US Money Transmitter Licensing
PART TEN: BUILDING AND SCALING A LICENSED MTO Chapter 34

Technology Stack for a Licensed MTO

A money transmitter CEO asks me to review his technology architecture. He shows me his systems: a transaction processing system, a customer database, a compliance monitoring system, a mobile application, API integrations with payout partners, and a reporting system. He asks: is this sufficient?

I ask him a different question: if your transaction processing system fails today, how long can you operate before you must restore it? He does not know. I ask: if your customer database is corrupted, what is your recovery procedure? He does not have one. I ask: if a payout partner's API goes down, what happens to customer transactions? He has not thought about it.

The technology stack is not sufficient. It is not about having the right systems; it is about building systems that will continue to function when something goes wrong.

Core Banking/Ledger Systems

The transaction processing system is the core of a money transmitter operation. This system accepts a customer transaction, calculates fees, deducts the fee from the customer's deposit, and creates a transaction record. The system must be accurate, must be fast, and must be resilient to failures.

An accurate system means that the system correctly calculates fees, correctly deducts customer deposits, correctly records transaction amounts, and correctly settles with payout partners. If the system makes calculation errors, you will pay out more money than customers deposited or will retain less money than you should. Either way, the business is at risk.

A fast system means that customer transactions are processed without delay and that settlement with payout partners happens efficiently. If the system is slow, customers will abandon your service for competitors who are faster.

A resilient system means that the system continues to function when something goes wrong. If your primary database fails, you have a backup database. If your transaction processor crashes, you have redundancy. If a region experiences an outage, you have operations in another region.

For small money transmitters, the core system might be purchased from a vendor. Vendors such as Ixaris, nCino, and others provide transaction processing systems designed for money transmitters. These systems are pre-built, are regularly updated, and handle much of the complexity of transaction processing.

For larger money transmitters, the core system might be custom-built. Custom-built systems are more expensive and take longer to develop, but they can be optimized for your specific business model and can avoid constraints built into vendor systems.

The core system must integrate with your banking infrastructure. You must be able to move customer deposits to your bank, must be able to move settlement money from your bank to payout partners, and must be able to reconcile your internal records with your bank's records. These integrations are technically complex and error-prone.

A significant risk in money transmitter operations is reconciliation failures. If your internal records show that you have ten thousand dollars in a particular settlement account, but your bank shows only nine thousand dollars, you have a reconciliation failure. This might reflect a calculation error in your system, an error in your bank's system, or a missing settlement transaction. Identifying and resolving reconciliation failures is time-consuming and requires expertise.

Payment Processing Platforms

A payment processing platform is the infrastructure that accepts customer payments. If you operate a web or mobile application, the platform processes credit card payments, bank transfers, mobile wallet payments. The platform must accept payments securely, must protect customer payment information, and must integrate with payment networks.

Payment processors that serve money transmitters are different from payment processors that serve traditional e-commerce businesses. Traditional payment processors such as Stripe and Square have restrictions on money transmitters. They often do not allow money transmitters to use their platform, or they allow money transmitters only in limited corridors with significant additional due diligence.

Money transmitter-friendly payment processors include Verifone, Global Payments, and other processors that have experience with the AML and KYC requirements of money transmission. These processors understand that money transmitters must conduct due diligence and must file SARs. They also understand that money transmitters have higher chargeback and fraud rates than traditional businesses, and they price accordingly.

The cost of payment processing is significant. A payment processor might charge two to three percent of the payment value, plus flat fees per transaction. For a money transmitter, this cost is substantial and must be budgeted.

An important consideration is whether to integrate with the payment processor's compliance tools or to maintain your own compliance system. Some payment processors offer integrated AML screening, sanctions screening, and transaction monitoring. This integration can be valuable because the processor can decline transactions at the point of payment if the customer or transaction does not meet AML standards. But this integration can also be a limitation because the processor's controls might be less sophisticated than your own controls.

Compliance Technology (AML, KYC, Sanctions Screening)

Compliance technology is the system that performs identity verification, sanctions screening, transaction monitoring, and suspicious activity reporting.

For sanctions screening, the money transmitter must screen customers and transactions against OFAC lists. This screening must occur when the customer is onboarded and must occur for each transaction. Manual screening is not feasible at scale. You must use an automated screening system.

Sanctions screening vendors include Actimize, Travelex, and others. These vendors maintain updated lists of OFAC-sanctioned individuals and entities and provide integration with your transaction system to automatically screen customers and transactions.

For customer identification and verification (KYC), the money transmitter must verify that a customer is who they claim to be. For simple customers, verification might be based on government-issued identification. For higher-risk customers, verification might require additional documentation or external databases.

KYC vendors include Socure, LexisNexis, and Equifax. These vendors provide identity verification services, including document verification, address verification, and background screening.

For beneficial ownership verification, vendors provide tools to help you collect beneficial ownership information and to verify that information. These vendors integrate with your customer onboarding workflow.

Transaction Monitoring Systems

Transaction monitoring is the process of reviewing transactions to identify potentially suspicious activity and to generate suspicious activity reports.

For small money transmitters, transaction monitoring might be manual. A compliance officer reviews transactions and determines whether they meet the SAR threshold. As transaction volume increases, manual monitoring becomes infeasible. At scale, you must use an automated transaction monitoring system.

