For the first time in OFAC's history, U.S. regulators are codifying an explicit sanctions compliance program requirement in regulation. For the first time, FinCEN is treating stablecoin issuers as a distinct financial institution category under the Bank Secrecy Act rather than as money services businesses with a crypto wrapper.

The joint proposed rule FinCEN and OFAC issued in April implementing the Permitted Payment Stablecoin Issuer (PPSI) framework under the GENIUS Act is the most consequential digital asset rulemaking the U.S. has embarked on in a decade.

Notabene filed our response to the notice of proposed rulemaking (NPRM), answering eleven substantive questions across the AML/CFT and sanctions program sections.

Three positions anchor what we filed, and the choices regulators make in finalizing this rule will shape the next decade of stablecoin payments.

Travel Rule codification has to be designed for cross-border use

The Travel Rule already applies to stablecoin transfers under existing 31 CFR 1010.410(e) and (f), as FinCEN's 2019 guidance made clear. Codifying it in a dedicated Part 1033 for PPSIs removes the ambiguity slowing U.S. implementation and gives institutions a clean foundation to build compliance programs on.

The codification has to be designed for international interoperability from day one. We recommended FinCEN endorse IVMS 101 as the data standard for transmittal-level identifying information, and require the messaging layer carrying it to operate on open and interoperable standards.

Read more about our commitment to open standards here

We also asked FinCEN to align the U.S. threshold with the FATF Recommendation 16 as Travel Rule compliance is collaborative by design. One institution's ability to comply depends on its counterparty's ability to receive and process the data, and the U.S. threshold of $3,000 is now the highest among peer jurisdictions with active enforcement. The EU and UK, for example, enforce at zero threshold.

Threshold and data-set divergence is not abstract and it causes operational headaches. When a U.S. institution sends a stablecoin transfer to an EU counterparty with only the U.S. data set, the receiving EU CASP is required by the EU Transfer of Funds Regulation and the EBA Travel Rule Guidelines to detect the missing fields and decide whether to execute, request the missing data, reject, return, or suspend the transfer. When the EU CASP requests missing data from a non-EU sender, the EBA Guidelines give the sender a five working day window to supply it. The transfer is treated as suspended in the meantime. Repeated sub-standard transmissions can show up as a counterparty-risk flag on the EU side and trigger reporting to the EU CASP's competent authority under Article 17 of the TFR.

The result is that U.S. PPSIs and their global counterparties end up at a disadvantage relative to actors operating outside regulated channels, where no such friction applies. Threshold and data-set alignment with the FATF Recommendation 16 trajectory is what closes that gap.

Block, freeze, and reject only work before settlement

Public blockchains have no built-in mechanism for evaluating a transaction before settlement. Once a transfer is initiated on-chain, it settles. A PPSI without pre-transaction authorization infrastructure is limited to reactive measures, freezing assets after they arrive rather than preventing transfers from occurring.

The GENIUS Act's block, freeze, and reject obligations under proposed 31 CFR 502.201(b)(3) are therefore architectural requirements, not just programmatic ones. Pre-transaction authorization is the mechanism that meets them.

Authorization-before-settlement models work through a private messaging layer operating alongside the blockchain. The two institutions party to a transfer exchange Travel Rule data, perform sanctions screening, assess counterparty risk, and make an explicit authorize-or-reject decision before on-chain settlement. The Transaction Authorization Protocol (TAP) is one open standard implementation of this approach.

We asked OFAC to recognize pre-transaction authorization architectures as a compliant technical implementation, without mandating any specific protocol.

The recognition matters because pre-transaction authorization pairs with, rather than replaces, the freeze, burn, and reissue capabilities GENIUS Act Section 5(a)(2) grounds. Proactive authorization at the transaction level and reactive freeze at the asset level form a complete sanctions architecture no traditional financial institution has access to.

The primary and secondary market distinction is operationally correct

FinCEN's proposed framework draws a clean line between activity where the PPSI is a direct party (primary market, where full programmatic obligations apply) and activity where the PPSI is observing smart contract operation as an issuer rather than as a transacting party (secondary market, where contract-layer interventions are narrowly scoped). We agree with how the line is drawn and think the rule should preserve it.

Any secondary market intervention authority outside lawful orders should be narrow, explicit, tied to defined triggers, and paired with an express liability safe harbor. Institutions holding the customer relationship and the Travel Rule channel are best positioned to enforce sanctions and AML controls in secondary market activity. The PPSI is best positioned to execute targeted contract-layer interventions when an objective trigger is met.

A narrow scope here protects the predictability making payment stablecoins viable as payment infrastructure. A broad or discretionary one shifts effective authorization control to an actor not party to the transfer and not participating in pre-transaction review. That breaks the architecture, and the institutions party to the transfer end up with no certainty about whether an authorized transfer will settle.

What's at stake

This rulemaking will decide whether the U.S. ends up with a stablecoin payment system designed for cross-border interoperability or one engineered around U.S.-specific architectures the rest of the world has already moved past.

The full Notabene submission can be found here, and is on regulations.gov under Docket FINCEN-2026-0100.

Additional analysis will follow over the coming weeks on OFAC sanctions architecture, the special standards of diligence framework for cross-border PPSI counterparty relationships, and the foreign payment stablecoin issuer equivalence question.

Questions? Contact our Regulatory & Compliance team here.

Any payer holding funds at an institution on the Notabene Network can now complete a Notabene Flow payment with no additional integration required

NEW YORK, June 4: Notabene, the trust layer for global money movement, today announced that customers of hundreds of regulated digital asset institutions can now complete Notabene Flow payments directly from accounts they already use. The milestone extends Notabene Flow's reach to the customers of every institution integrated on the Notabene Network — the largest global network of regulated digital asset institutions, spanning 2,000+ entities across 100+ jurisdictions and processing trillions of dollars of transaction volume annually.

The activation follows a network-wide rollout of Notabene Flow responder capabilities to Notabene's existing customer base — the exchanges, custodians, payment providers, and banks already running Travel Rule-compliant multi-party flows on the Notabene Network. Any business that issues a Notabene Flow payment link today can expect the recipient to complete the transaction directly from their hosted wallet at one of these institutions, with no separate onboarding required on their end. Payers can also complete Notabene Flow payments using a self-hosted wallet through the Notabene platform.

"The value of a payment network comes down to reach — whether the person you're trying to pay can actually receive it from wherever their funds are held," said Pelle Braendgaard, CEO of Notabene. "Hundreds of live responders means that when a business sends a Notabene Flow payment link today, the recipient can pay from their existing account at an institution already on the network. Building that kind of reach on an open network, rather than a closed one, is what makes it genuinely useful at scale."

Notabene Flow launched in September 2025 as the first open stablecoin payments network that authorizes every B2B invoice before it settles and reconciles it as it arrives — across any wallet, network, or jurisdiction. The network is built on the Transaction Authorization Protocol (TAP), an open messaging standard that any regulated institution can implement regardless of which custody or infrastructure provider, assets or blockchain they use.

Businesses can join the Notabene Flow network today to enable high-value cross-border B2B payments, using pull payments, structured invoicing, and Travel Rule-compliant multi-party payment flows at notabene.id/join-flow.

‍

‍

‍

About Notabene

Notabene is the trust layer for global money movement. The Notabene network connects thousands of trusted counterparties, facilitating trillions of dollars in transaction volume annually across over 100 jurisdictions. Notabene provides industry-leading tools for stablecoin payment coordination, real-time transaction authorization, counterparty verification, and self-hosted wallet identification—helping institutions build trust into every transaction.

