Revuto VDCs: A Progress Report

This blog post is dedicated to our most anticipated product — something we popularly call Revuto VDCs. Launching VDCs (Virtual Debit Cards) is the most important task we still need to do in order to kickstart the Revuto business and its token economics (tokenomics). In short, this event will transform us from pre-revenue into a sustainable company generating revenue from our business activities. Several times we have explained in detail what that means to us, and, more specifically, which revenue streams are planned to ignite with such an event. But this time the emphasis will be on a few hot topics (questions) that many of you have been demanding to get answers to.

One of the biggest questions is — Why is it taking you so long to launch the card program?

To answer that one, we’ll start by telling you what exactly we’ve done and what we’ve gone through since the ICO to get us to be in the position to launch the card program.

Launching the Debit Card Program.

To launch the Debit Card Program, and more importantly, the one that supports crypto, first off you need to understand how that business works. To start, launching debit cards with the Visa or MasterCard logo (card scheme) is not something you can do directly with MasterCard or Visa. Both companies are very similar in how they operate, but most importantly, they rarely work directly with small startups (fintech companies). Even if they would do it, they’ll always connect you with service providers they support with their card scheme that offer platforms to build fintech products on top of them. There are a variety of companies offering this and supporting both card schemes on different markets.

Where you plan to launch the debit card program is very important because those service providers will most likely cover only a few countries or regions with their services, and only a few of them can actually support you worldwide. That’s because those services are offering traditional financing products, which are all heavily regulated by local financial regulators. In short, if you choose to work with a service provider compliant to offer their services only to EU citizens, then you won’t be able to launch the debit card program with them in different markets such as APAC (Asia and Pacific countries), MENA (Middle-east and North Africa), US and so on. So, if the plan is to launch your product worldwide, the best way is to find a service provider that is capable of serving users coming from all over the world, which usually means compliant and regulated in all those regions. The good thing about a setup like this is that service providers usually cover specific regions, including more than one country. For example, if the service provider is licensed to cover the EEA (European Economic Area), they can serve all users from all EEA countries. The biggest reason for this is that all service providers issuing debit cards (the card issuer) need to work with their partnering bank, allowing users from those countries to open a bank account. The setup makes perfect sense because a bank for residents in the EU will not open the bank account for citizens of Africa and vice versa. In that regard, the card issuers that can cover other regions have different banking providers (partners) in those regions.

Choosing the right card and banking service provider (the card issuer).

When choosing the best card issuer and its banking partner to cover more than one region you can decide if you want to go with one provider or more to do so. Both strategies have their pros and cons. In our experience, the best and easiest way would be, obviously, to work with one service provider to cover them all. The reason for that is simple. Every service provider has its own compliance, pricing, and technical specifics. Before you can even start working with any of them, you need to apply for KYB (know your business) and short screening, after which you can actually sign with them and initiate the extensive due diligence and compliance process. Again, when it comes to issuing debit cards, we’re talking about a heavily regulated business that is becoming even more regulated every day.

Still, because there are many different markets worldwide with their own specifics (mostly on regulation), it’s not easy to find the best service provider to fit (cover) them all in the best possible fashion. Usually, a service provider originating from a specific region is doing the best in the region where they are because they’re more familiar with the local regulation requirements than with those in other regions. We need to emphasize that those requirements change fast, especially now when governments around the world are looking to regulate crypto.

Card Issuing as a service (a tech platform).

