Crypto exchange white-label procurement evaluation toolkit (Phase 4 per-pillar artefact)

Why this dispatch exists

This is the fortieth dispatch and the fifteenth in the Phase 4 operationally-actionable artefact sub-series. The crypto exchange WL consolidation dispatch covered the durable LIMITED verdicts (Match-Trade Crypto, ETNA Software), the custody-WL boundary as most consequential 2026 procurement decision, the broker-stack-bundled versus institutional crypto-native segment boundary stability, and the per-regulatory-framework alignment requirements. This toolkit operationalises the procurement filters for crypto-touching archetypes (B, D, E, H with FSRA Virtual Asset Framework if applicable).

Crypto exchange WL procurement scope recap

The procurement scope spans two structurally stable segments:

Broker-stack-bundled. B2BX (B2Broker), Soft-FX crypto, Quadcode crypto, Match-Trader Crypto (LIMITED), Leverate crypto (PARTIAL FIT). Procurement-appropriate for combined CFD + crypto-asset operations.

Institutional crypto-native. ChainUp, AlphaPoint. Procurement-appropriate for tier-1 CASPs and VARA operators with institutional client segments.

High-throughput matching engines. Modulus (PARTIAL FIT), ETNA Software (LIMITED). Niche.

Open-source platforms. HollaEx, Openware (PARTIAL FIT). Niche.

Custody procurement (separate decision). Fireblocks, Komainu, BitGo Trust, Anchorage Digital, Hex Trust, Copper. Distinct from venue procurement per MiCAR Article 75 expectations.

Procurement-stage questionnaire (30 RFP questions)

Universal (5)

1. Provide pricing structure including base pricing, per-trade pricing if applicable, custody integration costs, integration costs.
2. List certifications including ISO 27001, SOC 2 Type II, jurisdiction-specific certifications.
3. Describe customer support framework.
4. Provide financial position disclosure.
5. Describe product roadmap including MiCAR-aligned feature commitments.

MiCAR / VARA / FSRA Virtual Asset Framework alignment dimensions (6)

6. Describe MiCAR-aligned positioning including Article 60 service category support, Title VI market abuse surveillance integration, and supervised reporting hooks.
7. (For Match-Trade Crypto / ETNA Software / equivalent positioning) Acknowledge LIMITED verdict for MiCAR-authorised CASP procurement and operator-side procurement disqualification.
8. Describe VARA rulebook alignment for DMCC operators including specific rulebook category support.
9. Describe FSRA Virtual Asset Framework alignment for ADGM operators if applicable.
10. Describe per-jurisdiction crypto-asset authorisation support including operator’s specific regulatory framework set.
11. Provide reference operators in operator’s specific regulatory framework with deployment scale.

Custody-WL boundary dimensions (5, most consequential)

12. Describe custody architecture including bundled custody capability versus external custody integration.
13. (Bundled custody) Describe MiCAR Article 75 segregation framework compliance, insurance coverage (typically 50-100M EUR commercial crime cover), and ongoing security audit framework.
14. (External custody integration) Describe specific custody vendor integrations (Fireblocks, Komainu, BitGo Trust, Anchorage Digital, Hex Trust, Copper) and operator-side custody procurement framework.
15. Acknowledge custody procurement as separate decision from WL procurement requiring explicit operator-side evaluation at decision stage.
16. Describe operator-side custody migration support if applicable.

Segment boundary dimensions (4)

17. Confirm your segment positioning (broker-stack-bundled versus institutional crypto-native). Describe operator-side procurement implications.
18. (Broker-stack-bundled) Describe operator-side broker stack integration including specific CFD platform integration if applicable.
19. (Institutional crypto-native) Describe institutional client segment depth including tier-1 CASP reference deployments.
20. Acknowledge segment boundary stability through 2025-2026 with unlikely cross-segment displacement.

Liquidity and market-making dimensions (4)

21. Describe liquidity provider integration including specific institutional crypto LP support and operator-side LP procurement framework.
22. Describe centralised exchange institutional access integration if applicable.
23. Describe DEX aggregator routing capability for tier-1 procurement if applicable.
24. Describe operator-side market-making infrastructure support.

Travel Rule and KYT dimensions (3)

25. Describe Travel Rule infrastructure integration including bundled module versus specialist vendor integration.
26. Describe KYT (know your transaction) integration with chain analytics providers (Chainalysis, Elliptic, TRM Labs).
27. Describe operator-side EU TFR compliance support if applicable.