Learn more at notabene.id

Media Contact:
Clay Fain
VP Marketing
[email protected]

‍

According to the Chainalysis 2026 Crypto Crime Report, in 2025, illicit crypto addresses received over $154 billion which is a 162%increase year over year. Further, 84% of all illicit volume moved through stablecoins, which is up from 63% the year before. Sanctions evasion alone grew 694%.^[1] The numbers should reframe how every compliance team in the United States is reading the GENIUS Act.

Now read the GENIUS Act and ask yourself: does this law address where the risk lives?

The Architecture Is Pointed at the Wrong Thing

The GENIUS Act is a serious piece of legislation. The first federal statute to define payment stablecoins as a distinct asset class. Reserve requirements. Redemption mechanics. Issuer governance. Bank-level AML obligations for permitted issuers. All necessary.

But here is the thing nobody is saying out loud. The entire architecture of GENIUS is built around regulating the issuer. The act defines who is permitted to issue. Who must hold reserves. Who must attest monthly. Issuer, issuer, issuer.

The problem is the risk does not live with the issuer.

Risk in stablecoin payments lives in the network. Wallets. Exchanges. Intermediaries. Cross-chain flows. Counterparty institutions in jurisdictions with weak or nonexistent supervision. 

Regulate a stablecoin issuer perfectly and the 84% still flows right through. Require pristine reserves, monthly attestations, full BSA compliance at the issuance point. None of these addresses what happens to the tokens once they leave the issuer's custody.

The Rulemaking to Read First

One piece of GENIUS implementation is focused on the network reality. The FinCEN/OFAC joint NPRM, released for public comment in April with a June 9 deadline, amends 31 CFR 1010.100(eee). ^[2] For the first time, the U.S. is codifying the Travel Rule for digital assets into federal statute.

This matters more than the headline rulemakings most teams are tracking. The Travel Rule is the only mitigating control we have before a transaction settles. No correspondent bank holding the message in a queue. No three-day window for sanctions review. The compliance work has to happen before the transaction broadcasts.

The Travel Rule pairs two BSA obligations the U.S. has had on the books since the mid-1990s for wire transfers. Recordkeeping for what you hold. Information exchange for what you pass to the next institution in the chain. FinCEN extended these obligations to crypto in 2019. ^[3] The April NPRM is the codification.

The international picture has moved further. According to FATF, 87% of material jurisdictions have either implemented Travel Rule for crypto or are in the process. ^[4] The UK has been live since September 2023. ^[5] The EU went live under the Transfer of Funds Regulation on December 30, 2024. ^[6] The U.S. is now closing the implementation gap.

What Winners Are Doing Differently

Most firms approach a new regulatory regime by reading the rule, writing a memo, running the memo through legal, building a compliance program around the memo. Six months later they realize they have a policy and no operational capability.

The teams winning this approach the work differently. They start with their transaction flows. They map their counterparty universe. They identify decision points where data has to be collected, screened, exchanged, or held. They architect for configurability because GENIUS is one regime among several. 

Address screening alone is no longer sufficient. Identifying a counterparty institution at the time of every transfer is no longer optional. Real-time pre-transaction authorization is what counterparties and examiners now expect. The firms reading GENIUS as a checkbox on issuer reserves are going to be surprised when their counterparty diligence questionnaires double in length next quarter.

The Read

The act addresses issuer accountability, which is necessary. But the risk lives in the network. Miss the network framing and you have a beautifully regulated issuer base with bad actors flowing 84% of their illicit volume right through the rails.

From where we sit at Notabene, supporting Travel Rule and transaction authorization across more than 2,000 institutions in 100 plus jurisdictions, the firms moving fastest right now are treating GENIUS as a network problem from day one. They are not waiting for final rules. They are architecting for the operational reality the NPRMs already describe.

Bad compliance is a barrier to growth. Good compliance is infrastructure for growth. Compliance is now a feature of the platform, not a wrapper around the platform.

The winners here won't be the most compliant. They'll be the most operationally adaptable.

‍

Last week at Stablecon in Amsterdam, I was on a panel called "Killing the Fiat Stablecoin Sandwich" with Simon Taylor (Tempo), Tyler Sherwin (BVNK), and Tedd Huff (Fintech Confidential).

We had a good debate about the pros and cons of the current implementation of the stablecoin sandwich. But I came away thinking the whole framing, mine included, was off.

The stablecoin sandwich isn't the real problem. The word "stablecoin" is.

The day prior to the panel I had a call with the digital assets GM at a major European bank. He said something that stuck:

"From our perspective, a stablecoin is just a settlement mechanism between fiat accounts. The enterprise instructs us to move money. Whether it goes via Swift or stablecoin rails, it lands as fiat on the other side."

That's it. He's right. And once you accept that, the whole "sandwich" debate looks different.

The "stablecoin" name is doing a lot of damage

"Stablecoin" sounds like a crypto asset that happens to be price-stable. Something exotic. Something you need to convert into and out of. That framing comes from crypto, from a world where on/off ramps are real because you're genuinely leaving fiat when you buy Bitcoin.

But USDC is just dollars. EURC is just euros. When you "on-ramp" to USDC, you never left fiat. You just changed the form factor. There is no ramp. There's no sandwich. There's just fiat sitting in a different kind of account.

It's all just money

M0, M1, and M2 are all fiat. Physical cash, checking accounts, savings accounts: different properties, different forms, same underlying asset. We don't call a savings account an "M2coin." We don't build conversion infrastructure between your checking account and your money market fund and call it a sandwich.

Tokenized money market funds are basically M2. Tokenized deposits are M1 or M2 depending on the form. Stablecoins don't fit neatly into the existing categories, but they belong in the same family. They're a new form of fiat with slightly different properties that they share with their other tokenized money cousins: programmable, blockchain-settled, 24/7. Not a foreign asset.

So why does the sandwich exist?

Because we borrowed crypto infrastructure (tokenization, blockchains, wallets) for a fiat asset, but kept the crypto mental model around it. The result is two conversion events that don't need to exist, a PSP sitting in the middle taking margin, and correspondent banking rebuilt at higher cost with extra steps.

The current batch of stablecoin orchestrators (as they came to be known) built the Wise model for stablecoins. That's useful. It works. But it's a stepping stone, not the destination. This PSP model exists because banks aren't plugged into stablecoin rails natively. Once they are, the on/off ramps dissolve.

One of the things we did discuss on stage at Stablecon is that this model, just like Wise recreates all the bad parts of correspondent banking. Not because of any specific properties of stablecoins, but because they still rely on pre-funded accounts and bilateral agreements to operate (aka correspondent banking).

The end state is simpler than the sandwich

It's account-to-account transfers on open, programmable rails. The stablecoin is the settlement layer, invisible to the enterprise, just like ACH or SWIFT is invisible today. The bank's treasury team picks the right stablecoin for the corridor. The CFO sees euros leave and euros arrive.

No sandwich. Just payments.

I argued at Stablecon that the sandwich scales badly: custody concentration, treasury risk, limited reachability. That's still true. But the deeper point is that we've been debating how to improve the sandwich when we should be asking why we're making sandwiches with fiat in the first place.

Stablecoins are just fiat. The sooner we name them that way, the better the infrastructure we'll build around them.

On 20 May 2026, the European Commission’s Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA) opened its targeted consultation on the review of the Markets in Crypto-Assets Regulation (MiCA). Responses are due by 31 August 2026 and must be submitted through the Commission’s online questionnaire.

