. sharing of data, sharing of cars, sharing of rooms.


If we look at the FIS consolidation of payment processing, we see a defensive strategy by processors to fend-off technology-driven upstarts like StripeSquare and Paypal. Relying on legacy culture and technology, the FIS conglomerate is drawing its last bit of value from the market before capitulating to the long-term leaders in business in the form of big tech, AmazonAppleGoogle and Microsoft.  Similarly, Libra is a circle-the-wagons closed-loop crypto vision that can take the currency only so far, until faster cheaper chains displace it. In summary, the value of payment processing and money transmission is one of diminishing returns. Payments entrepreneurs of our time are stuck on replacing old toll booths (i.e. payment processing fees) with new ones (Libra float interest and fees), which has been the guiding light of payments since the invention of the credit card in 1950. Now is the best time for a new generation of payments entrepreneurs to think past the toll-booth model. Maybe Ripple and Moneygram are on to something?

5 Legal Principles for Engineers to Build into Autonomous Vehicles

Engineering law into driverless cars

Unique actionable content only from Adam Atlas Attorneys at Law.

Engineers, being engineers, might think that these early days of autonomous vehicles are their exclusive private domain for debates over lidar versus cameras or object recognition. We respectfully disagree and believe that self-driving cars should be engineered to take into consideration the following 5 legal principles.

1. Risk Assessment and Disclosure: In bio (i.e. human) driven cars, the assumption of risk by the drive for their own follies is baked into the model. Autonomous vehicles, however, will represent a different formula for the assumption of risk and drivers will expect to have the right to know the quantum of those risks.  For example, what are the chances that this car will slam into a truck, when taking into consideration the various engineering components of the car.  Unlike bio-driven cars, autonomous vehicles are able to quantify risk at every turn. It is natural, therefore, that consumers (or their lawyers or insurers) will wish to access that data. A heuristic risk assessor should be build into autonomous vehicles.

2. Privacy Controls – location. Assuming self-driving car fleets will be in constant communication with their respective manufacturers, as well as other cars on the road, drivers will wish to secure a measure of control over the data concerning their whereabouts. Today, we worry about this issue because of mobile phones that relay geolocation information to app developers. In the self-driving scenario, however, like with MAC addresses of phones, other cars and roads etc.. will be able to identify your unique vehicle throughout its whole trip. If the smart road at the end of my driveway knows my car has started to move and where it goes etc… cities will have intimate knowledge of the trips of citizens. Drivers will demand a measure of control over location data of their cars which will be housed in many locations all at the same time.

3. Privacy Controls – on-board. Many Ubers and taxis have cameras today, some are required by law. Autonomous fleets without internal cameras are very unlikely. Drivers will wish to secure a measure of control over the recording of their – often intimate – moments in self-driving cars.

4. Sanitation Gauge. By force of economics, autonomous vehicles will, to a large extent, be shared. This means that a single vehicle could transport a hundred or more people in a day. That’s a lot of sweaty passengers in a small space. Autonomous vehicle manufacturers would be at a disadvantage if they fail to build into their vehicles and the surfaces of the vehicles automated sanitation gauges to determine when the vehicle needs to be cleaned. Self-cleaning is not a bad option either for urban settings with heavy usage. 

5. Maximum Utility Platform. Given that passengers in driverless cars will have free hands and minds, the possibilities for leisure or work activities in self-driving cars are as wide as those for any home or office.  The interiors should therefore be designed for maximum utility and flexibility. One take on this is the  Mercedes Urbanetic concept. From a legal perspective, the flexibility of the car gives rise to a need for disclosing to passengers the range of safe activities and controls over preventing unsafe activities. For example, what does a self-driving car do when it detects that a firearm has been discharged in the car; should it divert to the nearest hospital or police station? Should it lock the passengers inside or eject them. These are all questions that require coordination between engineering and legal advisors at the earliest instances of the design stage.Having advised in electronic transactions for 15 years, Adam Atlas Attorneys at Law is pivoting to engage with the self-driving and autonomous vehicle designers to learn from them and plan for a legal framework supporting the new transportation network they are building.

Nothing in this email should be construed as legal advice Adam Atlas Attorney at Law is licensed in NY and QC.

Adam Atlas Attorneys at Law

50 Shades of AI Data

As we at grapple with legally allocating rights, obligations and risk in AI, we realized that we have to invent new legal classes of data to set the expectations of consumers, startups and regulators.  Here are some rough categories to get this conversation going:

  1. Type of sensor present: A device, like a door knob, that seemingly has no interest in temperature, might still contain a temperature sensor, placed as a sleeper sensor to be activated much later in the life of the product for purposes not yet imagined at the time of manufacture.  Manufacturers wish to keep a degree of secrecy concerning the sensors that are in their products.
  • Sensor degree of precision: This data set logs the degree of precision of a sensor.  For example, an accelerometer in a car can be more or less sensitive, which information is, of itself, valuable.  A vehicle manufacturer might not want to reveal that its accelerometer is less sensitive than one used by a competitor.  Therefore, data concerning the precision of sensors is to be treated as a distinct category of data subject to its own set of confidentiality parameters.
  • Raw sensor data: This is the data collected by sensors in vehicles, fridges, homes, wearables etc…  We are having to define who owns this data from its point of origin – i.e. from the sensor onwards.  Does the sensor manufacturer have rights in that data even though it is not involved in the larger product being produced?
  • Sensor-device correlation: This data set includes the sensor and the type of device in which it resides.  Here the data takes it’s first dive into depth because mere device / sensor correlation triggers a number of safe assumptions and accelerates triangulation on the ‘big picture’ of the subject. For example, windspeed indicator in an airplane is a fact that is, in and of itself, rich.
  • Sensor-subject correlation (objective): This data reveals that the sensor is tracking data for a person, but not the identity of that person.  Consider a temperature sensor on a city bus, used to track the temperature of commuters in order to assess the spread of a fever in a community.
  • Sensor-subject correlation (subjective): At the moment, this is the most sensitive dataset, as it connects data to an identified individual.  At the moment, this is considered highly valuable as it can be exploited to ‘hack’ the consumer into making one or another decision.
  • Sensor-subject correlation – community-wide: This is really just a large sample of subjective sensor-subject data, giving the controller the ability to peer into the data of a cohort of people and predict community-wide events.

