---
title: Multi-Bank Treasury Architecture for Regulated Fintechs (2026)
slug: multi-bank-treasury-architecture
publishedAt: 2026-05-02T09:00:00Z
author: Finconduit Editorial Team
tags: MiCA, DORA, PSD2
canonicalUrl: https://finconduit.com/resources/multi-bank-treasury-architecture
---
# Multi-Bank Treasury Architecture for Regulated Fintechs (2026)

The four-layer multi-bank treasury model for CASPs, EMIs, and payment institutions — operating, safeguarding, EMI rails, capital, FX. Why single-bank fails and how to build redundancy.

A regulated fintech with a single bank relationship is one supervisory letter away from operational shutdown. The 2023 collapses of Signature Bank and Silvergate, Silicon Valley Bank's collapse\-and\-rescue, and the cascade of crypto de\-bankings across European banks since 2018 prove the same point in three different ways: bank concentration is **treasury** risk, and **treasury** risk for a regulated firm is licence risk.

The mature **treasury** architecture for a **CASP**, **EMI**, or payment institution in 2026 uses **4–6 institutions** across distinct functions and jurisdictions. Operating accounts in two countries. Client safeguarding **ring\-fenced** under **MiCA Article 75** at a separate credit institution. **EMI rails** for inbound client deposits. A **USD** **correspondent bank**. Treasury and **FX** with a fourth provider. Built in calm, this architecture costs 0.5–**1%** more on operating expense than a single\-bank setup. Built in panic during a 30\-day termination notice, it is impossible.

This guide explains the architecture: the four\-layer model, why each layer needs to be at a different institution, how to choose the institutions, the **reconciliation engine**ering required to run multi\-bank operations, and the annual operational discipline \(de\-banking drill, **quarterly review**\) that turns architecture into resilience. Treasury redundancy is not optional for a regulated crypto firm. The question is whether you build it before you need it or after.

## Why Single\-Bank Treasury Fails

Single\-bank **treasury** sits on three correlated failure modes that the [EBA Opinion on de\-risking](https://www.eba.europa.eu/) documents explicitly. Each one alone is enough to halt a **CASP** for weeks; together they describe the historical pattern of every crypto\-firm operational shutdown.¹[^1]

- Direct termination. Bank closes the account on its standard contractual notice \(30–**90 days**\). Documented hundreds of times across EEA crypto firms.

- Correspondent failure. Bank's **USD** or **EUR** correspondent withdraws nostro line. Bank then drops every crypto client overnight to preserve the relationship.

- Bank failure. The bank itself fails \(Signature, Silvergate, SVB pattern\). All accounts frozen during resolution; **client safeguarding** becomes a deposit\-insurance question.

> **Warning:** The Silvergate / Signature lesson was not 'crypto banking is over' — it was 'a fintech with one banking relationship to a specialised crypto bank had no path out'. Firms with diversified banking architectures lost weeks; firms with single\-bank dependencies lost the company. Build for the second scenario, not the first.

## The Four\-Layer Treasury Model

The architecture decomposes **treasury** into four functional layers, each of which must sit at a different institution for redundancy purposes. Mixing layers in a single bank is the single most common architectural mistake.


*Table: The four\-layer multi\-bank treasury model — minimum institutions and the rationale.*

| Layer | Purpose | Minimum institutions | Why separate |
| --- | --- | --- | --- |
| 1. Operating | Day\-to\-day cash, payroll, suppliers, tax | 2 \(primary \+ backup, different jurisdictions\) | 48\-hour activation if primary closed |
| 2. Client safeguarding \(MiCA Article 75\) | Ring\-fenced client crypto\-asset proceeds and e\-money balances | 1 dedicated, never the operating bank | Regulatory requirement; closure of operating bank does not touch safeguarding |
| 3. Inbound client deposits | Client funding rails — virtual IBANs, SEPA / SWIFT inbound | 1 EMI \(Paysera, Striga, Modulr, Banking Circle\) | Reduces concentration on safeguarding bank; faster IBAN issuance |
| 4. Treasury / FX / capital | Prudential capital own funds, FX hedging, liquidity management | 1–2 separate institutions | Capital must be segregated from client funds; FX continues during operating disruption |

