The fiat problem that no licence solves on its own
A virtual asset service provider (VASP) can hold a regulator-issued licence, maintain a compliant AML programme and still find itself locked out of the banking system. That is the central paradox of digital-asset business in the current regulatory environment: the on-chain side is increasingly well-governed, but the fiat rails – the current accounts, the settlement pipes, the payment corridors – remain gated by institutions that apply their own risk appetites, independent of any licence a regulator has issued. When those gates close without warning, the business damage is immediate: payroll fails, client withdrawals stall, counterparty relationships fracture. For operators who have spent months and meaningful capital on a licensing exercise, the loss is compounding.
This analysis addresses the disputes dimension of that problem. It explains why EMI onboarding (the process by which a VASP secures payment services through an electronic money institution) fails, what legal routes exist when it does, and how to structure a multi-institution fiat architecture that survives a single provider's exit. The cross-border angle is not incidental: the entity that holds the licence, the EMI that issues the IBAN, and the jurisdiction in which client funds are safeguarded are often three different legal environments.
Operators facing an account closure or a refused onboarding application have more legal options than most assume – but those options close quickly. This page maps them.
Why does EMI onboarding fail for VASPs?
EMI onboarding fails for VASPs most often not because the VASP is non-compliant, but because the EMI's internal risk model treats the entire digital-asset sector as a single undifferentiated risk class. That is a categorisation problem, not a compliance problem – and understanding the distinction matters for both negotiation and litigation strategy.
The mechanics are straightforward. An electronic money institution is a regulated firm authorised to issue e-money and provide payment services under the applicable regime – in the EU, under the E-Money Directive and the Payment Services Directive framework; in the UK, under the FCA's equivalent post-Brexit regime. When a VASP applies to open an account, the EMI must conduct its own AML/CFT due diligence, assess the counterparty's regulatory status, and then make a commercial decision about whether to serve that customer. Most EMIs have a risk appetite document that is never disclosed to the applicant. If the document says "no VASPs," the answer is no regardless of the quality of the application.
In our cross-border practice, we consistently see three failure modes. The first is a blanket sector exclusion applied before the application is reviewed on its merits. The second is a request for documentation that no applicant can practically satisfy – for instance, full transaction-level KYC data on the VASP's own end-users at the onboarding stage. The third is a conditional approval that is withdrawn months later when the EMI's own correspondent banking relationship changes, leaving the VASP mid-operation without a settlement account.
Each failure mode generates a different legal position. A blanket refusal may, in certain jurisdictions, raise questions about whether the EMI's terms and conditions adequately disclosed the restriction – particularly where the EMI has held itself out as a provider to regulated financial businesses. A mid-operation closure triggers a different analysis: notice obligations, safeguarding requirements for client funds held at the point of closure, and the question of whether the closure was carried out in good faith.
The regulatory status of the VASP matters enormously at this stage. A VASP authorised under MiCA as a CASP (crypto-asset service provider) and subject to ESMA oversight is a materially different counterparty from an unregistered entity. EMIs operating within the EU are increasingly being reminded by national competent authorities that de-risking cannot be indiscriminate. That regulatory pressure does not translate automatically into a legal claim, but it creates a negotiating environment in which a well-constructed demand letter – citing the applicable conduct rules and the EMI's own authorisation obligations – can reopen a closed account faster than litigation.
For a scoped assessment of your onboarding refusal or account closure, contact OBOLUS at info@oboluslaw.com. The process above describes the standard path. Your facts – the entity's licence, the EMI's jurisdiction, the client-money position at closure – change the analysis entirely.
What legal bases exist to challenge an account closure?
A VASP facing an EMI-initiated account closure has several potential legal bases to explore, ranging from contractual claims to regulatory complaints, and the optimal route depends on the jurisdiction of the EMI and the terms of the account agreement. There is no single universal remedy; the disputes angle requires a precise map of the governing law, the forum, and the nature of the closure.
The most direct route is contractual. Account agreements with EMIs are typically governed by the EMI's home jurisdiction law – frequently English law or the law of an EU member state. Where the agreement specifies a notice period for termination and the EMI closes the account without adequate notice, a breach-of-contract claim is available. The recoverable loss is the demonstrable business damage caused by the closure in the notice period: failed settlements, counterparty penalties, and the cost of emergency alternative arrangements. That loss can be quantified, and in many cases the threat of a well-quantified claim is sufficient to secure an extended notice period while the VASP transitions to an alternative provider.