Regardless of where your data set resides, it’s important to frame its legal status, otherwise you risk breaching the privacy rights of individuals or giving up commercial opportunities in the data you encounter.  At Adam Atlas and his colleagues are busy parsing the data sets to help document who owns what, no-matter the shade.

drive-by-wire law

Fintech Payments and Crypto Research Links

Links to just about everything in fintech

We have advised hundreds of clients across almost all business models new and old. This site is not legal advice; it is information only. You should obtain qualified legal advice prior to operating any money services business (MSB) or virtual currency business (VCB).

In addition to compliance information, we also want to jog your payments innovation creativity through our site.

We are proud to lead the preeminent open-source payments law practice where sharing information related to payments regulation is one of our core principles.  By way of example, here is what we learned at the most recent Emerging Payments conference in Washington, D.C.

The Atlas Payments Data Vault, a treasure trove of information on regulators, laws, banks, lawyers, consultants, MSBs, VCBs, surety bonders and everything else you are likely to need in getting your payments business going.  Adam was perhaps the first lawyer to accept Bitcoin as a form of payment.

Visite también nuestro latinoamericano blog de empresa de servicios financieros aquí: Centros Cambiarios y Transmisores de Dinero.

U.S. Federal Registration of Money Services Businesses (MSB) with FinCEN

With few exceptions, each money services business (MSB) must register with the Department of the Treasury. Virtual currency businesses (VCB) may also be MSBs requiring registration. Note that failure to register when required to do so or obtain necessary state licensed, can lead to jail time. A person that is an MSB solely because that person serves as an agent of another MSB is not required to register. US Federal registration is done through the Financial Crimes Enforcement Network of the United States Department of the Treasury (FinCEN).  Registering with FinCEN is very easy, takes about 20 minutes and can be done through the BSA E-Filing System, described below.Here is the contact information for FinCEN:

FinCENTel: 800-767-2825Email:

FinCEN BSA E-Filing System
Entities that are registered with FinCEN are required to maintain and AML program and make filings with FincEN under the US Bank Secrecy Act. Such filings must be electronic and made through the BSA E-Filing System.  If you are an MSB, you must register with FinCEN.

New to FinCEN? 

If you are an MSB (to be confirmed by advice from a lawyer) after registering a supervisory user, through BSA E-Filing System, you will have to complete a Form RMSB – Form 107. Its hard to find that form on the FinCEN website, so we have provided one here so you can actually read it before completing it online.

The online version of FinCEN’s Form 107 is not the same as the one cited above. Here are instructions on how to complete the ‘real’ online version of Form 107.

Other reports that must be filed through this system include, but are not limited to: 

  • Currency Transaction Report (FinCEN Form 104) (CTR)
  • Designation of Exempt Person (FinCEN Form 110)
  • Suspicious Activity Report (Form TD F 90-22.47) (SAR)
  • Suspicious Activity Report by the Securities and Futures Industries (FinCEN Form 101)
  • Suspicious Activity Report by Money Services Business (FinCEN Form 109, formerly 90-22.56)
  • Suspicious Activity Report by Casinos and Card Clubs (FinCEN Form 102)
  • Currency Transaction Report by Casinos (FinCEN Form 103, formerly 8362)
  • Registration of Money Services Business (FinCEN Form 107)
  • Report of Foreign Bank and Financial Accounts (Form TD F 90-22.1)

Discussion of these forms are available here.

Bank Secrecy Act (BSA)
Money services businesses (MSBs) and other financial institutions serving the United States are regulated, in part, by the Federal Bank Secrecy Act (BSA) and its regulations, Chapter X–Financial Crimes Enforcement Network of the United States Department of the TreasuryThe Federal Deposit Insurance Corporation (FDIC), maintains a useful set of links to 31 CFR Chapter X. Here is another set of the same US Federal regulations.
FinCEN Rulings and Guidance

FinCEN has a collection of published administrative rulings that give us an understanding of some of the rules concerning which kinds of businesses should and which need not register as MSBs with FinCEN.

Our firm has published a summary of most of FinCEN’s guidance if you are interested.

Bureau of Consumer Financial Protection (BCFP) 
(f.k.a. CFPB)
The BCFPis a U.S. government agency that makes sure banks, lenders, and other financial companies treats consumers fairly.
The BCFP requires that as of February 7, 2013, all providers of international remittances issue to the senders thereof receipts that contain certain prescribed information.

Payments businesses should monitor BCFP regulation as it may creep into areas of payments that were previously unregulated.

State MSB Licensing

Here is a map with basic information for all state MSB regulators.

Most states require money services businesses operating within their territory to be licensed with the state banking department.  Note that many states also require registration of foreign MSBs that transact with their residents.  For example, money transmitters with no physical presence in New York that transact with residents of New York must be licensed in the State of New York.
The Nationwide Mortgage Licensing System (NMLS) offers a portal through which many states are cooperating to provide a single portal through which applications for money services businesses may be made.  Here is the way to find which states participate in the NMLS system for money transmitter applications.

