Stablecoin Custody Architecture Under MiCA and MAS: The Signing Architecture Gap
Ted Nguyen
Author
BD & Growth @Fystack
This post is for informational purposes only and does not constitute legal or financial advice. Regulatory requirements vary by jurisdiction and are subject to change. Consult a qualified legal or compliance professional before making decisions based on this content.
TL;DR
- Stablecoin issuers carry two distinct key risks: the mint/burn authority key and the reserve wallet key; early-stage setups often treat them as one, creating a single point of failure
- A mint key breach enables unlimited unbacked token creation; a reserve key breach drains backing assets, each collapsing the peg through a different mechanism
- MiCA (Title III for ARTs, Title IV for EMTs) and MAS both require reserve segregation and auditable custody but do not mandate a specific signing architecture
- Self-hosted MPC reduces third-party dependency on the most critical signing functions; it exceeds minimum regulatory requirements, it does not substitute for them
Every fiat-backed stablecoin issuer operates with two cryptographic controls that carry entirely different risk profiles. One governs the ability to create or destroy tokens. The other governs the assets backing those tokens. Regulators in both the EU and Singapore have set clear requirements for how those assets must be held. What neither MiCA nor MAS specifies is the signing architecture that protects them. That gap matters more than most issuers realize until they are inside a supervisory review.
Stablecoin Architecture Glossary
| Term | Definition |
| ART (Asset-Referenced Token) | MiCA category for stablecoins pegged to a basket of assets or multiple currencies. |
| EMT (E-Money Token) | MiCA category for stablecoins pegged to a single fiat currency (the standard payment stablecoin). |
| SCS (Single-Currency Stablecoin) | The MAS category for stablecoins pegged to the SGD or G10 currencies issued in Singapore. |
| Mint Authority Key | The cryptographic "printer" that controls the smart contract's ability to create or destroy tokens. |
| Reserve Wallet Key | The key governing the actual assets (cash, treasuries) that back the issued stablecoins. |
| Signing Architecture | The technical setup (MPC, Multisig, HSM) used to authorize a transaction. |
Mint Authority vs. Reserve Custody: Two Separate Key Management Risks
The mint/burn authority key and the reserve wallet key are two problems with different breach impacts. The mint key controls the smart contract that creates or destroys tokens: a compromised mint key lets an attacker issue unbacked tokens at will, diluting the peg through inflation and triggering a loss of confidence.
The reserve key controls the on-chain wallet holding or moving backing assets: a compromised reserve key enables an attacker to drain those assets, making redemptions impossible and triggering insolvency. Early-stage or crypto-native setups often use the same hot wallet, admin key, or environment variable for both, consolidating two independent failure modes into one point of exposure.
Established issuers handle this differently. Circle's USDC custody uses BNY Mellon as reserve custodian with segregated accounts and regular attestations. That separation, with reserve assets held by an independent custodian and mint authority governed separately, is the operational baseline regulators typically assess this at scale. The BIS identified in 2020 that custody and governance structures are the primary risk vector in stablecoin arrangement.
On-Chain and Off-Chain Reserve Custody in Stablecoin Issuance
For most fiat-backed stablecoins, primary reserves sit in bank accounts or short-term Treasuries, not on-chain. MAS requires reserves in low-risk, highly liquid assets held with eligible custodians; MiCA requires ART and EMT issuers to hold reserve assets with an authorized credit institution or eligible crypto-asset service provider in segregated accounts.
On-chain elements, including bridging wallets, treasury movements, and collateral pools, carry key management risk regardless of where the fiat reserves are denominated. This post focuses on the on-chain signing layer, which applies to any issuer minting tokens or moving assets on a public blockchain, independent of the off-chain reserve structure.
