BLOG
Insights on building trust infrastructure for global money movement
On April 28, 2026, Notabene hosted a fireside chat with two of Brazil's most experienced voices on virtual asset regulation: Sodreia Amorim, Head of Payments & Banking Relationships at BRAZA, and Marcos Rocha, Partner at Veirano Advogados. Moderated by Catarina Veloso - Director of Regulatory & Compliance at Notabene.
The session was held in Portuguese, days before the FX reporting obligation took effect. We've recapped it in English for our global audience, to surface the subject matter and the most relevant topics for anyone navigating Brazil's regulatory build-out.
Prefer the original? The recording is available here.
The regulatory moment Brazil is in
Brazil's virtual asset framework took a decisive shape in early 2026. On February 2, 2026, BCB Resolutions 519, 520, and 521 entered into force and, alongside Law 14,478, established what Catarina described as a comprehensive regulatory regime for SPSAVs (Sociedades Prestadoras de Serviços de Ativos Virtuais).
But the framework isn't being implemented all at once. The Travel Rule under Resolution 520 is being phased in through February 2028. The FX reporting obligation under Resolution 521 — the focus of this session — kicks in much sooner: May 2026, with the first reports due by the 5th business day of June covering April's operations.
That sequencing matters. As Catarina put it: even though the formal Travel Rule deadlines extend to February 2028, much of the counterparty identification work it requires becomes operationally urgent far earlier — because the FX regime demands it.
.png)
Why FX? The history behind the rule
Marcos opened with the historical context, and it's worth understanding because it explains the BCB's reasoning.
Brazil's FX regulation reflects a long history of foreign reserves scarcity. Even after the 1994 Plano Real strengthened the country's external reserves and the regime liberalised through the late 1990s, the BCB retained what Marcos called "liberdade monitorada" — monitored freedom. The Central Bank cares deeply about visibility into the balance of payments, the flow of foreign currency in and out of Brazil, and the holdings of non-residents domestically and Brazilians abroad.
That posture is now being applied to virtual assets. Resolution 521 amended Resolution 277 — the foundational FX regulation — to bring four new categories of virtual asset operations into the FX market perimeter:
- International payment or transfer using virtual assets. A Brazilian resident transferring or receiving virtual assets to or from a non-resident.
- Virtual asset transfers to fund international card or electronic payment use. This addresses crypto-loaded credit cards used internationally — partly a pre-emptive move against IOF tax arbitrage.
- Transfers of virtual assets to or from self-hosted wallets (carteiras autocustodiadas). The BCB's logic: once an asset moves to a self-hosted wallet, it leaves the regulator's field of view, so it must be reported as if it crossed a border.
- Purchase, sale, or exchange of virtual assets referenced to fiat currency — including stablecoins, even Real-denominated ones. Marcos noted this last category surprised many in the market: a BRL-stablecoin trade arguably isn't a cross-border movement at all, yet it falls under FX market rules.
The unifying theme: the BCB wants visibility into where virtual assets go, and is treating the loss of that visibility as functionally equivalent to a cross-border movement.
What gets reported, and how
Sodreia walked through the operational mechanics. The reporting vehicle is ACAM 212, a structured data file SPSAVs submit to the BCB. The cadence is monthly, with the deadline falling on the 5th business day of the following month — though institutions can submit multiple times throughout the month.
The data fields ACAM 212 requires include:
- Customer identification (originator)
- Counterparty identification — the hardest field, by consensus
- Transaction value in BRL and in the asset
- Asset type
- Transaction date and nature
- Country of origin and destination
Sodreia made an important framing point: it would be a mistake to read the BCB's phased Travel Rule timeline as permission to defer Travel Rule readiness. The ACAM 212 obligation alone effectively requires the counterparty identification capability that the Travel Rule will demand. Companies treating February 2027 (domestic Travel Rule) or February 2028 (cross-border) as a cliff-edge deadline risk not being prepared to meet interim obligations.
She also offered a pointed defense of the Travel Rule itself, against the reflexive crypto-native skepticism that often accompanies it. Tracing transactions improves AML enforcement, makes international flows auditable, and — critically — gives end users an additional layer of protection. In crypto today, a customer sending funds to the wrong wallet has no recourse. A counterparty identification layer changes that.
The hard part: identifying the counterparty
This was the throughline of the entire session. Every panelist returned to it.
The challenge is structural, not procedural. Sodreia put it cleanly: SWIFT — over 40 years of standardisation, accelerated in the late 1990s and now harmonised under ISO 20022 — gives institutions a BIC code that resolves counterparty identity and jurisdiction in one field. Pix and other modern payment rails inherit that design.
Crypto has nothing equivalent natively. A wallet address tells you nothing about who controls it.
Three patterns emerged from the discussion on how SPSAVs should approach this.
1. Self-declarations are accepted, but insufficient on their own.Resolution 520 permits SPSAVs to rely on customer self-declarations to gather counterparty information during the Travel Rule phase-in. Sodreia framed self-declarations as a useful starting point, but a weak control on their own, which can be enhanced if paired with blockchain analytics. Marcos agreed: at scale, there is no realistic alternative today. But the direction of travel is clear. As Travel Rule requirements come fully into force across jurisdictions, counterparty information will need to be verified institution-to-institution, through the exchange between counterparty VASPs themselves.
2. Cryptographic proof of ownership has tradeoffs.Methods like Satoshi tests (sending a small amount to verify control of a wallet) work, but they're expensive at volume and can make smaller transactions uneconomic. Marcos noted that some Swiss institutions use video calls to verify wallet ownership — but Brazil's market is too pulverised for that to scale. User-friendlier cryptographic signatures generated from the user's wallet are emerging as the best path, particularly in jurisdictions like the EU where verification of control is mandatory above certain thresholds.
3. Wallet screening is the practical near-term tool.Marcos pointed to the increasing sophistication of wallet screening providers — algorithms that can determine with high confidence whether a wallet's behaviour pattern matches a self-hosted wallet or a VASP, and even infer geolocation from on-chain activity. Catarina added that Notabene's network can already identify a significant portion of counterparty wallets and resolve their VASP and jurisdiction.
Same data, different flows: where Travel Rule and FX reporting converge
This was the conversation's organising insight.
The Travel Rule and the FX reporting rule are asking for largely the same underlying data — counterparty identification, originator information, transaction details. But they ask for it through different channels:
- Travel Rule requires SPSAVs to transmit that information to the institutions they interact with (the counterparty VASP or its proxy).
- FX reporting requires SPSAVs to submit that information to the Central Bank itself.
Same data, two flow directions. One is institution-to-institution; the other is institution-to-regulator.
For SPSAVs building or buying compliance infrastructure right now, this matters operationally: investments in counterparty identification that look like Travel Rule investments are, in fact, also FX reporting investments. The reverse is true too. Catarina's recommendation to anyone implementing the Travel Rule: talk to your providers about what they can already tell you about counterparty wallets, because that capability is doing double duty.
