Your existing compliance obligations apply on Musubi. This page covers the Musubi-specific tooling available for whitelist management, audit trails, and regulatory reporting.
Whitelist Model
You already manage withdrawal whitelists — the model here is the same:
- Whitelist the Musubi settlement address — this is the only destination that receives assets during DvP
- No other outbound destinations are possible through the Musubi settlement flow
- One-time setup, not per-transaction
Your whitelist authorization plus your per-trade co-signature form a two-layer defense: the whitelist controls where assets can go, and the co-signature controls when and how much.
Audit Trail
Every order you’re party to is a complete, timestamped record:
| Field | Custody Relevance |
|---|
intent_id | Order reference — correlate with client’s payment instruction |
created_at / settled_at | Timeline for audit trail |
sender_party_id | Your client’s identity (sender custodian) |
sender_custodian_party_id | Your Party ID — proves you were the authorizing custodian |
target_amount / source_amount_actual | Amounts for balance reconciliation |
fx_rate | Executed rate — for client reporting |
quote_accepted_at | Timestamp of your co-signature (authorization moment) |
transaction_hash | Settlement proof — single hash covering all DvP legs |
kyc_aml_ref | Institution’s KYC/AML reference — cross-check against your records |
jurisdiction_sender / jurisdiction_receiver | Regulatory routing |
quote_accepted_at), providing an auditable record of when you authorized the asset movement.
KYC/AML
The institution provides a kyc_aml_ref on every order — a UUID referencing their KYC/AML clearance. As a custodian, you can:
- Cross-reference this UUID against your own client records
- Verify that the institution has current KYC status in your system
- Flag orders where the KYC reference doesn’t match your records
Musubi validates that the reference exists and is active at order creation. Your additional cross-check adds a second layer of verification.
Regulatory Reporting
Dual Jurisdiction
| Jurisdiction | Regulator | Custodian Relevance |
|---|
| Japan | FSA | Sender custodian reports on JPYSC0 movements |
| South Korea | FSC | Receiver custodian reports on USDCx receipts |
jurisdiction_sender (JP) and jurisdiction_receiver (KR) for routing reports to the correct regime.
Reporting Fields
All settled orders provide:
- Complete timestamp trail (creation through settlement)
- Participant identifiers (sender, receiver, custodians, market maker)
- Trade economics (amounts, rate, currencies)
- Settlement proof (
transaction_hash)
- Compliance references (
kyc_aml_ref, jurisdictions)
Record Retention
Store settlement records according to your jurisdictional requirements:
- Japan: 5 years (PSLMA Article 63-14)
- South Korea: 10 years (VASP Act)
The transaction_hash and settled order data provide the complete record needed for regulatory examination. 