We already mentioned that Visa and Mastercard don’t work directly with small companies but with the service providers offering (reselling) their card schemes. Besides the compliance issue when it comes to launching the debit card program in specific regions, there are technical differences between service providers as well. Card issuers are basically tech companies offering regulated financial products such as bank accounts, P2P money transfers, cards, etc. When it comes to issuing debit cards, they not only open bank accounts and issue debit cards but offer a complete solution to manage and use a variety of products connected to it. They offer physical and virtual debit cards, which can be disposable or ready for reuse (top-up), they offer APIs to control 3DS (security), top-ups, card freeze, PIN change, card limits setup, merchant ID control and blacklist, card design, card expiration date, chargeback request, requests to delete cards, transaction monitoring, webhooks to provide information when and how much a specific merchant charged you (or tired to charge you), support for Apple and Google Pay, and much more. As you’ve probably noticed, there are many fintech companies offering specific cards to their users bundled with specific apps solving a specific problem, and the service providers serving those startups need to allow them a technical platform allowing them to build their business logic on top of a variety of API calls they offer to control all the above. As always, some of the service providers offer better platforms and more possibilities (freedom) to build your business on top of them; some are cheaper, and some offer better API documentation, offering faster time to market (technical integration). On top of everything, many offer different compliance processes, which is no less important because, again, it’s a regulated business, and you don’t want to end up working with a service provider that is not reliable and eventually ends up not being able to provide service to you. In the end, some service providers are MasterCard or Visa principal partners, meaning they’re more strictly regulated and working closer with Visa and MasterCard to provide a better and more reliable service.

Below, you can see how complex the fee structure is for running the debit card program. Revuto did a fee structure calculation for every card provider it worked with to secure the sustainability of its fintech business.

Revuto financial projections (P&L) for Years 1, 2, and 3 of running the debit card program are based on the fees above and the number of registered, active, and paying customers within the EEA and the UK. Since launching the card program in year one, financial projections are based on up to one million registered users. At the moment, Revuto has a total of 357,195 registered users, of which 146,315 are coming from the EEA and UK without the card program live. Present numbers show potential for significant user growth once the card program is live. According to projections for the third year after launching the card program, Revuto aims to get up to 10 million registered users, generating a total revenue of around 1.7 billion dollars. Most importantly, all projections show that Revuto’s core business model can become profitable during year one, where it needs to surpass 200k monthly active users, from which we expect to have 10k paying customers (if the conversion is to 5% of paying customers — Revuto Premium). The detailed numbers and financial projections show the seriousness of the Revuto team and its business in becoming a very reputable and profitable fintech company.

Compliance!!!

Again, compliance is one of the most essential things in card issuing because it’s a heavily regulated business. All card issuers are regulated and supervised by their partnering bank and the local regulator. The purpose of this is to prevent any illegal (fraudulent) financial activities from the service provider, its clients, and/or the end users, of which money laundering is the most critical. Different service providers (card issuers) and their banking providers have different ways of how they comply with those requirements. For the start, all those service providers need to have a license to be able to provide their services to the end users. For that, in the EU, EMI (e-license or electronic money institution license) is required from the service provider or their client companies to be fully compliant and ready to serve their users. To make onboarding easier for their clients, many card issuers holding EMI licenses offer passporting of EMI licenses to companies they work with. In the end, the companies which are using passported EMI licenses can be registered as agents or distributors. Explaining the differences between both would require a blog post itself. However, let’s say some clients require more strict regulation because they plan to hold users’ funds (custody) and support instant (P2P) money payments between those accounts.

The good thing about the EMI license is that it can be passported by the card issuing service provider to its client companies and to countries from the same region. The banking provider (the bank) issues an EMI license, which doesn’t necessarily need to come from the same country where the client company was incorporated. In short, you can have a company incorporated anywhere in the EU with an EMI license issued from any bank in the EU, which will result in being EMI compliant for the whole EU.

For those fintech companies who do hold an EMI license, passporting the license makes life easier because they don’t need to get the same for each country within the same economic region. Still, that doesn’t work for all other regions. For instance, the US is specific in that sense because you need to get a license from a specific federal state to be allowed to serve citizens of that state. There are some other specifics with other regions but again, it would require a dedicated blog post to cover all the differences. What is important to understand is that any company that is looking to offer its users a debit card product is required to be compliant with local financial regulations. The licenses are issued by banks or passported by regulated service providers, and everything is monitored by local financial regulators.