She also flagged a common organisational hazard. The team building Travel Rule compliance and the team building ACAM 212 reporting are often different teams. The session's purpose, she said, was to get those teams talking — because the controls each is building should serve both obligations.
Settlement risk: a deeper problem the conversation surfaced
A participant question late in the session raised one of the deeper problems with applying conventional compliance to public blockchains: once a transaction is on-chain, it's settled. There's no recall, no clawback.
Catarina used the question to introduce a concept Notabene has been developing in other markets: shifting compliance to before settlement, not after. In traditional payment systems, settlement is preceded by an authorisation flow between the institutions involved. The same model can be applied to virtual asset transfers — the originating VASP transmits identifying information to the beneficiary VASP before executing on-chain, and the beneficiary can respond before funds move.
Notabene also announced (during the session) a new capability for VASPs to coordinate the return of unwanted transactions through its network — addressing the fact that you cannot simply send funds back to the originating address without knowing whether that address is structured to receive them. Read more on Notabene Revert in our recent blog post.
Marcos added that permissioned networks have a structural advantage here: they support clawback and freezing natively, which has become a meaningful topic in international regulatory forums. The asset-recovery question — what happens when a high-value transaction goes to the wrong place — is one regulators globally are watching.
A post-webinar update: Resolution 561 and what it actually does
Two days after the webinar, on April 30, 2026, the BCB published Resolution 561, amending the eFX framework. International headlines almost immediately declared that Brazil had "banned stablecoin settlement in cross-border payments."
In fact, Resolution 561 targets one specific channel: eFX, Brazil's simplified electronic FX route for retail digital cross-border flows — such as international online card purchases and digital remittances handled by payment institutions, e-money issuers, and acquirers. Inside that channel, settlement between an eFX provider and its overseas counterparty must now occur through traditional FX operations or non-resident BRL accounts. Stablecoins and other virtual assets can no longer be used as the settlement leg. The change takes effect October 1, 2026.
What Resolution 561 does not do is ban stablecoin cross-border settlement across the board. Licensed SPSAVs — and banks operating under the SPSAV framework — can still use stablecoins for international transfers, because that activity sits inside the FX market regime established by Resolution 521 (mentioned above). Cross-border stablecoin movement remains entirely possible: it just has to flow through an authorised institution, under FX-market rules, with the reporting and counterparty obligations that come with that perimeter.
Put together with Resolution 521, the BCB's direction is now unambiguous:
- The lighter, retail-oriented eFX route is being closed to virtual assets.
- The supervised SPSAV/FX-market route is being expanded and reinforced, with ACAM 212 reporting, Travel Rule obligations, and FX market authorisation as the price of entry.
For the audience of this article, the practical implication is straightforward. Resolution 561 doesn't change the operational picture for SPSAVs building toward May 2026 reporting and 2027–2028 Travel Rule compliance. If anything, it raises the stakes: cross-border stablecoin activity that previously sat in the lighter eFX channel will increasingly flow through SPSAVs, which means the supervised route can absorb more volume. The institutions that have built robust Travel Rule, and counterparty resolution capabilities will be the ones positioned to capture that flow.
What SPSAVs should do now: the panel's recommendations
The panel closed with practical guidance. Compressed:
Sodreia (operational priorities):
- Map your flows. Understand which transaction types your business runs and which qualify for ACAM 212 reporting.
- Classify operations. Build a clean classification logic for the four FX-scoped categories.
- Choose your counterparty identification model deliberately. Don't default to manual collection from customers — they often don't know the answer either. Look at where automation, blockchain analytics, and network-resolved counterparty data can take friction out of the customer experience.
- Don't defer Travel Rule preparation. The phased timeline isn't permission to wait.
Marcos (legal priorities):
- Comply with all obligations now, even ahead of authorisation. SPSAV authorisation applications will assess prior compliance posture. Falling short on obligations already in force can compromise the authorisation outcome.
- Assume FX market authorisation is required. Marcos was direct: realistically, almost no SPSAV will be able to operate without FX market authorisation, because even buying a BRL-denominated stablecoin now falls within the FX market.
- Structure for partnerships. SPSAVs facing the operational limits — including the USD 100,000 per transaction cap for SPSAVs without full FX dealer authorisation — should be looking at partnerships with authorised institutions early. Sodreia confirmed this is exactly where many in the market are heading, with institutions like BRAZA positioned to absorb operations that exceed SPSAV limits.
The bigger picture
Catarina closed on a structural point that's worth flagging. Crypto's native architecture wasn't designed to fit within regulatory perimeters. Bringing virtual asset infrastructure into a regulated regime means building something that doesn't yet exist: a coordination layer between institutions that can carry the kind of contextual information traditional payment rails carry natively.
That layer matters beyond compliance. As Catarina noted — drawing on Notabene's own experience with finance teams — one of the reasons crypto and stablecoin payments haven't yet penetrated business operations at scale is that payments arrive without context. Reconciliation against invoices, contracts, and customer records is genuinely hard. The same infrastructure that makes Travel Rule compliance and FX reporting possible is the infrastructure that makes crypto and stablecoins viable as actual payment rails.
May 2026 is one milestone. It's also a forcing function for building the right thing.
Want to go deeper?
For a comprehensive view of the regulatory landscape, see Notabene's Brazil Virtual Asset Regulatory Playbook, produced in partnership with Veirano Advogados and ABToken.
The full webinar recording is available on demand, and the recording is available here.
This article summarises a fireside chat held in Portuguese, hosted by Notabene in collaboration with AB Token on April 28, 2026, with Catarina Veloso (Notabene), Sodreia Amorim (BRAZA), and Marcos Rocha (Veirano Advogados). All quotes and references have been translated from the original Portuguese.
Something shifted in cross-border payments over the last few years, and it happened faster than most people expected. The stablecoin layer - once an experiment at the margins - is now a real part of how money moves globally. You can see it in the deal flow, customer conversations, in where regulatory attention is going. Digital assets have crossed the chasm.
But having crossed the chasm doesn't mean you've arrived. It means the question has changed. And the question the industry is now dealing with - mostly implicitly, sometimes explicitly - is whether the architecture that got us this far is the architecture that takes us to the next stage.
The dominant architecture is what people started calling the stablecoin sandwich a year or two back. Fiat converts to stablecoin at one end, value moves across the chain, stablecoin converts back to fiat at the other end. It works. It has unlocked real use cases: hard-currency corridors where someone on one side urgently wants dollars, corporate treasury moving funds across borders at hours that SWIFT can't touch, situations where you can bundle the off-ramp problem into one partner relationship and move on.
I spent time at a very large GSIB early in my career, building systems reconciling trade feeds to SWIFT feeds, sitting inside correspondent banking. Something I learned - and that I keep thinking about now - is that correspondent banking works. It is expensive, slow, and remarkably opaque, but it reliably moves money. The model is: bilateral relationships, pre-funded positions, corridor-by-corridor expansion. You add a corridor when the economics justify it. You maintain the relationships because the alternative is reduced volume.