The consultation has two tracks: a public consultation for individuals, and a targeted consultation for specialised stakeholders, covering more technical and legal questions. This article focuses on the targeted consultation.

This is the first formal step in the legislative review process anticipated under Article 140 of MiCA. The Commission is expected to report to the European Parliament and Council by 30 June 2027, on the application of MiCA and, where appropriate, accompany that report with a legislative proposal — what the market already refers to as “MiCA 2”.

Want to talk this through? Join us on 4 June, 2026, for a live webinar on From Transition to Transformation: MiCA Grandfathering Ends, the New Consultation, and What Comes Next - where we will unpack the consultation question by question and discuss what is at stake before the 31 August deadline.

Why this consultation matters

MiCA was designed before today’s stablecoin, tokenisation and DeFi markets had fully taken shape. It began applying in stages from 2024, but the market has continued to move quickly, and other jurisdictions have now put forward their own frameworks.

That is the backdrop to this consultation. The Commission is asking whether MiCA remains fit for purpose in a rapidly evolving global market, and whether the EU framework should be adjusted to reflect what has changed since the regulation was adopted.

The exercise is not limited to small technical corrections. It reopens core policy questions about Europe’s digital finance framework: whether MiCA can support globally relevant euro-denominated stablecoins, how the EU should position itself in a market increasingly shaped by USD denominated global stablecoins, where the regulatory perimeter should sit, and whether the current crypto-asset service providers (CASPs) framework is strong enough to protect the integrity of the EU market in practice. 

The consultation is organised into four parts:

1. Scope and definitions for crypto-assets other than asset-referenced tokens (ARTs) and e-money tokens (EMTs)
2. Requirements applying to ARTs, EMTs and their issuers
3. The legal framework for CASPs
4. Topics outside MiCA’s original scope, including decentralised finance, prediction markets, tokenised deposits and legal certainty for natively issued on-chain assets

Below are some of the key themes to watch.

Part 1: Where does MiCA’s perimeter sit?

The first part of the consultation deals with crypto-assets that are neither ARTs nor EMTs — what MiCA calls “other crypto-assets”. It opens with the architectural question at the heart of the framework: where should the boundary between MiCA and sectoral financial services legislation sit?

Today, crypto-assets that qualify as financial instruments remain outside MiCA and are instead governed by frameworks such as MiFID II, MAR and the Prospectus Regulation. That reflects the principle of “same activity, same risk, same rules”.

The challenge is that market reality is testing that boundary in both directions. Traditional financial institutions are entering the MiCA-regulated crypto-asset space. MiCA-authorised entities are expanding into products that look closer to traditional financial instruments. Tokenised fund interests, tokenised money-market instruments, wrapped assets, governance tokens, all raise difficult classification questions.

The consultation also revisits the design of Title II, including the white paper framework, marketing rules, ex ante notification model, retail withdrawal rights, civil liability and post-issuance updates. The Commission is asking whether the current model strikes the right balance between investor protection, market integrity and innovation.

Part 2: Stablecoins take centre stage

Part 2 is the longest and arguably the most politically charged section of the consultation. The Commission structures the discussion around three themes: the future role of stablecoins in the EU, the calibration of MiCA’s existing rules, and the treatment of global stablecoins.

The future role of stablecoins

The consultation begins by asking what stablecoins should become in the EU over the next five to ten years. Are they likely to become a mainstream retail payment instrument? A wholesale settlement rail? A complement to existing payment methods for cross-border payments? Or a transitional product that will eventually be displaced by CBDCs or commercial bank money innovations?

That framing is important because the answer drives the policy choices that follow. If stablecoins are treated mainly as crypto trading instruments, the focus is likely to remain on investor protection and market integrity. If they are treated as payment infrastructure, then redemption, liquidity, reserve management, operational resilience and supervisory reporting become much more central.

The consultation also asks how beneficial stablecoins could be for concrete use cases, including international payments, retail payments, wholesale payments, settlement of tokenised financial instruments, corporate treasury management and access to programmable financial services.

A clear vision of these use cases is essential for an informed policy debate. Stablecoins’ risks depend heavily on how they are used, at what scale, by whom, and in connection with which parts of the financial system.

Reopening the debate on interest-bearing stablecoins

The consultation reopens one of the most politically sensitive questions in MiCA: whether the prohibition on interest for EMTs and ARTs remains appropriate in its current form.

Under MiCA, issuers of e-money tokens are prohibited from granting interest in relation to EMTs. The prohibition also applies to CASPs providing services related to EMTs, and “interest” is defined broadly to include any remuneration or other benefit linked to the length of time a holder holds the token. 

That design reflects MiCA’s original policy choice: EMTs should function as means of payment, not as store-of-value products competing with bank deposits. But the effect is that euro EMTs are structurally non-remunerated even where the reserves backing them generate income. As the Blockchain for Europe Joint Report “Reforming MiCA for Euro Stablecoins” argues, this can weaken the competitiveness of euro-denominated stablecoins and push users either toward foreign-currency stablecoins or toward yield structures outside the regulated perimeter.

The consultation puts several questions back on the table. Should MiCA continue to prohibit all holder benefits linked to time held, even where they are funded solely from low-risk reserve income? Should the regime distinguish between issuer-paid interest, third-party rewards and regulated pass-through remuneration? And would allowing limited remuneration improve the competitiveness of euro EMTs, or would it create unacceptable risks for bank funding and monetary transmission? 

Global stablecoins and multi-issuance

A key part of the stablecoin discussion concerns global stablecoins and, in particular, multi-issuance models.

There are two questions running in parallel here. The first is a legal one: does MiCA, as currently written, allow multi-issuer models? The Commission gives a clear answer in the consultation. In its view, MiCA does not currently prohibit them.

That statement matters because EU authorities have adopted divergent stances:

• The ECB, in its 10 April 2026 non-paper on EU and third country stablecoin multi-issuance, argues for a reading of MiCA that would not permit third-country multi-issuance. Its concern is that third-country issuers are not generally required to comply with protections equivalent to MiCA, and that multi-issuance could expose EU token holders — and potentially the EU financial system as a whole — to material risk. 
• The European Systemic Risk Board reached a similar conclusion in its September 2025 recommendation. It flagged third-country multi-issuer schemes as amplifying financial stability risks that Union supervisors cannot adequately assess from outside the EU, and recommended that the Commission should not consider such schemes to be permitted under the current MiCAR framework. 

The second question is a policy one: even if multi-issuance is not prohibited under the current text, should MiCA continue to allow it, and under what conditions?

That is the debate the Commission is now reopening. It asks whether EU users and businesses benefit from access to global stablecoins, how important it is that such access is provided through EU-licensed issuers and CASPs, and what safeguards would be needed to manage the risks of multi-issuance.

Particularly, the consultation asks whether MiCA’s existing safeguards can mitigate multi-issuance risks and, more specifically, whether the EU share of a globally fungible stablecoin can be determined with sufficient accuracy and frequency, especially where tokens circulate through self-hosted wallets.

That question sits at the intersection of MiCA’s prudential framework and the compliance infrastructure needed to make that framework operational. On-chain data may show that a transfer occurred, but it does not, by itself, tell a supervisor whether the transfer changed the person legally entitled to the token, whether the holder is located in the Union, whether the holder is retail or institutional, or whether the movement was a payment or a first-party transfer.

That information cannot be inferred with supervisory confidence from on-chain data alone. It requires identity and transaction-context data held by CASPs, issuers and other reporting infrastructures.