Depending on which card issuer and banking provider you choose to work with, the compliance process may vary in its duration and specifics. Usually, a more strict compliance process means better reliability when it comes to keeping the license and being able to provide legal business to the end users. Having a reliable card-issuing partner is one of the most critical things in the business because many card issuers tend to onboard as many clients as possible without doing proper due diligence. As a result, because of their clients’ illegal activities (most likely connected to money laundering), those service providers lose their licenses and rights to provide the service. What is essential to understand here is that 9 of 10 clients a card issuer serves may be fully compliant with regulations, and only one not, for all to be banned from the regulator. If the service provider loses its license to provide service, it leaves all their clients empty-handed. In the past, the business suffered a lot when Wirecard, one of the biggest service providers in the EU, lost its rights to serve its clients, resulting in hundreds of thousands of cards instantly becoming obsolete (not working). The most recent similar case happened to PayerNet (Railsr, ex Rails Bank).

Further down in the blog post, we’ll briefly describe how complicated the compliance process was for Revuto and what is required to get an EMI license within the EU and be ready to start issuing debit cards to the citizens within the EEA. This doesn’t mean that all other companies choose to go on the same path, but you need to understand that all businesses are not the same — some have specific technical requirements and also requirements regarding crypto. The last one, supporting crypto, is one of the most common showstoppers when it comes to compliance and, in the end, time to market. In regard to all that we have described so far, the compliance process can last from 3 months to even a whole year.

Lastly, there are differences in commercial requirements from different service providers. There are onboarding fees, complicated fee structures for opening bank accounts, topping up cards, making transactions/payments, issuing different virtual/physical debit cards, obtaining an EMI license, monthly minimum retainers and volumes, AML and transaction monitoring, taxation services, and more. From all we witnessed so far, we can easily say it’s a very complicated product to launch and keep operational. Being very complicated usually means time-consuming and expensive. The advantage of finally being ready to launch a product like this is that once you overcome all the obstacles, you’ll most likely be at a big advantage compared to all those who are still looking to do so or are stuck in the process. With time, things are getting even worse (compliance-wise) for newcomers, meaning that our advantage could be even bigger in the future.

KYC

One of the first pre-requirements to even begin the process of issuing debit cards to end users is the ability to KYC your users. As mentioned before, to issue any kind of debit card (virtual or physical), the banking partner needs to open a bank account for users. In the EU and UK that means opening an IBAN account under the user’s name. To be able to do so, every user needs to finish a full KYC (know your customer) process with a specific KYC service provider. While it is possible, you most likely won’t see companies perform KYC checks by themselves because the KYC business is also regulated. KYC information includes sensitive material (personal information, a copy of a government-issued document including a photo, a copy of an official document including the user’s address, live check videos…), which is all very confidential and may be misused (stolen). Fintech companies partner with popular (proven) KYC providers to perform these checks to prevent platform misuse and security liabilities. Revuto partnered with SumSub, one of the most popular and secure KYC providers, offering an easy process and a short time to get checked. One of the biggest problems of KYC is its price. A full KYC is required to open a bank account, which may be very costly if the business has many eligible users.

Card Acquiring

Finding the right acquiring partner is one more important piece of the puzzle for being ready to launch the card program. To avoid unnecessary compliance, many fintech companies offering debit cards have chosen not to offer custody of their users’ funds. Those services won’t offer the account preview (its balance in FIAT) and money transfer from the app (wallet). Unlike Revolut, which has all of the above, Revuto will avoid holding users’ funds by allowing our users to top-up their debit cards with FIAT only by using their other debit or credit cards. To allow that, Revuto had to find an acquiring company. There are services offering card issuing and acquiring, but to be able to accept cards from around the world as a top-up source, it’s essential to partner with the best acquiring service providers in the world. In the case of REVUTO, that’s Worldpay (FIS Global).

As with KYC checks, acquiring can be done in-house, but, again, it’s a regulated business that needs to be very secure because holding sensitive data such as users’ debit/credit card numbers is risky. Hackers put a lot of effort into stealing that data, so many companies choose not to hold that info within their platform but opt to use the services of proven (reliable) acquiring companies. As you may have already noticed, several times we have mentioned how important it is to have reliable partners in the process before launching the debit card program. Once you launch the cards, the most essential thing is to keep the product live without any interruptions of the service. If this is not the case, users will most likely lose trust in the product and never use it again.

