MSB Safeguarding vs EMI Safeguarding: A Trans-Atlantic Architecture Comparison (2026)

A fintech operating both an EU EMI and a US state-licensed money transmitter, or a Canadian MSB alongside an EEA payment institution, lives inside two prudential regimes that look superficially similar and behave fundamentally differently. Both demand customer-fund protection. Both contemplate insolvency. Both impose record-keeping. Yet the architecture each regime imposes on the firm — and on the customer's money — diverges so sharply that founders routinely miss the gap until a regulator flags it during a thematic review or a US sponsor bank raises it during diligence.

We call this divergence the trans-Atlantic safeguarding gap. It is not a quibble of nomenclature. EMD2 Article 7 forces EU EMIs and PIs to operate a prudential ring-fence — segregation in a separate credit-institution account, investment in secure low-risk liquid assets, or insurance/guarantee — with daily reconciliation, fund-bankruptcy remoteness, and supervisor-led enforcement. The US state MTL regime, even after CSBS's Money Transmission Modernization Act convergence, substitutes a surety bond plus permissible-investments architecture that protects customers very differently. The Canadian MSB regime under PCMLTFA does not impose a directly equivalent prudential safeguarding requirement at all.

This article maps the gap. We walk through what EMD2 Article 7 actually protects, what US state MTL safeguarding looks like in 2026 under MTMA convergence, why Canadian MSBs sit inside an AML perimeter without a prudential equivalent, and what the gap means in practice for cross-border fintechs operating both regimes. We close with a forward look at PSD3 / PSR — and whether the gap closes, widens, or becomes more architecturally enforced once the new EU framework applies in late 2026 or 2027.

EMD2¹^[1] Article 7 — and the parallel PSD2 Article 10 for payment institutions — is the prudential cornerstone of the EU electronic-money regime. It mandates that EMIs and PIs safeguard customer funds received in exchange for e-money or for the execution of payment transactions, applying one of three permitted methods.

Method 1(a) — segregation: funds deposited in a separate account at an authorised credit institution, identified as customer money, ring-fenced from the EMI's own balance sheet. The separate-account designation is what carries the prudential weight: in EMI insolvency, the safeguarded funds are not part of the EMI's estate and are not available to the EMI's general creditors. Customers stand ahead of the credit queue.

Method 1(b) — secure low-risk liquid assets: funds invested in instruments defined by the home Member State's NCA. The Bank of Lithuania's permitted instrument list — among the most explicit in the EEA — includes publicly-traded bonds with a long-term rating of BBB+ or higher, short-term (≤1 year) deposits at credit institutions, and collective investment schemes investing in those instruments. This is the only EMD2 method that permits the EMI to earn yield on safeguarded funds.

Method 2 — insurance or guarantee: cover from an authorised insurer or credit institution outside the EMI's group, in an amount equal to the funds that would otherwise be safeguarded. Used rarely in practice — the policy market is thin and pricing typically uneconomic — but available as a regulatory option.

The EBA has issued substantial Q&A guidance refining the practical edges of the regime — see Single Rulebook Q&A 2020_5264²^[2] — covering eligible counterparties, third-country credit-institution treatment, and the contractual designation that a safeguarding account must carry on the credit-institution side. A critical fact for practitioners: per the EBA opinion of August 2019, EMI and PI deposits at credit institutions are explicitly excluded from the EU Deposit Guarantee Scheme. The protection comes from the safeguarding architecture itself, not from a backstop scheme.

What EMD2 Article 7 buys the customer in plain terms: bankruptcy remoteness from the EMI, supervisor-enforced segregation discipline (daily reconciliation, evidence packs reviewed in inspection cycles), and a prudential perimeter maintained by the home-state NCA. It does not buy DGS coverage; it does not buy insurance against the credit institution at which the safeguarded account sits failing. Those are residual risks the architecture leaves on the customer.

