Stablecoins and Blockchain
OTC operation, on/off-ramp, payments and remittances with stablecoins
Regulatory risk appears in the verbs of the flow: receive, convert, custody, transfer and deliver. This dossier turns ten operating scenarios into verifiable controls for OTC desks, on-ramp, off-ramp, commercial payments, remittances, SPEI, liquidity and models that separate VASP and money transmitter.
Regulatory cutoff: July 9, 2026. Thresholds in UMA, secondary rules, forms, calendars and tax criteria must be verified again before publishing or applying a conclusion to a product.
Reading route
- Stablecoin OTC desk: controls before quoting
- On-ramp in Mexico: which function each participant provides
- Off-ramp: from virtual asset to pesos without losing traceability
- Commercial payment with stablecoins: two operations, not one
- Stablecoins in remittances: when to look at money transmission
- Dual VASP and transmitter model: real separation of functions
- Acquiring a money transmitter does not regularize the whole stack
- SPEI, accounts and reconciliation for on/off-ramp
- Liquidity providers: segregation, mandate and counterparty
- Country-by-country matrix for cross-border payments with stablecoins
Method of analysis
- Draw entities, accounts, wallets, keys, data and jurisdictions.
- Assign to each participant the function it actually performs.
- Contrast each function against LRITF, LFPIORPI, LGOAAC, tax rules, privacy and the applicable international standard.
- Turn the conclusion into contracts, controls, records and verifiable evidence.
- Reopen the analysis when the token, the network, the counterparty or the flow changes.
Cross-cutting criterion of the operating flow
The shared starting point is a diagram that assigns entity, account, wallet, instruction and evidence to each movement. The applications of each microblog focus on the particular failure that must be prevented, while comprehensive reconciliation remains the control of the dossier.
Stablecoin OTC desk: controls before quoting
Observed pattern. A controllable desk uses pass-through gates between onboarding, quoting, funding, execution, delivery and reconciliation.
The robust flow has gates. First, onboarding and risk approval. Second, whitelisting of the bank account and wallet with evidence of control. Third, a quote with asset, network, quantity, price, spread, validity and conditions. Fourth, confirmation of funds or assets from the approved sources. Fifth, settlement pursuant to a predefined rule. Sixth, reconciliation and regulatory-tax file.
Avoiding the "chat as system"
A message may document acceptance, but it must not be the sole source. The order needs an identifier, a timestamp and a link to client, quote and transaction. Manual changes of wallet, account or beneficiary must stop the flow and require new verification; they must not be resolved out of commercial urgency.
It is also defined who is a counterparty and who acts on commission. That decision affects ownership, invoicing, notices, liability and treatment of the spread. The contract, the interface and the accounting must tell the same story.
Legal basis
LFPIORPI in force, SAT: virtual assets and FATF: VA/VASP update 2025.
How to put it into practice
OTC gates checklist. This piece must prove that no operation advances if the previous gate lacks evidence and an approver.
- close KYC or KYB.
- validate account and wallet.
- document accepted quote.
- confirm available funds.
- record execution and delivery.
- reconcile and file exceptions.
The review must proceed from closing KYC or KYB, contrast it with documenting the accepted quote and end in reconciling and filing exceptions without filling gaps with assumptions. The result returns to design if validating account and wallet does not match confirming available funds or if recording execution and delivery lacks verifiable support.
The file must show first closing KYC or KYB; then validating account and wallet; and finally recording execution and delivery, preserving the relationship among the three steps. If an exception appears in onboarding, quoting, funding, execution or reconciliation, the conclusion no longer covers the active version and is reviewed before the next operation.
On-ramp in Mexico: which function each participant provides
Observed pattern. The diagram must attribute to each entity the verbs receive, convert, custody, transfer and deliver.
Who receives the pesos? Are they their own, the client's or collected under a mandate? Who sets the quote? Who buys the asset? Who controls the destination wallet? Is there a beneficiary different from the payer? Does any participant receive funds in Mexico to transfer them elsewhere? These answers determine the perimeter.
Layered design
The fiat layer needs account ownership, references, reconciliation and reversals. The exchange layer needs KYC, order, price and source of liquidity. The blockchain layer requires network, approved wallet, screening and hash. The contractual layer must explain who is liable if one part completes and the other does not.