What I find genuinely interesting about the stablecoin sandwich is that it has reproduced this model almost exactly. Different settlement rails, same underlying structure. If you peel back the UX improvements and the faster settlement times, the correspondent banking architecture is still there. You still need pre-funded positions on both sides of each corridor. You still build out one corridor at a time. Conversion costs don't disappear - they shift around, sometimes to your benefit, sometimes not - but they stay in the system.
The payment CEOs I talk to who have been running stablecoin sandwich operations for a few years are starting to feel this. Three or four corridors looks great on the unit economics. Twenty corridors - which you need if you're serious about global reach - starts to look like a different business. Many stablecoin orchestrators product roadmaps are filled with integrations to support more corridors to increase volume rather than building better products.
The operational overhead, the compliance exposure per corridor, the working capital tied up in pre-funded positions: it compounds. And margins that looked healthy early on start to come under pressure. Many of the largest banks globally have secretly been removing expensive and risky to operate long tail corridors from their correspondence bank offerings by outsourcing this volume to PSPs and stablecoin orchestrators.
The industry is already sensing this, and you can see it in where the interesting product work is happening. What's emerged is a kind of open-faced stablecoin sandwich: one-way fiat conversion instead of two-way. Stablecoin cards are the clearest example - the cardholder's account is stablecoin-native, the conversion only happens at the point of spend into fiat. You've cut the conversion problem in half. One side of the transaction has gone native; the other side is still touching the legacy rails. It's real progress. But it's still a transitional architecture, not the destination.
This isn't a criticism of the people who built this way. The stablecoin sandwich, and its open-faced variant, were the correct call for the environments in which they emerged. When you're trying to get from zero to adoption, you build for backward compatibility. You operate within the systems where the money already lives.
Every technology does this phase. Remember Vonage or paying for a phone number in Skype? VoIP spent years routing calls between traditional phone endpoints before Skype and WhatsApp came along and made those endpoints superfluous for general use. The stablecoin sandwich is how you get a foothold, not how you achieve the end state.
As more issuers enter the market - across banking consortia, fintechs, and sovereign-backed initiatives - the question stops being which stablecoin you're holding and becomes what you can do with it natively. A network of institutions that can settle with each other directly, without rebuilding bilateral corridors for each relationship, compounds differently than a network of corridors does. That's the transition worth building toward.
There's a difference between a transitional architecture and a destination, and the industry is at the point where that distinction matters for the decisions you're making now. The companies worth watching are the ones that ran the stablecoin sandwich where they needed to, understand exactly what it costs them to operate, and are building deliberately toward something different. The regulatory framework is falling into place. The infrastructure question is the one that deserves more honest attention.
The problem with crypto’s one-way street
Blockchain transactions are natively unilateral. Whoever holds the private keys decides if settlement happens. Once a transaction is broadcast and confirmed on-chain, the receiver doesn’t get a “yes” or “no” moment. There is no native ability to accept or reject a payment.
When an unwanted transaction is received, there is also no straightforward way to send it back even though, in many cases, returning funds is a mandatory regulatory requirement.
For example, under the EU Travel Rule regime, if a beneficiary Crypto-Asset Service Provider detects post-settlement a transaction that lacks the required Travel Rule information to unambiguously identify the parties, it must return the funds to the originator.
In practice, however, returning funds is anything but simple. Institutions face a minefield of liability. They cannot assume that the original sending address is able to receive a return. If that address is not prepared for this purpose, the returned funds may be permanently lost.
The scale of this problem is significant. The Joint Money Laundering Steering Group (JMLSG)—the UK body providing guidance on AML compliance—explicitly recognizes this, stating that crypto asset businesses “should consider the risks and complexities [of returning funds] prior to making a return, as it may create operational challenges … to reattribute it to the originator.”
The long-awaited "undo button" for crypto
To solve this, Notabene has introduced Revert—a post-settlement control layer for digital asset transactions, enabling institutions to safely coordinate, authorize, and complete returns of funds across counterparties. This is effectively an "undo button" for crypto transactions.
Here’s how it works:
When a beneficiary institution needs to return funds, it initiates a revert request. The originator is notified of the request and can respond by authorizing the return and providing a verified wallet address where the funds should be sent. The beneficiary can then execute the return with confidence, while both sides retain full visibility and auditability across the entire lifecycle.
To be clear: this is an innovation in trust and coordination. There is no change to how blockchains natively work. Settlement remains immediate and irreversible according to first principles of blockchain design. However, within a network of cooperative institutions, we can introduce a novel new control layer to correct mistakes.
This functionality is built on the Transaction Authorization Protocol (TAP), an open standard for communicating about transactions. Any adopter of TAP, regardless of a commercial relationship with Notabene, can participate in coordinated return-of-funds flows. This is infrastructure for the entire industry, not just Notabene customers.
The importance of pre-transaction authorization
Revert addresses a necessary gap today, but it is not on its own a holistic solution to end-to-end transaction orchestration.
When counterparties verify compliance data, assess risk profiles, and explicitly authorize transactions before settlement, the need for post-settlement remediation and fund returns largely disappears.
The Notabene Network has already powered over $2 trillion in compliant transaction volume using this approach. Pre-transaction authorization is becoming a standard, and we are advancing it further by enforcing authorization by design within Notabene Flow payments.
But standards take time to become universal. Until pre-transaction authorization is widespread across all digital asset transactions, the industry needs a way to handle edge cases: non-compliant counterparties, missing information, and operational mistakes.
That’s the safety net that Revert provides.
Trust, coordination, and compliance infrastructure
Notabene's Revert functionality demonstrates the power of coordination and an end-to-end transaction control layer when institutions transact within shared standards and trusted networks.
As digital asset payments evolve, infrastructure like this is what turns crypto rails into something businesses can actually rely on.
With the introduction of Revert, we’re covering all the bases so that compliant, coordinated transactions become the default.
NEW YORK — April 28, 2026 — Once a crypto transaction settles, there has never been a safe, standardized way to reverse or correct it, even when regulation requires it. Notabene, the trust layer for global money movement, today announced Revert, the first post-settlement control layer for digital asset transactions, enabling institutions to safely coordinate, authorize, and complete returns-of-funds flows across counterparties.
For the first time, institutions can control what happens after a crypto transaction settles, not just before it.
Until now, post-settlement workflows in crypto have been manual, fragmented, and high-risk. The moment a transaction moved between two institutions, there was no coordinated mechanism to return the funds.
While traditional payment systems rely on standardized processes for refunds, corrections and dispute resolution, crypto transactions between institutions have lacked any coordinated mechanism - leaving institutions to rely on email, informal coordination, and unverified wallet addresses.
At the same time, new regulations now require institutions to return funds in certain cases, creating a gap between regulatory obligation and available infrastructure.
Revert closes that gap. Revert introduces a post-settlement control layer for digital assets - enabling institutions to initiate, authorize, and complete return-of-funds flows with verified wallet destinations and a full audit trail.