For our deeper coverage of how EMI safeguarding architecture is designed and stress-tested in 2026 — including the operational mechanics of daily reconciliation and the FCA CASS 15 regime effective 7 May 2026 — see our companion piece on EMI safeguarding architecture.

The US has no federal money-transmission safeguarding regime. FinCEN registers MSBs and supervises them under the Bank Secrecy Act for AML purposes only. Customer-fund protection sits at the state level, inside each state's money transmitter licence — and the substance varies state by state, even after the convergence push of CSBS's Money Transmission Modernization Act.

The CSBS MTMA³^[3] rests on three pillars: net-worth (capital), surety bond, and permissible-investments (liquidity). As of April 2026, 31 states have enacted MTMA in full or in part — meaningful convergence, but not uniformity. NY DFS, California DFPI, Texas Department of Banking, and Florida OFR each retain meaningful state-specific overlays.

The mechanics, broadly:

• Surety bond — a third-party surety company guarantees performance of the licensee's obligations up to a stated amount. Bond minimums range from $250,000 (CA traditional MTL floor) to $500,000 (NY DFS floor) and scale up to $7,000,000 (CA top-of-band) based on average daily outstanding obligations.

• Permissible investments — the licensee must hold qualifying assets equal to or greater than its outstanding payment-instrument liability. Permissible categories typically include cash, demand deposits at insured depositories, US Treasuries, agency obligations, and certain investment-grade securities. State lists differ in detail.

• Customer-fund segregation — required by some states (NY in particular) but treated less prescriptively than EMD2 Article 7. The customer-fund pool is not always insulated from the licensee's general estate in the way a Method 1(a) safeguarding account is in the EU.

The structural difference: where EMD2 Article 7 imposes a prudential ring-fence enforced by a single home-state NCA across the EEA passport, US state MTL safeguarding rests on a third-party performance bond plus a balance-sheet liquidity test, supervised by 50 different state regulators with overlapping but non-identical rule sets. The 2024 Synapse-related disruption made the gap operationally vivid: when a BaaS programme failed, the absence of an EMD2-equivalent ring-fence at the bank-fintech boundary contributed to the months-long reconciliation that left customer funds stranded.

For our deeper coverage of US MSB banking, sponsor diligence, and post-Synapse expectations, see our piece on US MSB banking in 2026.

Canadian MSBs operate under FINTRAC⁴^[4] registration under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). The framework covers foreign exchange, money transfer, money orders, virtual currency exchange and transfer, and (post-2024 amendments) crowdfunding platform services. The 26 March 2026 Royal Assent on the Strengthening Canada's Immigration System and Borders Act and the Budget 2025 Implementation Act both contained material PCMLTFA amendments — AML perimeter tightening, not prudential expansion.

This is the critical structural fact: the Canadian MSB regime is an AML/CTF supervisory framework. It does not impose a directly equivalent prudential safeguarding obligation on MSBs holding client funds. There is no PCMLTFA equivalent of EMD2 Article 7's segregation methods. There is no federal surety-bond requirement of the kind US states impose. Customer-fund protection, where it exists, is a function of the MSB's contractual arrangements and provincial overlays — not a federal prudential rule.

The provincial layer matters. Quebec's Money-Services Businesses Act (CQLR c. E-12.000001), administered by the Autorité des marchés financiers, adds licensing and integrity requirements with extraterritorial reach to entities serving Quebec residents. But even Quebec's regime focuses on integrity, security clearance (Sûreté du Québec), and respondent presence — not prudential ring-fencing of customer funds in the EMD2 sense.

For Canadian MSBs that need bank accounts to operate, the absence of a prudential safeguarding regime is a recurring point of friction with sponsor banks: the bank wants to know how customer funds are protected, and the answer cannot point to a federal prudential rule. The MSB has to design the architecture itself and document it for the sponsor's diligence file. We cover this dynamic in our piece on Canadian MSB banking in 2026.

