A virtual asset service provider (VASP) without reliable fiat rails is an exchange that cannot settle, a custodian that cannot remit and a token issuer that cannot distribute proceeds. The loss of banking access is not a compliance inconvenience; it is an existential operational risk. EMI onboarding – securing an account relationship with a licensed electronic money institution (an entity authorised to issue e-money and provide payment services) – has become one of the hardest structural problems in digital-asset law. Traditional banks de-risk entire VASP categories. Specialist EMIs accept them, but only when the structure, documentation and regulatory posture meet a specific bar. This analysis examines what that bar looks like, why so many applications fail and how a well-designed corporate structure changes the outcome.
As VASP supervision tightens across the leading hubs and MiCA (the EU's Markets in Crypto-Assets Regulation, supervised by ESMA and national competent authorities) reshapes the European payment environment, the intersection of crypto licensing and EMI access is more complex than it has ever been. An operator that structures its group correctly before approaching an EMI dramatically improves its chances. One that approaches cold, with a single offshore entity and no auditable compliance programme, will almost certainly fail. This page maps the structural analysis we apply at OBOLUS and the contrasting positions an operator must reconcile.
Why Do Fiat Rails Fail for VASPs in the First Place?
Fiat rails fail for VASPs primarily because EMIs and correspondent banks apply risk-based AML frameworks that treat unregulated or lightly regulated crypto activity as categorically high-risk. The applicable international baseline is the FATF Recommendation 15 framework, which requires financial institutions to manage exposure to VASPs as a distinct risk category. An EMI that onboards a VASP without adequate due diligence faces regulatory scrutiny from its own competent authority. The risk calculus is asymmetric: the EMI's potential downside is licence-threatening; its revenue upside from a single VASP client is limited. That asymmetry drives blanket refusals.
The structural problem is not merely reputational. It is documentary. Most early-stage VASPs approach EMIs with a single entity, an offshore registration and a compliance manual that was drafted to satisfy a registration threshold, not to withstand a financial-crime audit. EMI compliance teams are well-versed in VASP risk typologies. They look for a licensed entity, a separation of client funds, an auditable transaction monitoring programme, a clear user base with documented KYC and a management team with verifiable experience. When those elements are missing, the answer is no – regardless of the revenue opportunity.
We regularly advise operators who have already received one or more account closure notices before engaging us. In our experience, the rejection is almost never about a single deficiency. It reflects a structural mismatch between how the VASP is organised and what the EMI's risk framework requires.
To map the fiat rail strategy for your build before you approach your first EMI, contact OBOLUS at info@oboluslaw.com. The process above describes the standard pressure points. Your entity structure, user geography and licensing stack will change the analysis materially.
What Is the EMI Regulatory Environment That VASPs Now Face?
The EMI regulatory environment for VASPs is defined by the layered interaction of two regimes: the payment-services authorisation that governs the EMI itself, and the VASP or crypto-asset regime that governs the operator seeking the account. Where those two regulatory perimeters overlap, the compliance obligations compound.
In the EU, MiCA's CASP authorisation (crypto-asset service provider, issued by national competent authorities and passportable across the EU/EEA) has materially changed the EMI conversation. A MiCA-authorised CASP presents a known risk profile. The EMI's competent authority can point to the CASP's regulator and rely on the supervisory relationship. That changes the risk appetite of EU-based EMIs toward MiCA-authorised counterparties. Operators without a MiCA CASP – whether because they are in transition, operating from offshore or relying on a third-country licence – face a higher evidential burden.
Outside the EU, the picture is fragmented. Under the FCA regime in the UK, a VASP must be registered under the Money Laundering Regulations before most UK EMIs will engage. Singapore's MAS Payment Services Act licensing, Hong Kong's SFC VATP authorisation, and VARA's activity-based licensing in Dubai each create a jurisdictional signal that an EMI compliance team can work with. An unlicensed VASP, or one licensed only in a jurisdiction the EMI does not recognise as equivalent, carries an unquantifiable compliance risk from the EMI's perspective.
