Evaluating a PSAN for institutional mandates.

What a PSAN registration is

A Prestataire de Services sur Actifs Numériques, or PSAN, is a digital asset service provider registered with the Autorité des marchés financiers (AMF). Registration was created under the PACTE Law in 2019 and has been the reference French framework for digital asset activity since. A registered PSAN has demonstrated, to the AMF and in coordination with the ACPR (the prudential supervisor), that it meets defined standards on governance, fitness-and-properness of management, anti-money-laundering and counter-terrorism-financing controls, cybersecurity, and operational resilience.

The registration is public. Each provider is listed on the AMF's website with a registration number, a legal name, and the specific services authorised. A professional investor can verify any French counterparty's regulatory status directly against the AMF register in a matter of minutes.

What it does not say

This is the part that deserves unusual emphasis. PSAN registration is a gatekeeping regime — it certifies that minimum standards are met on a defined list of topics. It does not:

• Endorse the commercial quality of the services offered.
• Guarantee the performance of any strategy operated by the provider.
• Certify the prudential soundness of the provider's balance sheet.
• Cover market-conduct or investor-protection obligations in the same breadth as a full AMF agrément or a MiFID II investment-firm licence.

This gap is not a criticism of the regime — it is by design. Professional investors should treat PSAN registration as a necessary but insufficient condition. It passes the provider through a defined filter; it does not replace the allocator's own due diligence.

A practical due-diligence checklist

Against that backdrop, the following questions are the ones that, in our experience, separate a PSAN that is genuinely institutional-grade from one that is nominally compliant.

1. Governance

• Who are the identified managers? What are their backgrounds in regulated financial activity?
• Is there a documented separation between front-office, risk, and compliance functions?
• Is there a written risk policy? Is it updated on a defined cadence?
• Who approves exceptions, and how are they logged?

2. Operational resilience

• What is the on-call structure outside European business hours?
• Which venues and counterparties are on the approved list? What was the last time that list was reviewed?
• Is there a documented venue-exit playbook, rehearsed on a defined cadence?
• What is the business-continuity architecture — primary, secondary, recovery-time objectives?

3. Custody and asset segregation

• Where are client assets held, and under what legal structure?
• Is there a qualified custodian, or does the provider self-custody? If the latter, under what controls?
• What is the wallet-approval and key-management architecture?
• What insurance, if any, is carried against custody-related events?

4. Reporting and transparency

• What standard reporting is available to investors? On what cadence?
• Can the provider produce exposure, attribution, and operational-incident reporting suitable for an institutional investment committee?
• Is the provider audited, and by whom?

5. Regulatory and legal

• What is the provider's AMF registration number? Has it ever been suspended, withdrawn or subject to sanction?
• Has the provider published its approach to upcoming European regimes (notably MiCA)?
• Is the provider a member of recognised industry bodies? Does it engage in policy consultation?

Closing thought

The best use of a PSAN registration is as a starting point — a signal that the counterparty has passed a public, explicit gate. The real work of underwriting a digital asset manager is still the work a professional investor would do for any other alternative manager: understand the people, the process, and the operational backbone. The PSAN regime makes that work easier, not unnecessary.