Fintech Disputes: How Third-Party Providers Can Paralyze Fintech Companies – Risks And Legal Remedies

I. Introduction

In April 2024, the collapse of Synapse Financial Technologies ("Synapse"), a banking-as-a-service (BaaS) provider, left over 100,000 customers without access to their accounts¹.

One of the most affected companies was Yotta, a fintech platform that relied on Synapse to interface with its partner banks. Over 85,000 Yotta users lost access to approximately $112 million². This incident illustrates a systemic risk in the fintech ecosystem: operational dependency on third-party providers.

Fintech – the intersection of finance and technology – has introduced significant efficiency and accessibility across banking, payments, digital assets and more. However, many fintech companies build their operations on third-party infrastructure, including payment systems, cloud systems, blockchain services and custodial frameworks. These providers retain technical control over critical systems, with the ability to suspend services, freeze assets or even limit access, sometimes unilaterally and without warning.

By integrating external providers into core operations, fintech companies effectively delegate control over key business and critical functions. As seen in the Yotta case, delegating critical functions to third parties implies operational risks and may lead to a point of failure.

This article examines the legal and operational risks of such dependencies through a fictitious case study involving a dispute between a Singapore-based cryptocurrency exchange and a Swiss blockchain service provider. It highlights how platform control, asset custody, and contractual safeguards intersect, and proposes legal remedies and preventive strategies.

II. Case Study Overview

Lyntera Pte Ltd ("Lyntera"), a cryptocurrency exchange based in Singapore, entered into a Software-as-a-Service (SaaS) agreement with Valderix AG ("Valderix")³, a Swiss blockchain infrastructure provider.

The SaaS agreement aimed to provide a blockchain-based technical solution enabling cryptocurrency custody and exchange, allowing Lyntera to operate its cryptocurrency exchange platform.

The SaaS agreement was governed by Swiss law and included an arbitration clause referring disputes to a sole arbitrator under the Singapore International Arbitration Centre (SIAC) Rules, with the seat of arbitration in Singapore.

Less than two months after the launch of the exchange, Valderix unilaterally suspended Lyntera's system access and froze all blockchain-based assets under its custodial control. Valderix cited law enforcement request from France as the basis for freezing but failed to provide supporting evidence. Subsequent correspondence with the French authorities confirmed that the freezing of accounts was not required or instructed by the said authorities. Lyntera's formal requests for account reactivation and asset release were denied, even after Lyntera terminated the SaaS agreement.

The outcome was a full operational standstill, the suspension of customer-facing services⁴, significant reputational harm and imminent financial loss exposure.

III. Dependency as Legal and Operational Risk

SaaS agreements allow fintech companies to rapidly scale by outsourcing technical infrastructure.

However, this model introduces a dual-risk profile:

• Operational risk: Third-party service providers often retain technical authority over critical components of a fintech company's infrastructure, including interfaces used to manage user assets, process transactions, or configure platform-level settings. Providers may control core systems such as wallets⁵, APIs⁶ or administrative dashboards⁷, so that any failure or unilateral action on their part can bring the fintech company's entire operations to a halt.
• Legal risk: SaaS agreements frequently contain vague or overbroad provisions granting service providers discretionary rights to suspend or limit access. In practice, this can result in unilateral account freezes, denial of service or data inaccessibility – without prior notice or verifiable cause. Such measures may paralyze operations (e.g., halted transactions, user lockouts) and lead to legal claims.

For example, clauses of the following nature are common:

In the Lyntera scenario, Valderix retained technical control over wallets and user accounts. Although the agreement formally designated Valderix as a custody service provider responsible for safeguarding Lyntera's digital assets, its backend authority enabled it to unilaterally block access. This illustrates how contractual custody may result in de facto operational control, particularly where the agreement lacks procedural safeguards, notice mechanisms, or escalation protocols.

