Security
Compliance boundaries
BroSettlement can support controls, records, access separation, and transaction traceability that matter in regulated operations.
It does not replace your legal, licensing, compliance, KYC/KYB, AML, Travel Rule, fiat rail, or banking responsibilities.
BroSettlement can support
- API-level access control and signed requests.
- IP allowlists, nonce replay protection, key rotation, and RBAC.
- Client-controlled signing policy through the Co-Signer.
- Audit-friendly transaction lifecycle records.
- Append-only ledger entries for reconciliation.
- Separation of duties across owner, admin, operator, reader, and service roles.
BroSettlement does not provide
- Legal or regulatory advice.
- A guarantee of MiCA, VASP, CASP, or other licensing outcomes.
- Built-in KYC/KYB.
- AML screening as a bundled compliance provider.
- Travel Rule automation.
- Fiat acquiring, banking accounts, SEPA, SWIFT, ACH, card acquiring, or bank accounts.
- SOC 2, ISO 27001, insurance, or third-party audit claims unless supplied by current BroLabel evidence.
Recommended operating model
BroSettlement is intended to sit beneath:
- Your product UX.
- Your customer onboarding flow.
- Your KYC/KYB and AML providers.
- Your fiat partners.
- Your compliance policies.
- Your treasury and finance workflows.
Related pages
API authenticationSecure API requests with Ed25519 signatures, timestamps, nonces, and IP allowlists.Organizations and rolesSeparate access across humans and service accounts.---