Tenancy & responsibility
One multi-tenant Marketplace API, per-tenant catalogs, and who is responsible for KYC/AML under a reliance vs a tied-agent arrangement.
Assetera serves its own investors and distribution partners' customers through one shared, multi-tenant Marketplace API. There is no per-partner deployment: every partner (and Assetera itself) is a tenant of the same service, strictly isolated from the others.
Assetera is a tenant of its own API.
How a tenant is resolved
The tenant a request belongs to is never a request parameter or header the caller can set. It is a signed claim in the caller's token, minted by that tenant's own identity client, and the API reads it server-side and scopes every query to it.
A tenant sees only its own catalog, its own users' activity and its own audit trail. Its catalog is set by entitlement (instruments are assigned to a tenant), so two partners can be offered different subsets of the same underlying assets. (See the catalog lifecycle.)
Who is responsible for KYC / AML
Assetera runs the compliance layer. Assetera is the responsible party for KYC and AML. A partner operates under one of two arrangements, which change who performed the customer due diligence, not who monitors trading:
| Reliance agreement | Tied agent | |
|---|---|---|
| The partner is | a separately regulated entity | an appointed representative under Assetera's licence |
| Who did the CDD | the partner (Assetera relies on it) | Assetera (or on Assetera's behalf) |
| Transaction monitoring & market-integrity | Assetera | Assetera |
| Regulatory responsibility | shared per the agreement | Assetera carries it |
In both cases Assetera remains responsible for transaction monitoring, market-integrity controls, and, where it is the executing broker, MiFIR transaction reporting.
Reliance does not mean "no data"
Under a reliance agreement a partner's already-verified customer can transact without Assetera re-running KYC: the token carries the KYC status, level, verification date and the source of KYC. But reliance is about who performed CDD, not who monitors transactions. A defined minimum still travels:
- Per partner: the agreement reference, the entity that performed CDD (with its LEI), a commitment to retrieve the underlying records on request, and the reporting role: is the partner the executing broker (they carry MiFIR reporting) or white-label (Assetera carries it)?
- Per customer: a stable identifier, KYC status/level, investor category, and wallet address(es).
- Per transaction: who/what/when/how much, plus reportable identifiers where Assetera is the executing broker.
The exact regulatory setup (reliance vs tied agent, executing-broker vs white-label, and the precise minimum data set) is fixed per partner with Assetera's Compliance team. The above is the shape of the model, not a legal determination.
Next
Tokens & pairs
How Assetera separates a logical asset from its per-chain token, names a listing, builds same-chain pairs, and manages the catalog lifecycle.
Compliance gating
How Assetera enforces eligibility at the point of action: off-chain KYC plus on-chain, single-use, signed EIP-712 attestations that authorize each trade.