Transaction monitoring systems such as Actimize, Comtech, and Nice Actimize provide rules-based monitoring. You configure rules—such as "alert on transactions to high-risk jurisdictions" or "alert on transactions above a certain amount"—and the system automatically generates alerts when transactions match the rules.

The challenge with rules-based monitoring is tuning the rules. If the rules are too sensitive, you generate thousands of false positive alerts that must be manually reviewed, consuming tremendous staff time. If the rules are not sensitive enough, you miss suspicious activity.

An emerging approach is machine learning-based transaction monitoring. These systems learn from historical transaction data to identify patterns that are abnormal for your business. This approach can be more accurate than rules-based monitoring, but it requires more data to train the system and is more complex to implement.

Customer-Facing Applications (Web, Mobile)

For a digital money transmitter, the customer-facing application is critical infrastructure. The application must be user-friendly, must be secure, and must integrate with your transaction processing system.

Web applications are the minimum. A customer should be able to access your service from a web browser on a desktop or mobile device.

Mobile applications are increasingly expected. A customer should be able to access your service from a native mobile application (iOS or Android). Mobile applications provide a better user experience than web applications and make it easier for customers to conduct transactions on the go.

The design and development of customer-facing applications is expensive. A basic web and mobile application might cost two hundred fifty thousand to five hundred thousand dollars to develop. More sophisticated applications might cost one million dollars or more.

You have the choice of building the application in-house, outsourcing to a development firm, or using a white-label application from a vendor. White-label applications are faster to deploy but less customized. In-house development is slower but allows full customization. Outsourced development is a middle ground but requires careful management of the external developer.

API Infrastructure for Partner Integrations

A money transmitter must integrate with payout partners, payment processors, compliance vendors, and others. These integrations are typically API-based.

An important consideration is whether to build a standardized API that payout partners and other partners can integrate with, or whether to build custom integrations with each partner.

Standardized APIs allow partners to integrate more easily and allow you to onboard new partners more quickly. But standardized APIs must be documented, must be maintained, and must evolve as partners' needs change. Building and maintaining a standardized API requires engineering resources.

Custom integrations are cheaper to build initially but become expensive as you scale because you must maintain many custom integrations.

Reporting and Analytics

A money transmitter must maintain detailed records of all transactions. Regulators require this. And the business needs reporting to understand performance.

At minimum, you must be able to report: daily transaction volume and value, transaction fees and revenue, SAR filings, transaction monitoring alerts, customer onboarding, banking reconciliation.

More sophisticated analytics can help you understand customer behavior, can identify high-risk corridors, can forecast growth. Some money transmitters use analytics to understand which customer segments are most profitable, which corridors have the highest chargeback rates, which partners are most reliable.

Analytics tools include Tableau, Looker, and others. These tools integrate with your data warehouse and allow you to create dashboards and reports.

Build vs. Buy Decisions

For each component of your technology stack, you must decide whether to build it internally, to buy it from a vendor, or to use a hybrid approach.

Building internally provides the most control and customization but requires significant engineering resources and time to develop.

Buying from a vendor is faster to deploy and requires less engineering resources, but you are dependent on the vendor and must adapt your operations to the vendor's system.

The decision depends on several factors: the complexity of the component, whether the component is a competitive differentiator for your business, the cost of building vs. buying, the timeline for deployment.

For transaction processing, most money transmitters buy from a vendor rather than build internally. Building a transaction processing system is complex and takes substantial time. Unless transaction processing is a core competitive differentiator, buying from a vendor is the right choice.

For customer-facing applications, many money transmitters choose to build or customize the application because the customer experience is a competitive differentiator.

Technology Vendors Serving the MTO Space

Several vendors serve the money transmitter space and can provide multiple components of your technology stack.

Ixaris provides a complete transaction processing platform for money transmitters. Ixaris handles transaction processing, settlement, compliance, and reporting.

nCino provides a digital banking platform that includes transaction processing and workflow management.

Fintech Nexus provides a money transmitter platform that includes transaction processing, settlement, and compliance.

These vendors allow a money transmitter to get started more quickly without building technology from scratch. But you become dependent on the vendor, and the vendor's roadmap may not align with your needs.

Security Requirements and Standards

A money transmitter handles sensitive financial information: customer personal information, payment card information, banking information, and transaction details. Security is critical.

You must comply with several security standards: PCI DSS for payment card information, NIST cybersecurity framework for general cybersecurity, state-specific security requirements.

At minimum, you must: encrypt data in transit and at rest, implement access controls so that staff can only access information they need, maintain logs of access and changes to sensitive data, conduct regular security testing, have a plan for responding to security incidents.

Large money transmitters typically hire a Chief Information Security Officer and maintain a dedicated security team. Smaller money transmitters might outsource security to a managed security service provider.

Practitioner's Bottom Line

Technology architecture for a money transmitter must be built for resilience and accuracy, with redundancy for critical systems and clear procedures for recovery from failures. Use vendor solutions for core systems such as transaction processing unless transaction processing is a core competitive differentiator. Invest in customer-facing applications because user experience is often a competitive differentiator. Build compliance technology to integrate with your transaction system so that compliance controls are embedded in your operations, not applied after the fact.

Need Help Navigating Money Transmitter Licensing?

Faisal Khan has spent 15+ years solving the exact problems covered in this book. If you are building a payment company, seeking licensing, or need a trusted advisor — reach out.

SPEAK WITH FAISAL KHAN