IV. Legal Ownership vs. Practical Control

A recurring tension in digital asset infrastructure is the misalignment between legal ownership and practical (technical) control. This divergence is especially pronounced in fintech SaaS environments and typically falls into one of three operational models:

1. Custodial Model
   • Legal title to the assets remains with the client (e.g. Lyntera or end client).
   • The service provider (e.g. Valderix) retains exclusive control over private keys and execution infrastructure.
   • Result: The client owns the assets in theory, but cannot move or access them without the provider's cooperation.
2. Non-Custodial Model
   • The client (e.g. Lyntera) retains both legal ownership and full technical control over the assets.
   • The provider (e.g. Valderix) delivers services but has no access to the assets or private keys.
   • Result: Maximum client autonomy, though with increased operational responsibility.
3. Hybrid / Multi-Signature Model
   • Legal ownership remains with the client (e.g. Lyntera)
   • Control is distributed through a multi-signature setup involving the client (e.g. Lyntera), the provider (e.g. Valderix), or an independent third party.
   • Result: Distributing control among multiple parties reduces the risk of unilateral decisions and helps ensure operational continuity and system stability.

In practice, many fintech SaaS agreements default – explicitly or implicitly – to a custodial model. This creates a structural asymmetry: the fintech retains ownership on paper but lacks any independent technical ability to assert it. Access is dictated by control, not ownership.

In digital assets disputes, this distinction has material consequences. Enforcement may be technically impossible without cooperation from the party holding system control. Even with a final arbitral award or court judgment, no legal enforcement mechanism can compel the return of assets if the custodian refuses to sign a transaction or release a private key. While non-compliance risk exists in all contractual disputes, in the SaaS/blockchain context, legal resolution often depends not only on coercive authority but on voluntary technical cooperation⁸.

In the Lyntera case, the SaaS agreement expressly designated digital assets as Lyntera's property and identified Valderix as the custodial service provider responsible for safeguarding them. This formal custodial role, combined with Valderix's exclusive technical control, amplified the legal and operational risks. If access is unilaterally restricted, Lyntera may be unable to enforce its ownership rights in practice, regardless of what the contract says.

V. Urgent legal remedies: Securing Access and Protecting Assets

Faced with an unjustified suspension of access, fintech companies must act swiftly to secure their rights. The immediate goal is to restore control over the platform and safeguard the assets. Two urgent legal remedies are available: emergency arbitration and interim relief from courts.

Notwithstanding the powers of emergency arbitrators to grant interim measures, it is generally recognized that there are compelling reasons to give parties access to courts to grant interim relief even where the parties have subjected their disputes to arbitration⁹.

In the Lyntera case, two urgent legal remedies are available: emergency arbitration under the SIAC Rules or interim relief from Swiss courts. Depending on the circumstances, additional actions such as filing a criminal complaint, or initiating a property recovery claim, including requests for interim relief, may also be considered.