The practical implication is direct. Licence choice is no longer just a regulatory question. It is a banking question. The jurisdiction in which you hold your primary VASP authorisation affects your ability to open accounts, accept settlement and maintain fiat operations. We have seen operators spend months optimising licence cost and overlook this dimension entirely – with predictable results when they approach EMIs.
What Structural Architecture Actually Unlocks EMI Access?
A corporate structure that unlocks EMI access separates regulated activity, client-money exposure and operational risk into distinct legal entities, each presenting a clean, auditable profile to its own regulatory counterparty. This is the core of the structuring analysis.
The baseline architecture we work toward in most multi-jurisdictional builds contains at least three distinct layers. The first is the regulated operating entity – a VASP or CASP authorised in a recognised jurisdiction, holding the exchange or custody licence, subject to AML supervision and carrying a defined capital base. The second is the payment or e-money layer – either the EMI account relationship or, where volume justifies it, a payment institution licence in the same or a complementary jurisdiction. The third is a holding or IP entity that sits above both, typically in a tax-efficient common-law jurisdiction, which holds group assets, IP rights and inter-company agreements but does not itself touch client assets or regulated activity.
The separation matters to the EMI for two reasons. First, it limits the EMI's exposure. If the VASP's exchange business faces regulatory action, the payment entity is structurally distinct. Second, it demonstrates operational sophistication. An operator that has taken legal advice on its group architecture signals to the EMI compliance team that it understands its obligations and has designed around the risk.
Client-money safeguarding is a critical sub-element. Under the applicable EMI regimes in the EU and UK, an EMI must safeguard client funds – either by holding them in a designated account at a credit institution, or by wrapping them in eligible insurance or a guarantee. A VASP that commingles its own operational float with client balances before passing funds to an EMI creates a compliance problem at the EMI level. Operators we advise are structured to present clean, segregated client-fund flows from the outset.
Onshore vs. Offshore: Which Structure Wins the EMI Conversation?
The offshore-versus-onshore question in VASP structuring has a clear answer in the EMI context: an onshore-licensed entity, in a jurisdiction the EMI's regulator recognises, wins the compliance conversation more often and more quickly. That does not mean offshore structures are always wrong – but it does mean that the offshore cost saving in licensing can produce a far greater cost in failed EMI applications and delayed market entry.
A BVI FSC-registered VASP under the VASP Act 2022, or a CIMA-registered operator under the Cayman Virtual Asset (Service Providers) Act, carries weight in the offshore funds world and in certain trading contexts. But it carries limited weight with a German or Dutch EMI whose competent authority is the BaFin or DNB. The EMI's compliance officer has no supervisory peer to call at the BVI FSC when assessing AML programme quality. That informational gap translates into elevated risk weighting and, frequently, rejection.
By contrast, a MiCA CASP, a UK FCA-registered crypto business, an MAS-licensed DPT service provider or a VARA-licensed operator in Dubai all occupy a known regulatory slot. The EMI can assess the licence, the supervisory relationship and the ongoing compliance obligations. That allows the EMI to price the risk and, in many cases, to accept it.
The optimal structure for a VASP with global ambitions typically combines an onshore regulated entity in a flagship jurisdiction, with one or more offshore holding or subsidiary structures for specific tax or custody purposes. The onshore entity is the one that faces the EMI. The offshore elements sit behind it, visible in the group structure documentation but not the direct account-holder.
What Does a Successful EMI Due Diligence Package Contain?
A successful EMI due diligence package is a structured evidentiary file that answers the EMI compliance team's risk questions before they ask them – covering entity legitimacy, regulatory standing, AML programme quality and transaction-monitoring capability. Assembling this file correctly is where most VASP applications succeed or fail at the operational level.
The core elements are consistent across EMI jurisdictions, though the weighting varies. The entity documentation layer includes the corporate registry extract, the group structure chart, the constitutional documents of every entity in the chain and the ownership and control disclosure down to the ultimate beneficial owner. This layer must be complete. Any gap – an undisclosed intermediate holding company, a trust structure without a disclosed beneficiary, a nominee director arrangement – triggers an automatic escalation in the EMI's risk scoring.