MiCA and MAS Stablecoin Custody Requirements: What Regulators Mandate
MiCA distinguishes between two stablecoin categories. Title III covers Asset-Referenced Tokens (ARTs): stablecoins pegged to a basket of assets or currencies, subject to semi-annual independent audits and minimum own funds of EUR 350,000 or 2% of average reserve assets. Title IV covers E-Money Tokens (EMTs): stablecoins pegged to a single official currency, the category most payment stablecoin issuers fall under, subject to e-money-like safeguards and redemption at par.
Both titles require reserves held by an independent eligible custodian as a separate legal entity from the issuer. MAS covers single-currency stablecoins (SCS) pegged to SGD or G10 currencies issued in Singapore, requiring 1:1 reserves in low-risk liquid assets, monthly independent checks, and annual audits.
Neither framework prescribes a signing architecture. An issuer can satisfy both on paper while holding mint authority in a single hot key. Regulators focus on legal structures, reserve adequacy, and auditable outcomes, broadly aligned with IOSCO's 2023 policy recommendations on custody and governance for crypto markets
The Limits of Custodial MPC for Stablecoin Mint Authority
Custodial MPC providers offer real strengths: strong SLAs, regulatory standing in multiple jurisdictions, insurance coverage, and operational abstraction. The limit applies to the mint/burn function specifically: when a SaaS provider holds one key share, their infrastructure participates in every token issuance event. For a regulated stablecoin issuer, that places a vendor in the signing path for the most sensitive operation in the stack.
As MiCA supervisory reviews evolve under both Title III and Title IV, this dependency is likely to be reviewed alongside reserve custody independence in practice.
Self-Hosted MPC for Stablecoin Issuance: Architecture and Trade-offs
Self-hosted threshold signing keeps both the mint authority and reserve custody signing paths inside the issuer's own infrastructure. A threshold policy (2-of-3 or 3-of-5) means no single node can authorize a mint or reserve movement alone, and policy enforcement runs on the issuer's own nodes rather than through a vendor API.
The trade-off is operational burden: key ceremony requirements, shard recovery procedures, and uptime obligations that custodial solutions abstract away. The case for self-hosted MPC is control during audits and supervisory reviews, giving the issuer a signing path that is fully owned and demonstrable without reference to a vendor's compliance posture. For a deeper look at how threshold signing works, see our post on self-hosted MPC key management.
The open-source mpcium library provides the threshold signing primitives behind Fystack's custody platform, auditable by any engineering team evaluating the implementation.
Get Started
If you are structuring mint authority and reserve custody for a regulated stablecoin, the signing architecture you choose now shapes your audit posture and supervisory risk later. Swapping infrastructure after launch is costly and disruptive.
Book a demo with the Fystack team to walk through how self-hosted threshold signing fits your issuance architecture.
Frequently Asked Questions (FAQs)
Does MiCA require stablecoin issuers to use MPC or threshold signing?
MiCA does not prescribe a signing architecture. Title III (ARTs) and Title IV (EMTs) both require reserve segregation, custody with an independent eligible custodian, and regular audits; the signing method is the issuer's decision. Threshold signing supports the audit posture MiCA supervisors will examine, but it is a best-practice enhancement above the regulatory floor, not a requirement in the text of the regulation.
Can the same custodian hold both mint authority and reserve assets under MiCA?
MiCA requires reserve assets to be held by an eligible custodian that is a separate legal entity from the issuer. The regulation does not address the on-chain mint key directly; that falls under the issuer's own operational security controls. Separating mint authority from reserve custody is the structure that holds up in a supervisory review, since it removes the issuer from the reserve custody chain and demonstrates the independence both Title III and Title IV expect.
Does the MAS stablecoin framework apply to all stablecoins issued in Singapore?
The MAS framework applies specifically to single-currency stablecoins (SCS) pegged to the Singapore dollar or any G10 currency, issued in Singapore. It does not cover algorithmic stablecoins, multi-currency stablecoins, or digital tokens outside the SCS definition. Issuers outside this scope may still fall under other MAS payment licensing requirements, but the reserve and custody rules in the August 2023 framework are scoped to SCS issuers only.