In the end, to lower their costs, established fintech companies that are serving millions of users opt to do card acquiring and issuing by themselves, which requires substantial investments and compliance. Since not so long ago, Crypto.com has been one of the companies doing so. For instance, Binance is an acquirer but is using partners for card issuing (Visa and MasterCard schemes, depending on where the user is coming from). Acquiring is costly because on every top-up, depending on what card the users use as a top-up source, the acquiring partner will charge a fee. Usually, the fees are around 2–3%, which can become less if your business processes significant volumes.

More about the flow of money and Revuto Virtual Debit Cards:

Chronology of Revuto launching its debit card program

To shorten the process, Revuto team members started working on the Revuto debit card program before the ICO (May 2021.). Our experienced team members already knew how difficult it can be to launch a debit card program supporting crypto. Some companies have such products live, but not many. Many Revuto team members had experience using these products (cards) that had been discontinued in the past (ePayments, Chapo, Bitpay… or those relaunched several times like Wirex).

Decta

As a first service provider, Revuto started to work with a company called Decta. By external contact and a reliable person, the team was advised to contact Decta, which eventually resulted in integrating with them in early 2021. It didn’t take a lot to see that Decta was not even close to being suitable or ready to work with Revuto. They were eager to become a reliable partner, but that never happened. They tried to act as the acquirer and issuer at the same time, but even a task as simple as a 3DS was not ready (working), not to mention other things. At that time, DECTA was partially operational and seemed a good choice because we couldn’t afford better. Still, for what we needed (fast launch) and especially while gearing up for the successful ICO, we decided to opt for a more reliable partner.

Manigo

Even before the successful ICO and not knowing if we’ll have a product-market fit, the Revuto team searched for better options for its card-issuing partner. Once again, through a reliable and reputable fintech expert in the region, we decided to sign with Manigo. Although they were a UK entity, Manigo seemed a good choice because their founder was from a neighboring country (Serbia), allowing us to communicate more seamlessly (no language barrier). At that time, we still didn’t know anything close to onboarding (compliance requirements and technical integration processes) as we know about it today. We were very eager to launch the card program as soon as possible because we promised this to our users. Also, we wanted to be the first in the Cardano ecosystem to do it. It would be an understatement to say we rushed things, resulting in overlooking what was more important — to have a reliable partner.

Manigo developers and its team members did all they could to help us, but things (again) didn’t go as smoothly as anticipated. Initially, there were many advantages of working with Manigo. The service offered both acquiring and card issuing and integrated with the KYC provider (SumSub) within the platform. Not less importantly, they offered quite good commercial terms (fees). Despite the usual technical integration (development) hurdles, we got ready to start issuing the first working debit cards in a closed testing environment in Q4 2021. We issued a couple of cards, topped them with funds, and tested them with service providers. We encountered problems with specific service providers not accepting those cards but still were looking to solve the issue with Manigo and continue testing. The only problem was that, sometime in October 2021 we couldn’t issue new or top-up old cards that had been issued. We didn’t know what was happening for some time because the Manigo team, including their CEO, was not responsive. After a while, we found out that they had lost their license to operate and provide financial services to us. Also, we found out about the setup they had been trying to push with us since Q1 2022, after we reestablished so-called normal communication with their team and CEO.

While working with Manigo, we encountered several red flags, which could have helped us move from them much sooner, but it was not easy because our developers already did most of the heavy lifting to integrate with them, and they got used to their way of working, they got familiar with the Manigo team and similar. In that regard, cutting all connections is never easy, and especially because Manigo did everything it could not to lose us. But in the end, they were not a good fit. With time and all the red flags, we lost confidence in them, but in the end, they were never ready to support us with what we needed. At the same time, there was great pressure from the community to launch as soon as possible, and because we entered a bear market, we were afraid we might lose their support if we didn’t do so.