The regulatory layer includes the VASP or CASP licence or registration certificate, the most recent regulatory correspondence (supervisory letters, inspection findings, conditions attached to the licence), and evidence of ongoing compliance obligations being met (AML policy, most recent AML audit, training records). An operator that presents a licence with no supporting compliance evidence invites the inference that the licence is decorative.
The financial layer covers audited accounts or management accounts, a capital adequacy summary, the client-fund segregation structure and the projected transaction volumes. EMIs size their safeguarding and capital requirements against the client base. A VASP that cannot produce organised financial information creates uncertainty the EMI will resolve conservatively.
In our practice, the most common single failure point in EMI packages is the transaction-monitoring programme. EMIs increasingly require evidence that the VASP's on-chain monitoring – screening transactions against sanctions lists, identifying high-risk wallet clusters, applying the Travel Rule (the obligation to pass originator and beneficiary data with a transfer, required under FATF Recommendation 15 and implemented across the major VASP jurisdictions) – is operational, not merely documented. Operators we advise are guided to produce screen captures, workflow documentation and vendor agreements to demonstrate that monitoring is live, not aspirational.
Decision Matrix: Which Structure Fits Which Operator Profile?
The right structure for a VASP seeking EMI access depends on the operator's existing regulatory footprint, the intended user geography and the volume and nature of the fiat flows involved. No single architecture suits every profile.
Profile A – Early-stage exchange, EU user base, pre-licence. The optimal path is a MiCA CASP authorisation in a member state with a manageable application timeline – followed by EMI outreach once the authorisation is in progress or granted. Approaching an EU EMI without a MiCA CASP, or a credible pathway to one, is premature. The indicative risk is extended timeline and wasted commercial legal cost. The key structural question is choosing the member state for CASP authorisation with both the regulatory environment and the EMI ecosystem in mind, since they are not always the same country.
Profile B – Established exchange, multi-jurisdiction user base, existing offshore structure. The optimal path is overlaying an onshore regulated entity – a MiCA CASP, an FCA-registered entity or an MAS-licensed DPT provider – as the group's payment-facing vehicle, while retaining the offshore structure for custody or holding purposes. This involves a restructuring exercise, inter-company agreements and likely a group AML policy update. The timeline is a matter of months. The risk of not doing it is continued EMI rejection across multiple jurisdictions simultaneously.
Profile C – Institutional custodian, regulated in a recognised jurisdiction, serving financial institution clients. The EMI conversation is easier but the safeguarding and segregation requirements are more demanding. The indicative structure includes a dedicated client-asset account, a fully documented custody agreement aligned with the applicable regulated-activity scope and a capital buffer that reflects the value under custody. The key risk is the regulatory perimeter: a custodian whose custody licence does not cover all asset types it holds creates a compliance gap the EMI will identify.
Profile D – Token issuer, post-TGE, seeking fiat distribution rails. The EMI question here is whether the issuer is itself a regulated entity or is operating through a distribution vehicle. In most cases, the issuer should not be the EMI account-holder for distribution purposes. A dedicated payment vehicle – authorised, capitalised and operationally separate from the token issuance entity – presents a cleaner profile. This structure also limits the issuer's exposure if the token later attracts regulatory scrutiny in a secondary market.
If your profile is not exactly one of the above – or you are between profiles – contact OBOLUS at info@oboluslaw.com. A prior application that stalled often contains recoverable structural insight. We review the rejection, identify the structural reason and advise on the route forward.
How Does the Travel Rule Shape EMI Risk Appetite for VASPs?
The Travel Rule is now a primary filter in EMI risk assessments of VASP clients, because a VASP that cannot demonstrate Travel Rule compliance transfers AML risk directly onto the EMI's own programme. The interaction is direct and legally significant.
Under the FATF framework, and as implemented in the EU under the applicable funds-transfer and transfer-of-funds regulation provisions, a VASP handling transfers above the applicable threshold must collect, hold and transmit originator and beneficiary information. The threshold and the precise transmission requirements vary by jurisdiction – they are not uniform across MiCA, the UK MLR regime, MAS or VARA – but the principle is consistent. A VASP that processes transfers without a functional Travel Rule solution is operating outside its AML obligations in most flagship regimes.
