Authors: Shao Jiayi, Zheng Hongde
On April 25, Mankiw Law Firm, together with Techub News, MobilePay, Web3Hub, and BlockbeatHK, successfully held a salon themed "How Traditional Payments Transform to Web3.0: Innovation Paths and Compliance Practices" in Qianhai, Shenzhen. The event focused on the potential of PayFi as a hub connecting Web2 and Web3, and explored in depth the innovation paths and compliance practices in the context of global financial technology reconstruction and mature on-chain payments. How can payments be "on-chained"? How will global regulatory trends evolve? How can PayFi be truly implemented? These issues became the focus of heated discussions among the guests.
Jayden Shao, equity partner at Mankiw LLP, gave a presentation titled "Starting from Stablecoins - Looking at the Compliance Path for Traditional Payment Institutions to Transform to Web3" at the event.
This article is compiled from Lawyer Shao’s speech. Combined with Mankiw’s practical experience in the Web3 field, it systematically analyzes the past and present of stablecoins, global regulatory trends, and compliance points in the encrypted payment track, providing a reference for traditional payment institutions to transform to Web3. The following is the content of the speech.
Lawyer Shao Jiayi: Hello everyone, I am very honored to be here today to discuss a very important topic with you - stablecoins and how traditional payment institutions can transform to Web3. When talking about crypto payments, stablecoins are a topic that cannot be avoided; before talking about crypto payments, we should talk about compliance first, which is also the reason why compliance comes first. I will start from three aspects: the past and present of stablecoins, global regulatory trends, and compliance points in the crypto payment track. Next, I will start my sharing today.
Part 1: The past and present of stablecoins
Stablecoin 1.0: Centralization and Controversy — Taking USDT as an Example
Today, I will talk about the history of stablecoins from a compliance perspective. I will divide them into four versions. The first is the stablecoin 1.0 era, with USDT as a typical example. Everyone is familiar with it. When you mention "U", it usually refers to USDT. USDT came out in 2014, and its characteristics are centralized issuance, fiat currency anchoring, and controversy over opaque reserves.
USDT has a rough road, with two typical incidents. In 2017, USDT was exposed to share a bank account with its affiliated company Bitfinex. In order to fill the $850 million deficit, Bitfinex borrowed funds from Tether's reserves without the users' knowledge. The matter was investigated by the New York Attorney General, forcing Tether to settle the case and pay a fine of $18.5 million.
Under pressure, Tether disclosed its reserves for the first time, and found that only 3% was cash, and more than 60% was high-volatility assets such as commercial paper, which caused an uproar in the market. The market panic led to a wave of redemptions in the secondary market, and USDT decoupled to $0.96. Historically, USDT has experienced many decoupling and redemption waves, but the situation has gradually improved in recent years. From a large decoupling in 2015 to six decoupling peaks in 2019, it has gradually become stable in recent years.
To sum up USDT in one sentence: grab the market first, then make up for the compliance. Currently, USDT is still the big brother in the stablecoin industry, occupying 70% of the market share.
Stablecoin 2.0: Compliance-based — Taking USDC as an example
The representative of stablecoin 2.0 is USDC, which began to be issued in 2018. Its characteristics are compliance registration, 100% cash or treasury bond reserves, and continuous auditing. Unlike Tether's brutal approach, USDC issuer Circle takes the "gentleman" route.
Circle has obtained MTL licenses in more than 40 states in the United States, and has applied for them state by state honestly. It is the most licensed stablecoin issuer in the United States. Based on this compliance approach, Circle has smooth cooperation with payment institutions and gained trust, such as in-depth cooperation with Visa. Circle is also the first stablecoin issuer to fully comply with the EU MiCA regulations. Last year, USDT was delisted in the EU, and Circle became the first compliant stablecoin recognized by the EU.
To sum up Circle: It doesn’t have the coolest algorithm, but it has the most solid trust, the strictest license and the most reliable partners. Circle has set a benchmark for other stablecoins and is the first stablecoin to obtain MiCA compliance.