This is where Travel Rule architecture becomes relevant beyond its AML/CFT purpose. Originator, beneficiary and wallet-control data can help attach legal and prudential meaning to otherwise pseudonymous on-chain flows. Multi-issuance safeguards — especially any mechanism that rebalances reserves between an EU issuer and a third-country issuer based on estimated EU holdings — are only as reliable as the data used to identify those EU holdings in the first place.

Effective Travel Rule implementation is therefore instrumental to unlocking properly managed multi-issuance frameworks.

Finally, the consultation also asks whether the EU should introduce an equivalence regime for global stablecoins, and how much reliance should be placed on third-country supervision.

This debate is in direct dialogue with the emerging U.S. approach. The GENIUS Act creates a controlled access route for foreign payment stablecoin issuers whose tokens are offered into the U.S. market. The foreign issuer must operate under a comparable home regime, register with the Comptroller of the Currency, and hold reserves in a U.S. financial institution sufficient to meet the liquidity demands of U.S. customers, unless a reciprocal arrangement provides otherwise.

The EU is confronting a similar policy problem. A globally transferable stablecoin may be issued, distributed or managed across several jurisdictions, but redemption pressure, liquidity risk and consumer protection concerns materialise locally. The policy question is how to preserve access to global liquidity while ensuring that EU holders are not dependent entirely on reserves, redemption arrangements and supervisory powers located outside the Union.

Part 3: The CASP perimeter after grandfathering

Part 3 examines the legal framework for CASPs. It revisits the scope of crypto-asset services under Article 3(16), the prudential regime and minimum capital requirements for different classes of CASPs, and the interaction between MiCA and the revised payments framework for transfer services involving EMTs.

One question stands out as the EU approaches the end of MiCA’s grandfathering period: are unauthorised crypto-asset service providers continuing to serve EU users?

This question goes to the credibility of the MiCA perimeter. By the end of the transitional period, the market is expected to look materially different. Around 200 CASPs are authorised according to ESMA’s Interim MiCA register, while there is an expectation that approximately 75% of the pre-MiCA VASP population will lose its registration status as national transitional periods expire.

Against that backdrop, the relevant supervisory question is not only which firms become authorised under MiCA, but also whether firms outside the EU authorisation framework continue to serve EU residents, and what tools supervisors or enforcement authorities should have to stop unauthorised service provision.

MiCA-authorised CASPs are investing in licensing, governance, safeguarding, conduct rules, operational resilience, market abuse controls and prudential requirements. If offshore or otherwise unauthorised providers can continue to serve EU residents, the result is an uneven playing field. Consumers remain exposed to providers outside the EU supervisory framework, while authorised firms carry the cost of compliance without the benefit of a protected market.

The FATF’s 2026 report on offshore VASPs is directly relevant here. It points to the risk that regulatory or enforcement developments can shift user activity toward offshore, unregistered providers. It also highlights the need for clearer criteria on what counts as active service provision into a jurisdiction, expectations for authorised VASPs to assess exposure to unlicensed counterparties, and stronger host-jurisdiction powers against offshore providers targeting local residents without authorisation.

These points map closely onto the post-grandfathering MiCA environment. The success of MiCA will depend on making sure its perimeter is meaningful in practice.

Part 4: Revisiting what MiCA left outside

The final part of the consultation looks at activities that were left outside MiCA’s original scope and asks whether the perimeter should now be redrawn.

Decentralised finance

MiCA excludes crypto-asset services provided in a fully decentralised manner without intermediaries. While that may sound straightforward, in practice decentralisation is rarely binary.

The consultation asks how to assess whether a service is truly fully decentralised and what indicators should matter: control over the protocol, governance rights, admin keys, front-end control, revenue capture, upgradeability, or the ability of identifiable persons to influence outcomes.

It also asks what role CASPs should play when connecting users to DeFi. Options range from warnings and disclosures, to CASP liability for incidents, to limiting access to certified applications or verified pools, to whitelists, blacklists or outright restrictions on CASP facilitation of DeFi access.

Prediction markets

The consultation also asks whether DLT-enabled prediction markets create opportunities or risks for EU consumers and markets, and whether they should fall under MiFID or MiCA when facilitated through smart contracts.

In the U.S., prediction markets have become a live test case for regulatory perimeter-setting. The CFTC is pursuing a clearer federal framework for prediction markets, asserting that event contracts offered to the public may fall within the Commodity Exchange Act as swaps or futures traded on regulated venues, while several states continue to challenge certain markets as gambling or contrary to public policy. 

Tokenised deposits and natively issued assets

The consultation also explores tokenised deposits, including their use cases, regulatory constraints and interaction with the CRD/CRR framework and the Deposit Guarantee Schemes Directive.

This is part of a broader question running through the consultation: how should EU law treat assets that are issued, recorded and transferred natively on-chain?

If tokenised deposits, tokenised securities, stablecoins and natively issued assets are expected to support future financial market infrastructure, participants need clarity on legal nature, transfer finality, holder rights, insolvency treatment and supervisory responsibilities.

What comes next

Responses to the consultation are due by 31 August 2026 through the online questionnaire on the Commission's website. 

Notabene will be following this consultation closely and engaging in the policy conversation.

If you want to dig into what the end of the grandfathering period and the new consultation mean in practice, join us for our upcoming webinar on June 11, 2026:

— From Transition to Transformation: MiCA Grandfathering Ends, the New Consultation, and What Comes Next. We'll walk through the policy choices on the table and what they mean for the future of Europe’s digital financial infrastructure.

‍

This week, two executive orders signed on the same day. While most coverage is treating them as separate stories, when read together, they are really one important compliance story.

The Fintech Integration EO

The Fintech Integration EO asks the Federal Reserve to evaluate direct access to Reserve Bank payment accounts for non-bank financial companies, naming digital asset firms in the text. For stablecoin issuers, custodians, and digital asset infrastructure, this is the master account fight finally landing on a federal clock.

This fight has been the most consequential unresolved piece of U.S. digital asset policy for years. Reserve Bank discretion is exercised on a case-by-case basis without a consistent standard. The result has been a payment system where digital asset firms could approach but not enter, dependent on sponsor banks willing to take on the relationship risk. This EO doesn't resolve the access question on its own, but it does force the Federal Reserve to put a transparent framework on paper within four months, and if the conclusion is that existing law permits expanded access, the 90-day application clock starts running.

The Restoring Integrity EO

The Restoring Integrity EO, signed the same day, gives Treasury 90 days to propose BSA changes that strengthen risk-based CDD and beneficial ownership identification, and 180 days to revisit CIP requirements. The mechanism reaches every covered institution.

How the two work together

A helpful way to think about these two EOs together is that one opens a door, while the other raises the bar for anyone walking through it.

For stablecoin issuers, the operational picture changes overnight if the Federal Reserve Bank concludes existing law permits expanded access. They will have access to direct settlement and real-time payment network participation with no sponsor bank in the middle. Settlement risk profiles, capital efficiency, and the operational architecture of a stablecoin business all look different the day after that determination lands.

The price of that access is becoming clearer too. The CDD and CIP changes pull domestic U.S. identity standards much closer to what FATF Recommendation 16 already demands cross-border. The gap between what a U.S. bank has been expected to collect on a domestic account opening and what a VASP has been expected to collect on a Travel Rule transfer has been wide for years. A U.S. bank could open an account with minimum FinCEN CDD compliance. A VASP sending the same customer's funds cross-border had to satisfy originator and beneficiary information requirements that went substantially further. These orders close that gap from the domestic side.