Adam Atlas Attorney at Law maintains a 50-state database on the rules applicable in each state related to MSBs.  State regulators remain the arbiters of which entities may be licensed within the state. Below are links to the various state regulators:

State Regulators and other useful state information

CaliforniaGreat memo on current CA issuesCA Licensees or Atlas List, there are only about 86. Note that the California DBO site invites potential applicants to arrange for a pre-filing interview. The site is silent on the fact that prior to that interview, the proposed applicant must first submit answers for certain pre-file questions, that are not posted on the site. So, as a first step in California, remember to ask for the latest version of the ‘pre-file questions’ otherwise it will not likely be possible to schedule the pre-filing meeting.
FloridaFL Licensees
Idaho – Apply through NMLSVirtual currency interpretation in Idaho
IllinoisIL Licensees
Kansas – Apply through NMLS (soon, not live as of April 2014)
Kentucky – Apply through NMLS
Maryland – Apply through NMLSMD Licensees
MassachusettsMemo Re Foreign Correspondents
New Hampshire – Apply through NMLS
New JerseyNJ Licensees
New Mexico
New YorkNY RegsNY Licensees (DFS) or Atlas List, there are only about 86
North Carolina
North Dakota Apply through NMLS
Oklahoma – Apply through NMLS
Oregon – OR Licensees
PennsylvaniaPA Guidance Letters – Apply through NMLS
Rhode Island – Apply through NMLS
South Carolina – yes you need a license here now.
South Dakota
TennesseeTN Licensees
TexasTX LicenseesTX Law and GuidanceTX DOB on Bitcoin
Vermont – Apply through NMLS
Washington – Apply through NMLS
West Virginia

MSB Status is the best source for comprehensive MSB status of any U.S. entity. Alternatively, you can search NMLS and about 25 other sites one by one to fetch the MSB licensure status of an entity. reports include data from:

  • FinCEN
  • NMLS
  • CFPB
  • US Safe Harbor
  • FINTRAC and other sources.

Payment Processor Exemption to MSB Status. If you are wondering about the difference between a payment processor and a money transmitter, please see this chart we did to help explain,  The payment processor exemption does not work in all states and does not work for all processor models. 

MSB and AML Compliance Associations

Conference of State Bank Supervisors (CSBS) – founded in 1902Money Transmitter Regulators Association (MTRA)
Multi-State MSB Examination Taskforce (MMET)
The National Money Transmitters Association (NMTA)
Digital Asset Transfer Authority (DATA)
The Association of Money Services Compliance Officers (AMSCO)
Association of Certified Anti-Money-Laundering Specialists (ACAMS)
The Association of Certified Financial Crime Specialists (ACFCS)
Money Services Business Association (MSBA) – founded in 2015

European Payments Council
Association of UK Payment Institutions
International Payments Framework Association
Global Payments Forum, a NACHA International Payment Forum
International Compliance Association
International Association of Money Transmitter Networks
Canadian MSB Association
International Fund for Agricultural Development (IFAD) – UN

Am I an MSB?

Your MSB status or VCB status is a matter of Federal and State law, and should be ascertained by advice from a qualified lawyer.

We maintain that we hope will jog your creativity and see some models that are MSBs and some that are not.

Marketplaces (many of which we list here), being more the norm and less disruptive, are asking themselves if they are MSBs or not on account of their handling money for their participants. Depending on how they are structured, the result will be MSB status or not.

Is an E-Wallet a Money Transmitter?
Most likely, yes.

FinCEN has finally published guidance on this very issue.

This is the single most frequently asked question in MSB compliance today.  Some e-wallets are categorized as providers of prepaid access within the meaning of the FinCEN Prepaid Access Final Rule, which is summarized here, while others are registered with FinCEN as money transmitters. The definitive answer to this question lies in the applicable federal and state law in each of the states in which you propose to operate your e-wallet. That said, the ability to: (i) load real currency into an e-wallet; (ii) maintain a balance; (iii) transfer e-currency between users; and (iv) unload e-currency and convert it to real currency, together, would most often fall within what state regulators would characterize as a prepaid access provider or money transmitter.  Given that the definition of a prepaid access provider is relatively new (2011), we have only seen a handful of entities claim that that is their primary activity, most of which are classic prepaid branded card issuers or sellers.

We recently published an article on the MSB status of e-wallets in the E-Finance and e-Payments Law and Policy.

Lists of MSBs, VCBs and Other Payments Businesses
Entities Registered with FinCEN

Atlas list of money transmitters licensed in New York and California, there are only about 87 in each of those two states.

There are about 38,859 MSBs registered with FinCEN, but that number includes many duplicate registrations for multiple entities each with common ownership or a common brand.  Below are examples of entities that have had multiple money transmitter licenses. For fun, we provide links to the MSB license disclosure for each entity:

FinCEN maintains a list of all US registered MSBs, that can be searched here.