> **Note:** USD treasury is a fifth layer for any fintech with material US\-denominated exposure — supplier costs, stablecoin flows, OTC settlement. See the dedicated USD treasury guide for provider selection \(BCB Group, Cross\-River, Customers Bank, JP Morgan, Wise Business, FV Bank\). Combined with the four EUR/GBP\-side layers above, the full architecture is typically 5–7 institutions.

## Layer 1 — Operating Accounts \(Primary \+ Backup\)

The operating layer needs **two banks** in two jurisdictions. Primary handles day\-to\-day flows; backup is funded, mandate\-tested, and ready to absorb operating volume within **48 hours** of a primary disruption. Same\-jurisdiction backups fail the test — a **Lithuania**n primary with a **Lithuania**n backup sits behind the same correspondent network and can lose **USD** access simultaneously.

- Primary in licence jurisdiction — **Bank of Cyprus**, **LHV**, **Banking Circle**, **ClearBank**.

- Backup in second jurisdiction — **BCB Group** \(**UK**\), **Sygnum Bank** \(**Switzerland**\), **Wio Bank** \(**UAE**\) for non\-EEA backstop.

- Both fully funded with **30 days** of operating expense. A backup with €0 balance is theatre, not architecture.

- Both with active payment mandates — verify quarterly that signatories are current, beneficiaries are loaded, and a test outbound payment lands without manual escalation.

## Layer 2 — Client Safeguarding

**MiCA Article 75** requires **CASP**s holding client crypto\-assets to keep them segregated from **CASP** own assets, with arrangements that protect the client in **CASP** insolvency. **EMI** and **PI** safeguarding rules under the [Payment Services Directive](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L2366) and the [Electronic Money Directive](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0110) impose equivalent obligations on fiat client funds. The architecture imperative: safeguarding sits at a credit institution that is not your operating bank, with daily reconciliation.⁵[^2]⁶[^3]

Many **CASP**s treat safeguarding as a paper exercise — a designated account at the same bank as operating, with a label. This fails the segregation test the moment the operating bank issues a termination notice: client funds are frozen alongside corporate funds during the migration. Regulatory inspections increasingly probe this. The Bank of **Lithuania** has explicitly criticised co\-located operating\-and\-safeguarding arrangements.

- Dedicated **safeguarding account** at a separate credit institution — never the operating bank.

- Daily reconciliation between book balance \(per the client ledger\) and bank balance.

- Quarterly external attestation to the NCA confirming no shortfall.

- Clear written agreement with the safeguarding institution naming the trust nature of the funds.

## Reconciliation Engineering Across Multiple Banks

The technical hard part of **multi\-bank architecture** is reconciliation. With one bank and one ledger, end\-of\-day reconciliation is trivial. With four to seven institutions across multiple currencies and timezones, it requires deliberate engineering.

- Treasury management system \(**TMS**\) or equivalent custom infrastructure — pulls balances from every institution daily via **SWIFT** MT940 / MT942, ISO 20022 camt files, or institution\-specific A**PI**s.

- Single source of truth ledger — every transaction written first to an internal ledger; bank statements reconcile against the ledger, not the other way around.

- Sweep automation — scheduled **liquidity** **sweep**s move funds between layers to maintain target balances; manual **sweep**s for unscheduled movements.

- Exception monitoring — out\-of\-tolerance reconciliation differences alert the **treasury** team within 1 hour, not the next morning.

- Audit trail — every internal movement, every external transfer, every reconciliation event timestamped and immutable.

