Compliance Without
Compromise
How Settlr achieves full regulatory compliance for restricted-commerce B2B settlements — without custody, without banks, and without compromising on speed or privacy.
Executive Summary
Settlr is a non-custodial settlement protocol — a software layer, not a money services business. We never hold, pool, or have unilateral control over user funds. Payments move directly between counterparties via on-chain smart contracts on Solana.
This architecture means Settlr is not a money transmitter under federal FinCEN guidance (FIN-2019-G001) or the majority of state money transmission statutes. We are a technology provider that facilitates peer-to-peer stablecoin transfers with embedded compliance tooling.
GENIUS Act of 2025
The Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act, signed into law in 2025, established the first comprehensive federal framework for payment stablecoins in the United States. Here is how Settlr aligns with every major provision.
Permitted Payment Stablecoins Only
§3 — DefinitionsSettlr exclusively uses USDC issued by Circle — a fully reserved, audited, and GENIUS Act-compliant payment stablecoin. We do not support algorithmic, offshore, or unregistered stablecoins. Every dollar that flows through Settlr is backed 1:1 by U.S. Treasury obligations and cash equivalents.
Issuer Compliance Requirements
§4 — RegistrationCircle, as the USDC issuer, maintains registration with FinCEN, state-level licenses, and undergoes monthly reserve attestations by a Big Four accounting firm. Settlr verifies that all stablecoins routed through our protocol originate from compliant issuers — a check embedded at the smart contract level.
Redemption Guarantees
§5 — RedemptionUSDC provides 1:1 redemption to U.S. dollars on demand. Because Settlr is non-custodial, recipients can redeem their USDC directly through Circle or any compliant on-ramp/off-ramp. We never create a redemption bottleneck — there is no pooling, no lock-up, and no withdrawal queue.
Reserve & Transparency Requirements
§6 — ReservesCircle publishes monthly reserve reports and undergoes annual audits under the GENIUS Act's transparency mandate. Settlr surfaces this information in our compliance dashboard, giving operators direct visibility into the backing of every dollar settled on our rails.
Consumer & Business Protection
§8 — ProtectionBy operating non-custodially on public blockchain infrastructure (Solana), every Settlr transaction produces an immutable, timestamped receipt. Both counterparties can independently verify settlement status, amount, and timing — no reliance on Settlr's systems for proof of payment.
Interoperability & Open Standards
§10 — InteroperabilitySettlr is built on Solana's public, permissionless infrastructure using open-source smart contracts. Our protocol is interoperable with any wallet, exchange, or DeFi protocol that supports SPL tokens. No vendor lock-in, no proprietary rails, no walled gardens.
BSA/AML Framework
While Settlr is not a money transmitter, we proactively implement Bank Secrecy Act and Anti-Money Laundering controls as a matter of principles — and because our customers in restricted industries need this protection to operate confidently.
OFAC Screening
Every wallet address is screened against the OFAC SDN (Specially Designated Nationals) list before a transaction is processed. Blocked wallets cannot initiate or receive payments through Settlr. Screening runs in real-time, not in batch.
Transaction Monitoring
Settlr monitors settlement patterns for anomalous activity — unusual volumes, rapid-fire transactions, structuring patterns, and sanctioned-jurisdiction exposure. Flagged transactions are held for manual review before settlement.
Suspicious Activity Reporting
When transaction monitoring surfaces activity consistent with money laundering, structuring, or sanctions evasion, Settlr files Suspicious Activity Reports (SARs) with FinCEN. Our compliance team maintains direct filing capability.
Jurisdiction Controls
Settlr enforces geographic restrictions at the protocol level. IP geolocation and wallet provenance checks block transactions originating from OFAC-sanctioned jurisdictions (Cuba, Iran, North Korea, Syria, Crimea, et al.).
Transaction Lifecycle — AML Controls
Pre-Transaction Screening
Both sender and receiver wallets are screened against OFAC SDN, UN sanctions lists, and known high-risk addresses. Blocked wallets are rejected before any on-chain activity occurs.
Real-Time Risk Scoring
Each transaction receives a risk score based on amount, counterparty history, geographic signals, and pattern analysis. Scores above threshold trigger enhanced review.
Settlement Execution
Approved transactions are routed through on-chain smart contracts. The settlement instruction, compliance metadata, and timestamps are embedded in the transaction — immutable and auditable.
Post-Settlement Audit
Completed settlements are logged with full compliance stamps (KYB status, OFAC screening result, risk score, timestamp). This data is available via API and dashboard for auditor access.
