The Merchant Onboarding Checklist for PSPs Adding Crypto Payment Gateway Capabilities in 2026

Payment service providers expanding into digital assets face a specific operational challenge: onboarding merchants for crypto payments requires a different checklist than traditional payment processing. The compliance surface is wider, the technical integration is more layered, and the risk controls must work in real time. This guide walks through every stage of that checklist, from pre-onboarding due diligence to live transaction monitoring, so PSPs can build a merchant program that is ready for institutional scrutiny from day one [stripe.com].

TL;DR

• Crypto merchant onboarding adds compliance, custody, and technical requirements that traditional PSP workflows do not cover.
• PSPs must layer AML, KYB, and transaction monitoring controls before approving any crypto-enabled merchant.
• Choosing the right crypto payment gateway API determines how fast merchants go live and how easily the program scales.
• Settlement, refund logic, and stablecoin handling each require dedicated policy rules that differ from fiat workflows.
• Infrastructure partners with verified security certifications reduce regulatory risk and speed up approval cycles.

About the Author: Cregis is a Trust Layer for the digital asset economy, providing institution-grade crypto financial infrastructure serving 3,500+ businesses across 50+ countries. Cregis works directly with PSPs, banks, and payment platforms building compliant crypto payment programs at institutional scale.

What Makes Crypto Merchant Onboarding Different from Traditional PSP Onboarding?

Traditional PSP onboarding focuses on business verification, card scheme rules, and chargeback risk. Crypto merchant onboarding inherits all of those requirements and adds three more layers: digital asset compliance, custody architecture, and on-chain transaction monitoring [clustdoc.com].

The key differences are:

• AML and CTF obligations extend to crypto transactions. Regulators in most jurisdictions now treat crypto payment acceptance as a regulated activity. PSPs are responsible for ensuring their merchants do not facilitate illicit fund flows [mvsi-onboard.com].
• Settlement is on-chain, not card-network-based. This means finality rules, reconciliation logic, and refund handling all need new policy definitions.
• Stablecoin acceptance requires its own risk classification. USDT and USDC carry different counterparty and liquidity profiles than BTC or ETH, and onboarding workflows should reflect that.

PSPs that treat crypto onboarding as a simple feature toggle on their existing workflow tend to create compliance gaps. The checklist below addresses each layer in sequence.

What Should the Pre-Onboarding Due Diligence Stage Cover?

Pre-onboarding is where most compliance failures originate [corefy.com]. Before a merchant is approved to accept crypto payments, the PSP must complete the following:

Business Verification (KYB)

• Collect certificates of incorporation, beneficial ownership records, and director identification.
• Verify the merchant's business category against the PSP's approved merchant category list for crypto.
• Screen the merchant entity and all directors against sanctions lists and PEP databases.

Risk Classification

• Assign a risk tier based on the merchant's industry, transaction volumes, geography, and customer base.
• Higher-risk merchant categories, such as online gaming, forex brokerage, or cross-border remittance, require enhanced due diligence.
• Document the rationale for the risk tier assignment for regulatory audit purposes.

Regulatory Status Check

• Confirm whether the merchant holds any required licenses for its jurisdiction (e.g., MSB, VASP, e-money license).
• Assess whether the PSP's own licensing permits it to serve that merchant category in that geography [decta.com].

How Should PSPs Structure the Technical Integration Checklist?

Building on the compliance foundation above, the technical integration stage is where the choice of crypto payment gateway API has the most direct impact on speed to market [onlayer.com].

API and SDK Review

• Confirm the gateway supports the crypto assets the merchant intends to accept (BTC, ETH, USDT, USDC at minimum).
• Review webhook reliability, settlement latency, and error handling documentation.
• Test the integration in a sandbox environment before merchant go-live.

Wallet Architecture

• Determine whether the merchant will use a shared wallet pool or a dedicated wallet address per transaction.
• Per-transaction addresses provide cleaner on-chain attribution and simplify AML monitoring.
• Confirm how private key custody is handled: self-custodial, third-party custodial, or MPC-based.

Settlement Configuration

• Define settlement currency: crypto-to-crypto, crypto-to-fiat, or stablecoin-denominated settlement.
• Set settlement frequency and confirm the gateway supports T+0 real-time settlement if required.
• Document the reconciliation process for cases where on-chain confirmation is delayed.