## **DORA** and the ICT Implications of Multi\-Bank Architecture

The [Digital Operational Resilience Act](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022R2554) applies to every **CASP**, **EMI**, and payment institution from January 2025 and significantly raises the bar on third\-party ICT risk management. Multi\-bank architecture intersects **DORA** on three fronts: each bank is an ICT third party for the bank\-side connectivity, the **TMS** is an ICT third party in itself, and the **treasury** operations team's runbooks must cover business continuity for any single\-institution failure.³[^4]

Practical **DORA** implications for **multi\-bank treasury**: maintain a third\-party register listing every banking institution, the **TMS** provider, and any reconciliation tooling; document exit strategies for each \(how to migrate balance away if the institution exits\); test the runbook annually with a tabletop exercise simulating a single\-institution termination; and report any material ICT incident affecting bank connectivity within **DORA**'s classification windows.

## Cost vs Resilience — The Numbers

Multi\-bank architecture costs more than single\-bank. The cost is meaningful but bounded; the upside is operational survival. The table below benchmarks the marginal annual cost of running a 5\-institution architecture vs a single\-bank setup for a mid\-sized **CASP** \(€100M annual revenue\).


*Table: Marginal annual cost of multi\-bank architecture vs single\-bank — mid\-sized CASP example.*

| Cost driver | Single\-bank | Multi\-bank \(5 institutions\) | Increment |
| --- | --- | --- | --- |
| Bank account fees \+ minimum balances opportunity cost | €10,000–€20,000 | €40,000–€80,000 | \+€30,000–€60,000 |
| Treasury management system \+ APIs | €0–€20,000 | €60,000–€150,000 | \+€60,000–€130,000 |
| Treasury team headcount \(FTE allocation\) | 0.25 FTE | 0.75–1.0 FTE | \+€60,000–€100,000 |
| Reconciliation tooling \+ audit | €10,000 | €40,000–€80,000 | \+€30,000–€70,000 |
| FX dealing margin \(consolidated provider\) | 0.25–0.5% | 0.15–0.25% \(better rates from competition\) | Saves 0.10–0.25% of FX volume |
| Total marginal annual cost | — | — | €180,000–€360,000 \(\~0.18–0.36% of revenue\) |

> **Tip:** 0.18–0.36% of revenue is the right order of magnitude for a mid\-sized CASP. The headline cost feels high in isolation; benchmarked against the cost of an operational shutdown \(typically €1–€5 million in lost revenue and remediation per incident, plus licence\-risk consequences\), the architecture pays for itself the first time a primary bank issues a termination notice.

## The Operational Discipline That Turns Architecture Into Resilience

- Annual de\-banking drill — pick one institution, simulate a 30\-day termination notice, exercise the migration plan end\-to\-end. Find the gaps before they find you.

- Quarterly bank review — relationship update with each institution, refresh **AML** and source\-of\-funds package, surface any operational concerns proactively.

- Monthly reconciliation review — out\-of\-tolerance items reviewed at the operations leadership level; trends in alert volume, not just point\-in\-time exceptions.

- Continuous third\-party register — **DORA** compliance plus practical readiness; updated within **30 days** of any change.

- Pre\-emptive disclosure of incidents to all banks, not just the affected one. Banks talk to each other; surprise discovery is far worse than self\-reporting.

## Frequently Asked Questions

### Is **multi\-bank architecture** mandatory under **MiCA** or **DORA**?

Not literally — neither **MiCA** nor **DORA** prescribes a minimum number of bank relationships. But **MiCA Article 75** segregation requirements and the Digital Operational Resilience Act **ICT third\-party** risk framework together make single\-bank architecture functionally non\-compliant. A **CASP** that cannot survive a single bank's exit fails **DORA**'s continuity\-of\-services test on first inspection.

### Can my **client safeguarding** live at the same bank as my **operating account** if I label it correctly?

Technically possible, structurally unsound. Several NCAs \(Bank of **Lithuania**, Central Bank of **Ireland**\) have flagged co\-located safeguarding as inadequate to **MiCA Article 75** — the segregation must be operationally robust, not just labelled. When the operating bank issues a termination notice, co\-located safeguarding gets caught in the same migration. Move safeguarding to a separate credit institution before the next supervisory inspection.