Built on the Transaction Authorization Protocol (TAP), Revert enables institutions to coordinate refunds across counterparties as a shared network standard, rather than within closed ecosystems.
"Blockchain finality makes sense for settlement. It doesn't make sense for everything else institutional payments actually require: coordinating across counterparties, correcting mistakes, and unwinding transactions that shouldn't have gone through," said Pelle Braendgaard, CEO of Notabene. "Revert is the first post-settlement control layer that works between institutions rather than inside them, and crypto can't credibly support real business payments without it."
Revert is available today across the Notabene Network, which already connects more than 2,200 regulated institutions across 100+ jurisdictions and has processed over $2 trillion in compliant transaction volume. The launch lands as return-of-funds obligations are tightening across jurisdictions. Under the EU Transfer of Funds Regulation, for example, a Crypto-Asset Service Provider that detects missing Travel Rule information after a transaction has settled must return the funds to the originator, a workflow that has been operationally difficult until now.
For more on Revert, visit notabene.id/revert
About Notabene
Notabene is the trust layer for global money movement. The Notabene network connects thousands of trusted counterparties, facilitating trillions of dollars in transaction volume annually across over 100 jurisdictions. Notabene provides industry-leading tools for stablecoin payment coordination, real-time transaction authorization, counterparty verification, and self-hosted wallet identification—helping institutions build trust into every transaction.
Press Contact:
Clay Fain
VP, Marketing
Notabene
[email protected]
For the first time, institutions can control what happens after a crypto transaction settles, not just before it.
Once a transaction confirms on-chain, there has never been a safe, standardized way to reverse or correct it. Post-settlement workflows have been manual, fragmented, and high-risk — institutions relying on email, informal coordination, and unverified wallet addresses to handle something as routine as a refund. The moment a transaction moved between two institutions, there was no coordinated mechanism to return the funds.
Revert closes that gap. It's a post-settlement control layer for digital assets that lets institutions initiate, authorize, and complete returns of funds with verified wallet destinations and a full audit trail — across counterparties, not just within a closed ecosystem.
Read the full press release.
How it works
Either side of a transaction — the originator or the beneficiary — can initiate a revert request. The full flow:
- The institution initiating the return submits a revert request with a reason attached.
- The counterparty receives the request through the Notabene platform and reviews it.
- If approved, the counterparty provides a verified wallet address for where the funds should be sent.
- The initiating institution executes the return to that verified address.
- Both sides retain full status and timeline visibility, from the initial request through to settlement.
The critical step is #3: the wallet address is confirmed through the coordination process before funds move. That's what eliminates the operational risk that has made cross-institution returns so difficult — no more sending funds back blindly to an address that may not be able to receive them.
For a full walkthrough of the technical mechanics, visit our help documentation.
What institutions use Revert for
- Customer refunds where funds need to be returned to the original sender
- Operational corrections — transactions sent in error, wrong amounts, or wrong counterparty
- Dispute resolution between institutions
- Regulatory return obligations, including cases where Travel Rule regulations require a beneficiary to return funds to the originator
Open to the whole industry
Revert is built on the Transaction Authorization Protocol (TAP), the open standard for institutional communication about crypto transactions. Any institution that has implemented TAP can participate in coordinated return flows — regardless of whether they have a commercial relationship with Notabene. This is infrastructure for the industry, not a feature locked behind a single platform.
Revert is available today across the Notabene Network, which connects more than 2,100 regulated institutions across 100+ jurisdictions and has processed over $2 trillion in compliant transaction volume.
Already a Notabene customer? Revert is available now. Reach out to your Customer Success Manager or contact us at [email protected] to get set up.
Not yet on the Notabene Network? Book a demo and we'll walk you through how Revert works in the context of your operations.
Between April 1 and April 8, 2026, three federal agencies put concrete proposals on the table for how the GENIUS Act will be implemented.
- Treasury issued its notice of proposed rulemaking (NPRM) on how state-level stablecoin regimes get certified as substantially similar to the federal framework.
- The FDIC published a NPRM establishing requirements and standards applicable to FDIC-supervised permitted payment stablecoin issuers (PPSIs) and insured depository institutions (IDIs) that engage in payment stablecoin-related activities, covering reserves, redemption, custody, and risk management.
- FinCEN and OFAC jointly proposed the AML/CFT and sanctions compliance program that every PPSI will need to build.
🗓️ April 1: Treasury defines the pathway to state-level regulation
The GENIUS Act created a dual-pathway regime. Payment stablecoin issuers with consolidated outstanding issuance of $10 billion or less can opt into state-level regulation, provided the state regime is certified as "substantially similar" to the federal framework. Issuers above that threshold come under direct federal oversight.
Treasury's April 1 NPRM lays out the broad-based principles it will use to determine substantial similarity, building on the advance notice of proposed rulemaking Treasury issued the prior September.
Under GENIUS, states must meet or exceed the core prudential standards and requirements described in Section 4(a) of the Act. Treasury's proposal splits those Section 4(a) requirements into two buckets:
- "Uniform requirements" (such as reserve composition, BSA/sanctions compliance, and redemption obligations), where states have essentially no interpretive discretion and must mirror the federal standard.
- "State-calibrated requirements" (such as capital, liquidity, reserve asset diversification, and risk-management standards), where states retain meaningful design flexibility but must still produce outcomes "at least as stringent and protective" as the federal framework.
For provisions outside Section 4(a) — applications, licensing, supervision, and enforcement — states get more latitude, but must still deliver similar levels of authority, oversight, and holder protection. Examination authority, for example, cannot be limited to cases where the issuer consents, and stablecoin holders cannot be treated as general unsecured creditors in insolvency.
Treasury is also explicit that states may go beyond federal requirements, but only if the additional rules neither conflict with the Act nor erode the substantially-similar determination.
The comment period runs 60 days from Federal Register publication.
🗓️ April 7: FDIC sets the operating rules for PPSIs
On April 7, 2026, the FDIC approved a NPRM implementing GENIUS Act requirements for FDIC-supervised PPSIs and insured depository institutions that engage in payment stablecoin-related activities, with comments due by June 9, 2026.
Among the most consequential provisions is proposed § 350.3(b)(4), which operationalizes Section 4(a)(11) of the GENIUS Act — the statutory prohibition on stablecoin yield. The rule would bar a PPSI from paying any holder of its payment stablecoin any form of interest or yield, whether in cash, tokens, or other consideration, solely in connection with the holding, use, or retention of the stablecoin.
Anticipating that issuers may seek to replicate yield indirectly through affiliates or commercial partners, the FDIC pairs the prohibition with a rebuttable presumption. An issuer is presumed to be in violation if it has an arrangement to pay consideration to an affiliate or related third party, and that affiliate or related third party in turn pays interest or yield to holders of the issuer's stablecoin solely for holding, using, or retaining it. The presumption also reaches cases in which the PPSI issues stablecoins on behalf of, or under the branding of, a related third party — in that scenario, the end holder is treated as a holder of the PPSI-issued stablecoin for purposes of the prohibition.