P2P Payment Platforms

Here are a sampling of some of the many P2P payment platforms:

Payfacs / PSPs / TPPs That Became MSBs

The Payment Facilitator or Payment Services Provider were created by the payment networks, like Visa and MasterCard, to expedite the boarding of smaller merchants.  Payfacs contract with the merchant (payee) not so much with the customer (payer). The model, however, proves to be of limited value to some who want to offer customers more flexibility. We have therefore seen an evolution of payfacs into MSBs in the following examples:

Payments Business Ideas

The best place for a survey of new payments ideas is A lot of models have already been thought of. That said, payments businesses usually succeed on sales and marketing, not on the idea alone. Of a hundred people with the same idea, perhaps only one will make it profitable.Crypto / Virtual Currencies / Digital Currencies

Virtual currency business (VCB) is the term used way back in July of 2014 by the NY DFS to describe businesses operating in the virtual currency space, and it is a term that we believe is likely to stick.  A VCB may or may not be an MSB, depending on which law you are interpreting.

Banks, investors and consumers are not wasting their time in learning about virtual currencies. Some believe that virtual currency will completely displace traditional ‘real currency’ issued by sovereign states. While that scenario is far flung for now, it is not hard to imagine a near future where a substantial portion of world economic activity takes place through virtual currency. Communication and commerce are international and instantaneous, banking is not. The contemporary disconnect between the reality of peoples personal and consumer lives, that are essentially instantaneous, and their banking activity that is subject to delays and fees that bear no connection to the cost of the underling service (transfer of digital value) sets the scene for virtual currency to now take deep root in the economy of the world.

Virtual Currency Toolbox

Everything you wanted to know but couldn’t didn’t want to waste time finding:

Virtual CurrenciesVirtual Currency WalletsVirtual Currency Exchanges

Our firm also has a subscription service through which clients can obtain an MSB risk assessment of various crypto models in all 50 states, updated monthly.

Note that virtual currencies, such as Bitcoin have also been associated with substantial and very serious criminal activity, as in the case of SilkRoad, accessible through the anonymous browser Toras reported in the New York Times. The most popular virtual currency is Bitcoin.


Bitcoin (比特币) is the leading virtual currency and is thought to be invented by a mysterious Japanese mathematician by the name of Satoshi Nakamoto. Bitcoin is a virtual currency that is more or less anonymous and de-coupled from traditional banking.  Bitcoin is created by using CPU time and energy.  The algorithm by which it exists dictates that there shall be no more than 21 million Bitcoin  when all mining is complete – which has not yet occurred.  This makes some believe that it is destined for a monumental and colossal leap in value as the supply comes to a definite halt. Bitcoin operates, de facto, largely in the unlicensed arena. Here is a site that helps explain Bitcoin. The Bitcoin marketplace is interesting from an academic perspective, because it serves as a nexus for interesting debates between libertarians, anti-statists, statists, privacy advocates and others.  The efficiency of Bitcoin, being a means for the free and secure exchange of value, poses challenging questions for (a) traditional banking that offers the same service, but at enormously higher costs; and (b) law enforcement that has a legitimate right to oversee suspicious activity in the financial system.  There are competing visions for the future of Bitcoin. Some see it replacing ordinary currency, others see it as simply another currency destined to be mined for fees interest etc… like existing currencies. Like all forms of exchange, Bitcoin has value only because people believe that it does.

Watch Bitcoin traded live and in real time here.

Bitcoin Investment Vehicles

Bitcoin Payment Processors
A Bitcoin payment processor often allows a merchant’s customer to make payment in Bitcoin and then settles to the merchant in Bitcoin or real currency, such as USD.

Bitcoin Vending Machines

Bitcoin Charts and current exchange rate

Bitcoin ‘Malls’ and Directories

Initial Coin Offering (ICO), Initial Token Offering (OTP) are like an IPO, but without the regulatory compliance of securities laws. It’s very easy to raise money with an ICO and there are hundreds of ICOs. The legality of a given ICO depends on a number of factors including whether the buyers expect a return on their investment.

Is an ICO legal? Check our our ICO legal hit or miss list here to see how some of them are doing.

Many ICOs are either securities or MSBs providing prepaid access. In order to escape one of those two classifications, quite a lot of legal thought needs to go into the piece.


Neobanks are small banks, bank-like services or resellers of limited bank services which present an alternative to traditional big-bank banking with annoying fees, like overdraft fees etc… Some examples of neobanking players include:


Is a neo-bank a regular bank with a better UI or something else entirely? Time will tell.  Note that use of the term ‘bank’ or ‘banking’ is legally restricted to entities that are actually banks, so tread lightly with those terms.
Office of the Comptroller of Currency (OCC)

The OCC charters, regulates, and supervises all national banks and federal savings associations as well as federal branches and agencies of foreign banks. The OCC is an independent bureau of the U.S. Department of the Treasury.

Banks that open bank accounts for MSBs have to prove to the OCC that they have adequate AML / CIP / KYC and risk mitigation programs in place to provide banking services to MSBs.  The OCC’s Bank Supervision Process Comptroller’s

OCC Special Purpose National Bank Charters for Fintech Companies

Why become an MSB with the need to be licensed in 49 states when you can get a single special purpose national bank charter? This is the opportunity presented by the Office of the Comptroller of Currency on December 2, 2106.

For full instructions on how to get one of these charters, see the Comptroller’s Licensing Manual.

The basic requirements for a special purpose national bank charter for a fintech company are:

  • National Bank Act Charter
  • Robust, well-developed business plan
  • Good governance structure
  • Capital commensurate with the risk and complexity of the proposed activities (including on- and off-balance sheet activities). Because these banks do not make loans or rely on deposit funding, the OCC typically requires them to hold a specific minimum amount of capital, which often exceeds the capital requirements for other types of banks.
  • Liquidity. In assessing the liquidity position of a proposed bank, the OCC considers a proposed bank’s access to funds as well as its cost of funding. Some key areas of consideration include projected funding sources, needs, and costs; net cash flow and liquid asset positions; projected borrowing capacity; highly liquid asset and collateral positions (including the eligibility and marketability of such assets under a variety of market environments); requirements for unfunded commitments; and the adequacy of contingency funding plans.
  • Compliance Risk Management. 
  • Financial Inclusion. These principles include “encouraging” the national bank “to provide fair access to financial services by helping to meet the credit needs of its entire community” and “promoting fair treatment of customers including efficiency and better service.”
  • Revery and exit strategies.
  • Internal audit systems.

