Overview
Iron operates under MoonPay's global regulatory footprint. For partners, this is one of the core reasons to choose Iron — you inherit MoonPay's licensing and compliance program for activities covered by Iron's services, instead of building your own.
This article summarizes the licenses, registrations, and compliance programs that underpin Iron's services. It's intended as a high-level orientation. For specific obligations relating to your business, consult your own legal and compliance advisors.
Important: The information in this article is for general guidance and isn't legal advice. Regulatory permissions change over time. Always confirm current scope with the Iron team before relying on any specific permission for your business.
Licenses and registrations
Iron operates under the following licenses and registrations:
Jurisdiction | Authority | Permission |
United States | State regulators (47 states + territories) | Money Transmitter Licenses (MTLs) |
New York, USA | NYDFS | BitLicense |
European Union | Dutch AFM | MiCA-licensed Crypto Asset Service Provider (CASP), with EU-wide passporting |
United Kingdom | FCA | Cryptoasset firm registration |
Ireland | Central Bank of Ireland | VASP registration |
Australia | AUSTRAC | Digital Currency Exchange registration |
Canada | FINTRAC | Money Services Business registration |
Combined, these permissions allow Iron to offer stablecoin payment services to partners and their end-users across more than 100 countries.
What's covered under each license
Each license covers a defined set of regulated activities. In general:
US MTLs and BitLicense — cover fiat money transmission, virtual currency transmission, and related activities in the relevant state
MiCA CASP — covers crypto asset services across the EU, including exchange of crypto for fiat, transfer of crypto, custody, and stablecoin issuance under EMT/ART rules
FCA registration — covers cryptoasset activities in the UK under the Money Laundering Regulations
Other registrations — generally cover AML obligations for cryptoasset and money services businesses in the relevant jurisdiction
Note: Coverage varies by activity and product. For example, some products are available in certain US states but not others. The Iron team can confirm scope for your specific use case during commercial discussions.
Compliance and risk framework
Beyond licensing, Iron runs a compliance and risk program covering:
AML and CFT — anti-money-laundering and counter-financing-of-terrorism program aligned with FATF standards
Customer Due Diligence — risk-based KYC for end-users and KYB for business customers, including Enhanced Due Diligence where applicable
Sanctions screening — screening against OFAC, EU, UN, UK, and other relevant sanctions lists
Travel Rule — compliance with the FATF Travel Rule for crypto transfers above applicable thresholds
Transaction monitoring — rule-based and behavioral monitoring of customer and transaction activity
SAR / STR filing — Suspicious Activity Reports and Suspicious Transaction Reports filed to relevant authorities as required
What this means for partners
If you integrate Iron, the licensing and compliance footprint affects your operating model in a few ways:
You inherit permissions for covered activities — you don't need to obtain US MTLs, NY BitLicense, MiCA registration, or equivalent permissions for activities Iron is authorized to perform on your behalf
You still need your own corporate compliance — Iron's permissions don't cover your own KYB onboarding to Iron, your own AML responsibilities for any activities you perform outside Iron's services, or any sector-specific licenses your business needs
You contribute to compliance operations — partners typically share information with Iron about their customers, risk model, and transaction profile to support Iron's overall compliance program
Geographic scope follows the licenses — partners can offer Iron services in countries where Iron is licensed; expansion to additional countries depends on Iron's licensing roadmap
FAQs
Do I still need my own licenses if I use Iron?
Do I still need my own licenses if I use Iron?
For activities covered by Iron's services in a jurisdiction where Iron is licensed, no — you can rely on Iron's permissions. For activities outside Iron's scope, or in jurisdictions where Iron isn't licensed, you may still need your own permissions. Confirm with your compliance advisor.
Which countries can I serve through Iron?
Which countries can I serve through Iron?
Iron's combined licensing covers 100+ countries, but coverage varies by product and activity. See Iron's country coverage documentation for the current list, and confirm with the Iron team for your specific use case.
How does Iron handle sanctions screening?
How does Iron handle sanctions screening?
Iron screens all customers and counterparties against major sanctions lists (OFAC, EU, UN, UK, and others) at onboarding and on an ongoing basis. Sanctioned individuals and entities are blocked from accessing services.
What's the Travel Rule and how does Iron handle it?
What's the Travel Rule and how does Iron handle it?
The Travel Rule requires originator and beneficiary information to accompany crypto transfers above certain thresholds. Iron complies with Travel Rule obligations in jurisdictions where it applies, using industry-standard messaging protocols.
What happens if a regulatory rule changes?
What happens if a regulatory rule changes?
Iron updates its compliance program continuously to reflect regulatory changes. For changes that affect partner integrations (for example, new data fields or reporting requirements), the Iron team gives advance notice through the partner communication channels.
Where can I get more details?
Where can I get more details?
For partner-specific compliance questions, contact your partnership manager or email [email protected]. For end-user concerns about a specific transaction, use the chat button in the bottom-right of this page.
