If you're building a web3 product in the United States, understanding money transmitter licenses (MTLs) is not just important — it's essential. But for web3 leaders who don't have a background in finance or compliance, some of the most important regulations are not always well understood: For example, many business leaders don’t realize that managing fungible assets on behalf of users — without giving them full independent control of their funds — requires that business to obtain state MTLs.
In this article, we’ll explain when MTLs come into play, how it relates to the larger costs of compliance, and how to ensure your business stays on top of all the necessary laws and regulations.
Understanding your obligations
First, let's clarify your responsibilities. If you hold or move digital assets on behalf of your customers, then your business most likely falls under the scope of money transmitter regulations in several states. And while different states have different laws, if you operate in just one that requires it, that means you're responsible for acquiring MTLs.
An additional layer of complexity is that each state has its own definitions and regulations. For example, some states don't regulate transactions if they only involve digital assets, while others do. Some state money transmitter regulations don’t apply when businesses act as an intermediary between a buyer and a seller, and for other states that's not the case. In other words, the regulatory landscape is complex and nuanced. But fortunately, there are several ways to navigate it successfully — from consulting with compliance experts, to finding infrastructure partners like Bastion that already have MTLs that cover your business.
The role of infrastructure providers
Using a compliant infrastructure platform like Bastion can alleviate these regulatory burdens. In fact, this pain point is so common for web3 businesses that it’s one reason we built Bastion as a regulated platform from the start. Providers like Bastion obtain MTLs to cover the necessary requirements, so you don’t have to worry about them. The alternative is to partner with an infrastructure provider that isn’t licensed and essentially look the other way, or kick the problem down the road. While the latter may seem appealing, with lower upfront costs and an “out of sight, out of mind” legal approach — in the long term this simply isn't a sound strategy. It opens businesses up to significant long-term costs and risk, ultimately being much more expensive and damaging.
And the logic holds regardless of in-house resources: Enterprises that allocate enough resources to have an in-house compliance function, and work hard to keep users safe from the get-go, often will require product teams to only bring on partners that meet certain regulatory standards. Below, you can see some of the standards that may be required, and the benefits overall that come with choosing licensed providers.
The costs of compliance
Compliance isn’t cheap, nor is it fast. While the cost will vary based on the size of your company, it’s important to know that the cost grows as you scale. Here’s what you need to keep in mind:
- Initial Setup: Over $2,100,000
- Annual Ongoing Costs: More than $2,300,000
- Per Transaction Cost: Approximately $0.10
These costs cover various aspects like surety bonds, regulatory licensing, fraud detection systems, audits, compliance programs, and more. That’s why across the board, more startups and enterprises have decided to rely on a third-party platform for compliance, one that has already obtained the right licenses and taken on the cost upfront — so they can ensure they’re keeping their business and users safe without the heavy lift on their end.
Why compliance can't be ignored
For web3 businesses, compliance is not just a legal requirement; it's a trust signal to your users. Regulated platforms adhere to consumer protection laws, which means users have recourse against fraud and harmful practices should they need it — and that demonstrates your commitment to operating safely and ethically in a rapidly evolving digital landscape. Users ultimately choose, engage, and spend more with products that they can trust, and that’s mission-critical in the web3 space today.
A closer look: Cautionary tales in crypto
The risks of ignoring compliance is real. Regulation has come to crypto and there have been numerous examples of regulators and the Department of Justice prosecuting crypto companies of significant size, including the largest in the world, Binance.
Binance grew from its humble beginnings in 2017 to the largest Digital Asset Exchange in the world in less than five years, operating in hundreds of countries. While there were many factors that contributed to its exception growth — one of the most important was its near complete lack of anti-money laundering (AML) controls. It collected little to no information about its customers, allowed them to engage in activity it knew to be criminal in nature, strategized on ways to deceive U.S. regulators, and refused to report criminal activity to the U.S. Treasury.
But regulators, who had been watching, soon stepped in. And today, everything has changed for Binance. Amongst other things, the company paid the largest fine in U.S. Treasury history at over $4.5 billion, a monitor has been appointed as acting CEO for a period of no less than 5 years, and the company can no longer do business in the U.S. (to say nothing of the possible criminal prosecutions that other countries may choose to charge Binance with). Finally, Binance will likely spend hundreds of millions of dollars developing its AML compliance program in order to avoid criminal prosecution.
If the largest crypto exchange in the world was humbled by U.S. regulators, then it is clear that every company needs to pay attention to the lessons here. The enforcement action against Binance shows that, far from being a regulatory gray area, crypto falls well within the regulated space of financial institutions. Digital asset exchanges and wallet providers that allow criminal activity to be facilitated through their platform will face serious charges. But these missteps can be avoided. If companies invest early in compliance and work with trusted partners, businesses of all sizes can innovate, build, and grow with security and trust of both customers and regulatory bodies.
Conclusion
Navigating the MTL landscape is a challenging but necessary part of running a web3 business. While the costs and time involved are significant, the consequences of non-compliance can be much more severe.
By understanding your obligations and considering partnerships with compliant providers, you can focus on growing your business while staying on the right side of regulations. To better understand your specific use case, we always recommend consulting with compliance experts, or you can reach out to Bastion to learn more about how we operate and how we keep businesses and users safe. Ultimately in the world of web3, staying ahead in compliance is not just good practice – it's essential for your business's longevity and reputation.
This article is intended for general informational purposes, and is not intended to be legal or financial advice. Please consult qualified legal professionals to understand your specific use case.