The OCC is welcoming comments on the proposal until January 15, 2017 at

Lots of discussion of this OCC proposal from American BankerWSJBloomberg and NYT, December 2, 2016.
Cyber Security Program (CSP)

As financial institutions and gateways to the financial infrastructure, MSBs are expected to make appropriate provisions for cyber security. Most U.S. states will wish to see an MSB taking security seriously, but some have gone further and mandated that the MSB have a Cyber Security Program that meets certain prescribed criteria.

New York DFS on Cyber Security Program

New York is the first state in the U.S. to adopt an explicit requirement for MSBs to have a Cyber Security Program:
March 1, 2017New York MSBs must have a Cyber Security Program.  
Getting a Bank Account for an MSB
Once licensed, the hardest task for a new MSB is to obtain a commercial bank account.

If a bank refuses to bank you because you are an MSB, show them this guidance from FinCEN saying that banks are not supposed to reject clients just because they are MSBs.

We believe that  the following banks have, on some occasions, provided banking services to MSBs, you’ll have to ask them to find out for sure.

  • Key Bank
  • Mellon Trust of New England
  • Sterling Savings Bank
  • US Bank
  • Wells Fargo Bank
  • TwinStar Credit Union
  • Bank of America
  • Mountain Pacific Bank
  • West Coast Bank
  • South Sound Bank

These banks have attended the National Money Transmitters Association events and they are familiar with transmitters:

We do not have any referral relationships with any banks, but if you call the above banks, please mention where you learned about them.

Marijuana Payments Law

It is a U.S. federal crime to process payments in the U.S. related to marijuana because marijuana is restricted under the U.S. Federal Controlled Substances Act, at Schedule I. Our firm does not advise on marijuana payments law.

FinCEN has published guidance setting out the specific kinds of due diligence and risk assessments required of financial institutions that wish to service marijuana businesses.  This is just the beginning of an evolving body of law that navigates between Federal and state law related to marijuana.

Marijuana Payments in the News

US State Sales Tax for Online Sales
It has become common for US merchants and marketplaces that service US buyers and sellers to collect US state sales tax and remit it to US state departments of revenue.  There have been various efforts in the U.S. Congress to adopt national legislation on this topic, but none are yet in effect. Retailers and marketplaces, however, are not waiting as the penalties for non-compliance can be very substantial.

A leading, automatic and free solution for this issue is TaxCloud.
International Money Services Business Regulations
Some of the key national regulators are listed here.
Mexico and Latin America

Visite también nuestro latinoamericano blog de empresa de servicios financieros aquí: Centros Cambiarios y Transmisores de Dinero.

The Federal Mexican AML agency is Unidad de Inteligencia Financiera(UIF).
Canada Federal FINTRAC MSB Registration

 Handbook sets out these requirements. All OCC enforcement actions can be obtained here.  
The regulatory framework for MSBs (money services businesses) in Canada is much simpler than in the United States. With some exceptions, there are few provincial licensing requirements. There is, however, a Federal agency called Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) that requires registration of certain MSBs.

Financial Consumer Agency of Canada
The FCAC (like its US counterpart, the CFPB) was created to bolster regulation of consumer financial services, but its mandate has gone further into merchant-facing credit card payment processing, in part through the Code of Conduct for the Credit and Debit Card Industry in Canada.
Payments businesses operating in Canada, should monitor CFPB regulations as they may creep into previously unregulated payments markets.

Canadian Provincial MSB Licensing
In Canada, government has effectively outsourced protection of the financial system to banks. It is relatively easy to become registered with FINTRAC and licensed in the one Canadian province that requires MSB licensing, Quebec.  Opening a bank account for an MSB, which is necessary for its operation, is however, very difficult. Be weary of Canadian banks that put MSBs through long account-opening procedures, sometimes lasting as much as a year, only to close the account because it is for an MSB.


The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is the Canadian equivalent of U.S. FinCEN.

FINTAC has published some very handy guidance here.

Quebec publishes regulations on the licensing of virtual currency exchanges.

Quebec has become the first the ten Canadian provinces to enact MSB licensing requirements.  As of January 1, 2013, all Quebec MSBs will require a license from the L’Autorité des marchés financiers – Quebec MSB Regulator to operate an MSB in Quebec. Other Canadian provinces have yet to enact similar legislation.

Virtual Currency in Canada

For the moment, it appears that FINTRAC has decided that Bitcoin is not real currency, but don’t that this as legal advice, get a written confirmation from FINTRAC before operating in Canada.  Note that operating a Bitcoin exchange in Canada that services US residents would require compliance with US law.


In order to increase efficiency in the licensing of financial services in the European Union, the European Commission has enacted directives concerning financial services within the EU.  For example, the EU E-Money Directive (2009/110/EV) (EMD)  provides for the licensing of electronic money institutions and issuers which licenses are recognized throughout the EU.

EU FAQ concerning AML.

SEPA B2B Mandate Forms.  These are the EU equivalent of a business ACH consent. They aren’t specific to payment institutions, but they are new in 2014 and frequently asked for.

