---
title: "The Banking RFP: A 47-Question Template for Regulated Crypto Firms"
slug: banking-rfp-47-question-template-crypto
publishedAt: 2026-05-24T12:00:00Z
author: Finconduit Editorial Team
tags: PSD2, EMD2, MiCA, AML
canonicalUrl: https://finconduit.com/resources/banking-rfp-47-question-template-crypto
---
# The Banking RFP: A 47-Question Template for Regulated Crypto Firms

Stop pitching banks. Run a 47-question RFP across 8 scored sections and compress diligence from 16 weeks to 8 — with leverage on price.

Most regulated crypto firms approach bank selection as a **sales pitch**. They build a deck, request a call, send the same five\-page memo to every contact, and then wait. Banks, on the other side of the table, run the same conversation as **procurement** — they grade you against an internal rubric you never see, and the answer arrives months later as a yes, a no, or silence.

The fix is structural. Stop pitching. **Run a proper RFP** against your shortlist — a written request for proposal, scored against a public rubric, with a deadline. A well\-built RFP compresses diligence from **16 weeks to 8**, forces every counterparty to commit in writing to the same set of operational realities, and gives you **pricing leverage** no individual pitch ever produces.

This guide is the template. **The 47\-Question Banking RFP** — 8 sections, 47 scored questions, one weighting matrix per firm type, and a 0–5 grading rubric. Use it on three to five shortlisted banks and EMIs; the comparison alone will tell you who is serious about crypto and who is wasting your time.

## Why an RFP Beats a Pitch

A pitch puts the bank in control of pace, criteria, and silence. An RFP inverts all three. You define the questions, you set the response deadline, and you publish the scoring rubric so every counterparty knows exactly what wins. **Procurement discipline** is the entire game.

Banks expect this from corporate treasurers buying cash management, FX, or trade finance. They do not expect it from crypto firms — which is precisely why it works. Sending an RFP signals you are a **sophisticated counterparty**, not a desperate applicant. The conversation shifts from *will you bank us?* to *why should we pick you?*

There is also a regulatory dividend. The **EBA** expects credit institutions to perform **EDD** on crypto\-related customers under the [Guidelines on customer due diligence](https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-countering-financing-terrorism/guidelines-customer-due-diligence-and-factors-credit-and-financial-institutions-should-consider).¹[^1] An RFP pre\-answers the questions the bank's MLRO will ask — substance, source\-of\-funds methodology, transaction monitoring stack, sanctions tooling — which is why a well\-structured RFP often shaves **4–8 weeks** off internal credit committee timelines.

## The 8 RFP Sections

The 47 questions cluster into eight scoring sections. Each section has a purpose, a weight, and a verdict\-line that should be obvious from the answer.

- **Section 1 — Operational Fit**: account structure, currencies, settlement rails, payment file formats.

- **Section 2 — Substance & AML Stack**: local hires, MLRO seniority, transaction monitoring vendor, EDD playbook.

- **Section 3 — Transaction Profile Fit**: expected volumes, ticket sizes, counterparty geographies, fiat/crypto split.

- **Section 4 — Sanctions & Screening**: OFAC/EU/UN list cadence, secondary sanctions handling, name screening tooling.

- **Section 5 — Custody Flow Integration**: qualified custodian whitelisting, on/off\-ramp policy, Travel Rule routing.

- **Section 6 — Audit & Assurance**: SOC 2, ISO 27001, segregation of funds, audit access for your statutory auditor.

- **Section 7 — Pricing & SLAs**: account fees, FX margins, SEPA/SWIFT costs, ticket response times, monthly minimums.

- **Section 8 — Exit & Continuity**: notice periods, de\-risking triggers, account closure run\-off, data portability.

## Section 1 — Operational Fit \(5 questions\)

Operational fit is the cheapest section to fail and the most expensive to discover late. A bank can be willing to onboard you and still be **structurally incompatible** with the way you actually move money.

1. Can you provide **segregated client money accounts** with dedicated IBANs per end\-client?

1. Which currencies do you settle natively \(**EUR, GBP, USD, CHF, SGD, AED**\) and which require correspondent banking?

1. Do you support **SEPA Instant**, **SWIFT gpi**, and **Faster Payments** out of the same legal entity?

1. Which payment file formats do you accept \(**pain.001 ISO 20022, MT103, JSON API**\) and what is the cutoff for same\-day execution?

1. Do you provide an **API\-first** interface with sandbox access, or is the relationship dashboard\-only?

## Section 2 — Substance & AML Stack \(7 questions\)

This is the section the bank's MLRO will read first. The **FCA**'s [SYSC 4](https://www.handbook.fca.org.uk/handbook/SYSC/4/) general organisational requirements²[^2] map almost one\-for\-one to what every credit institution will probe — governance, three lines of defence, MLRO authority, and reporting lines.

