The safest posture is the one that doesn't hold your money.
OpenSettle's custody model isn't a policy — it's the architecture. We can't move your funds because we never have them. That changes everything downstream.
Non-custodial
Funds settle direct to your wallet — we never take possession.
OFAC screening
Every wallet sanctions-checked via Chainalysis, inline with the quote.
Signed everything
API responses, webhooks, and events all signed with rotating keys.
No stored card data
Stablecoin-only means we never hold PANs, PINs, or CVVs.
Audited by names your legal team recognizes.
Defense in depth, not in paperwork.
Infrastructure on AWS us-east-1 and us-west-2 with multi-region failover.
Smart-contract Router audited by Spearbit. Full reports on request.
Customer secrets encrypted at rest with envelope encryption and KMS rotation.
Data residency options available to enterprise plans (EU and Singapore).
SSO via SAML 2.0 and SCIM provisioning for admin team access.
Required MFA on all internal admin actions. No root keys ever leave HSM.
Why we don't need a money transmitter license.
In the United States, money transmission is defined around "receiving funds for transmission to another person." OpenSettle never receives customer funds — they flow directly to the merchant's wallet through a deterministic smart contract. Our fee is collected in the same atomic transaction as your settlement, not from a pool we control.
The same architectural decision sidesteps MSB registration with FinCEN, CASP licensing under MiCA in the EU, and VASP registration in most other jurisdictions. We structure OpenSettle as a software platform, because that's what it is.
This is a summary for engineering and product teams, not legal advice. For the full framework, including our counsel's letter and redlined audit reports, email compliance@opensettle.com.