1. Emergency Arbitration (SIAC Rules):
   • Procedure: Under SIAC Rule 12 and Schedule 1¹⁰, a party may initiate emergency arbitration before the tribunal is formally constituted. An emergency arbitrator can issue interim or protective orders to prevent imminent harm.
   • Relief sought:
     • Access Restoration: Immediate reactivation of Lyntera's platform access.
     • Provisional Restitution of Custody Access: Grant Lyntera temporary and controlled access to digital assets and custody systems previously managed by Valderix, strictly for the purpose of safeguarding user accounts and maintaining operational continuity.
     • Asset Preservation: Prohibition on Valderix from transferring, modifying, or dealing with assets.
     • Prohibiting Unauthorized Actions: Prevent Valderix from taking any unilateral steps regarding the assets or platform infrastructure without Lyntera's prior written consent.
   • Protective Preliminary Order (PPO): In cases of extreme urgency, Lyntera may request a PPO ex parte providing immediate protection¹⁰. A PPO allows the emergency arbitrator to issue relief before the opposing party (e.g. Valderix) is heard, thereby preventive irreparable harm.
   • Advantages: Fast, confidential, aligned with the dispute resolution framework already in place.
   • Disadvantages: Arbitrators lack direct coercive power, while parties often comply voluntarily¹². If Valderix fails to comply with the interim order issued by the emergency arbitrator, the arbitrator has no means to compel performance through coercive measures.
   • Swiss enforcement of foreign interim measures: Under the New York Convention¹³, interim measures are not generally considered enforceable awards, except in exceptional cases¹⁴. In Switzerland, the enforcement of such measures typically follows the sui generis procedure under Article 183(2) of the Private International Law Act (PILA), which enables court assistance to support foreign arbitral interim relief¹⁵. When asked to assist in the enforcement of interim measures issued by an arbitral tribunal, Swiss courts limit their review to a prima facie assessment of three elements: the existence of a valid arbitration agreement, the proper constitution of the arbitral tribunal, and the tribunal's apparent jurisdiction to issue the measure. Once these criteria are met, Swiss courts do not re-evaluate the substance of the arbitral order but assess it solely for compatibility with Swiss public policy¹⁶.
2. Swiss Court Interim Measures:
   • Jurisdiction: Under Art. 10 PILA, Swiss courts may grant interim measures. Jurisdiction generally lies with courts at the place where the measure is to be enforced¹⁷. Here, the place where the measure is to be enforced is likely the place where the digital assets are located. Location of digital assets corresponds to the place where the private or admin key holder (e.g. Valderix) is based¹⁸. Therefore, the Courts at Valderix' seat should have jurisdiction.
   • Relief sought: Similar to emergency arbitration, but Swiss courts can enforce their orders with criminal sanctions (e.g., Art. 292 of the Swiss Criminal Code in case of non-compliance).
   • Advantages: Orders are immediately enforceable within Switzerland.
   • Disadvantages: Risk of fragmentation and loss of confidentiality in parallel with arbitration proceedings.
3. Property Claim
   Given that Lyntera is the legal owner of the assets, the question becomes whether it has the right to demand their return through a property-based claim.
   1. Property claim – Swiss Approach
      
      Under current Swiss civil law, digital assets are not classified as tangible property, which excludes in principle the use of a real action for recovery. More specifically, digital assets are not classified as tangible property in the traditional sense under Article 641 of the Swiss Civil Code, as they lack physical substance.
      
      However, the introduction of the DLT Framework Act has created legal structures—such as ledger-based securities and register value rights—which grant certain digital assets property-like characteristics, including transferability and enforceability. This evolving framework reflects a shift toward recognizing digital assets as data objects with economic value and proprietary features.
      
      If the digital assets are utility or payment tokens, the token holder usually acquires them through a purchase agreement—such as a SAFT or other acquisition contract—and recovery may be sought through an action based on Article 97 of the Swiss Code of Obligations for non-performance of the contract. If the digital assets are securities tokens, they are recognized under Article 973d of the Swiss Code of Obligations as ledger-based securities, and proprietary remedies for recovery are available based on ownership rules and restitution principles applicable to ledger-based rights, including claims for recovery of property if tokens were wrongfully transferred or withheld.
   2. Property claim – Singapore's Approach
      
      Singaporean courts recognize digital/ crypto assets, such as cryptocurrencies, as property capable of being subject to proprietary claims¹⁹.
      
      If Lyntera wished to bring an action for recovery of property against Valderix, it would have a forum in Switzerland²⁰ and Swiss law would govern the property claim²¹.
      
      In the present context, the immediate purpose of a property claim is not only to assert legal ownership over the digital assets but also to support a request for interim relief. However, as a general rule under Swiss law, ownership requires effective control.²²
      
      In the context of digital assets, courts would likely assess whether the claimant can demonstrate functional control—such as access to private keys, co-signing authority in a multi-signature structure, or system-level permissions. Without such control, the claimant may be treated as a creditor rather than a rightful owner, and the claim may be requalified as a contractual obligation rather than a proprietary action. Nevertheless, where effective control can be shown, property-based claims may serve as an independent gateway to obtain provisional measures from Swiss courts.
4. Criminal Complaint and Asset freezing
   
   If there is factual evidence that Valderix has intentionally misappropriated, manipulated, or unlawfully withheld access to Lyntera's digital assets, Lyntera may consider filing a criminal complaint in Switzerland, where Valderix is based²³, and request preventive asset freezing²⁴.
   • Potential Offenses:
     • Misappropriation – Article 138 of the Swiss Criminal Code (SCC)
     • Criminal Mismanagement – Article 158 SCC
     • Fraud – Article 146 SCC
   • Strategic Impact: The launch of a criminal investigation can significantly increase pressure on the service provider to restore access or comply with arbitral or court orders, especially in the absence of technical enforcement levers.