The firms already operating to FATF-aligned standards have been doing it because they had to, while the firms that built compliance programs to the higher standard absorbed the cost. That gap is what's closing.

Four Key Takeaways

Here are the four things compliance teams should be thinking about in the wake of these EOs.

1. Pressure-test your CIP program documentation against a tighter BSA standard. The Treasury advisory lands in 60 days and the proposed BSA changes land in 90.
2. Audit your beneficial ownership controls. If your onboarding is built to the minimum FinCEN CDD rule, the floor is moving and your program is about to look thinner than it did last week.
3. Map your counterparty due diligence to FATF R.16. The standards being raised domestically are the ones FATF has expected on the originator and beneficiary side for years. Domestic and cross-border requirements are converging.
4. If you are pursuing a Fed master account, get your application-readiness package together now. When the 90-day clock starts, firms with documented, examiner-ready programs move first.

In the end, most "good enough" compliance setups will not hold under these new rules. The firms treating May 19 as an inflection point will be the ones positioned when access expands.

How the 2026 Report Reshapes Crypto Compliance

In March 2026, the US Treasury published its report on Innovative Technologies to Counter Illicit Finance Involving Digital Assets. The report frames AI, digital identity, blockchain analytics, and APIs as the four technology pillars for modern financial crime compliance. Inside sits a sharper signal for digital asset firms: Treasury explicitly references the Travel Rule, reaffirming the Funds Transfer Rule applies to crypto transactions over $3,000 and is expected to be operationalized in practice.

While the Travel Rule has long been applicable to the US crypto market, its implementation was frequently viewed more as a policy guideline than a functional necessity. The 2026 report marks a definitive transition from theoretical interpretation to mandatory implementation.

Treasury's Stance on Travel Rule Implementation

Rather than proposing new mandates, the Treasury is reinforcing established regulations. The report reiterates that digital asset transfers fall under the Funds Transfer Rule, maintaining the $3,000 threshold and requiring the collection, verification, and transmission of originator and beneficiary data.

The significance lies in the context: this directive is central to a 2026 report on illicit finance and advanced compliance tools. The industry's focus must now shift from questioning the rule's applicability to ensuring its practical effectiveness.

‍

‍

The Treasury's report is a major federal action signal in addition to the April 8, 2026 joint Notice of Proposed Rulemaking from FinCEN and OFAC detailed AML/CFT requirements for stablecoin issuers under the GENIUS Act. That is in additional to the FATF's March 2026 report identifies Travel Rule data gaps as a primary vulnerability in global crypto AML efforts.

All of these are moving towards the objective of closing the compliance gap.

Monitoring Is Not Travel Rule Execution

Many firms assume blockchain analytics coverage equals Travel Rule coverage. The assumption is wrong.

Blockchain analytics tools identify risk, monitor transactions, and trace flows across wallets and chains. They give institutions visibility into on-chain activity. Analytics tools do not fulfill Travel Rule obligations. They do not send originator and beneficiary data to counterparties. They do not standardize data across institutions. They do not enforce compliance workflows between counterparties.

Insight alone does not meet regulatory requirements. Insight has to be acted on, triggering workflows, exchanging required data, and enforcing decisions across counterparties. This is the distinction Treasury is pointing toward. The difference between monitoring and execution.

Obtaining insight is only the first step toward meeting regulatory mandates. Actionable workflows, data exchange, and cross-counterparty enforcement are necessary to bridge the gap between simple monitoring and true execution.

The Network Nature of Compliance

Because the Travel Rule relies on secure, real-time interactions between institutions, compliance cannot be achieved in isolation. Connectivity is the essential core of the rule.

Digital asset and stablecoin compliance is a network-wide challenge rather than an entity-specific one. While issuer compliance and counterparty controls are foundational, the system remains vulnerable if the broader network fails to exchange data reliably.

Structural exposures caused by network gaps are now a primary target for regulators, as evidenced by the alignment of the FATF offshore VASP report, the April 8 NPRM, and the Treasury Report.

How to Execute Travel Rule Compliance in Practice

This is the gap Notabene was built to solve. Notabene acts as the trust layer enabling institutions to execute Travel Rule compliance. The platform identifies and screens counterparties before a transaction, performs VASP due diligence, securely exchanges required Travel Rule data between institutions, and supports real-time decisions on whether a transaction should proceed. All of this happens before funds move.

Travel Rule compliance depends on reachability. Notabene addresses this through a global network of over 2,100 VASPs and over 260 financial institutions, custodians, and exchanges, spanning more than 100 jurisdictions and supporting 300+ assets and blockchains.

Compliance Infrastructure for the Next Phase of Digital Assets

For years, the Travel Rule was discussed primarily as a regulatory obligation. Treasury’s 2026 report signals a broader shift toward operational maturity, interoperability, and trusted digital asset infrastructure.

The shift is not about entirely new rules. It is about higher expectations for how compliance is embedded into real-time financial systems.

As digital assets and stablecoins become more integrated into global finance, institutions need infrastructure that enables secure connectivity, trusted counterparties, and seamless data exchange across networks. Monitoring and visibility remain important, but scalable growth increasingly depends on the ability to operationalize compliance in a way that supports speed, trust, and cross-border participation.

The opportunity for the industry is significant: institutions that can execute compliance efficiently will be better positioned to expand partnerships, access new markets, and participate confidently in the next generation of financial services.

The question is no longer simply whether firms understand the Travel Rule. It is how they use compliance infrastructure to unlock safer, faster, and more connected digital asset ecosystems.

‍

On April 28, 2026, Notabene hosted a fireside chat with two of Brazil's most experienced voices on virtual asset regulation: Sodreia Amorim, Head of Payments & Banking Relationships at BRAZA, and Marcos Rocha, Partner at Veirano Advogados. Moderated by Catarina Veloso - Director of Regulatory & Compliance at Notabene.

The session was held in Portuguese, days before the FX reporting obligation took effect. We've recapped it in English for our global audience, to surface the subject matter and the most relevant topics for anyone navigating Brazil's regulatory build-out.

Prefer the original? The recording is available here.

The regulatory moment Brazil is in

Brazil's virtual asset framework took a decisive shape in early 2026. On February 2, 2026, BCB Resolutions 519, 520, and 521 entered into force and, alongside Law 14,478, established what Catarina described as a comprehensive regulatory regime for SPSAVs (Sociedades Prestadoras de Serviços de Ativos Virtuais).

But the framework isn't being implemented all at once. The Travel Rule under Resolution 520 is being phased in through February 2028. The FX reporting obligation under Resolution 521 — the focus of this session — kicks in much sooner: May 2026, with the first reports due by the 5th business day of June covering April's operations.

That sequencing matters. As Catarina put it: even though the formal Travel Rule deadlines extend to February 2028, much of the counterparty identification work it requires becomes operationally urgent far earlier — because the FX regime demands it.

‍

Why FX? The history behind the rule

Marcos opened with the historical context, and it's worth understanding because it explains the BCB's reasoning.

Brazil's FX regulation reflects a long history of foreign reserves scarcity. Even after the 1994 Plano Real strengthened the country's external reserves and the regime liberalised through the late 1990s, the BCB retained what Marcos called "liberdade monitorada" — monitored freedom. The Central Bank cares deeply about visibility into the balance of payments, the flow of foreign currency in and out of Brazil, and the holdings of non-residents domestically and Brazilians abroad.