When founders move governance models from an EU EMI into a US MTL operation (or vice versa), five EMD2 protections do not transfer. Recognising the gap is the precondition for designing a harmonised governance pattern that covers both regimes.

EMD2 Method 1(a) makes safeguarded funds unavailable to the EMI's general creditors in insolvency. State MTL surety bonds pay out a fixed maximum amount; permissible-investments tests provide a balance-sheet floor but do not by themselves create bankruptcy remoteness for the customer-fund pool. Canadian MSBs have no federal equivalent at all.

EU NCAs increasingly expect daily reconciliation as a baseline; the FCA's CASS 15 regime effective 7 May 2026 formalises this for UK safeguarding. US state MTL reporting cadences are quarterly or monthly; daily reconciliation is a sponsor-bank ask, not a statutory rule. Canadian MSBs face no federal cadence requirement.

An EU EMI authorised in Lithuania faces one home-state NCA — the Bank of Lithuania — across all EEA passporting. A US MTL operator faces 50 state regulators with overlapping but non-uniform rules. Canadian MSBs face FINTRAC plus provincial regulators with different scopes. Single supervisor is a structural EU advantage for safeguarding governance.

EMD2 Method 1(b) gives the EMI a defined universe of secure low-risk liquid assets — Bank of Lithuania publishes the list explicitly (publicly-traded BBB+ bonds, ≤1-year credit-institution deposits, qualifying CIS). US permissible-investments lists vary state-by-state. Canadian MSBs have no equivalent prescribed list. The EU regime trades flexibility for regulatory certainty on the yield architecture.

EMD2 requires the credit institution holding the safeguarded funds to recognise the account's safeguarded status — typically a contractual designation that prevents set-off and ensures the bank treats the account as customer money. US sponsor-bank custodial-account arrangements are improving (notably under the FDIC October 2024 proposed Recordkeeping for Custodial Accounts rule), but the contractual designation is not yet a uniform federal requirement. The 2024 BaaS-disruption episode exposed the gap painfully.

For a firm operating an EU EMI and a US state-licensed MTL — or a Canadian MSB alongside an EEA PI — the governance question is how to architect a single firm-wide safeguarding control framework that satisfies the strictest applicable requirement at each touchpoint, without forcing the looser regime to bear unnecessary cost. The dominant pattern in 2026:

• Adopt EMD2 Article 7 as the firm-wide baseline. Run daily reconciliation across all customer-fund pools (EU and non-EU). Apply Method 1(a) segregation discipline to all customer money. Document the safeguarding policy as a single firm-wide instrument.

• Layer the US state-MTL surety bond and permissible-investments overlays on top — these are statutorily required, but the segregation and reconciliation discipline is already in place from the EMD2 baseline.

• For Canadian MSB operations, document the contractual safeguarding architecture explicitly — the absence of a federal rule means the firm must affirmatively design the customer-fund protection and present it to sponsor banks as a deliberate framework, not an inherited one.

• Maintain a single safeguarding evidence pack — daily reconciliation log, designation letters from credit institutions, surety bond certificates, permissible-investments schedule, MTMA-state-specific filings — accessible on inspection notice from any of the firm's regulators.

Provisional agreement on PSD3 and the Payment Services Regulation has been reached, with application expected late 2026 or 2027. The reform collapses EMD2 into PSD3 — EMIs become a sub-category of PIs — and tightens the safeguarding architecture under what was PSD2⁵^[5] Article 10 in three substantive ways:

• Mandatory diversification — above a threshold, customer funds must be spread across at least two credit institutions. Single-bank concentration becomes non-compliant.

• Central-bank safeguarding allowed — PIs may safeguard funds directly with central banks, removing the credit-institution counterparty risk on a portion of the pool.

• 24-hour segregation timeline — tightens from the current 5-day envelope to 24 hours, formalising daily-reconciliation expectations into statute.