Stablecoin 3.0: Failure of the algorithm - Taking Terra USD as an example
Stablecoin 3.0 is the era of algorithmic stablecoins, with TerraUSD (UST) as a typical example. However, this version seems to have chosen the wrong technology tree, with the characteristics of being uncollateralized or partially collateralized, relying on algorithms to adjust the coin price and keep it pegged to the US dollar or other currencies.
However, the collapse of TerraUSD in 2022 exposed the systemic risks of algorithmic stablecoins. Terra and its sister currency Luna entered a death spiral due to huge market fluctuations, with the price of the currency falling from $1 to $0.1 and investors losing $45 billion. The project founder Do Kwon was extradited to the United States in March 2023 and faced multiple charges including securities fraud, commodity fraud, and wire fraud.
This tells us that algorithmic stablecoins fail due to lack of redemption, compliance and responsible entities. The lesson of TerraUSD is: there is no trust without reserves, and there is no anchoring without laws. Stablecoins need top-down supervision to bring trust to users.
Stablecoin 4.0: Payment giants enter the market - taking PYUSD as an example
Next is the era of stablecoin 4.0, which will start in 2023, and the most typical one is PYUSD. Its characteristics are that traditional payment giants begin to make stablecoins, embed them into payment scenarios, and strengthen the regulatory framework.
Let me take PayPal as an example. PYUSD is a stablecoin launched by PayPal and Paxos Trust. As we all know, PayPal is a long-established payment institution and Paxos is a trust institution. They cooperated in issuing the product in a front-store-back-factory model. PYUSD has also become the first USD stablecoin to pass the full license supervision of the U.S. Securities and Exchange Commission, the Office of the Comptroller of the Currency and the New York Department of Financial Services, creating a compliance model of trust structure plus multi-departmental collaboration.
PYUSD also has another feature. It embeds compliance laws and regulations into smart contracts, reserves compliance control interfaces, such as freezing addresses, recalls, asset whitelist filtering and other functions, embeds regulatory technology ideas into the code, and can actively cooperate with compliance, such as freezing money laundering addresses and cooperating with sanctions compliance as needed.
To summarize PYUSD: the first stablecoin issued by a trustee, embedded in payment scenarios, and written into the code in compliance with regulations.
Part 2: Global Stablecoin Regulatory Trends
Next, I would like to share with you what is the current global attitude towards stablecoins? Is it compliant or not? What kind of institutions can issue stablecoins? What are the requirements? I made a table that basically summarizes the stablecoin policies of major laws around the world.
There are currently five major jurisdictions in the world that have relatively clear legislation on stablecoins. The EU, Singapore and Japan are relatively advanced, and they have already implemented stablecoin-related regulations in 2023 and 2024. Other jurisdictions where policies are relatively advanced are the United States and Hong Kong. The United States is expected to introduce a stablecoin bill this year, which is currently under review by the Senate and the House of Representatives. Hong Kong is also expected to introduce a stablecoin bill this year.
What are the similarities and differences between the stablecoin bills in these five typical jurisdictions? I made a comparison, mainly from the aspects of who can issue coins, capital requirements, anchorable currencies, reserve custody, audit frequency, and redemption requirements.
Let's first look at who can issue coins. Japan is relatively strict, restricting only financial institutions such as banks or trust companies to issue coins. Other regions have a wider scope. In addition to typical banks and other financial institutions, other types of technology companies can also issue coins if they apply for and obtain corresponding licenses.
In terms of capital requirements, the EU currently does not have a unified registered capital requirement, and each member state can set appropriate capital requirements on its own. In Singapore, if a non-bank institution issues currency, it must have at least 1 million Singapore dollars, or a capital requirement equivalent to 50% of annual operating expenses. In Japan, since it is a financial institution that issues currency, it only needs to meet the original capital threshold. The United States has not yet unified it, and Hong Kong, according to the current draft, is 25 million Hong Kong dollars or 1% of the face value of the circulating stablecoin, whichever is higher.