That posture is now being applied to virtual assets. Resolution 521 amended Resolution 277 — the foundational FX regulation — to bring four new categories of virtual asset operations into the FX market perimeter:

1. International payment or transfer using virtual assets. A Brazilian resident transferring or receiving virtual assets to or from a non-resident.
2. Virtual asset transfers to fund international card or electronic payment use. This addresses crypto-loaded credit cards used internationally — partly a pre-emptive move against IOF tax arbitrage.
3. Transfers of virtual assets to or from self-hosted wallets (carteiras autocustodiadas). The BCB's logic: once an asset moves to a self-hosted wallet, it leaves the regulator's field of view, so it must be reported as if it crossed a border.
4. Purchase, sale, or exchange of virtual assets referenced to fiat currency — including stablecoins, even Real-denominated ones. Marcos noted this last category surprised many in the market: a BRL-stablecoin trade arguably isn't a cross-border movement at all, yet it falls under FX market rules.

The unifying theme: the BCB wants visibility into where virtual assets go, and is treating the loss of that visibility as functionally equivalent to a cross-border movement.

What gets reported, and how

Sodreia walked through the operational mechanics. The reporting vehicle is ACAM 212, a structured data file SPSAVs submit to the BCB. The cadence is monthly, with the deadline falling on the 5th business day of the following month — though institutions can submit multiple times throughout the month.

The data fields ACAM 212 requires include:

• Customer identification (originator)
• Counterparty identification — the hardest field, by consensus
• Transaction value in BRL and in the asset
• Asset type
• Transaction date and nature
• Country of origin and destination

Sodreia made an important framing point: it would be a mistake to read the BCB's phased Travel Rule timeline as permission to defer Travel Rule readiness. The ACAM 212 obligation alone effectively requires the counterparty identification capability that the Travel Rule will demand. Companies treating February 2027 (domestic Travel Rule) or February 2028 (cross-border) as a cliff-edge deadline risk not being prepared to meet interim obligations.

She also offered a pointed defense of the Travel Rule itself, against the reflexive crypto-native skepticism that often accompanies it. Tracing transactions improves AML enforcement, makes international flows auditable, and — critically — gives end users an additional layer of protection. In crypto today, a customer sending funds to the wrong wallet has no recourse. A counterparty identification layer changes that.

The hard part: identifying the counterparty

This was the throughline of the entire session. Every panelist returned to it.

The challenge is structural, not procedural. Sodreia put it cleanly: SWIFT — over 40 years of standardisation, accelerated in the late 1990s and now harmonised under ISO 20022 — gives institutions a BIC code that resolves counterparty identity and jurisdiction in one field. Pix and other modern payment rails inherit that design.

Crypto has nothing equivalent natively. A wallet address tells you nothing about who controls it.

Three patterns emerged from the discussion on how SPSAVs should approach this.

1. Self-declarations are accepted, but insufficient on their own.Resolution 520 permits SPSAVs to rely on customer self-declarations to gather counterparty information during the Travel Rule phase-in. Sodreia framed self-declarations as a useful starting point, but a weak control on their own, which can be enhanced if paired with blockchain analytics. Marcos agreed: at scale, there is no realistic alternative today. But the direction of travel is clear. As Travel Rule requirements come fully into force across jurisdictions, counterparty information will need to be verified institution-to-institution, through the exchange between counterparty VASPs themselves.

2. Cryptographic proof of ownership has tradeoffs.Methods like Satoshi tests (sending a small amount to verify control of a wallet) work, but they're expensive at volume and can make smaller transactions uneconomic. Marcos noted that some Swiss institutions use video calls to verify wallet ownership — but Brazil's market is too pulverised for that to scale. User-friendlier cryptographic signatures generated from the user's wallet are emerging as the best path, particularly in jurisdictions like the EU where verification of control is mandatory above certain thresholds.

3. Wallet screening is the practical near-term tool.Marcos pointed to the increasing sophistication of wallet screening providers — algorithms that can determine with high confidence whether a wallet's behaviour pattern matches a self-hosted wallet or a VASP, and even infer geolocation from on-chain activity. Catarina added that Notabene's network can already identify a significant portion of counterparty wallets and resolve their VASP and jurisdiction.

Same data, different flows: where Travel Rule and FX reporting converge

This was the conversation's organising insight.

The Travel Rule and the FX reporting rule are asking for largely the same underlying data — counterparty identification, originator information, transaction details. But they ask for it through different channels:

• Travel Rule requires SPSAVs to transmit that information to the institutions they interact with (the counterparty VASP or its proxy).
• FX reporting requires SPSAVs to submit that information to the Central Bank itself.

Same data, two flow directions. One is institution-to-institution; the other is institution-to-regulator.

For SPSAVs building or buying compliance infrastructure right now, this matters operationally: investments in counterparty identification that look like Travel Rule investments are, in fact, also FX reporting investments. The reverse is true too. Catarina's recommendation to anyone implementing the Travel Rule: talk to your providers about what they can already tell you about counterparty wallets, because that capability is doing double duty.

She also flagged a common organisational hazard. The team building Travel Rule compliance and the team building ACAM 212 reporting are often different teams. The session's purpose, she said, was to get those teams talking — because the controls each is building should serve both obligations.

Settlement risk: a deeper problem the conversation surfaced

A participant question late in the session raised one of the deeper problems with applying conventional compliance to public blockchains: once a transaction is on-chain, it's settled. There's no recall, no clawback.

Catarina used the question to introduce a concept Notabene has been developing in other markets: shifting compliance to before settlement, not after. In traditional payment systems, settlement is preceded by an authorisation flow between the institutions involved. The same model can be applied to virtual asset transfers — the originating VASP transmits identifying information to the beneficiary VASP before executing on-chain, and the beneficiary can respond before funds move.

Notabene also announced (during the session) a new capability for VASPs to coordinate the return of unwanted transactions through its network — addressing the fact that you cannot simply send funds back to the originating address without knowing whether that address is structured to receive them. Read more on Notabene Revert in our recent blog post.

Marcos added that permissioned networks have a structural advantage here: they support clawback and freezing natively, which has become a meaningful topic in international regulatory forums. The asset-recovery question — what happens when a high-value transaction goes to the wrong place — is one regulators globally are watching.

A post-webinar update: Resolution 561 and what it actually does

Two days after the webinar, on April 30, 2026, the BCB published Resolution 561, amending the eFX framework. International headlines almost immediately declared that Brazil had "banned stablecoin settlement in cross-border payments."

In fact, Resolution 561 targets one specific channel: eFX, Brazil's simplified electronic FX route for retail digital cross-border flows — such as international online card purchases and digital remittances handled by payment institutions, e-money issuers, and acquirers. Inside that channel, settlement between an eFX provider and its overseas counterparty must now occur through traditional FX operations or non-resident BRL accounts. Stablecoins and other virtual assets can no longer be used as the settlement leg. The change takes effect October 1, 2026.

What Resolution 561 does not do is ban stablecoin cross-border settlement across the board. Licensed SPSAVs — and banks operating under the SPSAV framework — can still use stablecoins for international transfers, because that activity sits inside the FX market regime established by Resolution 521 (mentioned above). Cross-border stablecoin movement remains entirely possible: it just has to flow through an authorised institution, under FX-market rules, with the reporting and counterparty obligations that come with that perimeter.

Put together with Resolution 521, the BCB's direction is now unambiguous:

• The lighter, retail-oriented eFX route is being closed to virtual assets.
• The supervised SPSAV/FX-market route is being expanded and reinforced, with ACAM 212 reporting, Travel Rule obligations, and FX market authorisation as the price of entry.