1. How many **local FTEs** do you have in your licensed jurisdiction, and where do compliance and operations report?

1. Is your **MLRO** board\-approved, full\-time, and resident in the licensing jurisdiction?

1. Which **transaction monitoring vendor** do you use \(on\-chain and fiat\-leg\), and what are your tuning thresholds?

1. Provide your **EDD playbook** for high\-risk customer types \(PEPs, non\-cooperative jurisdictions, privacy\-coin counterparties\).

1. What is your **SAR / STR filing** cadence for the last 12 months, in absolute and per\-account terms?

1. How do you handle **source\-of\-funds** and **source\-of\-wealth** evidence on crypto\-derived deposits over €100,000?

1. Provide the last **regulatory inspection findings** \(redacted\) and remediation timelines.

## Section 3 — Transaction Profile Fit \(6 questions\)

Volume mismatch is the single biggest reason post\-onboarding accounts get closed. The bank approves you assuming €5M/month and 200 transactions; you actually run €40M and 8,000 transactions. Pre\-empt the entire conversation by disclosing forecast volumes against the bank's stated thresholds. The [PSD2 Directive](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015L2366)³[^3] framework is the baseline the bank will use to size your liquidity and risk profile.

1. What are your **monthly volume thresholds** before mandatory review \(per account, per currency\)?

1. What is your **single\-ticket limit** for outbound SWIFT and SEPA without manual approval?

1. Which **counterparty geographies** are categorically off\-limits \(vs reviewable case\-by\-case\)?

1. What fiat/crypto ratio is acceptable for our **on\-ramp / off\-ramp** flow before triggering enhanced review?

1. Do you accept inbound payments from **non\-VASP exchanges** routed through OTC desks?

1. How many other **licensed crypto clients** of comparable volume do you currently service, and what is your concentration cap?

## Section 4 — Sanctions & Screening \(5 questions\)

Sanctions failures are existential. The bank will assume you do nothing here unless you can document the opposite — vendor, list cadence, secondary\-sanctions logic, and the human escalation path. **OFAC, EU consolidated list, UN, HMT, and SECO** are the minimum five.

1. Which **screening vendor** do you use for names, vessels, addresses, and crypto wallets?

1. What is your **list\-refresh cadence** — real\-time, hourly, end\-of\-day?

1. How do you treat **secondary sanctions** exposure \(e.g. Russia\-adjacent counterparties through CIS jurisdictions\)?

1. Do you operate **on\-chain analytics** \(Chainalysis, Elliptic, TRM Labs\) on incoming wallet flows?

1. What is the **escalation SLA** from alert to human decision, and who has authority to release a held payment?

## Section 5 — Custody Flow Integration \(5 questions\)

Under [MiCA](https://eur-lex.europa.eu/eli/reg/2023/1114/oj)⁴[^4] Title V, **CASPs** must segregate client assets and rely on **qualified custodians** for the crypto leg. The bank needs to know exactly which custodian payment instructions originate from, and which wallets are pre\-whitelisted.

1. Do you support **whitelisting** of a named qualified custodian as the sole counterparty for fiat instructions?

1. What is your policy on **on\-ramp / off\-ramp** volumes per end\-user per month?

1. Do you carry **Travel Rule** payload metadata through the fiat leg using ISO 20022 reference fields?

1. Can you provide a **named relationship manager** who has worked with crypto\-native EMIs in the last 24 months?

1. What is your stance on **stablecoin issuance reserves** held in tokenised MMF, T\-bills, or pure deposits?

## Section 6 — Audit & Assurance \(6 questions\)

Your statutory auditor will need access to the bank's systems for confirmations, balance proofs, and walkthroughs. Under [DORA](https://eur-lex.europa.eu/eli/reg/2022/2554/oj)⁵[^5], you also need to evidence ICT third\-party risk management — and the bank is squarely in scope.

1. Provide current **SOC 2 Type II** and **ISO 27001** certificates, dated within the last 12 months.

1. How are **client funds segregated** — on balance sheet, trust account, or central bank reserve?

1. Will you sign an **audit access letter** to our statutory auditor \(Big Four or equivalent\) within 10 business days of request?

1. Do you support a **DORA**\-compliant ICT third\-party agreement with named subcontractor disclosure?

1. Provide your **BCP** and last live failover test report.

1. What is the **RTO and RPO** you commit to under your master services agreement?

## Section 7 — Pricing & SLAs \(8 questions\)

Pricing is where the RFP delivers visible savings. Asking three or more counterparties to bid the same line items typically compresses FX margins by **15–35 bps** and SEPA/SWIFT fees by **20–50%** versus the first quote.