That second prong is aimed squarely at white-label and co-branded issuance arrangements, where the regulated issuer is one entity but the customer-facing brand and distribution relationship sit with another.
A PPSI may rebut the presumption only by submitting written materials that satisfy the FDIC the arrangement is neither prohibited nor structured to evade the prohibition. Taken together, the provision signals that the FDIC intends the no-yield rule to apply substantively, not just on the face of issuer–holder documentation.
🗓️ April 8: FinCEN and OFAC define the AML/CFT and sanctions rules
On April 8, 2026, FinCEN and OFAC jointly issued a proposed rule implementing the GENIUS Act's directive to treat PPSIs as financial institutions under the Bank Secrecy Act and to require an effective sanctions compliance program. The rule puts PPSIs squarely under the full BSA playbook — a risk-based AML/CFT program, SAR filing (at a $5,000 threshold), Customer Due Diligence and beneficial ownership collection for legal entity customers, CTRs, Recordkeeping and Travel Rule, information sharing, enhanced due diligence for correspondent and private banking relationships, and special measures — plus two PPSI-specific obligations mandated by the GENIUS Act:
(1) technical capabilities to block, freeze, and reject impermissible transactions, and
(2) the capability to comply with "lawful orders" to seize, freeze, burn, or prevent the transfer of payment stablecoins.
On the sanctions side, OFAC proposes a new Part 502 codifying a five-element effective sanctions compliance program (senior management commitment, risk assessment, internal controls, testing and auditing, and training), modeled on OFAC's 2019 Compliance Framework and 2021 Virtual Currency Industry Guidance.
On Travel Rule specifically: FinCEN's 2019 interpretive guidance (FIN-2019-G001) had already clarified that transmittal orders involving convertible virtual currencies (CVCs) — a category that includes payment stablecoins — qualify as "transmittals of funds" under the Recordkeeping and Travel Rules, because a CVC transmittal order is an instruction to pay "a determinable amount of money." The underlying Travel Rule obligation therefore already applied. What is new is that FinCEN proposes amending the definition of "transmittal order" in 31 CFR 1010.100(eee) to expressly include payment stablecoin alongside "money", codifying the 2019 position and removing any remaining room for interpretation post-GENIUS. PPSIs are also being added to the list of institutions in § 1010.410(e)(6), giving them the same PPSI-to-PPSI and PPSI-to-bank exceptions that banks and broker-dealers enjoy.
The relevance of Travel Rule requirements extends well beyond Travel Rule compliance in itself. OFAC sanctions are a strict-liability regime — a PPSI can be held civilly liable for a violation even without knowledge that it was engaging in one — and the rule makes clear that PPSIs must account for identifying and blocking transactions that would violate U.S. sanctions, including stablecoins traded by blocked persons on the secondary market when a PPSI exercises possession or control (for example, through smart contracts). A risk-based OFAC program cannot function on wallet addresses alone; meaningful screening requires counterparty identity. The data PPSIs collect through Travel Rule controls is paramount to ensure the effectiveness of OFAC screening programs.
Finally, proposed § 1033.240(a) implements the GENIUS Act's directive that PPSIs maintain technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions, and FinCEN expressly extends this obligation to secondary market activity, noting that this is where the majority of illicit stablecoin flows occur.
Conclusion
Read together, these three proposals sketch the operational reality of PPSIs under the GENIUS Act. All three proposals follow the standard 60-day comment window from Federal Register publication, which puts the response deadlines in early June 2026. Overlaying this process is the GENIUS Act's own effective-date mechanic. The Act becomes effective on the earlier of (a) January 18, 2027, or (b) 120 days after the primary Federal payment stablecoin regulators issue final regulations implementing the Act.
Notabene is actively preparing its response to the FinCEN and OFAC NPRM. Further insights to follow.
Stablecoin payments shouldn't require your finance team to chase down wallet addresses, verify counterparties manually, or reconcile transactions after the fact. In this two-minute walkthrough, I demo how a custodial wallet provider can create and send a compliant invoice that gets paid, verified, settled on-chain, and reconciled — automatically — through Notabene Flow.
Last month, I joined government and industry stakeholders from both sides of the Atlantic at the U.S.–U.K. Transatlantic Taskforce on Markets of the Future. The session brought together U.S. Treasury, the FCA, the Bank of England, and agencies including the SEC, CFTC, FDIC, OCC, and Federal Reserve, alongside asset managers, global banks, payment platforms, and digital asset infrastructure providers.
The discussion was substantive and specific. Participants named real friction points: punitive Basel capital treatment keeping banks out of tokenized markets, definitional mismatches between U.S. and U.K. money market funds, sandbox structures that inadvertently exclude non-U.K. entities, and the gap between where stablecoin policy intent is heading and where operational realities sit today.
I want to share the perspective Notabene brought to the table as it cuts to something foundational that often gets lost in the broader regulatory harmonization conversation.
As tokenization and stablecoin settlement scale, the question is not whether we regulate — it's whether supervision is interoperable across jurisdictions.
Right now, the policy intent between the U.S. and U.K. is largely aligned. The operational realities are not. From Notabene's position — operating the largest AML Travel Rule-compliant network for regulated institutions, connecting thousands of counterparties across more than 100 jurisdictions and facilitating over $2 trillion in annual transaction volume — we see exactly where that friction lives. Here is where we focused.
Interoperability Is the Friction Point
The Travel Rule is not a niche crypto requirement. It is a core FATF standard designed to ensure that cross-border value transfers carry originator and beneficiary information. Over 100 jurisdictions are now implementing some version of it. Interoperability is no longer theoretical, it is foundational to how digital asset markets function safely across borders.
But the U.S. and U.K. implementations diverge in ways that create real, daily compliance asymmetry. In the U.K., firms must transmit core Travel Rule information for crypto transfers regardless of amount, with enhanced requirements once transfers exceed roughly €1,000 in cross-border contexts. In the U.S., Travel Rule obligations generally trigger at $3,000, with different implementation mechanics.
Even though the policies are aligned, that difference alone creates operational friction. A U.K. firm is obligated to receive information on a broader set of transfers than a U.S. counterparty is legally required to send. U.K. firms are also required to report non-compliant U.S. counterparties to the FCA — even where the U.S. counterparty transmitted no data because it had no obligation to do so under U.S. regulations.
This is not a disagreement about AML policy. Both jurisdictions are committed to the same underlying objective. It is a systems interoperability problem — and it has a tractable solution. Alignment on a minimum interoperable data schema and response protocol for cross-border regulated transfers would resolve it. The forthcoming adjustments to align with the revised FATF Recommendation 16 present a timely, concrete opportunity.
Trust Frameworks Should Be Machine-Readable
Both jurisdictions expect firms to conduct risk-based due diligence on counterparties — verifying regulatory status, Travel Rule compliance capability, and safeguards around transmitted personal data. That expectation is sound.