For the audience of this article, the practical implication is straightforward. Resolution 561 doesn't change the operational picture for SPSAVs building toward May 2026 reporting and 2027–2028 Travel Rule compliance. If anything, it raises the stakes: cross-border stablecoin activity that previously sat in the lighter eFX channel will increasingly flow through SPSAVs, which means the supervised route can absorb more volume. The institutions that have built robust Travel Rule, and counterparty resolution capabilities will be the ones positioned to capture that flow.

What SPSAVs should do now: the panel's recommendations

The panel closed with practical guidance. Compressed:

Sodreia (operational priorities):

1. Map your flows. Understand which transaction types your business runs and which qualify for ACAM 212 reporting.
2. Classify operations. Build a clean classification logic for the four FX-scoped categories.
3. Choose your counterparty identification model deliberately. Don't default to manual collection from customers — they often don't know the answer either. Look at where automation, blockchain analytics, and network-resolved counterparty data can take friction out of the customer experience.
4. Don't defer Travel Rule preparation. The phased timeline isn't permission to wait.

Marcos (legal priorities):

1. Comply with all obligations now, even ahead of authorisation. SPSAV authorisation applications will assess prior compliance posture. Falling short on obligations already in force can compromise the authorisation outcome.
2. Assume FX market authorisation is required. Marcos was direct: realistically, almost no SPSAV will be able to operate without FX market authorisation, because even buying a BRL-denominated stablecoin now falls within the FX market.
3. Structure for partnerships. SPSAVs facing the operational limits — including the USD 100,000 per transaction cap for SPSAVs without full FX dealer authorisation — should be looking at partnerships with authorised institutions early. Sodreia confirmed this is exactly where many in the market are heading, with institutions like BRAZA positioned to absorb operations that exceed SPSAV limits.

The bigger picture

Catarina closed on a structural point that's worth flagging. Crypto's native architecture wasn't designed to fit within regulatory perimeters. Bringing virtual asset infrastructure into a regulated regime means building something that doesn't yet exist: a coordination layer between institutions that can carry the kind of contextual information traditional payment rails carry natively.

That layer matters beyond compliance. As Catarina noted — drawing on Notabene's own experience with finance teams — one of the reasons crypto and stablecoin payments haven't yet penetrated business operations at scale is that payments arrive without context. Reconciliation against invoices, contracts, and customer records is genuinely hard. The same infrastructure that makes Travel Rule compliance and FX reporting possible is the infrastructure that makes crypto and stablecoins viable as actual payment rails.

May 2026 is one milestone. It's also a forcing function for building the right thing.

Want to go deeper?

For a comprehensive view of the regulatory landscape, see Notabene's Brazil Virtual Asset Regulatory Playbook, produced in partnership with Veirano Advogados and ABToken.

The full webinar recording is available on demand, and the recording is available here.

This article summarises a fireside chat held in Portuguese, hosted by Notabene in collaboration with AB Token on April 28, 2026, with Catarina Veloso (Notabene), Sodreia Amorim (BRAZA), and Marcos Rocha (Veirano Advogados). All quotes and references have been translated from the original Portuguese.

‍

‍

‍

Something shifted in cross-border payments over the last few years, and it happened faster than most people expected. The stablecoin layer - once an experiment at the margins - is now a real part of how money moves globally. You can see it in the deal flow, customer conversations, in where regulatory attention is going. Digital assets have crossed the chasm.

But having crossed the chasm doesn't mean you've arrived. It means the question has changed. And the question the industry is now dealing with - mostly implicitly, sometimes explicitly - is whether the architecture that got us this far is the architecture that takes us to the next stage.

The dominant architecture is what people started calling the stablecoin sandwich a year or two back. Fiat converts to stablecoin at one end, value moves across the chain, stablecoin converts back to fiat at the other end. It works. It has unlocked real use cases: hard-currency corridors where someone on one side urgently wants dollars, corporate treasury moving funds across borders at hours that SWIFT can't touch, situations where you can bundle the off-ramp problem into one partner relationship and move on.

I spent time at a very large GSIB early in my career, building systems reconciling trade feeds to SWIFT feeds, sitting inside correspondent banking. Something I learned - and that I keep thinking about now - is that correspondent banking works. It is expensive, slow, and remarkably opaque, but it reliably moves money. The model is: bilateral relationships, pre-funded positions, corridor-by-corridor expansion. You add a corridor when the economics justify it. You maintain the relationships because the alternative is reduced volume.

What I find genuinely interesting about the stablecoin sandwich is that it has reproduced this model almost exactly. Different settlement rails, same underlying structure. If you peel back the UX improvements and the faster settlement times, the correspondent banking architecture is still there. You still need pre-funded positions on both sides of each corridor. You still build out one corridor at a time. Conversion costs don't disappear - they shift around, sometimes to your benefit, sometimes not - but they stay in the system.

The payment CEOs I talk to who have been running stablecoin sandwich operations for a few years are starting to feel this. Three or four corridors looks great on the unit economics. Twenty corridors - which you need if you're serious about global reach - starts to look like a different business. Many stablecoin orchestrators product roadmaps are filled with integrations to support more corridors to increase volume rather than building better products.

The operational overhead, the compliance exposure per corridor, the working capital tied up in pre-funded positions: it compounds. And margins that looked healthy early on start to come under pressure. Many of the largest banks globally have secretly been removing expensive and risky to operate long tail corridors from their correspondence bank offerings by outsourcing this volume to PSPs and stablecoin orchestrators.

The industry is already sensing this, and you can see it in where the interesting product work is happening. What's emerged is a kind of open-faced stablecoin sandwich: one-way fiat conversion instead of two-way. Stablecoin cards are the clearest example - the cardholder's account is stablecoin-native, the conversion only happens at the point of spend into fiat. You've cut the conversion problem in half. One side of the transaction has gone native; the other side is still touching the legacy rails. It's real progress. But it's still a transitional architecture, not the destination.

This isn't a criticism of the people who built this way. The stablecoin sandwich, and its open-faced variant, were the correct call for the environments in which they emerged. When you're trying to get from zero to adoption, you build for backward compatibility. You operate within the systems where the money already lives.

Every technology does this phase. Remember Vonage or paying for a phone number in Skype? VoIP spent years routing calls between traditional phone endpoints before Skype and WhatsApp came along and made those endpoints superfluous for general use. The stablecoin sandwich is how you get a foothold, not how you achieve the end state.

As more issuers enter the market - across banking consortia, fintechs, and sovereign-backed initiatives - the question stops being which stablecoin you're holding and becomes what you can do with it natively. A network of institutions that can settle with each other directly, without rebuilding bilateral corridors for each relationship, compounds differently than a network of corridors does. That's the transition worth building toward.

There's a difference between a transitional architecture and a destination, and the industry is at the point where that distinction matters for the decisions you're making now. The companies worth watching are the ones that ran the stablecoin sandwich where they needed to, understand exactly what it costs them to operate, and are building deliberately toward something different. The regulatory framework is falling into place. The infrastructure question is the one that deserves more honest attention.

‍

‍The problem with crypto’s one-way street

Blockchain transactions are natively unilateral. Whoever holds the private keys decides if settlement happens. Once a transaction is broadcast and confirmed on-chain, the receiver doesn’t get a “yes” or “no” moment. There is no native ability to accept or reject a payment.

When an unwanted transaction is received, there is also no straightforward way to send it back even though, in many cases, returning funds is a mandatory regulatory requirement.

For example, under the EU Travel Rule regime, if a beneficiary Crypto-Asset Service Provider detects post-settlement a transaction that lacks the required Travel Rule information to unambiguously identify the parties, it must return the funds to the originator.