In terms of the currencies that can be anchored, the United States is relatively strict, only allowing anchoring to the US dollar, which shows that the United States wants to continue to promote the hegemony of the US dollar on the chain. Other regions are relatively loose, and the European Union, Singapore, and Japan can all issue anchors to their own legal currencies, G10 single currencies, or other legal currencies. Hong Kong is actually relatively strict, mainly Hong Kong dollars, and anchoring to other foreign currencies requires case-by-case discussions.
The reserve custody requirements are relatively similar. The basic requirement is 1:1 full reserve, and it must be a highly liquid and stable asset. Independent custody is required.
In terms of audit frequency requirements, each jurisdiction is different. Hong Kong is relatively relaxed. Its draft only requires annual audits, but the sandbox test currently requires monthly compliance progress reports. Whether there will be any changes in the future remains to be seen.
The redemption requirements are relatively strict, and basically redemption can be done at any time, or at T+5 or T+1.
Regulatory commonalities and differences
From the above analysis, there are four common points in the regulatory thinking of stablecoins in these major jurisdictions around the world:
1. Full reserve and independent custody, which is the most basic requirement;
2. Immediate redemption requirements, even if they vary from jurisdiction to jurisdiction, generally do not exceed 5 working days;
3. Directly or indirectly ban algorithmic stablecoins. Major regulators have seen that algorithmic stablecoins are not feasible, have failed precedents, and cannot meet requirements such as full reserves;
4. Interest-bearing stablecoins are prohibited. The United States has explicitly prohibited it, and other regional laws have basically made it impossible to issue interest-bearing stablecoins through other requirements, because they are essentially securities-like products that may be profitable, and may be more appropriately classified as securities or wealth management products.
I have also summarized the differences between the various jurisdictions:
EU: The most systematic supervision and the most convenient cross-border use. As long as you get a license from the 27 EU countries, it can basically be used in all 27 EU countries.
Singapore: The bill was introduced relatively early, with many but flexible rules, suitable for pilot projects, detailed supervision, clear procedures, and the issuer does not have to be a bank, but a technology company can also issue the currency;
Japan: Banks control the market, only financial institutions can issue stablecoins, and there is relatively little room for innovation;
The United States: The policy is relatively complex, with a dual-track regulatory mechanism with two sets of federal and state regulations running in parallel. However, the United States is currently the most active market for crypto funds, and its potential is huge;
Hong Kong: The system is on the way and will basically be introduced in 2025. The policy is relatively friendly. At this stage, we can get licenses while running, such as Yuancoin and JD Stablecoin testing local scenarios in the sandbox, and expand to Southeast Asia after the subsequent bill is introduced.
Part 3: Crypto Payment Track and Compliance Points
Crypto payment segment
After talking about stablecoins, all the people present here are payment institutions, who may be more interested in transforming to crypto payments. Everyone may not want to issue stablecoins, but want to try other areas of the payment track. Next, let's talk about what kind of playable scenarios there are in the payment track.
I have reviewed the subdivisions of crypto payment. Since crypto payment is based on stablecoins, DeFi, and programmable technology, there are many products that can be made, which can be divided into six modules:
1. Merchant payment access and settlement;
2. The underlying payment network and clearing infrastructure;
3. Escrow or account services;
4. Payment solutions for vertical scenarios can be small and beautiful;
5. Compliance and data support, such as Beosin, which is here today, focusing on KYT compliance systems;
6. Value-added services for the payment ecosystem.
These six modules contain many sub-sectors. It can be seen that crypto payment is very playable. Compared with traditional payment, there are many more tracks that can be deeply explored, tried or created.
License issue
The first compliance issue that everyone is concerned about when entering the crypto payment industry is the license. I believe this is the first issue that all institutions will think of. I have reviewed the current global licenses related to crypto payments and made a table, including crypto custody, payment exchange, stablecoin issuance, cross-border remittance and other payment licenses.