United Kingdom

The Financial Conduct Authority (FCA) is the competent authority for most aspects of money services businesses in the UK under the Payment Services Regulations (PSR) of the Payment Services Directive (PSD). The UK implemented the PSD through the Payment Services Regulations 2009 (PSRs), which came into effect on 1 November 2009.

The FCA is creating the Professional Body Anti-Money Laundering Supervision (OPBAS) to bring coherence to AML rules.

Search entities registered with the FCA here.

The following are some key categories of entities of particular interest in the UK:

Rather than a surety bond (as required in US states) the FSA requires that the payments business have a certain minimum capitalization:

  • €20,000: capital required for authorization as a money transmitter;
  • €50,000: capital required for authorization as a paperless money transmitter; and
  • €125,000: capital required for authorization as another payment service.

Application for registration in the U.K. is pursuant to the The Payment Services Regulations 2009.

Singapore must be included in any serious discussion of international payments. As Southeast Asia’s banking and commercial hub, Singapore has specifically catered to FinTech.

The Singapore Stored Value Facility (SVF) regulated by the Monetary Authority of Singapore, can be used as the banking host for an international e-wallet. Here are some examples of Singapore Stored Value Facilities:
Paypal Singapore Stored Value Facility
Ripple Singapore Stored Value Facility
Citibank Singapore Stored Value Facility
SmoovPay Singapore Stored Value Facility
Paylink Singapore Stored Value Facility

The Singapore SVF is astonishingly easy to setup thanks to the efficacy of the MAS. That said, if you have an SVF and take on customers in the US, EU, Canada or other countries that license MSBs, make sure the entity is compliant with the local MSB / payment institution licensing and registration requirements. Getting ewallet banking in one jurisdiction does not make compliance with AML laws in other jurisdictions disappear.

(p.s. As an alumnus of the National University of Singapore, it’s nice to see Singapore leading in supporting Fintech innovation.)


Here is some analysis of the various payment systems in France that we have published.

Here is an article in a French law journal about Adam Atlas being one of the first lawyers who accepts Bitcoin.

Money transmission in Brazil is regulated by Conselho de Controle de Atividades Financeiras – Council for Financial Activities Control (COAF) which has promulgated an interesting COAF – RESOLUTION Nº 006, OF JULY 2, 1999, requiring independent sales organizations to comply with record-keeping and reporting requirements of MSBs within Brazil. (Ironically, the COAF site does not have a trusted internet security certificate.)

China (中国汇款,支付服务) (Money Transfer, Payment Service in China)

On 18 March 2018, China’s lawmaker, the National People’s Congress approved a reform plan for
the institutional organizations of the State Council.  According to the Reform, the regulator of banking industries and the regulator of insurance industry will be merged into China Banking and Insurance Regulatory Commission (CBIRC).

Key financial regulators in China are:

Financial Stability and Development Commission (FSDC) – reform and development
Peoples Bank of China (PBOC) – monetary policy, regulation of financial industry
China Banking and Insurance Regulatory Commission (CBIRC) – market supervision, risk
China Securities Regulatory Commission (CSRC) – securities regulation

The China Banking Regulatory Commission (CBRC) 中国银监会 used to regulate banks in China.
One of the challenges in dealing with money transmission in and out of China (中国) are the strict
restrictions on remittances (汇款) in and out of China.

One popular provider of international remittance from China is ICBC (工商银行) . 欢迎中国的汇款 / 支付公司向 Adam Atlas 进行法律咨询。(Welcome Chinese MSB / Payment companies to Adam Atlas Attorney at Law firm site.)

Rest of the World

The Bank for International Settlements, that is like the Fed for the world, has a handy list of national banking regulators.

Payments Business Modelling

When planning a payments business, it’s important to have a clear understanding of the flow of funds and who is taking risk on the loss of funds at each moment. Here is a sample 3D model to jog your imagination. You can also check out our

MSB Compliance and Civil Cases: Notable U.S. Cases

Payments business operators should make no mistake about the seriousness of U.S. law enforcement of MSB laws, such as the Bank Secrecy Act or state MSB licensing laws. Whether or not your payments business is an MSB, you should be aware of recent enforcement actions against MSB and non-MSB entities alike to see that you are not the target of this kind of case.  Here is the language of the Federal law that makes it a crime to transmit money in the U.S. without the necessary Federal registration and state licenses. Anyone who is new to the payments industry should read this section:

Title 18 U.S.C. ß 1960
(a) Whoever conducts, controls, manages, supervises, directs, or owns all or part of a business, knowing the business is an illegal money transmitting business, shall be fined in accordance with this title or imprisoned not more than 5 years, or both.
(b) As used in this section –
(1) the term “illegal money transmitting business” means a money transmitting business which affects interstate or foreign commerce in any manner or degree and –
(A) is intentionally operated without an appropriate money transmitting license in a State where such operation is punishable as a misdemeanor or a felony under State law; or
(B) fails to comply with the money transmitting business registration requirements under section 5330 of title 31, United States Code, or regulations prescribed under such section; or
(C) otherwise involves the transportation or transmission of funds that are known to the defendant to have been derived from a criminal offense or are intended to be used to promote or support unlawful activity;
(2) the term “money transmitting” includes transferring funds on behalf of the public by any and all means including but not limited to transfers within this country or to locations abroad by wire, check, draft, facsimile, or courier; and
(3) the term “State” means any State of the United States, the District of Columbia, the Northern Mariana Islands, and any commonwealth, territory, or possession of the United States.

With the benefit of the above bit of law, you can now read the following civil, criminal or other regulatory enforcement cases of interest.