An API must not conceal the counterparty. The user must know with whom they contract and who processes their data. The agreements among participants must cover AML information, incidents, blocks, timelines, audit and exit.
Legal basis
LFPIORPI in force, LGOAAC in force and CNBV: Transmitters registry.
How to put it into practice
Legal swimlane for on-ramp. This piece must prove that each operational verb has an entity, contract, account, control and regime assigned.
- map the receipt of pesos.
- identify who converts.
- document temporary custody.
- locate the on-chain transfer.
- record the final beneficiary.
- separate fees by participant.
The review must proceed from mapping the receipt of pesos, contrast it with documenting temporary custody and end in separating fees by participant without filling gaps with assumptions. The result returns to design if identifying who converts does not match locating the on-chain transfer or if recording the final beneficiary lacks verifiable support.
The file must show first mapping the receipt of pesos; then identifying who converts; and finally recording the final beneficiary, preserving the relationship among the three steps. If a new bank, processor, VASP, custodian, asset or broker appears, the conclusion no longer covers the active version and is reviewed before the next operation.
Off-ramp: from virtual asset to pesos without losing traceability
Observed pattern. Traceability is preserved if the on-chain sale, the fiat credit and the client's instruction share an identifier.
The flow must validate token and network before communicating an address; monitor the deposit and its confirmations; verify that it comes from a permitted wallet or investigate the discrepancy; execute the sale under an accepted quote; and credit only to a previously validated account. A payment to a third party changes the risk and may change the transmission analysis.
Do not confuse blockchain with identity
The hash proves a transfer between addresses, not the identity of who controlled each key nor the economic origin. That is why on-chain evidence, proof of control, client information, bank account and purpose are combined. A provider's score is an input, not an automatic conclusion.
Returns also require a protocol. Returning assets to a different address or pesos to another account may break traceability. If an alert prevents settlement, the contract must allow suspension and the team must document the decision without disclosing protected reports.
What to review
Use a single identifier for deposit, order, quote, sale and SPEI; reconciliation by net amounts and fees; and independent review of exceptions. The file must capture the price source and the reason for any adjustment.
Legal basis
LFPIORPI in force, SAT: virtual asset activity and FATF: VA/VASP 2025.
How to put it into practice
Off-ramp traceability chain. This piece must prove that the on-chain sale and the fiat credit share an identifier and a reconciliation.
- validate asset and network.
- link the incoming hash.
- document the sale order.
- keep the applied quote.
- identify the destination account.
- reconcile amount, fee and balance.
The review must proceed from validating asset and network, contrast it with documenting the sale order and end in reconciling amount, fee and balance without filling gaps with assumptions. The result returns to design if linking the incoming hash does not match keeping the applied quote or if identifying the destination account lacks verifiable support.
The file must show first validating asset and network; then linking the incoming hash; and finally identifying the destination account, preserving the relationship among the three steps. If a change of wallet, liquidity provider, credit account or sale method appears, the conclusion no longer covers the active version and is reviewed before the next operation.
Commercial payment with stablecoins: two operations, not one
Observed pattern. It is advisable to separate the underlying sale from the conversion or transfer service, even if they occur in a single experience.
The commercial contract must state whether the creditor accepts the stablecoin as payment, at what moment the value is deemed received and how the equivalent is calculated. The invoice for the good or service retains its own treatment. The processor fee, the gas and a price difference need separate documentation.
Settlement risks
The transfer may be confirmed after the quote expires, arrive over an unsupported network or become frozen. There must be a rule for confirmations, tolerances, partial payments, surpluses and refunds. If the merchant never takes exposure because the processor sells and delivers pesos, the contract must disclose who was the counterparty of that conversion.
In cross-border payments, applicable law, taxes, data, export/sanctions controls and the regulation of each corridor are also reviewed. "Blockchain" does not make the transaction extraterritorial.
What to review
Keep the invoice, payment instruction, rate and time, official address, hash, confirmations, receipt and conversion. Reconcile the original obligation with the amount actually extinguished and record differences consistently.
Legal basis
LRITF in force, VAT Law and CFF.
How to put it into practice
Dual-operation sheet. This piece must prove that the file separates the commercial obligation from the associated financial or technological service.
- identify the underlying invoice or obligation.
- document the agreed means of payment.
- map the asset conversion.
- assign the price risk.
- separate the fee from the principal.
- reconcile the provider's receipt.