### How small a **CASP** needs **multi\-bank architecture**?

Any **CASP** serving real customers needs a minimum 3\-institution setup: operating, safeguarding \(separate\), and an **EMI** for inbound client deposits. The 5\-institution full architecture \(primary \+ backup operating, safeguarding, **EMI**, capital\) becomes proportionate at €5M–€10M annual revenue. Below that, the 3\-institution minimum is the floor; above €100M, **USD treasury** and a second backup should be added.

### What does an **annual de\-banking drill** actually look like?

A 4\-hour tabletop exercise: select an operating bank, simulate a 30\-day termination notice, run through the full migration plan in real\-time. Test signatory mandates at the backup bank. Generate the customer\-communication template. Verify reconciliation infrastructure handles a multi\-bank state. Document the gaps. Most **CASP**s find 5–10 things they did not expect — usually around mandate freshness, signatory authorisation lists, or backup\-bank balance tooling — and remediate within 60 days. The drill costs €5,000–€20,000 in time. The first real termination notice costs much more.

### Should the four layers all be in the same currency?

No — and **treasury** management gets harder when they are. Operating in **EUR**, safeguarding in **EUR**, capital in **EUR**, **USD treasury** at a **USD**\-native institution. **FX** between currencies happens at a dedicated **FX provider**, not through cross\-currency wire fees at any single bank. Multi\-currency, multi\-jurisdiction, multi\-institution is the mature posture.

### Does running 5\+ institutions create more **AML** risk?

Marginally more documentation work, materially less **concentration risk**. Each institution applies its own **AML** diligence, refreshes its own source\-of\-funds package, and surfaces issues independently. The aggregate **AML** monitoring posture across 5 institutions is stronger than at 1 — and discovery of an issue at one bank is more recoverable when 4 others are functioning normally.

> **Call to action:** Designing or remediating treasury architecture for your CASP, EMI, or payment institution? Finconduit scopes the right institution mix, makes vetted introductions, and supports the reconciliation engineering required to operate across 4–6 banking relationships safely. Get a free treasury architecture review.

## Related Guides

- [How to Get a Bank Account for a VASP or CASP](/resources/bank-account-vasp-casp): The 2026 banking playbook for regulated crypto firms

- [De\-Banking Response Playbook for CASPs](/resources/de-banking-response-playbook): What to do when your bank closes your account

- [USD Treasury for Non\-US Fintechs](/resources/usd-treasury-non-us-fintech): BCB, Wise, JP Morgan, **Cross\-River** — provider selection by volume tier

- [MiCA Compliance Guide for CASPs](/resources/mica-compliance-guide-casps): Authorisation walkthrough — capital, governance, supplier stack

Treasury architecture is the most underrated competitive moat in regulated fintech. Single\-bank operators are one supervisory letter from shutdown; multi\-bank operators have absorbed three bank closures over the last five years and kept growing. The cost of building this architecture in calm — 0.18–0.36% of revenue — is among the **highest**\-ROI investments a **CASP**, **EMI**, or payment institution can make. Build it before you need it. The institutions you onboard will not always say yes; the ones that do will quietly become the reason you survive the next industry\-wide stress event.

## Footnotes

[^1]: EBA Opinion on de\-risking, 5 January 2022 — addresses unjustified mass de\-risking of customer categories. <https://www.eba.europa.eu/>
[^2]: Directive \(EU\) 2015/2366 \(PSD2\) — payment services framework including safeguarding requirements for EMIs and PIs. <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L2366>
[^3]: Directive 2009/110/EC \(EMD2\) — Electronic Money Directive setting safeguarding rules for e\-money issuers. <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0110>
[^4]: Regulation \(EU\) 2022/2554 \(DORA\) on digital operational resilience for the financial sector, applicable from 17 January 2025. <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022R2554>


---
Source: https://finconduit.com/resources/multi-bank-treasury-architecture