Panama can work well for crypto teams that want structure without theatrics—as long as the product narrative, custody story, and banking posture are real and consistent. This field manual lays out how builders keep momentum from scoping to go-live, what evidence actually shortens clarifications, and how to talk to banks in a way that lands. For the official track and requirements, see Panama VASP license.
What Panama rewards (and what it doesn’t)
Panama rewards teams that can explain—in plain English—who they serve, which assets and corridors are in scope for version one, and how funds or tokens move from onboarding to withdrawal. It does not reward vague pitches or policy decks that don’t match screens. If your stack can move or safeguard client assets (exchange, OTC, hosted wallets, transfers, on/off-ramps), expect full AML/CTF responsibilities and custody discipline. If you’re genuinely non-custodial, the burden is lighter, but embedded routing, matching, or settlement can pull you into scope; validate that before code hardens.
Design a v1 that ships
Keep your first release tight. Treat derivatives, leverage, complex listings, or yield products as phase two. Version one that passes quickly tends to be: spot only, a short list of well-supported assets, simple disclosures that explain spreads/fees, and no exotic features that drag in extra conduct requirements. Put that scope in writing and let policies reflect exactly what’s in production—not future hopes.
Custody: the “no hand-waving” section
Reviewers and banks want a custody story they can repeat to their own risk teams. Spell out where keys live (HSM or audited multisig), who can approve movements (roles, not personal names), what gates withdrawals (dual approvals, velocity/amount limits, allow-lists for higher-risk cohorts), and how you reconcile (daily or weekly, who signs off, where evidence is stored). If you rely on third-party custodians or exchanges, keep vendor due diligence on file and refreshed—contracts, SOC/ISAE reports if available, and a short risk assessment that proves you actually read them.
Travel Rule: show it working, not promised
Pick an interoperable provider early, wire your primary corridors, and capture a handful of message traces: success, non-participant, failover. Attach them to your evidence pack. “We’ll implement later” is a month of clarifications you don’t need.
The banking story that lands on the first call
Every provider—EMI/PSP or bank—is answering four questions: who owns and runs the business (with evidence), what you do (in language an accountant understands), how funds move (corridors, monthly volumes, counterparties, currencies), and how you keep illicit flows out while safeguarding client assets (segregation, reconciliations, sanctions/KYC, monitoring that actually fires). Put these answers into a neat one-pager plus a simple flow diagram. When documents, website copy, and policies echo the same story, onboarding feels routine instead of theatrical.
Mini case: the on-ramp team that stopped arguing with reality
A payments/on-ramp startup arrived with a broad pitch and a thin evidence pack. They trimmed scope to three fiat corridors and two assets, implemented Travel Rule for those lanes only, and shipped dual-approval withdrawals with an approval log. They wrote a two-minute narrative and made their website match it. Clarifications dropped to a handful of targeted questions. Banking went from “come back later” to “send the pack” in one call. The lesson: sequence big—don’t cram big into v1.
Evidence bundle that actually shortens reviews
Think artifacts, not adjectives. Include: an onboarding flow with successful KYC and a sanctions-hit example; one transaction alert with analyst notes and timestamps; a withdrawal approval extract; a reconciliation snippet that ties wallets/accounts to the ledger; three Travel Rule traces (success, non-participant, fallback). Date everything. Store it in a tidy folder you can share at a moment’s notice. When the same artifacts answer regulator and bank questions, momentum compounds.
Governance that looks like you mean it
Name a Compliance Officer with a direct line to top management and minute the appointment. Keep a clean ownership chart and simple fit-and-proper packets for directors/UBOs (IDs, proof of address, short CVs). Approve the policy suite via dated resolutions. It doesn’t need to be grand—just organized, consistent, and real.
Sequencing that keeps you out of the weeds
Week 1–2: diagram onboarding → funding → action → withdrawal; mark who can move funds or keys at each step; lock v1 scope; shortlist KYC/KYB, Travel Rule, and custody vendors. Week 3–5: write AML/CTF, sanctions, monitoring, custody, security, and client disclosures straight from your diagram; capture screenshots/logs for the evidence bundle; appoint governance. Week 6+: file a complete pack; answer clarifications with short, artifact-backed replies; in parallel, open a fintech-friendly EMI/PSP so invoicing and payroll don’t wait on the last email. Add a bank (or second EMI) once the base is stable and volumes justify it.
Substance and perception (your quiet advantage)
Consistency beats headcount. Make sure legal names, addresses, and activity descriptions match across contracts, invoices, your website, and onboarding forms. Keep a resolutions log for anything material—banking access, officer changes, listing policy tweaks. Show a lightweight operational footprint: the tools you use, how access is controlled, where records live, how incidents get triaged. Diligence readers remember neat, boring files—in a good way.
Where teams lose time (and how to avoid it)
Vague activity narratives (“crypto platform”), blurry KYC scans, missing UBO evidence, and policy–product mismatches (“we run allow-lists” when you don’t) are the classic slowdowns. The fix is unglamorous: write the two-minute narrative first, make every document echo it, triple-check IDs/addresses, and only claim controls you can screenshot today. If you intend to expand features later, say so plainly—but keep the current application anchored to the base model.
If you’d rather have someone run the filings and assemble the bank-ready artifacts while you focus on shipping, LegalBison often leads the heavy lifting and aligns controls with what you’re actually building—details at legalbison.com.