The review must proceed from identifying the underlying invoice or obligation, contrast it with mapping the asset conversion and end in reconciling the provider's receipt without filling gaps with assumptions. The result returns to design if documenting the agreed means of payment does not match assigning the price risk or if separating the fee from the principal lacks verifiable support.
The file must show first identifying the underlying invoice or obligation; then documenting the agreed means of payment; and finally separating the fee from the principal, preserving the relationship among the three steps. If a change in the commercial contract, conversion, payer, beneficiary or intermediary appears, the conclusion no longer covers the active version and is reviewed before the next operation.
Stablecoins in remittances: when to look at money transmission
Observed pattern. Transmission risk is assessed on receipt in Mexico, consideration, instruction and delivery to the beneficiary.
The analysis follows the receipt and the instruction, not just the settlement asset. It must be distinguished whether the operator buys or sells on its own account, whether it acts under a mandate, whether the same user funds and receives, or whether there is a third-party beneficiary. The existence of correspondents, agents or group companies also does not substitute for registration when the reserved activity is materially performed.
One corridor, several obligations
The Mexican fiat leg may correspond to a registered transmitter; the exchange of the asset, to a provider subject to LFPIORPI; and the foreign leg, to a local MSB/VASP. The model needs contracts and data that connect the three without duplicating or losing the trail of the payer and beneficiary.
It must also be verified that the communication to the user identifies providers, fees, exchange rate, timelines and claims. Presenting everything as a "crypto transfer" may conceal the real function and confuse responsibilities.
What to review
Diagram each corridor from payer to beneficiary, mark the moment of receipt, ownership and consideration, and validate the public registry of any transmitter. Legal must review changes of beneficiary, payments to third parties and netting.
Legal basis
LGOAAC in force, article 81-A Bis, CNBV registry of transmitters and CNBV legal framework.
How to put it into practice
Article 81-A Bis test. This piece must prove that each element of transmission has evidence and a conclusion per entity.
- locate the receipt of rights or funds.
- document habituality.
- identify the consideration.
- keep the sender's instruction.
- locate the transfer or delivery.
- verify the registration of whoever executes.
The review must proceed from locating the receipt of rights or funds, contrast it with identifying the consideration and end in verifying the registration of whoever executes without filling gaps with assumptions. The result returns to design if documenting habituality does not match keeping the sender's instruction or if locating the transfer or delivery lacks verifiable support.
The file must show first locating the receipt of rights or funds; then documenting habituality; and finally locating the transfer or delivery, preserving the relationship among the three steps. If receipt in Mexico, a new consideration, a change of instruction or beneficiary appears, the conclusion no longer covers the active version and is reviewed before the next operation.
Dual VASP and transmitter model: real separation of functions
Observed pattern. The separation is only real when contracts, accounts, systems, personnel and evidence reflect distinct functions.
The VASP entity may execute exchange, custody or transfer of the asset under the applicable regime. The registered transmitter may receive funds in Mexico to transfer them pursuant to instructions. The boundary must define who contracts, who receives, who sets the price, who keeps the KYC, who reports and who answers to the user.
Three contamination risks
First, omnibus accounts without references that make it impossible to attribute funds. Second, terms that allow one entity to perform the functions of the other. Third, fragmented data: each company knows half the operation and none can explain the full cycle to its supervisor.
The intercompany agreements must have services, levels, confidentiality, AML, audit, prices and continuity. They must not transfer non-delegable functions nor turn the provider into an unregistered transmitter. Shared branding requires clear notices to the user.
What to review
Maintain a regulatory ledger per entity, RACI, segregated accounts, cross-reconciliation and a change committee. Prove monthly that each company can generate its own file and, through lawful exchange rules, reconstruct the full corridor.
Legal basis
LGOAAC in force, LFPIORPI in force and CNBV: transmitters.
How to put it into practice
Dual segregation matrix. This piece must prove that the separation exists in contracts, operation, accounting, systems and evidence.
- assign clients per entity.
- separate contracts and advertising.
- map accounts and wallets.
- define personnel access.
- reconcile books per company.
- document intercompany services.
The review must proceed from assigning clients per entity, contrast it with mapping accounts and wallets and end in documenting intercompany services without filling gaps with assumptions. The result returns to design if separating contracts and advertising does not match defining personnel access or if reconciling books per company lacks verifiable support.