Beyond contract, some jurisdictions have introduced access-to-payment-infrastructure obligations that apply to regulated financial institutions. Within the EU, the debate about whether payment service providers can maintain a general right to refuse service to regulated VASPs is active. The position under MiCA and associated payment legislation is that a refusal must be documented and communicated with specific reasons – the generic "commercial decision" response that characterised EMI closures in earlier years is increasingly difficult to sustain.
In England and Wales, the FCA has published guidance on the obligations of payment firms when refusing or terminating accounts for crypto businesses. While that guidance does not create a direct private right of action, it is a powerful tool in a regulatory complaint – and a regulatory complaint, if upheld, can in turn support a damages claim.
The DIFC Courts in Dubai have developed a sophisticated body of procedure for urgent commercial injunctions, including situations where a financial institution's action threatens imminent business harm. For VASPs operating under VARA or with a VARA-regulated counterparty, the DIFC Courts' jurisdiction and the availability of interim relief is a factor worth assessing in parallel with any regulatory complaint to VARA.
In our practice, we regularly advise clients to run the contractual and regulatory tracks simultaneously rather than sequentially. The regulatory complaint generates a written position from the EMI; the threat of litigation adds urgency. Neither track alone is as effective as both.
What happens to client money when an EMI closes a VASP account?
Safeguarding of client funds at the point of an EMI account closure is the most legally urgent dimension of the problem, and the one operators most often address last. When an EMI terminates a VASP's account, any client-designated funds held in that account – the fiat leg of pending settlements, withdrawal queues, float – become subject to the EMI's own safeguarding and wind-down obligations under the applicable payment services regime.
Under the EU payment services framework and the FCA's equivalent rules, an EMI is required to safeguard client funds at all times. That means they must be held in a designated client-money account at a regulated credit institution, or covered by an eligible insurance policy, separate from the EMI's own funds. In theory, a sudden account closure does not cause client funds to vanish – they should sit in a ring-fenced pool. In practice, the critical question is whether the VASP's contractual relationship with the EMI is structured to reflect that the VASP is itself acting as a payment intermediary for its own end-users, and whether the EMI's safeguarding extends to that second layer.
We have seen a pattern in which the EMI treats the VASP as a single counterparty rather than as an aggregating intermediary. When the VASP's account is closed, the safeguarded pool is returned to the VASP as a single lump sum rather than being identified by end-user. If the VASP's own books are well-maintained, this is a transition problem rather than a loss problem. If they are not, the closure triggers a beneficial entitlement dispute between the VASP and its end-users that is expensive to unravel.
The structuring implication is clear: before any EMI onboarding, the VASP's agreement with the EMI should specify the beneficial ownership position with respect to client funds, the frequency and format of reconciliation statements, and the procedure for return of funds on termination. These are negotiable terms. EMIs that refuse to engage with them are, in our view, a structural risk to the VASP's operating model – not just a compliance risk but a litigation exposure.
A micro-matter illustrates the stakes. In a recent engagement, a licensed exchange operating across two EU member states used a single EMI for its fiat settlement layer. When the EMI – without the required notice – suspended the account pending a correspondent banking review, the exchange held a seven-figure client euro balance in limbo. We secured a written undertaking from the EMI within seventy-two hours by presenting a documented analysis of the EMI's own safeguarding obligations and the reputational risk of a regulatory complaint to the relevant NCA. The funds were returned to the VASP's control within the week. The outcome was not guaranteed, but the speed depended entirely on having the legal position prepared in advance.
How does the cross-border structure affect the disputes analysis?
The cross-border architecture of a VASP's fiat rails is the single most determinative factor in the disputes analysis, because it sets the governing law, the forum and the regulator for any challenge to an EMI's conduct. A VASP that treats this as a back-office question rather than a legal question is building on an unstable base.