In practice, however, returning funds is anything but simple. Institutions face a minefield of liability. They cannot assume that the original sending address is able to receive a return. If that address is not prepared for this purpose, the returned funds may be permanently lost.

The scale of this problem is significant. The Joint Money Laundering Steering Group (JMLSG)—the UK body providing guidance on AML compliance—explicitly recognizes this, stating that crypto asset businesses “should consider the risks and complexities [of returning funds] prior to making a return, as it may create operational challenges … to reattribute it to the originator.”

The long-awaited "undo button" for crypto

To solve this, Notabene has introduced Revert—a post-settlement control layer for digital asset transactions, enabling institutions to safely coordinate, authorize, and complete returns of funds across counterparties. This is effectively an "undo button" for crypto transactions.

Here’s how it works:

When a beneficiary institution needs to return funds, it initiates a revert request. The originator is notified of the request and can respond by authorizing the return and providing a verified wallet address where the funds should be sent. The beneficiary can then execute the return with confidence, while both sides retain full visibility and auditability across the entire lifecycle.

To be clear: this is an innovation in trust and coordination. There is no change to how blockchains natively work. Settlement remains immediate and irreversible according to first principles of blockchain design. However, within a network of cooperative institutions, we can introduce a novel new control layer to correct mistakes. 

This functionality is built on the Transaction Authorization Protocol (TAP), an open standard for communicating about transactions. Any adopter of TAP, regardless of a commercial relationship with Notabene, can participate in coordinated return-of-funds flows. This is infrastructure for the entire industry, not just Notabene customers.

The importance of pre-transaction authorization

Revert addresses a necessary gap today, but it is not on its own a holistic solution to end-to-end transaction orchestration.

When counterparties verify compliance data, assess risk profiles, and explicitly authorize transactions before settlement, the need for post-settlement remediation and fund returns largely disappears. 

The Notabene Network has already powered over $2 trillion in compliant transaction volume using this approach. Pre-transaction authorization is becoming a standard, and we are advancing it further by enforcing authorization by design within Notabene Flow payments.

But standards take time to become universal. Until pre-transaction authorization is widespread across all digital asset transactions, the industry needs a way to handle edge cases: non-compliant counterparties, missing information, and operational mistakes.

That’s the safety net that Revert provides.

Trust, coordination, and compliance infrastructure

Notabene's Revert functionality demonstrates the power of coordination and an end-to-end transaction control layer when institutions transact within shared standards and trusted networks.

As digital asset payments evolve, infrastructure like this is what turns crypto rails into something businesses can actually rely on.

With the introduction of Revert, we’re covering all the bases so that compliant, coordinated transactions become the default.

‍NEW YORK — April 28, 2026 — Once a crypto transaction settles, there has never been a safe, standardized way to reverse or correct it, even when regulation requires it. Notabene, the trust layer for global money movement, today announced Revert, the first post-settlement control layer for digital asset transactions, enabling institutions to safely coordinate, authorize, and complete returns-of-funds flows across counterparties.

For the first time, institutions can control what happens after a crypto transaction settles, not just before it.

Until now, post-settlement workflows in crypto have been manual, fragmented, and high-risk. The moment a transaction moved between two institutions, there was no coordinated mechanism to return the funds. 

While traditional payment systems rely on standardized processes for refunds, corrections and dispute resolution, crypto transactions between institutions have lacked any coordinated mechanism - leaving institutions to rely on email, informal coordination, and unverified wallet addresses.

At the same time, new regulations now require institutions to return funds in certain cases, creating a gap between regulatory obligation and available infrastructure.

Revert closes that gap. Revert introduces a post-settlement control layer for digital assets - enabling institutions to initiate, authorize, and complete return-of-funds flows with verified wallet destinations and a full audit trail.

Built on the Transaction Authorization Protocol (TAP), Revert enables institutions to coordinate refunds across counterparties as a shared network standard, rather than within closed ecosystems.

"Blockchain finality makes sense for settlement. It doesn't make sense for everything else institutional payments actually require: coordinating across counterparties, correcting mistakes, and unwinding transactions that shouldn't have gone through," said Pelle Braendgaard, CEO of Notabene. "Revert is the first post-settlement control layer that works between institutions rather than inside them, and crypto can't credibly support real business payments without it."

Revert is available today across the Notabene Network, which already connects more than 2,200 regulated institutions across 100+ jurisdictions and has processed over $2 trillion in compliant transaction volume. The launch lands as return-of-funds obligations are tightening across jurisdictions. Under the EU Transfer of Funds Regulation, for example, a Crypto-Asset Service Provider that detects missing Travel Rule information after a transaction has settled must return the funds to the originator, a workflow that has been operationally difficult until now.

For more on Revert, visit notabene.id/revert

‍

About Notabene

Notabene is the trust layer for global money movement. The Notabene network connects thousands of trusted counterparties, facilitating trillions of dollars in transaction volume annually across over 100 jurisdictions. Notabene provides industry-leading tools for stablecoin payment coordination, real-time transaction authorization, counterparty verification, and self-hosted wallet identification—helping institutions build trust into every transaction.

Press Contact:

Clay Fain
VP, Marketing
Notabene
[email protected]

For the first time, institutions can control what happens after a crypto transaction settles, not just before it.

Once a transaction confirms on-chain, there has never been a safe, standardized way to reverse or correct it. Post-settlement workflows have been manual, fragmented, and high-risk — institutions relying on email, informal coordination, and unverified wallet addresses to handle something as routine as a refund. The moment a transaction moved between two institutions, there was no coordinated mechanism to return the funds.

Revert closes that gap. It's a post-settlement control layer for digital assets that lets institutions initiate, authorize, and complete returns of funds with verified wallet destinations and a full audit trail — across counterparties, not just within a closed ecosystem.

Read the full press release.

‍

How it works

Either side of a transaction — the originator or the beneficiary — can initiate a revert request. The full flow:

1. The institution initiating the return submits a revert request with a reason attached.
2. The counterparty receives the request through the Notabene platform and reviews it.
3. If approved, the counterparty provides a verified wallet address for where the funds should be sent.
4. The initiating institution executes the return to that verified address.
5. Both sides retain full status and timeline visibility, from the initial request through to settlement.

The critical step is #3: the wallet address is confirmed through the coordination process before funds move. That's what eliminates the operational risk that has made cross-institution returns so difficult — no more sending funds back blindly to an address that may not be able to receive them.

For a full walkthrough of the technical mechanics, visit our help documentation.

‍

What institutions use Revert for

• Customer refunds where funds need to be returned to the original sender
• Operational corrections — transactions sent in error, wrong amounts, or wrong counterparty
• Dispute resolution between institutions
• Regulatory return obligations, including cases where Travel Rule regulations require a beneficiary to return funds to the originator

‍

Open to the whole industry

Revert is built on the Transaction Authorization Protocol (TAP), the open standard for institutional communication about crypto transactions. Any institution that has implemented TAP can participate in coordinated return flows — regardless of whether they have a commercial relationship with Notabene. This is infrastructure for the industry, not a feature locked behind a single platform.

Revert is available today across the Notabene Network, which connects more than 2,100 regulated institutions across 100+ jurisdictions and has processed over $2 trillion in compliant transaction volume.

‍

Already a Notabene customer? Revert is available now. Reach out to your Customer Success Manager or contact us at [email protected] to get set up.

Not yet on the Notabene Network? Book a demo and we'll walk you through how Revert works in the context of your operations.

‍