The execution is not. Today, that diligence is largely manual and duplicative. If a U.S. institution and a U.K. institution are both supervised entities, there should be a standardized, machine-readable way to recognize that status and its scope. Not a PDF exchange. A structured, interoperable counterparty trust taxonomy.
This reduces friction while strengthening assurance. That is harmonized supervision done well and critically, it does not require identical regulatory regimes. It requires a shared vocabulary for recognizing equivalent outcomes.
Programmable Compliance Solves the Irreversible Settlement Problem
One of the defining operational challenges in digital asset markets is that once a transfer settles, reversal is difficult. Returning funds can introduce operational, liquidity, and sanctions exposure which are the very risks compliance frameworks are designed to prevent.
U.K. guidance produced by the Joint Money Laundering Steering Group already contemplates confirmation mechanisms to ensure that beneficiary information aligns before value is finalized. That instinct is correct. Programmable compliance is where it becomes actionable.
A pre-settlement authorization layer, which was introduced as an infrastructure upgrade to virtual asset transactions, that allows institutions to validate identity, confirm regulatory status, attach structured compliance metadata, and enforce AML policy before assets move. That transforms the Travel Rule from a recordkeeping obligation into a preventative control.
As stablecoins increasingly serve as settlement rails for tokenized activity, pre-settlement authorization is not an enhancement — it is a prerequisite for safe cross-border scale.
Without interoperable pre-settlement controls, cross-border settlement risk does not stay constant as these markets grow. It scales with volume.
Regulator Visibility Requires Harmonized Protocols
Regulators on both sides of the Atlantic are flying partially blind when Travel Rule exceptions occur cross-border. Without shared reason codes or common escalation thresholds, a compliance failure that is visible to the FCA may produce no signal at all for a U.S. counterpart and vice versa.
Open messaging standards already exist that would enable structured, machine-readable compliance exchange. The Transaction Authorization Protocol (TAP) — the open standard that Notabene Transact and Notabene Flow are built on — is designed precisely for this: allowing verified entities to exchange compliance data securely and consistently before settlement. The point is not to mandate any single framework. It is to recognize that programmable interoperability is technically achievable today, and that aligning around open standards rather than bespoke bilateral integrations would materially reduce friction while strengthening supervisory oversight.
The Window Is Now
The session surfaced broader themes beyond Travel Rule mechanics — punitive Basel capital treatment keeping well-capitalized banks on the sidelines, definitional mismatches between U.S. and U.K. money market funds complicating tokenized collateral use cases, and open questions about how stablecoin issuance recognition will work across jurisdictions as the GENIUS Act moves into implementation.
Running through all of it was a consistent message from industry: we do not need identical rules. We need the rules we have to be interoperable. And we need that interoperability built into infrastructure — not achieved transaction-by-transaction through manual reconciliation.
What stood out about this session was the level of specificity on both sides. Regulators genuinely in listening mode. Industry participants naming concrete friction points rather than offering generalized calls for clarity. That is the right conversation to be having, and the right format for having it.
The taskforce indicated that recommendations will be delivered to the U.S.–U.K. Financial Regulatory Working Group this summer, ultimately reaching the Chancellor and Treasury Secretary. Written follow-up from industry is welcomed and encouraged.
For those who want to shape what comes next: now is the moment to be specific.
We’re excited to announce our integration partnership between Corsa and Notabene, bringing together leading transaction authorization and trust infrastructure with a modern risk operating system for moving digital assets compliantly and at scale.
Notabene provides real-time counterparty coordination and end-to-end transaction authorization solutions for digital asset businesses, enabling secure, compliant data exchange between counterparties. Institutions use Notabene to meet global regulatory requirements and facilitate high-value B2B stablecoin payments while maintaining seamless transaction flows. Corsa delivers the operating layer that unifies compliance data, automates workflows, and turns risk signals into actionable intelligence across the organization.
Together, the integration brings Notabene’s network-driven trust layer directly into the core of compliance operations and helps financial institutions bridge compliance decisioning and transaction execution.
With this integration, teams using Notabene can view Travel Rule information in full context - alongside counterparty data, transaction activity, customer profiles, onboarding data, alerts, and risk signals - all within Corsa.
By simply connecting their Notabene API keys, customers can automatically surface data from the Notabene network inside Corsa with no engineering work required. This securely encrypted data becomes immediately available across customer profiles, transactions, alerts, and investigations, enabling a unified and real-time view of compliance across both counterparties and transactions.
Beyond visibility, the integration enables companies to operationalize Travel Rule data within their broader compliance workflows. Teams can incorporate this data into monitoring, investigations, and decisioning processes - all within Corsa.This allows compliance teams to move beyond fragmented workflows and manage Travel Rule requirements as part of a broader, connected compliance system.
This partnership reflects a shared vision: enabling digital asset institutions to meet global regulatory requirements while moving value with greater speed, confidence, and control.
By combining Notabene’s trust infrastructure with Corsa’s unified compliance and risk OS, teams gain the ability to manage regulatory obligations and customer risk in one place - with full context, control, and automation.
---
For more info, talk to our team or visit www.corsa.finance
The Financial Action Task Force (FATF)'s March 2026 report on stablecoins and unhosted wallets is simultaneously alarming and clarifying. It formally documents the architecture of a compliance failure that we at Notabene have been watching for years.
The report finds that stablecoins now represent 84% of illicit virtual asset transaction volume, surpassing Bitcoin. As of March 2026, there are 259 stablecoins in circulation, with a combined market cap exceeding $300 billion. They're faster, more stable, and more liquid than Bitcoin—exactly the properties that make stablecoins useful for legitimate commerce. The problem is that these same properties make stablecoins attractive to DPRK state hackers, Iranian proliferation financiers, and professional money launderers.
FATF illustrates these dynamics in the infographic below, highlighting the growing role of stablecoins and the increasing use of peer-to-peer transactions through unhosted wallets.

The report notes that stablecoins are increasingly used in peer-to-peer transactions via unhosted wallets, which are not operated by third-party service providers and can fall outside traditional counter-illicit finance controls.
The real story here isn't the stablecoin adoption curve. it's the gap in the compliance framework built to contain it.
The Unhosted Wallet Problem
The FATF report doesn't frame stablecoins as the problem. Its focus is on how they move. Peer-to-peer (P2P) transactions via unhosted wallets are the critical vulnerability the report identifies, and within the current FATF framework, there's no regulatory solution to close it.
By design, P2P transactions between individuals using self-custody wallets fall outside AML/CFT obligations. This allows users to send and receive crypto assets without relying on a regulated intermediary like an exchange or custodian**.** No intermediary means no obliged entity responsible for customer due diligence, transaction monitoring, or suspicious activity reporting. The transaction is visible on-chain, but functionally invisible to competent authorities until it reaches an off-ramp.
This is a structural feature of the framework as written, not an implementation gap.