AML Compliance Program
Settlr maintains a written Anti-Money Laundering Compliance Program modeled on FinCEN's five-pillar framework. Even though our non-custodial architecture likely exempts us from MSB registration, we hold ourselves to MSB-grade standards because our customers — cannabis operators and other restricted businesses — need a payment provider they can hand to an auditor without hesitation.
Pillar 1 — Designated Compliance Officer
Settlr designates a qualified Compliance Officer responsible for the day-to-day administration of the AML program, including policy updates, staff training, and regulatory reporting. The Compliance Officer reports directly to the CEO and has authority to halt transactions pending investigation. Current CO credentials and contact are available to regulators and KYB-verified merchants upon request.
Pillar 2 — Internal Policies, Procedures & Controls
Our AML program includes documented procedures for: (a) customer onboarding and KYB verification, (b) ongoing transaction monitoring and risk scoring, (c) OFAC and sanctions list screening, (d) SAR identification, investigation, and filing, (e) record retention and document management, (f) escalation protocols for high-risk transactions, and (g) periodic policy review and update (minimum annually). All procedures are version-controlled and audit-logged.
Pillar 3 — Training Program
All Settlr employees with access to customer data or transaction systems complete AML/BSA training at onboarding and annually thereafter. Training covers: identifying red flags for money laundering and terrorist financing, SAR filing obligations, OFAC compliance requirements, cannabis-industry-specific AML considerations, and proper escalation procedures. Training completion is documented and retained for 5 years.
Pillar 4 — Independent Testing
Settlr engages independent third-party auditors to test AML program effectiveness at least annually. Testing scope includes: review of KYB procedures, sample testing of OFAC screening results, evaluation of transaction monitoring thresholds and alert resolution, SAR filing timeliness and completeness, and staff training adequacy. Audit findings are tracked to remediation.
Pillar 5 — Risk-Based Customer Due Diligence
Every Settlr merchant receives a risk rating at onboarding (Standard, Elevated, or High) based on: industry classification, geographic exposure, expected transaction volume and velocity, beneficial ownership complexity, and adverse media screening results. High-risk merchants receive Enhanced Due Diligence (EDD) including quarterly re-verification, lower transaction monitoring thresholds, and manual review of transactions above $10,000.
Merchant Risk Classification Matrix
| Factor | Standard | Elevated | High |
|---|---|---|---|
| KYB Re-verification | Annually | Semi-annually | Quarterly |
| Transaction Review Threshold | $50,000/day | $25,000/day | $10,000/day |
| Manual Review Trigger | Score ≥ 80 | Score ≥ 60 | Score ≥ 40 |
| OFAC Screening Frequency | Per-transaction | Per-transaction | Per-transaction + daily batch |
| Adverse Media Monitoring | Monthly | Weekly | Daily |
| Beneficial Ownership Refresh | Annually | Semi-annually | Quarterly + event-driven |
KYB Verification Process
Every business on Settlr goes through Know Your Business verification before their first settlement. This is non-negotiable — even for industries that banks refuse to serve.
Business Entity Verification
We verify the legal existence and good standing of the business entity — articles of incorporation, state registrations, EIN confirmation, and operating licenses. For cannabis operators, this includes state cannabis license verification.
Beneficial Ownership Identification
All individuals with 25%+ ownership or significant management control are identified and verified. We collect government-issued ID, proof of address, and run identity verification checks against public records and watchlists.
Industry-Specific Compliance
For cannabis businesses: state license verification, Metrc/BioTrack integration capability, and confirmation of operation within legal state boundaries.
Bank & Financial Verification
We verify that the business has a legitimate banking relationship (or is actively seeking one — many of our customers are underbanked by design of the traditional system). Off-ramp and on-ramp pathways are established during onboarding.
Ongoing Monitoring
KYB is not a one-time check. Settlr performs periodic re-verification (quarterly for restricted industries), monitors for adverse media, regulatory actions, and changes in ownership structure. License expirations trigger automatic review.
Required KYB Documentation
| Document | Standard | Cannabis |
|---|---|---|
| Articles of Incorporation | ||
| EIN / Tax ID | ||
| State Business License | ||
| Cannabis License (State) | — | |
| Beneficial Owner IDs | ||
| Proof of Address | ||
| Bank Account Verification | ||
| Metrc/BioTrack License # | — |
What We Monitor & How
Settlr runs real-time and batch-level transaction monitoring across every settlement. Below are the specific typologies, thresholds, and actions we take — not vague promises, but the actual rules engine that processes every dollar on the platform.
Structuring Detection
Transactions are analyzed for patterns consistent with structuring — the intentional breaking of large amounts into smaller transactions to avoid reporting thresholds. We flag: (a) multiple transactions from the same sender within 24 hours that aggregate above $10,000, (b) transactions consistently just below round-number thresholds, (c) rapid sequential transfers between related wallets.