In Q1 2021, the Revuto CEO and his executive team decided to look for better options in the market, and because the team had funds to afford it, even to search for the best service provider in the market. The Crypto.com service was one of the companies we were closely looking after because they had a great and reliable debit card program supporting crypto that had been running for quite some time and without any hiccups. The team did a deep dive into how they operate and discovered that Rails Bank was serving them as a card issuer. Doing comprehensive market research on the debit card issuing business, the team decided not to listen to other “experts” when it came to deciding what service provider to work with but rather to decide on its own. When it comes to who was the market leader, we reencountered the name Rails Bank. So, the decision made was to contact them.

Rails Bank (Railsr)

The team contacted Rails Bank while still working with Manigo. The decision was not to cut all connections with Manigo because we didn’t know what the process with Rails Bank would look like and if we’d be able to launch/work with them. We were transparent about it with the Manigo CEO and even had discussions about possibly launching with Manigo in the UK and Rails Bank in the EU in parallel or vice versa. The reason for that was to de-risk the integration because, apparently, in this business, as a result of strengthening compliance and regulation, you never know which partner may let you down.

Rails Bank fee structure

The initial communication with Rails Bank was very good. As others, they too showed great interest in working with us because we had a large number of registered users (way above 300k) whom they could serve. Also, they were able to support us worldwide. The go-to-market strategy was always to start with the EEA and UK markets but soon after to open other regions. We always had a bit more than 50% of all users coming outside the EEA and the UK: for instance, almost 100k users from the APAC area, so there was a good reason to open other markets, too.

Working with Rails Bank was the first time we encountered such a rigorous compliance and onboarding process, which further confirmed that we had the most capable and reliable partner this time. Suddenly, we felt very confident we’d launch the card program during the year. At times, we were hoping we’d launch before summer (preferably May or June), but time went by very fast until we were finally approved by their compliance team to start the technical integration. Again, comparing the compliance process we had with Manigo and the one with Rails Bank was like comparing night and day. Manigo didn’t require much from us, just a simple KYB and business plan, while Rails Bank dug deep into our company resources, business model, team members, and lastly, we had to hire MLRO to run our compliance. Their compliance was everything but easy, but, again, it gave us confidence that this time, this was it. It all resulted in Revuto obtaining an EMI license from the Bank of Lithuania, which made us one of the not-so-many fintech companies within the EEA, being fully compliant to offer advanced financial products such as the debit card program. Also, we were the first of its kind within the Cardano ecosystem. We proudly tweeted and posted about it.

Being fully compliant, our backed developers were given “live keys” to access their platform and to start with the technical integration. The usual process is 3 + 3 months, but in our case, those 3 + 3 became more like 3 + 6 or even closer to 3 + 9. Besides Rails Bank (at that time rebranded to Railsr) and our team, the external agency building our mobile apps was included in the process. Including three parties in the process is never easy, but it was manageable initially. Besides the first big problem about how to disintegrate the old setup in which the KYC process was part of Manigo’s platform, there appeared the first signs of problems with slow communication between Railsr and Revuto. We entered the summer period, so we thought the summer holidays may be the reason. At the same time, we were still in touch with Manigo’s CEO, not only to solve the KYC data migration from Manigo to Railsr since we paid a lot for every KYC check the Manigo platform did for us, but also because Stevan was raising concerns about Railsr and if they would be a better option than Manigo in the end. He warned us about other companies moving away from Railsr. We listened and observed but continued integrating with Railsr. In Q3, communication with Railsr was getting even slower, which raised our first concerns. Besides being eager to launch as soon as possible because we were already aware of bad crypto market conditions and what could happen if we didn’t launch soon, we were concerned about losing money because of their slow pace. In addition to us paying for onboarding fees to launch a debit card program in the UK and EEA in parallel, Railsr started issuing us monthly invoices for using their platform in May 2021. Basically, we were paying them as if we were live.

The perfect shitstorm

In Q3, Revuto was still looking to launch the card program by the end of the year but somewhere around September-October 2022 the team started to reconsider the decision because of further bad signs. Firstly, besides some other companies, Crypto.com departed with Railsr. That was the first time that Vex, CEO at Revuto, directly asked Railsr if they had any problems and why they had lost such a big client. The answer was not so convincing, so the team decided to wait for the decision and observe. At the same time, the crypto market experienced the most bearish times of its ongoing bear market. Every day we witnessed many crypto companies going down, and we were concerned that the exchanges we paid a crazy amount of money to list us would go down, whereas the overall market would go down because BTC was very low. In the end, the FTX saga happened, which helped us decide not to rush things.

