Status: this page is undergoing external legal review. Content is subject to change — in particular as the Korean Digital Asset Basic Act (디지털자산기본법) moves through the National Assembly, several of the SFIA-era rules cited here will be superseded or augmented.
1. Both custodians continue to operate their full compliance stack
Every Musubi-routed payment goes through the same KYC, sanctions screening, Travel Rule transmission, STR filing, and retention machinery the sending and receiving custodians already run for any inter-VASP transfer. Persona, Chainalysis, CODE / VerifyVASP / Notabene, JAFIC / KoFIU portals — all unchanged. Musubi does not bypass any of them, and does not ask custodians to adopt new vendors. See Reporting for the exact mapping of custodian systems to FXOrder fields.2. Musubi enforces the custodian’s compliance on-chain before the payment lands
TheExecuteSettlement gate refuses to fire without a valid ComplianceClearance, active RegisteredVASP entries on both ends, fresh KYC + sanctions status, and — for cross-border intents above FATF / JP / KR thresholds — a TravelRuleAttestation bound to the same intentId. A missing or stale gate aborts the settlement atomically: no tokens move, the FXOrder stays in EXECUTING. Pre-Musubi a missed check was a post-facto policy violation to chase down; on Musubi the payment simply does not happen.
3. The payment’s Travel Rule duty is discharged on an approved network
FATF Rec 16 and its JP / KR implementations (APTCP Art. 10-5, SFIA Art. 5-2(5)) require the originator VASP to transmit originator + beneficiary information to the beneficiary VASP. For every cross-border Musubi payment above threshold, the IVMS 101 payload flows custodian-to-custodian via Canton sub-transaction privacy and the originator’s custodian transmits via its contracted CODE / VerifyVASP / Notabene / TRUST / Sygna client. That transmission is attested on-ledger with provider, provider message ID, and SHA-256 payload hash — giving regulators a cryptographic trail that the approved network was used.4. The payment leaves a complete regulator dossier
Every FXOrder + IVMS 101 payload + attestation + settlement hash is captured in the compliance archive with a SHA-256 payload chain for integrity. The/compliance/orders/{intent_id} endpoint re-emits the full dossier on demand: KYC, sanctions status + list version + freshness, Travel Rule transmission proof, risk rating + PEP + UBO, VASP attestations, cross-border consent records, any alerts, any STR filings, and the clearance attestation. This satisfies APTCP Art. 7 (JP, 7-year retention), SFIA Art. 5-4 (KR, 5-year minimum), and FATF Rec 11 simultaneously.
5. No fiat leg means no fiat FX reporting applies to the payment
JP FEFTA Art. 55 and KR FETA Art. 16 / 18 target fiat cross-border flows reported to MOF / BOK. A stablecoin-to-stablecoin payment doesn’t trigger those regimes. The custodian’s fiat-edge bank (if one is involved downstream of Musubi) handles any fiat conversion separately under its own reporting obligations. For the Musubi payment itself, there’s no fiat to report.Jurisdiction summary
| Jurisdiction | Primary regime touching the payment | How the payment stays onside |
|---|---|---|
| Japan | APTCP (犯収法) Art. 4, 8, 10-5, 11; PSA Art. 62-11 / 63-10; APPI Art. 27-28 | Custodian KYC + STR filing via JAFIC; IVMS on-ledger + Travel Rule transmission attested; cross-border PII consent captured; archived for 7 years |
| South Korea | SFIA (특금법) Art. 4, 5-2, 5-4; PIPA Art. 17, 28-8; TFPA Art. 4 | Custodian KYC + STR filing via KoFIU; VASP whitelist check on both ends; IVMS on-ledger + Travel Rule transmission via approved channel; PIPA consent captured; archived for 5+ years |
| FATF | Rec 6, 7, 10-12, 15, 16, 18, 20, 24 | CDD (KYC, PEP, UBO), sanctions (Rec 6/7), Travel Rule (Rec 16) transmission via approved network, STR (Rec 20), counterparty VASP due diligence (Rec 15), retention (Rec 11) |
| Out of scope | JP FEFTA Art. 55 / KR FETA Art. 16-18 (fiat cross-border FX); SFIA Art. 5-3 real-name account rule | Stablecoin-to-stablecoin payment with no fiat leg; no KRW exchange service; custodian’s fiat-edge bank handles any downstream fiat obligations separately |
Where to read more
- Licenses — which licenses each custodian / market maker needs to transact on Musubi
- Reporting — the reporting lifecycle of a single FXOrder with a worked example
- Privacy — APPI / PIPA mechanics for PII handling and cross-border consent
- Audit Trail — retention architecture and SHA-256 payload chain integrity
- Trust Model — where trust is placed and how it’s cryptographically bounded