1. Account opening fee, monthly maintenance, **per\-sub\-account** charge.

1. All\-in **FX margin** for top 5 pairs at three notional bands \(€100k, €1M, €10M\).

1. SEPA, SEPA Instant, and **SWIFT** per\-transaction cost, both originating and incoming.

1. Any **monthly minimums** or revenue floors?

1. Documented **ticket response SLA** by severity \(P1 / P2 / P3\) and after\-hours coverage.

1. Settlement cutoff times per currency, and **weekend / bank holiday** coverage.

1. Interest paid on **safeguarded balances** \(EMI client money\), and the rate\-setting mechanism.

1. Price\-review schedule and **price\-rise notice period**.

## Section 8 — Exit & Continuity \(5 questions\)

The **EBA** has explicitly told supervised banks to stop **wholesale de\-risking** of customer categories in its [Guidelines on de\-risking](https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-countering-financing-terrorism/guidelines-policies-and-procedures-de-risking).⁶[^6] That said, individual account exits remain perfectly legal and the most common source of operational pain for crypto firms. Get the exit terms in writing before you sign.

1. What is your **contractual notice period** for unilateral account closure?

1. List the **specific triggers** that automatically initiate exit \(e.g. SAR over X, change of control, regulator censure\).

1. During **run\-off**, which functions remain live \(incoming\-only, outgoing\-only, FX\)?

1. What **data portability** do you provide on exit \(transaction history format, retention period\)?

1. Will you provide a **reference letter** to a successor bank stating the relationship was not closed for AML reasons \(where true\)?

## Sales\-Pitch vs RFP\-Driven Onboarding

Same shortlist, same firm, two different processes. The outcome diverges sharply on timeline, leverage, pricing, and the quality of the relationship that follows.


*Table: Sales\-pitch onboarding vs RFP\-driven onboarding — comparative outcomes on a 3–5 bank shortlist.*

| Dimension | Sales\-pitch approach | RFP\-driven approach |
| --- | --- | --- |
| Time to first signed term sheet | 12–16 weeks | 6–8 weeks |
| Leverage on pricing | None — bank's standard sheet | High — competing bids on same line items |
| FX margin outcome | Standard book rate | 15–35 bps tighter |
| SEPA / SWIFT per\-tx fee | Standard | 20–50% lower |
| Exit terms | Bank's boilerplate, often 30\-day notice | Negotiated 60–90 day notice with reference\-letter clause |
| Visibility into bank's MLRO concerns | None until question lists arrive | Pre\-empted in your RFP responses |
| Quality of post\-signing relationship | Reactive, treated as risk | Structured, treated as institutional client |

## Weighting Rubric by Firm Type

Sections are not equally important for every firm. A stablecoin issuer cares disproportionately about custody flow and audit; an MSB cares about transaction profile and pricing; a CASP cares about substance and exit. Use the table below as a starting point and adjust within ±5 points per section based on your specifics.


*Table: Section weighting by firm type \(sum to 100\). Adjust ±5 per section based on stage and volume.*

| Section | CASP | EMI / PI | MSB | Stablecoin issuer |
| --- | --- | --- | --- | --- |
| 1. Operational Fit | 10 | 20 | 15 | 10 |
| 2. Substance & AML Stack | 20 | 15 | 15 | 15 |
| 3. Transaction Profile | 10 | 15 | 25 | 10 |
| 4. Sanctions & Screening | 15 | 10 | 15 | 10 |
| 5. Custody Flow | 15 | 5 | 5 | 25 |
| 6. Audit & Assurance | 10 | 15 | 5 | 20 |
| 7. Pricing & SLAs | 10 | 15 | 15 | 5 |
| 8. Exit & Continuity | 10 | 5 | 5 | 5 |

## The Scoring Rubric

Grade each of the 47 answers on a **0–5 scale**. The rubric must be published inside the RFP so respondents calibrate to it.

- **5 — Best in class**. Quantitative answer, evidence attached, exceeds the asked threshold. E.g. "SOC 2 Type II dated 4 months ago, attached, no exceptions."

- **4 — Meets standard**. Quantitative answer with one minor gap. E.g. "SOC 2 Type II dated 11 months, attached."

- **3 — Adequate**. Qualitative answer, no evidence, but plausible. "We hold SOC 2."

- **2 — Concerns**. Vague answer, hedged, or partial. "We can discuss this on a call."

- **1 — Major gap**. Non\-answer or admission of absence. "Not currently in place."

- **0 — Disqualifying**. Refusal to answer, evidence of non\-compliance, or red\-flag inconsistency with another answer.

Multiply the score by the section weight from the rubric, sum across sections, and rank counterparties by the total. A composite score below **60 out of 100** should be eliminated regardless of the relationship. A counterparty scoring 0 on any single question should also be eliminated even if their total is high — the zero indicates either a hard gap or a refusal to engage at the right level.

## Common RFP Mistakes

Six patterns kill more RFPs than any underlying problem with the firm itself. Avoid all six and the response rate from serious counterparties climbs above **80%**.