The typical multi-jurisdictional VASP operates with a licence in one jurisdiction, an EMI relationship domiciled in a second, banking correspondent arrangements running through a third, and end-users across many more. Each layer carries its own legal obligations. Under MiCA, a CASP licensed in one EU member state may passport its crypto-asset services across the EEA – but that passporting right does not extend to the payment layer. The EMI providing fiat rails operates under its own authorisation, which is not covered by the CASP passport. The VASP therefore faces a regulatory gap: its crypto activities are covered by a single EU authorisation, but its payment activities require a separate arrangement with a payment service provider that is authorised in a compatible regime.
For VASPs operating in or near the UAE, the VARA regime in mainland Dubai and the FSRA regime within ADGM offer distinct frameworks. Neither is interchangeable with an EU-based CASP authorisation for cross-border payment purposes. A VARA-licensed exchange using an EU EMI for euro settlements is subject to both VARA's conduct rules and the EU EMI's payment services obligations simultaneously – and when a dispute arises, the governing law clause in the account agreement typically determines which forum has priority.
The Singapore MAS regime under the Payment Services Act adds a further layer for Asia-Pacific flows. A VASP seeking MAS-licensed Digital Payment Token (DPT) service authorisation must demonstrate adequate fiat settlement arrangements as part of the licensing process. An EMI closure in the middle of a licensing application is not merely a business interruption – it can be the reason a licence is denied or delayed.
Our approach in cross-border mandates is to map the governing law and forum for each layer of the fiat architecture before a dispute arises. That map determines which demand letter goes to which EMI, under which law, citing which obligations. It also determines whether interim relief – an injunction or a mandatory order requiring the EMI to maintain the account pending resolution – is available in the relevant forum. Not every forum offers that relief on the timelines that a fiat closure crisis demands.
To map the licence, banking and payment-layer architecture for your structure, write to OBOLUS at info@oboluslaw.com. If a prior onboarding attempt stalled or an account was closed without adequate notice, a structured review can identify the governing-law position and the fastest available remedy.
Which legal route fits which operator profile?
The right disputes strategy for an EMI onboarding problem depends on the operator's profile, the stage at which the problem arose, and the time available before business damage becomes unrecoverable. There is no single correct answer; there is a correct answer for each set of facts.
Profile A – Licensed VASP, refused onboarding before operations begin. The legal position is primarily pre-contractual. There is no account agreement to enforce, so breach of contract is not the primary tool. The available routes are: a regulatory complaint to the EMI's home regulator (citing inadequate justification for refusal under the applicable payment services conduct rules), parallel outreach to the EMI's compliance team with a structured dossier demonstrating the VASP's own AML programme and licence standing, and – where the VASP operates in a jurisdiction whose regulator has engaged with access-to-payment concerns – a request for regulatory assistance. Timelines for this route are measured in weeks. The key risk is that none of these routes guarantees onboarding; they improve the odds and generate a documented record.
Profile B – Operating VASP, account closed mid-operation with client funds in the balance. This is the highest-urgency profile. The contractual and regulatory tracks run simultaneously from day one. The first priority is the client-money position: securing written confirmation of the safeguarding status, the balance, and the EMI's return-of-funds process. The second priority is interim relief if the EMI is not cooperating – which requires identifying the correct forum quickly. The third priority is onboarding a replacement EMI in parallel, so that operations resume before the client relationship damage becomes permanent. Timelines at this stage are measured in days.
Profile C – VASP structuring a new fiat architecture before the first EMI relationship. This is the cleanest position. The legal work here is entirely preventive: drafting account terms that include adequate notice obligations, building a multi-EMI structure so that no single provider's exit triggers an operational crisis, and selecting EMIs whose own correspondent banking relationships are stable and whose regulatory home is compatible with the VASP's primary jurisdiction. The cost of this work is a fraction of the cost of one account closure crisis. The timeline is whatever the build timeline requires.
Profile D – VASP with a disclosed dispute between its end-users and an insolvent or exiting EMI. This is the most complex profile. It involves a three-party relationship: the VASP, the EMI, and the VASP's end-users whose beneficial interests in the safeguarded funds must be asserted. In an EMI insolvency, the relevant framework is the special resolution and deposit-protection regime of the EMI's home jurisdiction. The VASP's role is to document the beneficial entitlements of its end-users – which requires complete reconciliation records – and to participate in the claims process as a creditor or as an agent for its end-users, depending on the account structure. This can develop quickly into a class-type dispute if the VASP's user base is large.