The FATF acknowledges this honestly. Their guidance as it pertains to Travel Rule coverage on this is clear: obligations fall on VASPs, not individuals. Secondary market P2P transactions don't trigger compliance requirements. However, the report documents case after case of threat actors exploiting this exact dynamic: layering in unhosted wallets, chain-hopping across blockchains, structuring transactions to stay functionally distant from any Travel Rule-covered wallet, then converting to fiat through unlicensed OTC brokers in jurisdictions with weak AML/CFT controls.
What the Report Gets Right
The FATF report makes clear that this is not a detection problem that can be solved with better analytics. The mitigation measures recommended such as identity verification of wallet owner, whitelisting (allow-listing), blacklisting (deny-listing), programmable smart contract controls, blockchain forensics, supervisory colleges, and public-private partnerships are all legitimate tools, and some jurisdictions are already putting them to use:
- Switzerland plans to implement on-chain allow-listing.
- France is deploying blockchain analytics.
- Japan has introduced explicit requirements on stablecoin issuers and intermediaries.
- Singapore has mandated enhanced due diligence for unhosted wallet transfers.
The progress is real, but the problem is that all of these measures are reactive. They freeze addresses after the fact, monitor secondary market circulation, catch exits - but they don't prevent the transaction from happening in the first place.
The Travel Rule Problem
The FATF report is careful but clear on a critical vulnerability: the Travel Rule framework struggles with unhosted wallet scenarios in precisely the way that matters for stablecoin misuse.
The report reiterates that Recommendation 15 and the Travel Rule remain the foundation of crypto AML compliance. Under FATF standards, jurisdictions must ensure that virtual asset service providers (VASPs) are licensed or registered, conduct customer due diligence, monitor transactions, and report suspicious activity, and that they transmit originator and beneficiary information for qualifying transfers. ****It's designed to ensure that compliance-aware intermediaries have visibility and can apply controls. The FATF guidance makes clear that even when a VASP customer is transferring to an unhosted wallet, the VASP must collect beneficiary information.
The problem is what happens next or more precisely, what doesn't.
When a VASP's customer transfers to an unhosted wallet, the VASP now has beneficiary information about an address it doesn't control. That address, in turn, may then transfer to another unhosted wallet. And another. And another. The report calls this the "transactionally distant" problem: threat actors create chains of unhosted wallets that are multiple hops away from any Travel Rule-covered wallet, deliberately fragmenting the transaction trail.
The VASP at the origin can report the first transfer, but once stablecoins land in an unhosted wallet, they're effectively outside the obligated entity network. A VASP monitoring its customer's outbound transfer to an unhosted wallet has limited visibility into what happens downstream. When stablecoins pass through five, ten, or twenty unhosted wallet hops before reaching an off-ramp, no single obliged entity has sight of the full transaction chain. Most importantly, no single obliged entity is responsible for filing a suspicious activity report on the layered transfers that occur outside the Travel Rule-covered ecosystem.
This is a major structural limitation of Travel Rule implementation. The Travel Rule was designed for transfers between obliged entities. It creates visibility at the edges—when stablecoins enter and exit the regulated perimeter—but it has no mechanism to create compliance visibility for movements within the unhosted wallet space.
The FATF acknowledges this by noting that stablecoin issuers may need to play a complementary role, using their ability to freeze or monitor addresses based on information from law enforcement. That ability is reactive, not preventive.
The Authorization Gap
This is where I keep returning to the question that animates much of our work at Notabene: what if the framework required authorization before the transaction, not just information exchange after?
The Travel Rule, as currently implemented, is fundamentally about information exchange and reporting the originator and beneficiary details flowing from one VASP to another, with suspicious activity reporting happening after transfers are processed. Unhosted wallet transactions bypass meaningful compliance precisely because once funds reach an unhosted wallet, they leave the obligated entity network entirely. Travel Rule visibility ends.
The framework needs to evolve beyond information exchange and toward pre-transaction authorization—specifically for flows involving unhosted wallets or chains of unhosted transfers.
The Transaction Authorization Protocol (TAP), an open standard protocol that embeds compliance directly into transaction settlement, is designed to solve exactly this problem. It complements the Travel Rule by adding an authorization layer that operates at the point of settlement, not just at the point of information exchange.
What Needs to Happen
The FATF report makes clear recommendations for jurisdictions: establish comprehensive legal frameworks, impose clear AML/CFT obligations on stablecoin issuers, assess and mitigate P2P risks, leverage advanced tools, and foster public-private collaboration.
But the report also, implicitly, shows the limits of the current approach. The existing framework allows for supervisory oversight of stablecoin issuers, enhanced due diligence for unhosted wallet transfers, mandatatory blockchain analytics, and address freezing.
None of these can prevent a compliant intermediary's customer from transferring stablecoins to an unhosted wallet controlled by a sanctioned entity, because the customer is acting on their own behalf, using tools available to them, and the transaction doesn't directly involve an obliged entity.
Notabene propose a two-fold response:
1. Push harder on implementing and strengthening the Travel Rule in the stablecoin ecosystem. The FATF requires VASPs to collect beneficiary information even for unhosted wallet transfers. But compliance with this requirement is uneven, and the tools for monitoring downstream transfers are limited. Jurisdictions need stronger enforcement of Travel Rule obligations, clearer standards for what beneficiary verification means for unhosted wallets, and better mechanisms for VASPs to share risk assessments when they know a customer is transferring to high-risk addresses.
2. The framework needs to evolve beyond the Travel Rule's information-exchange model, and toward pre-transaction authorization. The Transaction Authorization Protocol, also known as TAP — is a framework that embed compliance checks directly into transaction settlement—can close the visibility gap that the Travel Rule inevitably creates. Where the Travel Rule ensures that originator and beneficiary information is collected and reported, TAP would add a gate: real-time verification, risk assessment, and approval before settlement, with compliance rules embedded in the transaction itself.
The Travel Rule works when both parties are in the obligated entity ecosystem. TAP is designed specifically for the edge cases of transfers to unhosted wallets, cross-chain movements, and higher-risk scenarios where the Travel Rule's reach is limited.
For stablecoin issuers, this means embedding compliance logic into smart contracts that can enforce authorization requirements at the protocol level. A transfer to an unhosted wallet could trigger cryptographic ownership proof before settlement. Rules can be enforced not just through monitoring and remediation, but through the transaction mechanics itself.
This shifts responsibility from surveillance to prevention, and from ex-post reporting to ex-ante controls.
The DPRK's use of Tether to finance weapons procurement, Iranian actors converting stablecoins for components, terrorist financiers using densely structured wallet hops to move funds—these cases share a common thread. The privacy, liquidity, and pseudonymity built into the unhosted wallet architecture have become properties that existing compliance frameworks can't adequately address. The March 2026 FATF report documents this gap with precision.
The solution is not to abandon the Travel Rule, but to build solutions that extend its reach. Stronger enforcement of Travel Rule obligations on unhosted wallet transfers and open frameworks that bring compliance controls into the settlement layer itself are how we actually close this gap.