Threshold
Aggregate > $10,000/24h or pattern match
Action Taken
Auto-hold + manual review within 4 hours
Velocity Anomalies
Each merchant has an expected transaction velocity profile established during onboarding. We flag deviations: (a) daily volume exceeding 3× the 30-day rolling average, (b) transaction frequency exceeding 5× normal rate, (c) sudden activation of dormant accounts (no activity for 30+ days followed by high-volume transactions).
Threshold
3× daily average or 5× frequency baseline
Action Taken
Alert + enhanced monitoring for 72 hours
Sanctions & Watchlist Hits
Every wallet address involved in a Settlr transaction (sender, receiver, and intermediate wallets) is screened against: OFAC SDN and Consolidated Lists, UN Security Council Sanctions Lists, EU Consolidated Financial Sanctions, known ransomware and darknet-linked addresses (via Chainalysis integration). Screening occurs pre-transaction in real-time.
Threshold
Any match (fuzzy matching at 90%+ confidence)
Action Taken
Immediate block + SAR filing if warranted
Geographic Risk Signals
IP geolocation, wallet provenance analysis, and counterparty jurisdiction are evaluated against: OFAC-sanctioned countries (Cuba, Iran, North Korea, Syria, Crimea region), FATF grey-list and black-list jurisdictions, jurisdictions with known deficiencies in cannabis regulation. VPN detection is active — transactions from known VPN exit nodes associated with sanctioned regions trigger enhanced review.
Threshold
Any sanctioned jurisdiction indicator
Action Taken
Block or enhanced review depending on signal strength
Round-Trip Transaction Detection
We monitor for layering activity where funds cycle through multiple wallets and return to the originator or a closely associated wallet. On-chain graph analysis identifies patterns where: (a) funds return to the originator within 72 hours through 2+ intermediary wallets, (b) wallets with no commercial activity serve as pass-through entities, (c) multiple unrelated merchants send to the same consolidation wallet.
Threshold
Pattern match across 72-hour window
Action Taken
Hold pending investigation + SAR evaluation
Suspicious Activity Reporting
When transaction monitoring or manual review surfaces activity consistent with money laundering, structuring, terrorist financing, or sanctions evasion, Settlr follows a documented SAR identification, investigation, and filing process.
SAR Lifecycle
Alert Generation
Transaction monitoring rules or manual review generate an alert. Alerts are triaged by severity: Critical (immediate freeze — sanctions hits, confirmed structuring), High (review within 4 hours — threshold breaches, velocity anomalies), Medium (review within 24 hours — geographic risk signals, unusual patterns), Low (batch review — minor deviations, informational).
Investigation
The Compliance Officer or designated analyst investigates the alert. Investigation includes: full transaction history review for the merchant and counterparties, wallet provenance analysis (on-chain graph tracing), KYB re-verification if warranted, and customer outreach for legitimate business explanation. Investigation must be completed within 5 business days of alert generation.
SAR Decision
If investigation confirms suspicious activity, a SAR is prepared. The decision is documented with: specific facts supporting the filing, applicable law or regulation violated, transaction details (dates, amounts, wallet addresses, counterparties), and narrative description of the suspicious activity pattern. If the investigation clears the activity, the alert is closed with documented rationale.
Filing with FinCEN
SARs are filed electronically with FinCEN via BSA E-Filing within 30 calendar days of the initial alert (15 days if the subject is not identifiable and additional time is needed). Settlr maintains direct BSA E-Filing access — we do not rely on third-party intermediaries for SAR submission.
Post-Filing Actions
After filing: the merchant account may be suspended, restricted, or terminated depending on severity. Ongoing monitoring is enhanced for 90 days minimum. SAR information is never disclosed to the subject (per 31 USC §5318(g)(2)). All SAR documentation is retained for 5 years from the date of filing. Law enforcement inquiries (314(a) requests) related to filed SARs are handled within 2 business days.
Transparency Note
Settlr cannot disclose whether a SAR has been filed on a specific transaction or individual (per federal “tipping off” prohibitions). However, we publish aggregate compliance statistics quarterly: total alerts generated, percentage resolved within SLA, and general compliance program metrics. These statistics are available to KYB-verified merchants in their compliance dashboard.