VI. Preventive Measures: Designing Robust Agreements

Fintech companies can proactively reduce the risk of dependency on third-party providers by negotiating robust SaaS agreements that safeguard access rights, asset control, and data integrity. The following contractual measures are essential:

From a legal point of view:

• Clear Ownership Clauses: the contract should expressly provide that all digital assets remain the exclusive property of the fintech company (client) and not the provider.
• Explicit Access Rights: clearly define the client's uninterrupted right to access the platform and assets, including during disputes.
• Defined Conditions for Suspension: include a clear and exhaustive list of circumstances that allow for suspension. Require that any suspension be notified in writing, with detailed justification, in advance. The notice should state the legal basis, the scope of the suspension, and its expected duration. An escalation mechanism should allow the client to contest the measure promptly, including through emergency arbitration if needed.
• Clear Dispute Resolution Mechanism: choose a robust dispute resolution clause, such as arbitration under the SIAC Rules, while preserving the client's right to seek interim measures in courts.
• Liquidated damages or Penalty Clause: include a contractual clause that defines the financial consequences of unjustified access suspension or asset freezing by the provider. Where enforceable, this may take the form of liquidated damages – a pre-agreed estimate of losses resulting from the breach. Alternatively, in jurisdictions where permitted, a penalty clause can serve a deterrent function by imposing a financial sanction for non-compliance. Such a clause should be carefully drafted to avoid being deemed excessive, particularly under Swiss law²⁵.
• Transparency Obligations: require the provider to disclose any compliance or regulatory requests that could impact access, ensuring the client is fully informed.
• Emergency Access Clause: for critical services, include a clause that guarantees emergency access to the platform if the provider fails to maintain service.

From a technical point of view:

• Multi-Signature Control: where feasible, implement a multi-signature scheme for digital asset control, preventing unilateral action by the provider and aligning control with ownership.
• Technical and Data Safeguards: require the provider to maintain regular backups of all data and, if possible, ensure that the client has real-time or periodic access to these backups.

VII. Conclusion

Fintech companies face significant hidden risks when relying on third-party providers for critical digital infrastructure. What begins as a convenient SaaS solution can quickly escalate into an existential threat if the provider unilaterally restricts access, freezes assets, or withholds essential data.

This article has outlined the available remedies – from emergency arbitration to court interim measures and criminal escalation. However, the strongest protection lies in prevention. Clearly defined ownership rights, enforceable access safeguards, along with technical and contractual structures ensuring independent operational control, enable fintech companies to convert structural reliance into resilience.

OA Legal (Switzerland) and KGP Legal (Singapore) are partner firms with established expertise in fintech and arbitration. Together, they regularly advise clients on cross-border infrastructure and digital asset disputes. For further information on fintech and arbitration, please contact the joint team:

• Marc-Anthony de Boccard – mdeboccard@oalegal.ch

• Fabien Gillioz – fgillioz@oalegal.ch

• Alexandre de Boccard – adeboccard@oalegal.ch

• Kenneth Pereire – kenneth@kgplegal.com.sg

• Lin Yingxin – yingxin@kgplegal.com.sg

Footnotes

1 https://www.independent.co.uk/news/world/americas/synapse-fintech-company-collapse-bankruptcy-b2666029.html?utm.

2 https://www.forbes.com/sites/zennonkapron/2024/11/08/what-the-yotta-saga-reveals-about-fintech-shortcomings/;https://www.bankingdive.com/news/yotta-ceo-85k-customers-lose-access-to-funds-due-to-synapse-evolve-tussle/718101/.

3 For the purpose of this article, the names of the companies are fictitious.

4 "Customer-facing services" refer to any services, tools, interfaces, or operations that directly interact with or are visible to end users.

