It’s essential for businesses to understand how regulatory compliance works if they’re building embedded wallets in web3 — but it’s not easy to navigate all the complexity or even determine the costs involved. This is one of the core problems we’ve seen time and again in talking with CEOs, CPOs, and business leaders, and it’s one reason Bastion exists in the first place. Our team’s experiences at places like Meta, Coinbase, Kraken, Anchorage, and a16z has not only shaped our thinking around why businesses need better compliance solutions, but it’s also a fundamental reason why Bastion has taken a regulation-first approach from the start.

Below, we’ll take a closer look at exactly what those costs are and why they matter when it comes to maintaining regulatory compliance for embedded wallet providers in the U.S. For companies weighing whether or not they should build regulated web3 wallets — and what the actual costs and risks are of that decision — the following breakdown is meant to shed some light on the decision and provide more transparency into a complex space as a whole.

As the table above shows, the total fees can get quite high rather quickly, especially when factoring in the steep recurring annual fees and transactions. But it’s not just about the costs themselves: It’s also the work that goes into obtaining the right licenses and compliance posture, the time it takes to make it happen, and the legal risk and impact you’re willing to expose your business and customers to. Here’s how all these line items break down from that viewpoint:

Surety Bonds‍

This is a necessary investment to ensure compliance with state regulations. The cost of obtaining and maintaining surety bonds varies based on state requirements and the financial strength of the company.

• Total Cost: ~$500,000
• Timeline: 2-5 months

‍

Regulatory Licensing

This cost center includes state licensing fees, legal fees, and other expenses related to license applications and maintenance. The process can be lengthy, but is crucial for operating legally in each state.

• Total Cost: ~$1,000,000
• Timeline: 6-18 months

‍

Fraud

Ongoing investment in on-chain and off-chain fraud analysis is legally required to identify and report suspicious activities, thereby safeguarding your operations.

• Total Cost: $120,000 annually plus approximately $0.10 per transaction
• Timeline: Ongoing

‍

Audits

Regular financial, security, and compliance audits are legally necessary for maintaining transparency and adherence to regulatory standards.

• Total Cost: $250,000 annually
• Timeline: 1.5 months each year

‍

Compliance Programs

Developing and maintaining robust AML, KYC and Sanctions programs are integral to compliance and require sophisticated technology and integrations, typically involving multiple vendors. This ongoing cost ensures that your operations stay in line with evolving regulations.

• Total Cost: $50,000 annually, plus annual independent AML audits and AML training, running hundreds of thousands of dollars more depending on company size
• Timeline: Ongoing

‍

‍Financial and Operational Controls

Implementing and upholding strong financial and operational controls are crucial for both compliance and the smooth functioning of your business.

• Total Cost: $250,000 annually
• Timeline: Ongoing

‍

Engineering

Investment in technological infrastructure is critical. This includes KYC, fraud scanning, AML/BSA screening, volume and transaction reporting, and IT & DevOps security measures.

• Total Cost: $400,000 initially, with ongoing costs heavily dependent on operational scale and technology needs
• Timeline: 4 months for initial setup, then ongoing

‍

Staffing

Staffing costs cover the necessary personnel to manage compliance programs, audits, fraud prevention, and engineering needs.

• Total Cost: $1,200,000 annually
• Timeline: Ongoing

‍

Total Cost Overview:

Initial Setup: $2,100,000+

Annual Ongoing Costs: $2,300,000+

Per Transaction Cost: $0.10

‍

While the costs of compliance for embedded wallets can be substantial, they are a critical and mandatory investment for legal and operational success in the U.S. market. But we know it’s not easy for businesses to feel confident that they’re up to date on all the regulations in such a nuanced landscape, and sometimes the cost can be a real hindrance to moving as quickly as teams would like. This is one reason why we’ve built our platform compliance-first from the start: We undertake the ongoing work of regulatory compliance in a comprehensive way, from the highest standards of privacy to advanced security, to keep business and their customers safe.

Our aim is not only to keep businesses and their customers secure, but also to free up companies’ time — so they focus on what they do best, and build the innovative web3 experiences their users love without worrying about the extra headaches and expenses of compliance. We’re committed to not only meeting the most stringent requirements, but also to supporting the continuous evolution of your business in a complex regulatory landscape. To learn more, you can always reach out to one of our experts to get a Bastion demo and chat through any questions.