Skip to main content

Iron's licensing and compliance footprint

A summary of the licenses, registrations, and compliance frameworks that underpin Iron's services worldwide.

Overview


Iron operates under MoonPay's global regulatory footprint. For partners, this is one of the core reasons to choose Iron — you inherit MoonPay's licensing and compliance program for activities covered by Iron's services, instead of building your own.

This article summarizes the licenses, registrations, and compliance programs that underpin Iron's services. It's intended as a high-level orientation. For specific obligations relating to your business, consult your own legal and compliance advisors.

Important: The information in this article is for general guidance and isn't legal advice. Regulatory permissions change over time. Always confirm current scope with the Iron team before relying on any specific permission for your business.

Licenses and registrations


Iron operates under the following licenses and registrations:

Jurisdiction

Authority

Permission

United States

State regulators (47 states + territories)

Money Transmitter Licenses (MTLs)

New York, USA

NYDFS

BitLicense

European Union

Dutch AFM

MiCA-licensed Crypto Asset Service Provider (CASP), with EU-wide passporting

United Kingdom

FCA

Cryptoasset firm registration

Ireland

Central Bank of Ireland

VASP registration

Australia

AUSTRAC

Digital Currency Exchange registration

Canada

FINTRAC

Money Services Business registration

Combined, these permissions allow Iron to offer stablecoin payment services to partners and their end-users across more than 100 countries.

What's covered under each license


Each license covers a defined set of regulated activities. In general:

  • US MTLs and BitLicense — cover fiat money transmission, virtual currency transmission, and related activities in the relevant state

  • MiCA CASP — covers crypto asset services across the EU, including exchange of crypto for fiat, transfer of crypto, custody, and stablecoin issuance under EMT/ART rules

  • FCA registration — covers cryptoasset activities in the UK under the Money Laundering Regulations

  • Other registrations — generally cover AML obligations for cryptoasset and money services businesses in the relevant jurisdiction

Note: Coverage varies by activity and product. For example, some products are available in certain US states but not others. The Iron team can confirm scope for your specific use case during commercial discussions.

Compliance and risk framework


Beyond licensing, Iron runs a compliance and risk program covering:

  • AML and CFT — anti-money-laundering and counter-financing-of-terrorism program aligned with FATF standards

  • Customer Due Diligence — risk-based KYC for end-users and KYB for business customers, including Enhanced Due Diligence where applicable

  • Sanctions screening — screening against OFAC, EU, UN, UK, and other relevant sanctions lists

  • Travel Rule — compliance with the FATF Travel Rule for crypto transfers above applicable thresholds

  • Transaction monitoring — rule-based and behavioral monitoring of customer and transaction activity

  • SAR / STR filing — Suspicious Activity Reports and Suspicious Transaction Reports filed to relevant authorities as required

What this means for partners


If you integrate Iron, the licensing and compliance footprint affects your operating model in a few ways:

  • You inherit permissions for covered activities — you don't need to obtain US MTLs, NY BitLicense, MiCA registration, or equivalent permissions for activities Iron is authorized to perform on your behalf

  • You still need your own corporate compliance — Iron's permissions don't cover your own KYB onboarding to Iron, your own AML responsibilities for any activities you perform outside Iron's services, or any sector-specific licenses your business needs

  • You contribute to compliance operations — partners typically share information with Iron about their customers, risk model, and transaction profile to support Iron's overall compliance program

  • Geographic scope follows the licenses — partners can offer Iron services in countries where Iron is licensed; expansion to additional countries depends on Iron's licensing roadmap

FAQs


Do I still need my own licenses if I use Iron?

For activities covered by Iron's services in a jurisdiction where Iron is licensed, no — you can rely on Iron's permissions. For activities outside Iron's scope, or in jurisdictions where Iron isn't licensed, you may still need your own permissions. Confirm with your compliance advisor.

Which countries can I serve through Iron?

Iron's combined licensing covers 100+ countries, but coverage varies by product and activity. See Iron's country coverage documentation for the current list, and confirm with the Iron team for your specific use case.

How does Iron handle sanctions screening?

Iron screens all customers and counterparties against major sanctions lists (OFAC, EU, UN, UK, and others) at onboarding and on an ongoing basis. Sanctioned individuals and entities are blocked from accessing services.

What's the Travel Rule and how does Iron handle it?

The Travel Rule requires originator and beneficiary information to accompany crypto transfers above certain thresholds. Iron complies with Travel Rule obligations in jurisdictions where it applies, using industry-standard messaging protocols.

What happens if a regulatory rule changes?

Iron updates its compliance program continuously to reflect regulatory changes. For changes that affect partner integrations (for example, new data fields or reporting requirements), the Iron team gives advance notice through the partner communication channels.

Where can I get more details?

For partner-specific compliance questions, contact your partnership manager or email [email protected]. For end-user concerns about a specific transaction, use the chat button in the bottom-right of this page.

Did this answer your question?