Why a single offshore licence is not enough
A common assumption among operators entering the digital-asset market is that a single offshore licence – whether from the BVI FSC under the VASP Act 2022, from CIMA under the Cayman VASP Act, or from a similar lighter-touch regime – provides a sufficient regulatory foundation to access the banking and payment system at scale. It does not, and the disputes consequences of that assumption can be severe.
The offshore licence addresses the VASP's regulatory status in its home jurisdiction. It does not address the payment service provider's own risk assessment in a different jurisdiction, the correspondent bank's country-risk policy, or the obligations that arise under MiCA when the VASP's users are EU residents. A BVI-licensed exchange serving European retail clients is not shielded from MiCA by its BVI registration. An EMI that onboards that exchange and later discovers the EU nexus may terminate the relationship as a risk management measure – and will have a defensible legal basis for doing so.
The practical consequence is that the operator who relied on the offshore licence as a complete solution faces an account closure that is difficult to challenge, because the EMI's position is factually grounded. The answer is not a better single licence – it is a correctly structured multi-layer approach in which the operating entity, the custody function and the payment layer each sit in a jurisdiction whose obligations are compatible with the VASP's actual user base and business flows.
We regularly advise on what that structure looks like for specific operator profiles. The answer varies: a VASP focused on institutional clients in the EU requires a different architecture from a VASP running a retail exchange with a global user base. But in both cases, the fiat and payment layer cannot be treated as a residual decision made after the crypto-side licence is obtained.
How do you build a fiat architecture that survives a single EMI exit?
The most effective disputes strategy for EMI onboarding problems is a structural one: design the fiat architecture so that a single provider's exit does not trigger an operational crisis, and so that the contractual position with each provider is clear enough to support a rapid legal response if closure occurs anyway.
The first structural principle is redundancy. No operating VASP should rely on a single EMI for all fiat settlement. The practical minimum for an operating exchange with meaningful client balances is two EMI relationships in different jurisdictions, structured so that a full migration from one to the other can be completed within the notice period specified in the account agreements. The notice period negotiation is therefore not a formality – it is the buffer between a manageable transition and a crisis.
The second structural principle is documentation. The account agreements should specify the beneficial ownership position on client funds, the reconciliation frequency, the procedure for return of funds on termination, and the governing law. These are terms that can be negotiated at the onboarding stage and are extremely difficult to change after the relationship is established. We have seen situations where the account agreement was a standard-form document signed without negotiation, leaving the VASP with no contractual basis to challenge a closure other than the general law of the governing jurisdiction. That is a weak position.
The third structural principle is regulatory alignment. The EMI's home jurisdiction and the VASP's operating jurisdiction should be selected with an eye to compatibility. An EMI authorised by the FCA and subject to UK payment services law provides a different legal environment from an EMI authorised in an EU member state under the E-Money Directive framework. For a VASP with a significant EU user base, the EU-EMI relationship is likely to be more strategically important – and therefore the due diligence on that provider's own regulatory standing, its correspondent banking relationships, and its sector risk appetite is more critical.
The fourth principle, which we apply consistently in our practice, is scenario planning. Before any EMI relationship is established, we work through the closure scenario: what happens to client funds on day one of a closure notice, who controls the account during the notice period, what the EMI's own wind-down protocol says, and which forum can provide interim relief in the jurisdiction of the EMI if it is required. That exercise surfaces the structural weaknesses before they become litigation.
How does the Travel Rule create friction in EMI onboarding?
The Travel Rule – the FATF-derived obligation to pass originator and beneficiary identification data along with a virtual asset transfer – creates a specific friction point in EMI onboarding that is frequently underestimated. The friction does not arise because the Travel Rule is new; it arises because the data-sharing infrastructure between VASPs and traditional payment firms remains underdeveloped, and EMIs are often uncertain about their own obligations when they sit in the chain.