What does this mean for the trans-Atlantic gap? PSD3 widens the gap, not closes it. The EU is moving toward stricter prudential safeguarding — diversification, central-bank option, intraday timeline. Neither US state MTL nor Canadian MSB regimes have analogous reforms in flight. The CSBS MTMA convergence push focuses on uniformity across states, not on architectural deepening. Canadian PCMLTFA amendments target AML, not prudential safeguarding.

For cross-border firms, the practical implication is that the EMD2 Article 7 baseline pattern we recommend today becomes more demanding under PSD3 — multi-bank safeguarding, central-bank option, 24-hour segregation. The firm-wide harmonised policy needs to anticipate this trajectory, not lock in to the current EMD2 floor. Our piece on state MTL safeguarding comparison tracks the US-side detail; our EMI safeguarding architecture piece covers the EU side and PSD3 readiness in depth.

No. The EBA's August 2019 opinion confirms that EMI and PI deposits at credit institutions are excluded from EU Deposit Guarantee Scheme coverage. The protection comes from the EMD2 Article 7 ring-fence itself — bankruptcy-remoteness from the EMI — not from a backstop scheme. This is a residual risk founders should be aware of when selecting safeguarding counterparties.

Yes, by adopting EMD2-style segregation as a firm-wide control even though the state statute does not require it. The for-benefit-of (FBO) account architecture used by sponsor banks in the US can approximate EMD2 Method 1(a) segregation if documented properly — designation letter, no set-off, customer-money treatment in the bank's records. The 2024 BaaS-disruption episode and the FDIC's October 2024 proposed Recordkeeping for Custodial Accounts rule are pushing the US market toward stronger documentation, but it is not yet a federal prudential rule.

Design the architecture by contract and document it for the sponsor bank. Most credible Canadian MSB operations adopt EMD2-style segregation voluntarily — separate operating account from customer-fund pool, daily reconciliation, designated account at the sponsor bank, no commingling with operating capital. The absence of a federal prudential rule does not mean the firm can skip the architecture; it means the firm has to author it.

PSD3 codifies the principle the Three-Bank Resilience Standard already recommends: customer funds spread across multiple credit institutions to remove single-bank concentration risk. PSD3 sets the regulatory floor at two; the operational standard remains three for resilience under stress (de-risking exit by one of the safeguarding banks). Firms designing safeguarding architecture today should target three credit institutions to satisfy both the PSD3 floor and the operational resilience standard.

The FCA's CASS 15 regime, effective 7 May 2026, applies to FCA-authorised payment institutions and EMIs operating in the UK. EU EMIs that lost passporting post-Brexit and operate in the UK via a UK subsidiary or branch fall in scope through the UK entity. The regime tightens reconciliation cadence, introduces clearer designation requirements, and aligns UK practice with the direction PSD3 is taking on the EU side.

• EMI Safeguarding Architecture — the EU-side deep dive on EMD2 Article 7, daily reconciliation, and PSD3 readiness.

• US MSB Banking in 2026 — sponsor-bank diligence patterns and the post-Synapse environment for US money transmitters.

• Canadian MSB Banking in 2026 — FINTRAC + AMF Quebec architecture and the FINTRAC-only banking ceiling.

• State MTL Safeguarding Comparison — NY, CA, TX, FL detail on surety bond and permissible-investment rules under MTMA convergence.

• Banking Access for Regulated Fintechs — our service: cross-border safeguarding architecture design, sponsor-bank introductions, supervisor-readiness packs.

The trans-Atlantic safeguarding gap is not narrowing. PSD3 will deepen the EU prudential perimeter while US state MTL and Canadian MSB regimes consolidate around their existing architectures. For cross-border firms the durable answer is to adopt the strictest applicable regime as the firm-wide baseline, layer the looser regimes' overlays on top, and document the unified architecture in a single safeguarding policy that any of the firm's regulators — or any sponsor bank — can inspect on notice. Build for PSD3 today; it is the floor every cross-border firm will need to clear by 2027.