5 A wallet in the context of the blockchain and cryptocurrency is a software or hardware system that stores cryptographic keys used to access and manage digital assets.

6 An API (Application Programming Interface) is a defined set of rules and protocols that allows different software applications to communicate with each other.

7 An admin dashboard is a secure user interface that provides administrators with control and oversight over a system's core functions, data, and configurations. In a blockchain or crypto context, an admin dashboard typically allows user management, system monitoring, operational control, and security controls.

8 Andrew M. Hinkes, in Northwestern Journal of Technology and Intellectual Property, Volume 16, Issue 4, 2019: throw away the key, or the key holder? Coercive contempt for lost or forgotten cryptocurrency private keys, or obstinate holders, p. 228.

9 Georg von Segesser / Christopher Boog, 'Interim Measures', in Elliott Geisinger / Nathalie Voser (eds), International Arbitration in Switzerland: A Handbook for Practitioners, 2nd ed., Oxford University Press 2018, ch. 6, p. 125-126.

10 SIAC Rules 2025.

11 SIAC Rules 2025 introduces revolutionary changes includingex parteProtective Preliminary Orders (PPOs) with 24-hour decision timelines without notifying the counterparty, which is crucial for digital asset cases (Schedule 1 of the SIAC Rules 2025, para. 27).

12 Georg von Segesser / Christopher Boog, 'Interim Measures', in Elliott Geisinger / Nathalie Voser (eds), International Arbitration in Switzerland: A Handbook for Practitioners, 2nd ed., Oxford University Press 2018, ch. 6, p. 120.

13 The Convention on the Recognition and Enforcement of Foreign Arbitral Awards ("New York Convention").

14 James E. Castello / Rami Chahine, "Enforcement of Interim Measures", in The Guide to Challenging and Enforcing Arbitration Awards, 3rd ed., Global Arbitration Review, 17 May 2023.

15 Georg von Segesser / Christopher Boog, 'Interim Measures', in Elliott Geisinger / Nathalie Voser (eds), International Arbitration in Switzerland: A Handbook for Practitioners, 2nd ed., Oxford University Press 2018, ch. 6, p. 123.

16 Georg von Segesser / Christopher Boog, 'Interim Measures', in Elliott Geisinger / Nathalie Voser (eds), International Arbitration in Switzerland: A Handbook for Practitioners, 2nd ed., Oxford University Press 2018, ch. 6, p. 122.

17 Article 10 b. PILA.

18 In a decision dated 23 November 2023, the Court of Appeal of Zurich (Obergericht des Kantons Zürich, II. Zivilkammer, Geschäfts-Nr: PS230150-O/U) ruled, in the context of foreign insolvency proceedings, that the location of digital assets such as payment tokens should be determined based on the de facto ability to access them. This is satisfied, for example, where a private or administrative key holder is based in Switzerland. Similarly, in Cheong Jun Yoong v Three Arrows Capital Ltd [2024] SGHC 21, the Singapore High Court held that the situs of cryptocurrencies depends on control over the private keys, rather than legal ownership.

19 ByBit Fintech Ltd v Ho Kai Xin and others [2023] SGHC 199.

20 Article 98 PILA by analogy.

21 Article 100 by analogy, which refers to the situs of the asset, i.e. where the person entitled to use the private key has their domicile, habitual residence or seat, see in that respect Cyrill A. H. Chevalley, The Legal Nature of Bitcoin under Swiss Private and Private International Law, in: recht 2023, p. 93–107, spéc. p. 106.

22 Federal Council Report, Legal Framework for Distributed Ledger Technology and Blockchain in Switzerland, 14 December 2018, p. 66.

23 The seat of Valderix likely corresponds to the location where the criminal acts were perpetrated (Article 31 of the Swiss Criminal Procedure Code "SCPC"). In any event, the seat of the accused's registered office is alternatively a criterion for jurisdiction in cases where the offence was committed abroad or where the place of commission is uncertain (Article 32 SCPC).

24 Article 263 SCPC.

25 Article 163(3) of the Swiss Code of Obligations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.