Under FATF Recommendation 15 and its implementation across jurisdictions, a VASP that transfers virtual assets to or from a user whose counterparty is serviced by a different institution must pass specified identification data. When the counterparty is an EMI rather than another VASP, the question of which Travel Rule protocol applies – and which party bears the obligation to transmit and verify the data – is not always clearly resolved in the account agreement.
EMIs that are not themselves VASPs have sometimes treated the Travel Rule as exclusively a VASP obligation, declining to build the data-receipt infrastructure on their side. That creates an asymmetric situation: the VASP is obligated to transmit data, but the EMI is not equipped to receive and verify it. The result is that the VASP's AML compliance is technically incomplete not because of any fault on its part, but because the counterparty institution's infrastructure is inadequate.
In disputes terms, this matters because an EMI that closes a VASP account citing AML concerns may be relying, in part, on a Travel Rule compliance gap that the EMI's own failure to build receiving infrastructure helped to create. That is a factual argument available to the VASP in a regulatory complaint or a contractual dispute, and it is one that is increasingly recognized by supervisory authorities reviewing the adequacy of de-risking decisions.
Operators we advise on EMI onboarding are routinely advised to document their Travel Rule compliance architecture in the onboarding dossier presented to the EMI – not as a box-ticking exercise, but as a statement of the VASP's technical capability and as a baseline from which any subsequent AML-based closure can be measured.
Related at OBOLUS
- Banking, Payments & EMI Onboarding for Digital-Asset Businesses – the full practice overview, covering EMI selection, account structuring and the regulatory environment.
- How to Onboard with an EMI as a VASP – a practical step-by-step guide to the onboarding dossier, due-diligence questions and negotiation points.
- EMI Onboarding for VASPs – Institutional Clients – tailored advice for institutional-grade VASP operations with complex fiat architecture requirements.
FAQ
Why do banks close crypto company accounts?
Banks and EMIs close digital-asset business accounts most often because of internal risk-appetite policies that treat the sector as high-risk, irrespective of the individual operator's compliance standing. Correspondent banking pressure, AML programme uncertainty, and concerns about regulatory exposure drive these decisions. A VASP with a strong licensing position can challenge a closure on contractual grounds – inadequate notice, breach of conduct rules – and through a regulatory complaint to the relevant payment services supervisor. The legal basis varies by the governing law of the account agreement.
How can a VASP onboard with an EMI?
Successful EMI onboarding for a VASP requires a structured dossier: the VASP's regulatory authorisation, its AML/KYC programme documentation, its Travel Rule compliance architecture, its beneficial-ownership disclosure, and a clear description of the business flows and user base. The dossier must address the EMI's primary risk concerns before they are raised. Selecting an EMI whose own regulatory home and correspondent banking relationships are compatible with the VASP's jurisdiction and user profile is as important as the quality of the application itself.
What does client-money safeguarding require?
Under the payment services regimes in the EU and the UK, an EMI must hold client funds in a designated account at a regulated credit institution, segregated from the EMI's own funds, or covered by equivalent insurance. For VASPs, the key structuring question is whether the account agreement reflects the VASP's role as an intermediary holding funds on behalf of its own end-users – and whether the safeguarding therefore extends to that second layer. Failure to address this in the account terms creates a client-money exposure on closure that is both legally and operationally complex to resolve.
About OBOLUS
OBOLUS is an independent digital-asset law boutique acting only for businesses. We advise exchanges, custodians, token issuers and funds on licensing across 70+ jurisdictions, on disputes and on-chain asset recovery across 25+ forums, and on the banking, payment and compliance architecture that sits around them. We map the licence, banking and payment-layer stack across operating, custody and payment layers before you commit to a structure – because the fiat rails are where the disputes live. We also work alongside forensic partners to convert on-chain evidence into court-ready disclosure applications when recovery matters arise. Digital assets are the whole of our practice. To discuss your situation, contact info@oboluslaw.com or reach us at t.me/oboluslaw.
By Lydia Brennan, Tax & Structuring Analyst – specialising in cross-border fiat architecture, EMI onboarding structures and the payment-layer disputes that arise when banking relationships break down.
This publication is general information about the law and does not constitute legal advice. It is not a substitute for advice tailored to your circumstances. OBOLUS accepts no liability for action taken or not taken on the basis of this material. For advice on your situation, contact info@oboluslaw.com.