Bloquo Logo
All guides
ProductInfrastructure13 min read

Architecting a VASP operation on VASP as a Service

If you are a regulated bank, PSP, or fintech that wants to offer stablecoin services under your own license and brand, the question is no longer whether to build. It is what to build in-house and what to inherit. This is the reference architecture.

YOUR CLIENT UXYOUR LICENSE & COMPLIANCEVASP AS A SERVICECustody · Ramps · FX · Compliance · Rails

The strategic decision before the architecture

Licensed institutions approach stablecoin infrastructure with a different set of constraints than businesses entering via a VASP partner. Three questions shape every architectural choice:

  1. What license coverage do you already hold? Payments, custody, FX, trust, and each combination implies different scope you can offer without new licensing.
  2. What part of the stack is truly differentiated for your brand? Usually: client UX, risk policy, regional compliance. Rarely: chain connectivity or core custody infrastructure.
  3. What is your go-live horizon? 3 months, 12 months, or 24 months radically changes the build-vs-buy line.

VASP as a Service exists because, for most licensed institutions, the answer to question 2 is "not the infrastructure layer" and the answer to question 3 is "as fast as possible."

The two deployment models

Model A: Embedded stablecoin services inside your existing product

You keep your brand, your onboarding flow, and your product UX. You add stablecoin capabilities (on/off-ramps, FX, payouts) as features behind your own API. Your clients never see the infrastructure partner. You extend your license umbrella over the partner's VASP-ready stack via contractual pass-through.

Typical adopters: digital banks, payroll providers, trading platforms, B2B payment platforms.

Model B: White-labeled end-user product

You launch a new product or sub-brand that is explicitly stablecoin-focused (e.g., a cross-border payments service). The full front-end and UX can be either yours or partner-templated. Faster to market than pure Model A for institutions without existing digital product teams.

Typical adopters: traditional banks and brokers entering stablecoin for the first time.

Most serious operations end up closer to Model A. Model B is a valid fast start, but the strategic position is weaker long term.

The core module stack

A VASP operation, whatever the deployment model, decomposes into seven modules:

  1. Custody and wallets. Where the stablecoins actually live. Hot/warm/cold segmentation. Signing and key management.
  2. On and off-ramps. Fiat entry and exit, per currency and per corridor. Bank rails integration (SWIFT, PIX, SPEI, SEPA, ACH).
  3. FX and liquidity. Rate sourcing, pricing engine, execution routing.
  4. Payments orchestration. Multi-rail routing, scheduling, retry logic.
  5. Compliance. KYC/KYB, sanctions screening, Travel Rule, transaction monitoring.
  6. Client APIs and dashboards. What your own customers or teams see and integrate with.
  7. Reconciliation, accounting, and reporting. Back office that ties the stablecoin flows to your ledger and regulatory reports.

What to own vs what to inherit

The experienced pattern, across dozens of institutional VASP builds:

ModuleKeep in-houseInherit from partner
Custody and walletsYour governance and key policyCustody infrastructure (MPC, HSMs, signing)
On/off rampsYour banking relationships for local railsCorridor coverage and ramp orchestration
FX and liquidityPricing policy, margin modelLiquidity sourcing, execution routing
Payments orchestrationProduct logic, SLAsMulti-rail routing engine
ComplianceYour client KYC and risk policyTravel Rule messaging, sanctions feeds, chain analytics
Client APIs and dashboardsYour product UXUnderlying infrastructure APIs
Reconciliation & accountingYour ledger integrationOn-chain data feeds, reconciliation APIs

Integration pattern: API-first, event-driven

A well-designed VASP as a Service deployment exposes:

  • RESTful APIs for orchestration (create transfer, quote FX, initiate ramp).
  • Webhooks for state changes (transfer confirmed, ramp completed, compliance hit).
  • Streaming reconciliation feeds for real-time back-office updates.
  • SDKs in common languages (TypeScript, Python, Java) for faster integration.
  • Sandbox and test corridors with realistic latencies for full integration testing.

The integration pattern that works best: your team builds a thin orchestration layer that wraps the partner's APIs and maps them to your product's domain model. Your product code never talks to the partner directly.

Compliance pass-through architecture

When a licensed institution plugs into a VASP as a Service partner, the compliance architecture is layered:

  • Your institution owns the end-client relationship, including KYC/KYB and risk tiering under your license.
  • Partner inherits counterparty VASP functions: Travel Rule transmission, on-chain analytics, sanctions screening of on-chain addresses.
  • Joint monitoring: both parties see the same transaction data through separate compliance lenses.
  • Clear division of regulatory reporting: your institution files its own SARs; partner files counterparty-level reports where applicable.

A clean pass-through compliance architecture is documented in a Compliance Operating Agreement, signed before go-live. This is not optional.

Typical go-live timeline

PhaseDurationKey outputs
0. Discovery & scoping2-4 weeksProduct scope, corridor list, compliance map, SOW
1. Legal & compliance framework4-8 weeksMSA, Compliance Operating Agreement, data processing
2. Technical integration6-10 weeksSandbox live, core flows integrated, end-to-end test corridors
3. UAT & compliance dry-run3-4 weeksJoint testing, Travel Rule, sanctions, reconciliation
4. Soft launch2-4 weeksSmall real volume, controlled corridor set
5. Full go-liveongoingPhased corridor expansion

End-to-end timeline for a licensed institution: 4 to 6 months from signed agreement to full go-live. Faster than any in-house build; slower than sales decks often imply.

Common pitfalls

  • Treating the partner as a vendor, not a compliance co-operator. The Travel Rule and sanctions architecture requires joint operational discipline.
  • Over-customizing the orchestration layer. Every customization becomes future maintenance. Stay close to standard APIs.
  • Under-investing in reconciliation from day one. On-chain data is rich but different; integrate it into your ledger properly from week one.
  • Launching too many corridors at once. Start with two corridors, prove operational maturity, then scale.
  • No dedicated product owner on your side. Partners can integrate; they cannot drive your client experience.
Reference milestone

Fastest known go-live for a licensed institution on VASP as a Service infrastructure: 11 weeks from signed agreement to first live settlement. Median is 5 to 6 months. If a timeline shorter than 3 months is proposed, scrutinize it.

Bottom line

The winning architecture for licensed institutions is not "build everything" or "outsource everything." It is a clear separation: own your client relationship, license umbrella, product UX, and risk policy. Inherit the chain connectivity, liquidity sourcing, compliance tooling, and multi-corridor rails. VASP as a Service is designed precisely around this split.

Your license, your brand, our rails

VASP as a Service gives licensed institutions production-grade stablecoin infrastructure, white-labeled, integrated in weeks rather than years.