At present, the licenses that are applied for more frequently in practice include: CASP or EMI licenses in the EU; payment licenses in the UK; licenses in Singapore, especially payment institutions in Asia; MSO licenses in Hong Kong, strictly speaking, are traditional currency exchange licenses, not crypto payment licenses; MSB and MTL licenses in the United States. Because crypto payment has the characteristics of globalization, people may still have questions: Can you serve global users with a license in one jurisdiction?
No. In fact, except for the EU's MiCA passport mechanism, a virtual asset service provider license obtained under the MiCA Act in one EU country can be used in other 27 countries. All other compliance licenses are only valid locally and do not automatically grant the right to conduct business with users in other jurisdictions. Obtaining a license only protects you locally. If something goes wrong when you conduct business in other places, the jurisdiction that issued the license will not be responsible.
Another question: If you get a compliance license, can you rest assured when conducting crypto payment business?
Actually, it is not. The license is only the starting point of compliance. Only after obtaining the license can you conduct business, but there are still many points that need to be paid attention to during the business process. If you do not pay attention or do not establish relevant compliance requirements, you may be involved in criminal risks; if you do, but do not do it well, you may only be subject to administrative penalties. Here are a few examples:
1. Coinbase's UK subsidiary was fined £3.5 million for providing electronic currency services to more than 10,000 high-risk customers, involving $249 million in transactions, because it failed to address financial crime control issues. Although it had a license, it did not do a good job in anti-money laundering.
2. Payeer was fined 9.3 million euros by Lithuania for violating anti-sanctions and anti-money laundering regulations, which is the highest fine in Lithuania's history. It allowed Russian customers to trade in rubles through sanctioned Russian banks, and provided crypto wallets, account management and storage services to Russian individuals and legal entities, violating international sanctions and anti-money laundering regulations.
3. Block Inc was fined $40 million in April 2025 for anti-money laundering compliance violations. It failed to effectively enforce the U.S. Bank Secrecy Act and anti-money laundering regulations, and had major deficiencies in KYC procedures and transaction monitoring.
4. CryptoPay's card service provider UAB Payrnet had its EMI license revoked, but the specific details of the violation were not made public. This shows that in the payment field, if compliance requirements are not met, in addition to fines, the license may even be revoked, and it may not be possible to apply for a license in the future, and it may be necessary to bid farewell to this industry.
Eight compliance points
In addition to these cases, there are eight compliance points that the crypto payment track needs to focus on:
1. Anti-money laundering and enforcement rules, which have been mentioned many times in the previous cases;
2. Sanctions compliance. As we all know, the current international situation, whether it is the United Nations, the United States, the European Union, the United Kingdom or other international organizations, there are many regional or individual sanctions requirements that need to be met;
3. Tax and accounting compliance: There are regulatory differences around the world on whether crypto assets should be taxed and how to tax them, which needs to be adapted to local conditions;
4. Data privacy and protection, as it involves KYC and cross-border data transfer, especially in countries such as the European Union that have enacted personal information protection laws, special attention should be paid;
5. Cybersecurity and business resilience, which are technical compliance requirements;
6. Consumer protection;
7. Third-party and outsourcing risk management. As mentioned above, cooperation with other institutions may affect business, suspend business, or require switching suppliers due to problems or revocation of licenses of other institutions.
8. Ongoing regulatory reporting and audit requirements.
The above are our summary of the compliance priorities that need to be addressed in the crypto payment sector. From license application to subsequent compliance, these are also Mankiw’s key service areas.
Conclusion: Compliance builds the foundation of trust
In summary, in the Web3 payment track, it is not a game between code and law, but the cornerstone of trust built by compliance. We see that more and more payment institutions, after obtaining a license from a country or region, or after raising funds, the first thing they want to do is to expand the license and apply for licenses in more jurisdictions. Compliance is often the first factor they consider and the cornerstone of expanding their business.
The above are the key points I would like to share with you about the payment track. If you have more detailed questions, please feel free to contact me for further communication.