To make things worse, Railsr raised their requirements for pre-funding settlement accounts with their bank before launching by a significant amount. That hit us hard because our business was already affected by bad crypto market conditions, and we didn’t know what would happen in 2023. We knew that 2023 wouldn’t bring any significant change for the better, so the focus switched towards surviving the bear market and launching the card program during more favorable times. Although we already issued 2x 500 testing cards with up to $5 in Q2 and had 24 debit cards running live for some time, the decision to wait with the launch proved to be the best one we made since we decided to do the ICO.

In early February, we received an email from the Railsr team saying they’re unable to launch new card programs and onboard new users until the situation is solved. Basically, they lost their license from the Bank of Lithuania to provide services. The Revuto team couldn’t believe our eyes when that happened. On the one hand, we were happy we avoided disaster by launching with them, but on the other hand, we already knew what that meant for the company — again, losing precious time finding a reliable partner, going through a crazy compliance process again, and, then our devs and the agency for the frontend integrating with their platform. We don’t have to describe much about how that reflected on our team and our already hurt morale. Knowing our resources were not even close to what we had started with during 2022 we had to adjust to market conditions and significantly lower our expenses to survive the bear market. We made a plan to be operational and ready for 2025, when the new bull market and so-called “alt season” were expected.

https://www2.railsr.com/webmail/943043/391134907/ba048c64b6c2cb4fa5c14dea48b1cf633ebcd3dcfaf2714ec7a7923837252d1f

License of UAB PAYRNET revoked for serious violations, bankruptcy proceedings to be initiated

More: https://www.lb.lt/en/news/licence-of-uab-payrnet-revoked-for-serious-violations-bankruptcy-proceedings-to-be-initiated

https://www.lb.lt/en/news/licence-of-uab-payrnet-revoked-for-serious-violations-bankruptcy-proceedings-to-be-initiated

Modulr

Since the information about Railsr going under became widely spread, Revuto received several requests to onboard with different service providers. During the year, we talked with all of those providers, and we believe there isn’t a company in the card-issuing business we didn’t talk to. During the fast process of finding a replacement for Railsr, we decided to go with Modulr, which seemed to suit us the best and also proved to be considered the most reliable of the bunch. Revuto received the first commercial proposal from Modulr on March 12th with all the requirements to start with onboarding. Even though we have not finished the compliance process with Modulr and their banking provider, De Nederlandsche Bank (‘DNB’), Revuto received a full API documentation from Modulr and was granted access to their sandbox environment to start technical integration. Both happened a month ago. This is very important because our development team and agency for the mobile app can use the time while we do compliance to work on the technical integration with their platform.

From the technical side, Modulr offered us two options about how to set up the business logic with virtual debit cards to allow users to control their payments towards subscriptions.

Not less important, knowing our position and what we went through with others, Modulr significantly lowered the entry barrier (financially) to start working with them.

A painful compliance process

As stated in this blog post, compliance is one of the most important parts of onboarding with the card issuer. The applicant (Revuto, in this case) needs to show they’re eligible to start the legal process. Also, their business model must show sustainability and internal processes to prevent illegal activities, especially money laundering. Lastly, being involved with crypto, which has been under heavy scrutiny from regulators in recent times, is raising the bar even higher. All the crypto to FIAT off-ramping needs to be executed through a secure and monitored process with a very clear flow of funds and, again, prevent any money laundering activities. Below you can find the most important parts of the process.

