Skip to main content

Licensing

StablePay is operated by Fincrypt LLP, a registered Virtual Digital Asset Service Provider (VDASP) with FIU-IND (Financial Intelligence Unit - India). This registration is mandated under the Prevention of Money Laundering Act (PMLA) for all entities facilitating virtual digital asset transactions in India.

PMLA Requirements

All transactions processed through StablePay are subject to PMLA requirements:
  • KYC is mandatory — no anonymous transactions are permitted. Every user must complete identity verification before transacting.
  • Transaction monitoring — StablePay monitors all transactions for suspicious activity, including unusual patterns, rapid fiat-crypto cycles, and use of mixers or privacy-enhancing tools.
  • Record keeping — transaction records are maintained as required by regulation.
  • Suspicious Transaction Reporting (STR) — StablePay files reports with FIU-IND when required.

Responsibilities

What StablePay Handles

What Partners Are Responsible For

AML/CFT

StablePay maintains an Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) program that includes:
  • Risk-based approach — users and transactions are risk-scored based on geography, volume, patterns, and product usage
  • Enhanced Due Diligence (EDD) — triggered for high-risk customers, PEPs, non-profits, and unusual transaction patterns. See the Limits & EDD guide for details.
  • Sanctions screening — all users are screened against applicable sanctions lists at onboarding and on an ongoing basis
Partners must not knowingly facilitate transactions for sanctioned individuals, entities, or jurisdictions. If you become aware that a user on your platform is subject to sanctions, notify StablePay immediately at compliance@stablepay.global.

Data Residency & Security

  • Storage — all user PII is encrypted with AES-256-GCM and stored in India (AWS ap-south-1)
  • Access — PII access is restricted to authorized personnel and audit-logged
  • Retention — records are retained per PMLA requirements (minimum 5 years after account closure)
  • API security — all API traffic is encrypted via TLS 1.2+, with Bearer token authentication and optional IP whitelisting

Partner Agreement

By integrating the StablePay API, partners accept the Partner Agreement and agree to:
  • Comply with applicable laws in their jurisdiction
  • Maintain appropriate end-user terms and privacy policies
  • Not use the API for prohibited activities
  • Cooperate with StablePay’s compliance team when requested
For questions about compliance, licensing, or regulatory requirements, contact compliance@stablepay.global.