The file must show first assigning clients per entity; then separating contracts and advertising; and finally reconciling books per company, preserving the relationship among the three steps. If a shared service, a change of entity, account, system or personnel appears, the conclusion no longer covers the active version and is reviewed before the next operation.
Acquiring a money transmitter does not regularize the whole stack
Observed pattern. A registered entity does not automatically absorb custody, exchange, issuance or the activities of affiliates.
Due diligence must confirm the validity of the registration and the technical opinion, the corporate purpose, the supervision history, the AML manual, systems, reports, agents, compliance officer, audits, litigation and operational capacity. An inactive entity may have backlogs that are hard to detect if only the certificate is reviewed.
Post-closing integration
The buyer needs to map the new product against existing policies and systems. Incorporating stablecoins may modify risks, providers, data and alerts; it must not be done as a simple commercial change. Corporate changes, regulatory communications and powers over accounts or contracts must also be reviewed.
The acquisition price must consider remediation and continuity. If the registration expires or the opinion is not renewed, the operation stops. The transition agreements must not allow the seller to retain control incompatible with the new governance.
What to review
Condition closing on verifiable regulatory evidence, prepare a 100-day plan and keep a "gap assessment" between the current and future model. Do not migrate clients until manuals, systems, tests, contracts and owners are approved.
Legal basis
CNBV registry, provisions for transmitters and LGOAAC.
How to put it into practice
Post-acquisition permissions map. This piece must prove that the acquired registration is used only within its perimeter and with current operational controls.
- verify the validity of the registration.
- review the scope of the corporate purpose.
- identify pending obligations.
- test systems and governance.
- map the group's activities.
- create a post-closing regulatory plan.
The review must proceed from verifying the validity of the registration, contrast it with identifying pending obligations and end in creating a post-closing regulatory plan without filling gaps with assumptions. The result returns to design if reviewing the scope of the corporate purpose does not match testing systems and governance or if mapping the group's activities lacks verifiable support.
The file must show first verifying the validity of the registration; then reviewing the scope of the corporate purpose; and finally mapping the group's activities, preserving the relationship among the three steps. If a new product, affiliate, custodian, exchange or issuance appears after closing, the conclusion no longer covers the active version and is reviewed before the next operation.
SPEI, accounts and reconciliation for on/off-ramp
Observed pattern. Reconciliation must link order, source account, credit, quote, on-chain transaction and destination account.
Each credit needs a unique reference, validated ownership and rules for namesakes, third-party payments and returns. At the other end, the on-chain transfer must link asset, network, wallet, hash and confirmations. The bridge is an internal ledger that avoids using the bank balance as a substitute for the per-client balance.
Exceptions that must stop the operation
An unregistered account, an inconsistent name, a split payment without explanation, a reused reference, a changed wallet, a different amount or an urgent refund instruction are review events. Automating does not mean accepting: it means routing the exception with evidence.
Reconciliation must separate principal, fees and own funds. If several entities participate, obligations must not be offset without a contractual basis and a trail. The daily cutoff identifies "fiat complete/on-chain pending" operations and vice versa.
What to review
Three reconciliations: bank against orders; blockchain against orders; and client subledger against accounting. Aged differences must be escalated. The permissions to modify accounts, wallets or order statuses must be segregated and audited.
Legal basis
Banxico: regulatory actions and SPEI, LFPIORPI and CFF.
How to put it into practice
Fiat-on-chain reconciliation ledger. This piece must prove that each peso received is linked to an order, execution, delivery and balance without orphan entries.
- capture the bank reference.
- identify the source holder.
- link order and quote.
- record hash and network.
- confirm the destination account.
- resolve differences and returns.
The review must proceed from capturing the bank reference, contrast it with linking order and quote and end in resolving differences and returns without filling gaps with assumptions. The result returns to design if identifying the source holder does not match recording hash and network or if confirming the destination account lacks verifiable support.
The file must show first capturing the bank reference; then identifying the source holder; and finally confirming the destination account, preserving the relationship among the three steps. If a new account, SPEI participant, reference, asset or return rule appears, the conclusion no longer covers the active version and is reviewed before the next operation.
Liquidity providers: segregation, mandate and counterparty
Observed pattern. Liquidity due diligence must clarify ownership, mandate, prefunding, return and exposure to insolvency.