May 28, 2013. Liberty Reserve is reported in the New York times as being accused of being responsible for laundering billions of dollars, conducting 55 million transactions that involved millions of customers around the world, including about 200,000 in the United States.  Principals were charged with conspiracy to commit money laundering, conspiracy to operate an unlicensed money-transmitting business, and operating an unlicensed money-transmitting business. The money laundering count carries a maximum sentence of 20 years in prison, and the other two charges carry a maximum of 5 years each.

May 28, 2013 FinCEN published a Notice of Proposed Rule Making concerning Liberty Reserve seizing its accounts and prohibiting other financial institutions from dealing with Liberty Reserve.

Dwolla / MtGox / Mutum Sigillum / Bitcoin

2013 was a big year in virtual currency law enforcement. You might say, VCBs earned their stripes in that year.  On May 15, 2013, the U.S. Department of Homeland Security seized some assets of Dwolla, a popular payment processor for Mt.Gox, the world’s largest Bitcoin exchange which is based in Japan. The amount of this seizure is reported to be $2,900,000. Here is the seizure affidavit: Mt Gox Dwolla Warrant 5-14-13.

You can also reach us through or

Here are some notes from a recent payments regulation conference.

The best place for fintech law. ® is a registered U.S. trademark of Adam Atlas Attorney at Law.

Agent-of-the-payee and Crypto Seller MSB Status

1. Agent-of-the-payee up for comment in California: On February 8, 2019, the California Department of Business Oversight published an invitation for comments on possible amendments to the California Financial Code / Money Transmission Act concerning the agent-of-the-payee exemption. The exemption allows agents of the payee to be exempt from money transmitter status if they meet certain specific criteria, including contracting with the payee and accept funds for goods or services sold by the payee and received by the payor. The good news is that the exemption itself is not on the chopping block. Instead, DBO is wondering whether key defined terms should be narrowed or more precisely defined. Specifically, “goods or services” and “receive”. The invitation distinguishes between the types of goods sold at online marketplaces like Amazon and Airbnb (see agent language for each) and other goods sold at (perhaps less popular) marketplaces that handle housing, real estate, insurance etc… Any attempt to distinguish between one kind of payee, giving some the right to the exemption and others not, will create a flurry of requests for guidance and, perhaps, niche processors that try to walk a line between permitted processing and processing that needs a license. The deadline for comments is April 9, 2019.

Agent-of-the-payee is expressly available in only a handful of states, tolerated in many other states and downright confusing the the remainder of states that take a case by case approach. At least under the BSA, the availability of the exemption is fairly clear thanks to guidance produced as a result of an enquiry by our firm.

2. Florida Bitcoin Sellers Need MSB Licenses: In the long-observed Espinoza case, on January 30, 2019, the Florida Court of Appeals has ruled that simply selling Bitcoin in Florida was equivalent to selling payment instruments and therefore requires MSB licensure under Florida law. The court held that, unlike the BSA, the Florida statute does not require transmission to a third party for MSB activity to occur. The case yields the awkward outcome that Espinoza was not an MSB under the BSA but was one under the Florida statute. This ruling contradicts a number of guidance letters from the Florida DFS holding that merely selling Bitcoin was not MSB activity, including the cases of Grapefruit and Cryptobase. 

3. All Bitcoin Sellers Must Register with FinCEN as MSBs: In direct contradiction of the Espinoza case, the February 1, 2019 case of US v. Sterkiwheld that a mere seller of Bitcoin was an MSB under the BSA. Not only does this contradict the Espinoza case but it also puts in jeopardy FinCEN’s guidance exempting investors, who buy and sell for their own account.

 4. Security Policy Case Study. The now defunct virtual currency exchange,, fell apart because its CEO passed away in India with private keys controlling $250 million of crypto. This is a case study in why payments companies (not just crypto exchanges) need security policies and disaster recovery policies. It goes without saying, that no single person should have the unique keys to substantial reserves of client assets.

Adam Atlas Attorney at Law is licensed in New York and Quebec. This email is ATTORNEY ADVERTISING. Nothing in this e-mail should be construed as a legal opinion or commentary on laws other than in the two jurisdictions where the author is admitted.  

4 Questions not to ask banking regulators

Unique and actionable content only.

State and federal regulators do excellent work in keeping up with payments models. However, some of their excellent work has led to legal dead-ends. Here are five quandaries that regulators might rather not face.

1. California DBO: Does a non-California money transmitter need a California MSB license to send money to California?

Cutting right to the chase, the California Money Transmission Act requires all those who “receive money for transmission” 2003(q)(3) “in this state”, meaning in, to or from California 2003(k) to have a money transmitters license from the DBO. So, every money transmitter in the U.S., and possibly the whole world, that sends money to California may need a license from DBO. If this were true, a lot of U.S. payments would instantly be ‘shutdown’, so to speak.