EMI compliance teams have become highly attuned to Travel Rule gaps. A VASP that relies on a manual process, or that applies the Travel Rule only to a subset of transfers, or that has not addressed the "sunrise problem" (the uneven global rollout of Travel Rule implementation, which creates compliance gaps in cross-border transfers between jurisdictions at different stages of adoption) presents a live AML risk to the EMI. The EMI's AML obligations require it to know its customer's customer in the financial institution context. A VASP without Travel Rule controls is a customer whose customer base is opaque.
Operators we advise are guided to select and implement a recognised Travel Rule solution – the technology market has consolidated around a small number of interoperable protocols – and to document the solution's coverage, including how it handles transfers to and from non-Travel-Rule-compliant counterparties. This documentation is presented as part of the EMI due diligence package. In our experience, EMIs that initially flag Travel Rule compliance as a concern are satisfied by evidence of a live, vendor-documented solution, not by a policy assertion alone.
Micro-Matter: A Restructure That Preceded Successful Onboarding
In a recent matter, a digital-asset exchange operating across multiple jurisdictions held its primary operating entity in an offshore structure that predated the current VASP registration regime in that territory. The business had grown materially but retained the original corporate architecture, which now created a documentation problem: the exchange's transaction flows passed through an entity that held no regulatory authorisation that any EU or UK EMI would recognise. Three separate EMI applications had been declined within eighteen months. We were engaged to diagnose the structural issue and advise on remediation.
The analysis identified two compounding problems. The first was the absence of a licensed operating entity in a jurisdiction whose VASP regime the target EMIs' competent authorities would treat as equivalent. The second was a client-fund flow that aggregated operational and client balances before reaching the settlement layer, creating a safeguarding deficit from the EMI's perspective. We advised on the establishment of a regulated EU operating entity pursuing MiCA CASP authorisation, the restructuring of the inter-company payment flows to achieve clean client-fund segregation and the production of a compliant Travel Rule programme with third-party vendor documentation. Within the following year, the group onboarded with two EMIs and resumed full fiat settlement operations. No figures are disclosed; the group described the delay as having cost it a meaningful share of its addressable market in the intervening period.
Objection Handler: "Our Offshore Licence Is Sufficient – We Do Not Need an EU or UK Entity"
A common assumption among operators with offshore VASP registrations is that regulatory arbitrage – holding a licence in a low-burden jurisdiction while serving clients globally – insulates the business from the EMI access problem. It does not. The assumption conflates regulatory compliance (meeting the threshold requirements of the licensing jurisdiction) with commercial viability (being able to operate payment infrastructure in the markets where your users actually are).
An offshore registration may be fully compliant within its own perimeter. It does not create an equivalent standing with the competent authority that supervises the EMI the VASP wishes to use. An EMI in the Netherlands, Ireland or Lithuania is supervised by a national authority operating under EU law. That authority expects the EMI to apply risk-based due diligence to its clients. When the client is a VASP licensed in a jurisdiction whose supervisory framework the EU authority does not recognise as equivalent, the EMI must treat the VASP as an unregulated entity for risk-weighting purposes. The offshore licence is not worthless – it demonstrates that the operator has engaged with regulatory process – but it does not carry the weight that a MiCA CASP, an FCA-registered entity or an MAS licence carries in that EMI conversation.
The myth persists because, in earlier years, it was partially true. Before MiCA, before the Travel Rule's global rollout and before post-2021 de-risking pressures intensified, some EU and UK EMIs accepted offshore-licensed VASPs more readily. That window has largely closed. Regulators across the major payment-services hubs have made clear that EMIs must conduct genuine AML due diligence on VASP clients and that de-risking is not acceptable as a substitute for proper assessment – but proper assessment of an unrecognised offshore entity is, in practice, near-impossible for an EMI's compliance team to complete satisfactorily.
The practical counter-position is not to abandon offshore structures entirely. It is to layer an onshore licensed entity over them as the group's payment-facing vehicle. That is the restructuring analysis we work through with operators in this position.
Self-Assessment: Is Your VASP Structure EMI-Ready?
Before approaching an EMI, an operator should be able to answer the following questions affirmatively. The list is not exhaustive, but a failure at any of these points will typically result in a declined application.