- **Too long**. 47 questions is the ceiling. Add a 48th and respondents triage — drop one and you weaken the rubric.

- **No deadline**. A 21\-day response window is standard. No deadline signals no buyer power.

- **Sent to too many counterparties**. 3–5 is correct. More than 7 looks like a spray\-and\-pray and serious banks decline.

- **No rubric disclosed**. Without the weighting matrix, respondents over\-invest in the wrong sections.

- **Hiding your own profile**. Forecast volumes, geographies, custodian, and licence status belong in the cover memo. Banks will not bid blind.

- **Treating the RFP as the final negotiation**. It is the start. The winner is brought back for a second round on pricing and SLAs before signing.

## FAQ

### Should crypto firms use an RFP for bank selection?

Yes, if the firm has any meaningful operational profile \(forecast volumes above €1M/month, a real licence, or multi\-currency needs\). Below that scale, an RFP is overkill and a structured shortlist call works. Above it, an RFP almost always pays for itself in the first 12 months through **FX margin compression alone**.

### How many banks should an RFP go to?

Three to five. Fewer than three and you have no real comparison; more than seven and serious counterparties suspect a tender\-stuffing exercise and decline to respond. Mix the shortlist across **Tier\-1 EU clearing banks, specialist crypto\-native EMIs, and one BaaS sponsor bank** to test the full range.

### How long should the response window be?

21 calendar days is the market standard. Shorter and you exclude banks whose answers must clear a credit committee; longer and the urgency evaporates and responses drift to the bottom of someone's inbox.

### Will banks actually respond to an RFP from a crypto firm?

The serious ones do — and at much higher rates than they respond to cold outreach. A well\-structured 47\-question RFP signals you understand the bank's diligence burden and have already done half the work. Response rates from properly shortlisted counterparties run at **75–90%** in our experience, compared with sub\-30% for unstructured pitches.

### Can you reuse an RFP across jurisdictions?

The eight\-section structure is portable. The specific questions in Sections 1, 4, and 5 need light localisation — currency rails, sanctions list mix, and custodian whitelisting all shift between the **EU, UK, Singapore, and UAE**. The weighting rubric and scoring scale stay the same.

> **Call to action:** Run our 47\-question RFP on your shortlist. Finconduit drafts, sends, scores responses, and books the final negotiation. Book a free assessment.

## Related Guides

- [What Banks Actually Evaluate When Onboarding a CASP](/resources/what-banks-evaluate-casp): the inside\-view rubric your RFP needs to pre\-answer.

- [The Three\-Bank Resilience Standard](/resources/three-bank-resilience-standard): why your RFP should always close at least two relationships, never one.

- [Cost of Banking a Regulated Crypto Firm 2026](/resources/cost-of-banking-crypto-firm-2026): the benchmark price book to calibrate your Section 7 scoring.

- [Time\-to\-Bank Benchmark 2026](/resources/time-to-bank-crypto-firm-2026): realistic timelines that justify the 8\-week target an RFP enables.

The 47\-Question Banking RFP is a procurement tool, not a sales script. Treat it as such and the conversation with your shortlist banks changes character within a single cycle — from supplication to negotiation, and from a 16\-week wait to an 8\-week commitment with **price leverage built in**. Build the rubric once, refine it with every cycle, and your treasury function compounds its bargaining position with every renewal.

## Footnotes

[^1]: European Banking Authority, Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions \(EBA/GL/2023/03\), 31 March 2023. <https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-countering-financing-terrorism/guidelines-customer-due-diligence-and-factors-credit-and-financial-institutions-should-consider>
[^2]: Financial Conduct Authority, Handbook SYSC 4 — General organisational requirements, FCA Handbook \(current version\). <https://www.handbook.fca.org.uk/handbook/SYSC/4/>
[^3]: Directive \(EU\) 2015/2366 of the European Parliament and of the Council on payment services in the internal market \(PSD2\), OJ L 337, 23.12.2015. <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015L2366>
[^4]: Regulation \(EU\) 2023/1114 of the European Parliament and of the Council on markets in crypto\-assets \(MiCA\), OJ L 150, 9.6.2023. <https://eur-lex.europa.eu/eli/reg/2023/1114/oj>
[^5]: Regulation \(EU\) 2022/2554 of the European Parliament and of the Council on digital operational resilience for the financial sector \(DORA\), OJ L 333, 27.12.2022. <https://eur-lex.europa.eu/eli/reg/2022/2554/oj>
[^6]: European Banking Authority, Guidelines on policies and procedures in relation to compliance management and the role and responsibilities of the AML/CFT Compliance Officer \(EBA/GL/2023/04\), 14 June 2022. <https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-countering-financing-terrorism/guidelines-policies-and-procedures-de-risking>


---
Source: https://finconduit.com/resources/banking-rfp-47-question-template-crypto