São Paulo/New York - 25 February 2026
Notabene, Veirano Advogados and ABToken announced today the launch of the Brazil Virtual Asset Regulatory Playbook, a practical implementation guide designed to help institutions navigate Brazil’s new regulatory framework for virtual asset service providers, including licensing, operational, AML/CFT obligations and Travel Rule requirements.
With the Central Bank of Brazil’s (BCB) new rules for virtual asset service providers (VASPs) now in force, Brazil enters a new phase of supervised virtual asset activity. The framework established by BCB Resolutions 519, 520, and 521 introduces a comprehensive licensing, supervisory, and AML/CFT regime for VASPs, as defined under Brazilian Law No. 14,478/2022.
Crucially, while Travel Rule obligations will be phased in through 2028, certain foreign exchange (FX) reporting requirements begin much sooner. Under BCB Normative Instruction No. 693, institutions must begin monthly reporting of FX-scoped virtual asset transactions, including self-hosted wallet and cross-border transfers, starting in May 2026. In practice, this means key originator and beneficiary data collection capabilities must be operational well ahead of full Travel Rule enforceability.
Designed for compliance, legal, operations, and product teams, the Brazil Playbook provides detailed guidance on:
- The VASP licensing framework and supervisory timelines;
- A breakdown of Travel Rule obligations under BCB Resolution 520;
- How foreign exchange reporting requirements intersect with Travel Rule controls; including the May 2026 monthly reporting obligation;
- The requirement for SPSAVs conducting FX-scoped activities to obtain both SPSAV and foreign exchange market licenses; and
- A phased implementation roadmap aligned to 2026 - 2028 enforcement milestones.
The Travel Rule framework under BCB Resolution No. 520 requires SPSAVs to collect, verify, retain, and transmit originator and beneficiary information for all virtual asset transfers, regardless of value. The guide outlines the two-phase rollout of Travel Rule obligations, beginning with domestic transfers between Brazilian VASPs and extending to cross-border transfers by 2028.
“Brazil’s new framework brings clarity, structure, and accountability to the virtual asset market,” said Catarina Veloso, Director of Regulatory & Compliance at Notabene. “The May FX reporting milestone makes it clear that institutions cannot wait until 2027 or 2028 to operationalize Travel Rule capabilities. This Playbook is built to help firms make meaningful progress throughout the two-year phased implementation period, while ensuring they meet interim regulatory milestones along the way.”
“The Central Bank’s regulations represent a structural shift in how virtual asset services are supervised in Brazil”, said Marcos Rocha, Partner at Veirano Advogados. “By clarifying the interaction between licensing, AML/CFT controls, and foreign exchange obligations, we aim to give market participants quick practical guidance.”
“This is a defining moment for Brazil’s virtual asset ecosystem,” said Regina Pedroso, Executive Director at ABToken. “Clear rules and coordinated implementation strengthen trust across the market and position Brazil as a leading jurisdiction for responsible innovation in virtual asset services.”
The Brazil Virtual Asset Regulatory Playbook is available for download now. Download the guide: https://notabene.id/reports/brazil-virtual-asset-regulatory-playbook
ENDS
About the Contributors
Notabene is the trust layer for global crypto money movement. Our products include Notabene Flow, the first open stablecoin payments platform for businesses, and Notabene Transact, the world's largest Travel Rule-compliant transaction authorization platform for regulated institutions. The Notabene network connects thousands of trusted counterparties, facilitating over $2T in transaction volume annually across more than 100 jurisdictions. It’s built on the Transaction Authorization Protocol (TAP), our open messaging standard that enables verified entities to transact securely. Notabene provides industry-leading tools for stablecoin payment coordination, real-time transaction authorization, counterparty verification, and self-hosted wallet identification—helping institutions build trust into every transaction.
Veirano Advogados is a leading Brazilian law firm with extensive experience advising clients in the fintech and digital assets industries. The firm has been closely involved in some of the most relevant projects in the Brazilian financial and crypto-asset markets, assisting both domestic and international clients on licensing, regulatory structuring, product launches, and complex cross-border transactions. Veirano’s team combines deep knowledge of the Brazilian financial regulatory framework with practical experience in the implementation of compliance programs, providing clients with pragmatic and business-oriented legal solutions in a rapidly evolving regulatory environment.
ABToken is a leading Brazilian industry association created to strengthen the country’s digital asset and tokenization ecosystem. The Association works to promote innovation alongside high standards of governance, regulatory compliance, and market integrity. ABToken represents tokenization platforms, blockchain companies, and virtual asset service providers (VASPs), serving as a unified voice for the sector in its engagement with regulators, policymakers, and market participants, and contributing to the development of a safe, credible, and sustainable digital finance environment in Brazil.
London / New York — 9 February 2026
Notabene today announces new regulated banking customer, AMINA Bank AG (“AMINA Bank”), a Swiss Financial Market Supervisory Authority (FINMA)-regulated crypto bank with global reach, to advance trusted infrastructure for transactions across crypto and traditional financial rails.
As digital assets continue to intersect with regulated finance, institutions on both sides are increasingly subject to the same regulatory expectations, even when operating on fundamentally different infrastructures. Standards developed for traditional finance, including FATF’s payment transparency requirements under Recommendation 16, have long been embedded in banking workflows. These expectations have since been extended to virtual assets and VASPs through the Crypto Travel Rule, creating a shared regulatory baseline across the two systems.
However, regulatory alignment has not translated into operational consistency. Differences in infrastructure, workflows, and counterparties mean that applying long-established expectations of counterparty trust to crypto transactions, particularly when value moves between the two environments, remains an operational challenge.
With this partnership, Notabene and AMINA Bank are addressing the real-world application of Travel Rule requirements across crypto-native infrastructure and regulated banking environments. Notabene’s platform enables secure information exchange and transaction transparency across crypto transactions. AMINA Bank provides banking services across traditional financial and digital assets in one place, serving clients from over 40 countries. Through this integration, AMINA Bank can now extend a more streamlined and automated experience for Travel Rule compliance.
“As institutional portfolios increasingly include crypto alongside traditional holdings, clients require infrastructure that works across both environments without creatng compliance friction,” said Myles Harrison, Chief Product Officer at AMINA Bank. “Integrating Notabene’s technology allows us to provide a more streamlined compliance framework that reduces operational friction, allowing clients to transact between crypto and traditional finance with ease.”
“FATF standards are well established in banking, but applying them consistently when value moves between crypto and traditional financial systems is still an open operational challenge,” said Pelle Braendgaard, CEO of Notabene. “AMINA is able to leverage the Notabene platform as a system of record for seamless, trusted transactions as these markets continue to converge.”
As the trust layer for global money movement, Notabene works with crypto-native firms and financial institutions to support secure information exchange, authorisation, and transparency across all transactions. Through partnerships such as the one with AMINA Bank, Notabene is moving the industry towards more consistent, operationally viable transaction flows between crypto and traditional finance.
This partnership marks an important step toward bridging operational and regulatory understanding between crypto and traditional finance, as institutions seek practical ways to support compliant, trusted digital asset activity within existing financial frameworks.
ENDS
Media Inquiries