Phase 4 framework alignment (3)

28. How does your product align with the segment boundary positioning and the broker-stack-bundled-versus-institutional-crypto-native decision?
29. How does your product handle operator’s specific archetype customisation including custody-WL boundary procurement separation?
30. Describe contract terms including pricing escalation, contract length, data portability.

Reference customer questions (14)

Operational reality (6)

1. How long has your operation been using this vendor and at what active client account scale?
2. Did capability disclosure match operational reality? Specifically: MiCAR alignment, custody integration, segment positioning.
3. How accurate is venue performance in operational reality? Specifically: matching engine throughput, order book depth, execution quality.
4. (For bundled custody) How clean is bundled custody integration in operational reality?
5. (For external custody integration) How clean is the integration with operator’s specific custody vendor?
6. How responsive is vendor to regulatory developments?

Procurement specifics (4)

7. How did vendor handle procurement decision process including custody-WL boundary discussion?
8. What contract terms did you achieve?
9. (For broker-stack-bundled procurement) How did broker stack integration affect operational flexibility?
10. Has roadmap delivered MiCAR Title VI surveillance hook integration?

Operational quality (4)

11. How clean is Travel Rule integration in operational reality?
12. How clean is KYT integration with operator’s specific chain analytics vendor?
13. How responsive is vendor during regulatory examination scenarios?
14. Would you procure this vendor again given the same procurement decision context?

Demo evaluation rubric (10 tests)

Test 1: MiCAR-aligned positioning demonstration.

Pass: vendor demonstrates Article 60 service category support and Title VI surveillance integration. Fail: MiCAR alignment shallow.

Test 2: Custody architecture walkthrough.

Pass: vendor demonstrates bundled custody capability or external custody integration with explicit MiCAR Article 75 compliance documentation. Fail: custody architecture opaque.

Test 3: Venue performance demonstration.

Pass: vendor demonstrates matching engine throughput, order book depth, and execution quality at operator’s expected production scale. Fail: venue performance shallow.

Test 4: Liquidity provider integration walkthrough.

Pass: vendor demonstrates institutional crypto LP integration and operator-side LP procurement framework. Fail: LP integration shallow.

Test 5: Travel Rule integration walkthrough.

Pass: vendor demonstrates Travel Rule infrastructure integration with operator’s primary Travel Rule vendor. Fail: Travel Rule integration absent.

Test 6: KYT integration walkthrough.

Pass: vendor demonstrates KYT integration with operator’s chain analytics vendor. Fail: KYT integration shallow.

Test 7: Multi-asset coverage demonstration.

Pass: vendor demonstrates supported tokens including operator’s specific listing requirements. Fail: token coverage gaps.

Test 8: Per-jurisdiction regulatory configuration demonstration.

Pass: vendor demonstrates per-jurisdiction asset configuration including restricted tokens per jurisdiction. Fail: per-jurisdiction configuration limited.

Test 9: Integration with operator’s KYC and risk management framework.

Pass: vendor demonstrates integration with operator’s specific KYC vendor and risk management vendor. Fail: integration gaps.

Test 10: Disaster recovery and incident response demonstration.

Pass: vendor demonstrates incident response framework including security incident handling. Fail: framework absent.

Integration testing protocol (8 pre-signature tests)

1. Sandbox access and API documentation review.
2. Custody integration testing (bundled or external) with MiCAR Article 75 compliance verification.
3. Liquidity provider integration testing.
4. Travel Rule infrastructure integration testing.
5. KYT integration testing with operator’s chain analytics vendor.
6. KYC vendor integration testing.
7. Risk management vendor integration testing.
8. End-to-end production simulation including pre-market, order book activation, intraday trading, end-of-day reconciliation, withdrawal flow.

Integration testing typically 6-12 weeks for crypto exchange WL deployments because custody integration and Travel Rule integration are non-trivial.

Decision documentation template (8 sections)

1. Procurement context including segment positioning rationale (broker-stack-bundled vs institutional crypto-native) and custody-WL boundary procurement separation rationale.
2. Vendor shortlist with LIMITED verdict automatic disqualification documentation (Match-Trade Crypto, ETNA Software).
3. RFP evaluation per vendor with MiCAR / VARA / FSRA alignment scoring as critical dimension.
4. Reference customer diligence including custody integration operational reality documentation.
5. Demo evaluation per vendor with custody architecture walkthrough documentation.
6. Integration testing including custody integration testing documentation separate from venue integration testing.
7. Procurement decision with explicit segment positioning rationale and custody-WL boundary separation documented.
8. Ongoing monitoring with regulatory development tracking and custody-WL boundary evolution as procurement decision review triggers.

Phase 4 corpus state

• 25 Phase 3 + 15 Phase 4 = 40 dispatches.