And in terms of what they require for onboarding, please see below:

• Self-Assessment Questionnaire (for Outsourced KYB)
• As mentioned, our full review kicks off once the Agreements are signed so we can allocate a full onboarding team (Onboarding Project Delivery Manager, Compliance Analyst, Implementation Manager), and the previous documents listed are provided
• We would, however, look to start some checks in advance and to support this, it would be great if you could complete the attached document: ‘Modulr Customer Self-Assessment — Partner Outsourced’
• Compliance / Onboarding (forms/documents we require to kick off the onboarding process once Agreements are signed)

1. Company Information (please complete)
2. Modulr Application Form (complete online here)

We will try and electronically verify as much as we can, but if we can’t, then we might need to ask for some more information

1. ID and Proof of Address for Ultimate Beneficial Owners (UBOs) — acceptable documents list attached
2. Modulr Source of Wealth Declaration
3. Business Plan
4. Compliance/AML Framework (please provide) — please note, these do not all need to be separate documents
5. Key to allow the team to kick off their review

i. AML Policy

ii. Anti-Bribery & Corruption Policy

iii. Sanctions and PEPs Policy (if not in AML Policy)

iv. Financial Crime Risk Assessment & Risk Management Policy

v. Customer Due Diligence Procedure (if not in AML Policy)

vi. Transaction Monitoring Procedure (if not in AML Policy)

vii. SARs and Law Enforcement Procedure (if not in AML Policy)

viii. Enterprise-Wide Risk Assessment

1. It would be good to have it as soon as possible, but can kick off the review without:

i. Fraud Policy

ii. Whistleblowing Policy

iii. Anti-Bribery & Corruption Risk Assessment

iv. All AML/CTF training materials and staff training log

v. Compliance Monitoring Plan

vi. CVs/LinkedIn profiles of key personnel within the firm — (must include MLRO and Compliance Team)

vii. Organisational Chart

viii. Most recent MLRO Report, if available

ix. List of clients per geographic location / or Target Locations (including country risk rating)

x. List of payment destinations by country (location of beneficiaries)

xi. List of clients by value and volume of activity

xii. List of clients by risk rating

xiii. A list of any exceptional transactions in the past 6 months

xiv. Compliance reports between the firm’s senior management (including Management Information)

xv. Complaints Handling Policy/Procedure

xvi. Blocked Accounts Handling Policy/Procedure

xvii. Vulnerable Customer Policy/Procedure

xviii. Wind Down Plan

1. IT Security Questionnaire (please let me know who to send to)
2. We will also need your platform to be penetration tested before going live (if one hasn’t already been carried out in the last 12 months)

• AML / Compliance Audit
• As part of the onboarding process, we would arrange a session between compliance teams to walk through your policies/procedures in more detail and see you demonstrate some of the systems and controls you have documented
• I have attached an audit agenda, which details what is typically covered in these sessions
• PSD2 Compliance Requirements
• Please find a PDF that helps determine whether the accounts you will issue will be considered payment accounts and subject to PSD2 requirements
• Partners of Modulr’s who fall in scope either build out the capability to meet the requirements or use a 3rd party to help with achieving compliance (e.g. tell. or Salt Edge). Typically 3rd parties are used to assist in meeting the requirements

The above is just a part of the process because it doesn’t include compliance calls, insurance policy, and, most importantly, the onboarding process for supporting Crypto. The last one is a story for itself, which we won’t disclose until we launch.

Below, you can see the structure of the compliance call with Modulr.

What’s next? The roadmap.

Telling you all the above, Revuto is on track to launch its debit card program (VDCs) with Modulr by Q2 2024 at the latest. At the same time, the plan is to launch a custodial wallet supporting REVU and the 10 most popular cryptocurrencies, which should create a perfect storm for Revuto’s biggest event since the ICO and REVU token listing and kickstart main revenue streams and REVU tokenomics. All of the above will be packed into the Revuto app v.4.0. launch. The Revuto CEO will explain more about the ecosystem of products of Revuto v.4.0. mobile app and the UIX flow in the upcoming Revuto Tech Talks video.

The above photo shows where we’re with Modulr regarding the compliance process. The weeks shown don’t represent the actual launch timeline because things take much longer than the sales pitch predicts.

Until Revuto launches its debit card program, you can still get ready for the Revuto virtual debit cards and apply for the physical debit cards via the existing Revuto mobile app available for iOS and Android devices.

If you have any questions about the Revuto service or its debit card program, feel free to contact us via [email protected]

Your Revuto Team