.png)
.png)
When FTX collapsed in 2022, followed by the failures of Celsius and the UST de-peg, it exposed what many industry observers already suspected: large parts of the digital-asset landscape were built on weak governance, unclear segregation of funds, and a lack of regulatory discipline. Billions evaporated not because blockchain technology failed, but because basic financial-sector principles of custody, oversight, and client protection were ignored.
The result was profound. Businesses already questioning the safety of digital currencies saw the trust gap widen. Regulators accelerated their work. And responsible providers had to show — not simply state — how they protect assets.
This is the environment in which Fipto operates. And this is why our stance is simple: Security must be verifiable, and solution providers like Fipto should expect to be challenged.
The industry has changed, and so have expectations
Over the past decade, blockchain-based payments have moved from experimentation to real-world utility. PSPs, large enterprises and financial institutions are heavily adopting stablecoin payments.
But with adoption comes scrutiny.
“The failures the industry witnessed weren’t technology failures, they were governance failures,” says Grégoire Andrieu, Co-founder & CRO of Fipto.
“If we want stablecoins and digital rails to become part of the global financial infrastructure, providers like us must operate with the same discipline as a regulated financial institution. And this is exactly how Fipto has been structured since day one.”
Uneven regulatory frameworks
In an industry where regulations vary dramatically country by country, many service providers rely only on virtual-asset licensing (VASP), or operate from jurisdictions with low entry thresholds. But not all regulatory status is equal, and businesses deserve clarity on this point.
France, for instance, maintains the most rigorous regimes for digital-asset service providers in the world — significantly more demanding than other EU jurisdictions. Some registrations are far easier to obtain, and therefore less protective for clients.
This will improve with MiCA, which introduces a harmonised, EU-wide framework — but until its full implementation, the burden is on clients to understand the difference.
In addition, Fipto sits at both ends of the regulatory spectrum, ensuring robust protection for both fiat and digital assets.
- Licensed Payment Institution (ACPR, France) — authorising us to handle fiat funds, execute payments, and access the banking ecosystem.
- Dual VASP registrations (AMF in France, CSSF in Luxembourg) — for companies working with virtual assets
“Being regulated on both sides — fiat and crypto — is a very strong signal,” explains Ivaylo Asparuhov, Head of Compliance at Fipto.
“It ensures that whether a client holds euros, dollars, or stablecoins with us, they are protected under a consistent, regulated, European-grade framework.”
Why this dual-regulation matters
Our Payment Institution licence, granted by the French ACPR (a division of the Banque de France), follows a rigorous evaluation across governance, risk management, capital adequacy, and operational resilience.
This complements our AMF/CSSF VASP registrations for handling virtual assets, making Fipto one of the few European players that can credibly say: “Your assets are handled under enteprise-grade controls, whether fiat or digital.”
And soon under MiCA, Fipto will add the CASP licence to this foundation — a further step toward the long-awaited consolidation of the European regulatory landscape.
Security built on verifiable controls
Licences matter. But execution matters more. Blockchain may offer immutability, transparency, and settlement speed — yet the real security of client assets depends on how a provider manages access, governance, counterparties, and operational risks.
This is where Fipto applies financial-sector discipline to deliver the highest security to safeguard client assets.
1. Multi-level governance and role-based permissions
Every client account comes with fine-grained access controls:
- Role-based permissions
- Multi-signature workflows
- Beneficiary whitelisting
These controls ensure that no single individual can unilaterally move funds.
“The principle is simple: operational mistakes must be prevented by design,” says David Sansonetti, CTO of Fipto.
“We build governance into the product so teams can’t bypass safeguards.”
2. Continuous AML/CFT monitoring
Fipto performs real-time:
- Transaction screening
- Behavioural analysis
- Sanctions monitoring
- Counterparty checks
Aligned with EU regulatory requirements and audited annually.
3. Secure wallet infrastructure, fund segregation and safeguarding
We use a secure MPC wallet architecture, eliminating single points of failure and enabling safe signing workflows.
We pair this with a strict segregation of client assets across both fiat and digital currencies — a minimum requirement for any serious provider. All client accounts are 100% segregated to safeguard their funds.
Client funds are always held in dedicated safeguarding accounts, fully separated from Fipto’s own operational funds. This means they cannot be used for lending, liquidity operations, or internal financing.
Segregation applies across:
• Fiat funds, safeguarded in regulated credit institutions within the EU
• Digital assets, held in secure MPC-based wallets designated per client
These balances are reconciled daily, monitored by our Finance and Compliance teams, and subject to independent audits.
While safeguarding of fiat funds is a mandatory requirement under our Payment Institution licence, we voluntarily apply equivalent principles to digital assets under our AMF and CSSF registrations, creating a unified and transparent protection framework for all assets held with Fipto.
4. Audits, penetration tests, and ISO standards
Security is reinforced by:
- Independent penetration tests
- Infrastructure configuration scans
- Data encryption and secure EU hosting
- ISO/IEC 27001:2022 certification
- Regular governance and financial audits
"These aren’t optional enhancements, they’re the backbone of a responsible payment institution", says Sansonetti.
Can your provider prove all of this?
Too often, the industry relies on statements like:
- “We use bank-grade security”
- “Your assets are safe”
- “We are compliant”
But without concrete evidence, these words mean little.
This is why Fipto encourages businesses to challenge us — and any provider — on six essential criteria:
The Security & Trust Checklist
- Regulatory depth: Are you licensed for both fiat and digital assets?
- Client fund segregation: Can you prove separation of client and corporate assets?
- Governance controls: Are there multi-sig and role-based workflows?
- Infrastructure security: Are you ISO-certified? Do you conduct external audits?
- Transparency: Can I trace every transaction end-to-end?
- Counterparty quality: Are you using fully fiat-backed stablecoins with audited reserves only?
If a provider can’t answer “yes” to all six, the risk is on you, not them.
Security must be the enabler of innovation, not its weakness
Blockchain payments, stablecoin rails, and automated treasury flows can transform the way global businesses operate. Faster settlements, global reach, reduced FX friction — these aren’t theoretical benefits. They are real advantages created by real technology. But none of it matters without trust.
“Innovation only works if clients know their assets are protected,” says Grégoire.
“The future of payments won’t be built by the fastest — but by the most reliable.”
This is the standard Fipto commits to every day.
Explore Fipto’s full security and compliance framework
- Security → https://www.fipto.com/company/security
- Compliance & Licensing → https://www.fipto.com/company/compliance
- Payment Institution licence announcement → https://www.fipto.com/articles/fipto-secures-payments-institution-licence-from-frances-acpr