Does the entity seeking the EMI account hold a VASP or CASP authorisation in a jurisdiction whose regulatory framework the EMI's competent authority recognises? If the answer is no, the first task is the licensing question, not the banking question.
Is the group structure fully documented, with ultimate beneficial ownership disclosed to the required standard? Gaps here are automatic risk escalations.
Are client funds segregated from operational balances at the legal-entity level, not merely at the accounting level? Commingling creates a safeguarding compliance problem for the EMI regardless of the internal accounting treatment.
Is the AML programme live, audited, documented and supported by a transaction-monitoring system with on-chain capability? A policy document without operational evidence is insufficient for most EMI compliance teams operating under current supervisory expectations.
Is a functional Travel Rule solution in place, covering the major transfer corridors the VASP operates, with vendor documentation? Manual or partial solutions will be identified as gaps.
Has the management team prepared for enhanced due diligence on the principals? EMIs routinely conduct detailed background checks on directors and UBOs. Undisclosed adverse information discovered at this stage terminates the application and damages the relationship for future attempts.
If the answer to any of these is no or uncertain, the remediation work should precede the EMI approach. An application submitted with known deficiencies does not merely fail; it creates a record in the EMI's compliance system that can complicate future applications.
Related at OBOLUS
- Banking, Payments & EMI Onboarding for Digital-Asset Businesses – how OBOLUS structures the full fiat-rail engagement for VASPs and crypto businesses
- De-risking and Account Closure Defence: A Cross-Jurisdiction Comparison – legal options when an EMI or bank closes a crypto account across the major forums
- EMI Onboarding for VASPs: Institutional Client Service – the scoped engagement for institutional VASPs seeking structured EMI access
FAQ
Why do banks close crypto company accounts?
Banks close crypto company accounts primarily because their AML risk frameworks treat unregulated or lightly supervised VASPs as high-risk clients whose compliance programmes cannot be adequately assessed. The supervisory asymmetry – the bank faces regulatory liability for inadequate due diligence while the VASP's own regulator may be unrecognised – makes rejection the path of least resistance. Demonstrating a recognised licence, a live AML programme and clean client-fund segregation materially changes that calculus, though it does not guarantee access.
How can a VASP onboard with an EMI?
A VASP improves its EMI onboarding prospects by presenting a recognised regulatory authorisation in a jurisdiction the EMI's competent authority treats as equivalent, a fully documented group structure with disclosed ultimate beneficial ownership, a live and audited AML programme with on-chain transaction monitoring, a functional Travel Rule solution and segregated client-fund flows. The application is a structured evidentiary package, not a form. Operators that approach EMIs before these elements are in place waste commercial time and create adverse records in compliance systems.
What does client-money safeguarding require?
Client-money safeguarding under the applicable EMI regimes requires the EMI to hold client funds either in a designated account at an authorised credit institution, separate from the EMI's own funds, or protected by an eligible insurance policy or guarantee. For a VASP seeking an EMI account, the practical implication is that client balances must be legally and operationally segregated from the VASP's own operational float before they reach the EMI. Commingled funds create a safeguarding compliance problem at the EMI level that most EMI compliance teams will not accept.
OBOLUS is an independent digital-asset law boutique acting only for businesses. We advise exchanges, custodians, token issuers and funds on licensing across 70+ jurisdictions, on disputes and on-chain asset recovery across 25+ forums, and on the tax, banking and compliance that sit around them. Digital assets are the whole of our practice. We map the licence stack across operating, custody and payment layers before you commit – and we advise clients who have already encountered EMI rejection on the structural remediation required. To discuss your situation, contact info@oboluslaw.com or message us at t.me/oboluslaw.
By Victor Olsen, Regulatory & Compliance Analyst – specialising in VASP authorisation strategy and cross-border compliance programme design for digital-asset operators seeking EMI and banking access.
This publication is general information about the law and does not constitute legal advice. It is not a substitute for advice tailored to your circumstances. OBOLUS accepts no liability for action taken or not taken on the basis of this material. For advice on your situation, contact info@oboluslaw.com.