Record Retention Policy
Settlr retains all compliance-relevant records in accordance with BSA requirements and cannabis-industry best practices. On-chain transaction data is immutable and permanently accessible; off-chain records follow the retention schedule below.
| Record Type | Retention Period | Storage |
|---|---|---|
| KYB verification files | 5 years after account closure | Encrypted off-chain + document hash on-chain |
| Transaction records | Permanent (on-chain) + 5 years (off-chain enrichment) | Solana blockchain + encrypted database |
| OFAC screening results | 5 years from screening date | Encrypted database with audit log |
| SAR filings & supporting docs | 5 years from filing date | Encrypted, access-restricted database |
| Transaction monitoring alerts | 5 years from alert resolution | Encrypted database with case notes |
| Training records | 5 years from completion | HR system with compliance integration |
| Compliance audit reports | 5 years from audit date | Document management system |
| 314(a) / law enforcement requests | 5 years from response date | Encrypted, access-restricted database |
Compliance Architecture
Compliance is not a feature bolted on after the fact — it is embedded in every layer of the Settlr protocol. Here is how it works end-to-end.
┌─────────────────────────────────────────────────────┐ │ SETTLR PROTOCOL │ ├─────────────────────────────────────────────────────┤ │ │ │ ┌──────────┐ ┌──────────┐ ┌──────────────┐ │ │ │ SENDER │──▶│ SETTLR │──▶│ RECEIVER │ │ │ │ WALLET │ │ SMART │ │ WALLET │ │ │ └──────────┘ │ CONTRACT │ └──────────────┘ │ │ │ └──────────┘ │ │ │ │ │ │ │ │ ▼ ▼ ▼ │ │ ┌──────────┐ ┌───────────┐ ┌──────────────┐ │ │ │ OFAC │ │ COMPLIANCE│ │ ON-CHAIN │ │ │ │ SCREENING│ │ STAMPS │ │ RECEIPT │ │ │ └──────────┘ │ ├─ KYB │ │ ├─ Amount │ │ │ │ ├─ AML │ │ ├─ Time │ │ │ │ ├─ OFAC │ │ ├─ Parties │ │ │ │ └─ GENIUS│ │ └─ TX Hash │ │ │ └───────────┘ └──────────────┘ │ │ │ │ ┌─────────────────────────────────────────────┐ │ │ │ AUDIT TRAIL (IMMUTABLE) │ │ │ │ Every transaction → on-chain + off-chain │ │ │ │ Exportable via API for regulatory review │ │ │ └─────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────┘
Non-Custodial by Design
Settlr smart contracts are escrow programs — funds move atomically from sender to receiver in a single transaction. At no point does Settlr (or any Settlr-controlled wallet) have unilateral control over user funds.
On-Chain Compliance Stamps
Every settlement embeds compliance metadata directly in the transaction: KYB verification status and OFAC screening result. This data is immutable and auditable by any third party.
Gasless via Kora Fee Payer
Users don't need SOL for gas. Settlr's Kora integration covers transaction fees, removing friction while maintaining full self-custody. The fee payer is a signing service, not a custodian.
Privacy via TEE (MagicBlock PER)
Sensitive transaction details (pricing, counterparty identities) can be encrypted using Trusted Execution Environments via MagicBlock PER. This protects trade secrets while maintaining the compliance audit trail.
Regulatory Landscape — 2026
GENIUS Act (2025)
Federal stablecoin framework. Settlr uses only compliant payment stablecoins (USDC). Non-custodial providers are software providers, not regulated entities.
FinCEN MSB Guidance (2019)
FIN-2019-G001 clarifies that non-custodial software providers are not money transmitters. Settlr's architecture aligns with the "non-custodial wallet" classification.
Bank Secrecy Act (BSA)
Settlr voluntarily implements BSA-grade controls (OFAC screening, transaction monitoring, SAR filing) as a best practice for operating in restricted industries.
MiCA (EU, 2024)
Markets in Crypto-Assets regulation governs EU operations. USDC (Circle) is MiCA-compliant. Settlr's European operations leverage this established framework.
State Cannabis Regulations
Each state has unique cannabis compliance requirements. Settlr's KYB process verifies state-specific licenses and integrates with track-and-trace systems (Metrc, BioTrack).
Compliance Questions
Questions we hear from CFOs, compliance teams, and regulators during due diligence. If your question isn't covered here, contact compliance@settlr.dev.
Is Settlr a money transmitter?
Why do you implement BSA/AML controls if you're not an MSB?
How do you screen wallets against OFAC sanctions?
What happens if suspicious activity is detected?
What KYB documentation do cannabis businesses need to provide?
How long do you retain compliance records?
Can my auditor access Settlr's compliance data?
Is USDC actually safe to use for regulated businesses?
Compliance Should Not Be a Competitive Disadvantage
Your industry was abandoned by banks — not by regulators. Settlr gives you the compliance infrastructure that traditional finance refused to build for you.