2. New York DFS: Are NYDFS-approved stablecoins being used in OFAC-sanction jurisdictions? 

[Rant Alert] Stablecoins are virtual currency backed by real currency. For example, one Tether is backed by one USD. Earlier this month, the Texas DOBupdated its very elegant memo 1037 on virtual currency regulation and included discussion of stablecoins. OFAC, other federal and state regulators and the compliance professionals who answer to them, spend a lot of time trying to prevent bad actors from abusing the privilege of accessing the U.S. financial system. In plain English, bad guys are not supposed to bank in USD or through US-licensed financial institutions. NYDFS has sanctioned the issuance of a USD-backed stablecoin. Unlike USD, virtual currency tokenized stablecoins can generally be held and transferred without a bank account or any KYC and using a virtual currency wallet. Regardless of the amount of KYC and OFAC-checking of the first buyer of stablecoin and the first redeemer (i.e. the distant-future theoretical person who finally asks for a USD in exchange for their token), it’s not clear what controls are in place in between. The ‘in between’ is where the majority of stablecoin transactions will occur and is the whole purpose of stablecoins. We don’t understand how NYDFS’ position on the majority of stablecoin transactions, some being licensed USD instruments and potentially de-coupled from OFAC oversight. In a test transaction, we were able to purchase stablecoin and send it to an unverified recipient. But don’t take my word on this, check out this news item this blog, this blog, and, humorously, this shutterstock image that, effectively, pose the same question by depicting stablecoin as an opportunity for sanction countries.

There are lots of stablecoins out there. Here are links to a handful of popular ones:

Gemini Dollar



USD Coin

Tether (ECR20)

3. Pennsylvania DBS: Why are Pennsylvania virtual currency exchanges able to hold USD in their own bank accounts without an MSB license while prepaid issuers and money transmitters need licenses to do the same? 

The Pennsylvania Department of Banking and Securities has, helpfully, published guidance answering a number of key questions concerning virtual currency regulation in the state. The guidance says, concerning virtual currency exchanges or Platforms: “These Platforms never directly handle fiat currency; any fiat currency paid by or to a user is maintained in a bank account in the Platform’s name at a depository institution. […] Under the MTA, these Platforms are not money transmitters. The Platforms, while never directly handling fiat currency, transact virtual currency settlements for the users and facilitate the change in ownership of virtual currencies for the users. There is no transferring money from a user to another user or 3rd party, and the Platform is not engaged in the business of providing payment services or money transfer services.” The language of that guidance suggests, perhaps mistakenly, that because money of the exchange is held at a bank, the exchange is somehow not a money transmitter. This is, of course, not true of other money transmitters, who require licenses in Pennsylvania regardless of where they keep their money.

4. FinCEN: Exactly where is the line between virtual currency investor (not MSB) and a virtual currency exchanger (MSB)? 

FinCEN has published excellent guidance on number of aspects of virtual currency, including key definitions, mining, investing, software, trading platform and processors. Taken as a whole, however, the guidance comes up as somewhat inconsistent on the practice of buying and selling virtual currency for your own account (as a user or investor). A person or company that buys and sells virtual currency for their own account (not involving third parties) in only two-party transactions, in any quantity, at any speed and for any volume, should naturally be exempt from MSB status. If they were not, a few hedge funds could be promptly indicted. 

Owing to the ever-growing methods of exchanging value, regulators will never achieve perfection in regulating each of them. It is perfectly normal for the ‘range of the possible’ to be much broader than the ‘range of the regulated’. That said, it is incumbent on payments businesses to help regulators understand the latest payment methods so that they can be, where necessary, subject to oversight for the security and soundness of the financial system and weed-out bad actors.


Traditional law firms keep knowledge off-line and charge for access. Since our founding in the early days of fintech, our firm has opted for an open source approach to legal knowledge and collaborative study with clients, other firms and regulators to produce a quicker and deeper understanding of issues for all. – Open source fintech and crypto information

Atlas Currency and Payments Law Updates – Unique actionable content only

Short book on becoming an MSB – MSB research tool

Payment Processor Family Tree – Everyone you would want to know in U.S. processing

Neobank and other novel models – U.S. case studies in fintech solutions

Fintech, Crypto and DeFi Glossary – For all the jargon



Is there any startup that is not a payments company?

Leave a founder and a calculator alone in a room for 10 minutes and out comes a unicorn payments company. Let’s test this theory.

1. UberDidi Kauaidi, Lyft. Uber and most of its competitors are classic biller models. Some, such as Uber, may actually be going further and becoming MSBs. The Uber Gift Card terms, for example, allow a payer to deliver up to $2,000 of value from one user to another through a promotion code. Uber still has no FinCEN registration.

2. Airbnb. Using classic biller model language, Airbnb terms state: “Airbnb Payments serves as the limited authorized payment collection agent of the Host for the purpose of accepting, on behalf of the Host, payments from Guests […].” Airbnb has had its FinCEN MSB registration since 2014.

3. Palantir. According to Techcrunch reporting, one of the three industries serviced by this big data company is the finance sector, making Palantir payments support business.

4. Snapchat. With Snapcash, a Paypal collaboration, Snapchat hops on the band-wagon of other startups eyeing the presumed billions in P2P transactions.

5. Flipkart. Ebay & PayPal for India? This India-focused platform for sellers and buyers includes the following in itsTerms of Use: “You have specifically authorized Flipkart or its service providers to collect, process, facilitate and remit payments and / or the Transaction Price electronically or through Cash on Delivery to and from other Users in respect of transactions through Payment Facility.”

6. WeWork. WeWork is perhaps the unicorn that best distinguishes itself from a payments company, because its members are tenants of WeWork and actually purchase WeWork services, as per its terms of service.

7. Stripe.  At first blush, Stripe looks like a plain, vanilla PSP.Stripe is, however, registered with FinCEN as an MSB despite the fact that Strip’s terms of use say: ” Stripe is not a bank or a money services business (“MSB”) and Stripe does not offer banking or MSB services as defined by the United States Department of Treasury.”

8. ApplePay. In the inverse of all the other examples, everyone thinks of ApplePay as a payments business except Apple itself which thinks it’s just a gateway. The ApplePay terms refer to it as creating a virtual representation of a card for which Apple is not responsible.