[salawat]

Forget it. DoA due to Bank Secrecy Act, compliance costs (AML/KYC), money transmitter licensure, and the fundamental structure of the U.S. financial system

You could make a self-hostable solution, but the rest of the financial network would basically either refuse to accept your packets without sufficient proof of regulatory compliance in order to preserve their own good standing with regulators. It's a pretty jealously guarded sector, because it sorta has to be to make fiscal crime tractable.

I mean... Go for it if you want. Just be aware, your resulting impl cannot be legally employed without a money transmitter license.

[alexmccain6]

That’s a fair point, and I agree with the core issue you’re raising. Anything that takes custody of funds or acts as an intermediary in the US quickly runs into BSA, AML/KYC, and money transmitter requirements, and those exist for good reasons.

The angle I’m exploring isn’t to bypass regulation, but whether a non-custodial, self-hosted orchestration layer can exist that never holds funds and only works on rails that already support direct settlement. The model is closer to paying a shop directly than paying through an intermediary....the software is never a counterparty, never pools funds, and the regulated entities remain the banks or processors on both ends.

In a US scenario, the idea would be that the merchant runs the software themselves, and onboarding doesn’t abstract compliance away but explicitly guides them through what they need in place to legally accept payments, linking out to the appropriate providers and only working once those are set up. My question is whether, in your view, that meaningfully changes the regulatory posture, or if simply being part of the payment initiation path still makes MSB treatment unavoidable.

Appreciate you calling this out....it’s exactly the constraint I’m trying to understand.

[salawat]

The issue is there is no non-custodial option by definition. You are either doing what a financial institution has to do by law (Full compliance system), or you're outsourcing to someone else who does, in which case you haven't negated the non-cooperative custodian risk that you set out to mitigate in the first place.

The only real choice left is to accept a minimalized compliance system that just squeaks by mister to be accepted by the big guys, (which still leaves the risks of the rest of the system eventually locking you out), and places a significant burden on you, the business owner to learn a lot of financial minutiae that has nada to do with your business other than integrating into the financial system), or just stick with a payment processor who already exists (not solving your problem).

Absolutely sucks, but that's what our system has evolved to.

[openspend]

Banks already do all these and as the OP mentioned, it's a layer on top of the bank. It's still traceable and fully compliant by the fact that banks know who is sending to who and how much with date time stamps.