When the desk uses the client's funds to acquire assets, it must analyze mandate, ownership during transit and limits. When it first buys with its own funds and resells, it assumes exposure and must reflect it in price, accounting and contract. In both cases it matters who keeps the assets, whether there is rehypothecation and how a return is executed.
Counterparty due diligence
Review the entity and jurisdiction, license or registration where applicable, beneficial owner, sanctions, solvency, custody terms, networks, wallets, limits, incidents, audit and subcontracting. A competitive quote does not compensate for a counterparty that prevents reconstructing the origin or destination.
Segregation must be verifiable: identified accounts and wallets, ledger, prohibition of unauthorized use and reconciliation. If netting is permitted, events, periodicity and evidence must be defined; netting cannot erase individual transactions for AML.
What to review
A panel of approved counterparties, limits by exposure and corridor, dual approval for the registration or change of a wallet, and an alternative liquidity plan. The contracts must allow suspending execution due to an alert or regulatory change.
Legal basis
LFPIORPI in force, FATF VA/VASP 2025 and LGOAAC.
How to put it into practice
Liquidity counterparty sheet. This piece must prove that ownership, mandate, balance and insolvency risk are documented before funding.
- complete the counterparty's KYB.
- verify license and jurisdiction.
- define ownership of funds.
- document prefunding.
- establish return and netting.
- set limits and monitoring.
The review must proceed from completing the counterparty's KYB, contrast it with defining ownership of funds and end in setting limits and monitoring without filling gaps with assumptions. The result returns to design if verifying license and jurisdiction does not match documenting prefunding or if establishing return and netting lacks verifiable support.
The file must show first completing the counterparty's KYB; then verifying license and jurisdiction; and finally establishing return and netting, preserving the relationship among the three steps. If a new provider, prefunding, sub-custodian, mandate or exposure limit appears, the conclusion no longer covers the active version and is reviewed before the next operation.
Country-by-country matrix for cross-border payments with stablecoins
Observed pattern. Each corridor requires its own sheet of licenses, Travel Rule, data, taxes, sanctions and settlement rules.
Per corridor the following are documented: local activities and licenses; marketing restrictions; KYC and beneficial owner; Travel Rule; reports; sanctions; data protection and transfer; taxes; exchange controls; consumer; and contractual enforceability. The conclusion must be "permitted with controls", "restricted" or "pending", with an owner and a review date.
The matrix must reflect the real product
Listing laws is not enough. It must indicate who receives funds, who is the counterparty, which currency comes in and out, whether there is a third-party beneficiary, where custody takes place and what data travels. A change of provider or account may change the corridor without modifying the interface.
FATF standards help design a common floor, but they do not substitute for local incorporation. Recommendation 16 was revised in 2025 and contemplates a transition; that is why the standard, the implemented law and the counterparty's contractual requirement must be distinguished.
What to review
Link the matrix to technical rules of geofencing and eligibility, quarterly review and approval for exceptions. No one must activate a country merely by changing a flag in configuration.
Legal basis
FATF VA/VASP 2025, Recommendation 16 update and LFPIORPI.
How to put it into practice
Corridor regulatory sheet. This piece must prove that each corridor has a local opinion, controls and an owner before being activated.
- identify VASP or payment licenses.
- review the local Travel Rule.
- map sanctions and lists.
- document privacy and transfers.
- analyze taxes and withholdings.
- define settlement and claims.
The review must proceed from identifying VASP or payment licenses, contrast it with mapping sanctions and lists and end in defining settlement and claims without filling gaps with assumptions. The result returns to design if reviewing the local Travel Rule does not match documenting privacy and transfers or if analyzing taxes and withholdings lacks verifiable support.
The file must show first identifying VASP or payment licenses; then reviewing the local Travel Rule; and finally analyzing taxes and withholdings, preserving the relationship among the three steps. If a country, asset, provider, currency or user type is added, the conclusion no longer covers the active version and is reviewed before the next operation.
Dossier closing
The conclusion must not be copied to another product without re-testing facts, regulatory versions and jurisdictions. The minimum deliverable is a versioned diagram, a legal matrix per function and an evidence folder that connects contracts, operation and compliance.
Return to the Stablecoins and Blockchain hub.
Next step
SVA.LAW can review OTC operation, on/off-ramp, payments and remittances with stablecoins within the specific model and turn the Stablecoins and Blockchain analysis into decisions, owners and implementation evidence. Start a conversation.