Among the top crypto payment gateways reviewed by PSPs in 2026, those with MPC-based wallet architecture, integrated AML screening, and flexible settlement options provide the infrastructure layer that PSPs need for institutional deployments. Cregis's Payment Engine supports BTC, ETH, USDT, and USDC with integrated AML controls and cross-chain settlement capability, reducing the operational burden for PSPs building compliant crypto payment programs.

What Compliance Controls Must Be Active Before a Merchant Goes Live?

Stepping back from the technical detail, a separate concern is the compliance infrastructure that must be running before the first transaction is processed [mvsi-onboard.com].

Transaction Monitoring

• Deploy a Know Your Transaction (KYT) layer that screens incoming and outgoing crypto transactions in real time.
• Set automated alerts for transactions above defined thresholds or originating from flagged wallet addresses.
• Ensure the monitoring system covers all supported chains, not just the primary network.

Policy Engine Configuration

• Define rules for deposit limits, withdrawal holds, and fund segregation per merchant risk tier.
• Configure automated responses to risk signals: transaction pause, manual review queue, or rejection.
• Document all policy rules for regulatory examination.

Refund and Dispute Logic

• Crypto transactions are irreversible on-chain, so refund logic must be handled at the application layer.
• Define whether refunds are issued in the original crypto asset or in an equivalent stablecoin value.
• Establish a dispute resolution timeline that meets the PSP's contractual obligations to merchants.

What Ongoing Monitoring Obligations Apply After Merchant Approval?

A related but distinct question is what happens after the merchant goes live. Onboarding is not a one-time event [corefy.com].

Periodic Review Schedule

• Conduct annual KYB refreshes for standard-risk merchants and semi-annual reviews for higher-risk merchants.
• Re-screen merchant entities and directors against updated sanctions and PEP lists.
• Reassess risk tier if the merchant's transaction profile changes materially.

Transaction Pattern Analysis

• Monitor for unusual patterns: sudden volume spikes, high concentrations of transactions from a single wallet cluster, or repeated near-threshold transactions.
• Flag and investigate structuring behavior that suggests deliberate circumvention of reporting thresholds.

Regulatory Change Management

• Assign responsibility for tracking regulatory updates in each jurisdiction where merchants operate.
• Update onboarding templates, policy rules, and due diligence questionnaires as rules evolve.

Frequently Asked Questions

What documents does a PSP typically require for crypto merchant onboarding? Standard requirements include certificates of incorporation, beneficial ownership records, director identification, proof of business address, and any applicable regulatory licenses [clustdoc.com].

How long does crypto merchant onboarding take? Duration depends on merchant complexity and risk tier. Standard merchants can be approved in days with automated KYB tooling; higher-risk categories requiring enhanced due diligence typically take longer [stripe.com].

Is a crypto payment gateway API sufficient for compliance, or does the PSP need additional tools? The gateway API handles transaction routing and settlement. Compliance requires separate KYT monitoring, sanctions screening, and a policy engine on top of the gateway layer [mvsi-onboard.com].

How should a PSP handle stablecoin settlements differently from BTC or ETH? Stablecoins have different redemption and liquidity profiles. PSPs should classify stablecoin acceptance separately in their risk framework and confirm the issuer's reserve attestation practices before enabling settlement.

What certifications should a PSP look for in a crypto infrastructure partner? Look for SOC 2 Type II, ISO 27001, and PCI DSS as baseline certifications. CertiK-audited smart contracts provide additional assurance for on-chain components [onlayer.com].

Can a PSP use a single infrastructure partner for wallets, payments, and compliance? Yes, and it is operationally preferable. Integrated platforms reduce the number of vendor relationships, simplify reconciliation, and ensure that compliance controls are applied consistently across all functions.

What is the biggest operational risk PSPs underestimate in crypto merchant onboarding? Most PSPs underestimate the complexity of ongoing monitoring after approval. Onboarding a merchant is the start of a continuous compliance relationship, not a completed task [corefy.com].

About Cregis

Cregis is the Trust Layer for the digital asset economy, providing institution-grade crypto financial infrastructure to PSPs, banks, exchanges, and institutional clients across 50+ countries. Built on first-tier industry security standards with MPC, HSM, and Zero Trust Architecture, Cregis delivers the secure, efficient, and compliant foundation that institutions need to operate in digital assets with confidence. Cregis holds SOC 2 Type II, ISO 27001, PCI DSS, and CertiK certifications, and supports over $300 billion in transaction volume across its network of 3,500+ business clients.

Ready to build a crypto payment program that meets institutional compliance standards from day one? Visit Cregis to learn how PSPs are using Cregis infrastructure to onboard merchants faster, manage risk with confidence, and scale across borders.