Chapter 12: Product & MVP Roadmap
The licence only lets you “open the doors.” What decides survival is the product. This chapter gives a pragmatic priority: nail compliance, security and basic trading first; fancy features later.
12.1 Don’t build a “full exchange” on day one
The classic mistake is trying to match Binance at once — delayed delivery, huge attack surface, exploding compliance complexity. Launch in layers instead.
fiat on/off + spot + KYC"] --> V2["V2 polish
App + advanced orders + support"] V2 --> V3["V3 value-add
recurring buy/earn/staking (needs compliance review)"] V3 --> V4["V4 advanced
more pairs/institutional/API trading"]
12.2 MVP: minimum viable exchange (must-haves)
The MVP goal is compliant, secure, and able to complete a full fiat → asset → fiat loop.
| Module | Must-have |
|---|---|
| Registration/KYC | Email/phone signup, e-KYC, risk rating (see Ch.5) |
| Fiat on/off-ramp | Deposit MYR via local bank/payment rails; withdraw to own account (see Ch.7) |
| Spot trading | Limit & market orders; a few majors (BTC/ETH/USDT) |
| Wallet/deposit-withdraw | Asset deposit/withdrawal (whitelist + multi-approval, see Ch.6) |
| Matching & market data | Matching engine, live book, candles, trade history |
| Account security | 2FA/MFA, login alerts, withdrawal cool-down |
| Basic risk | Anomaly monitoring, withdrawal limits, AML alerts |
| Support/tickets | Basic ticketing, FAQ, dispute intake |
💡 Decision rule: anything not directly serving “safely complete one compliant trade” is deferred past MVP.
12.3 V2: experience polish
- Mobile apps (iOS/Android).
- Advanced order types (stop-loss, take-profit, conditional).
- Friendlier deposit/withdrawal, address book.
- 24×7 support, live chat.
- Multi-language (Malay/English/Chinese).
12.4 V3: value-add (each needs compliance review first)
⚠️ Many of these are additionally regulated or grey-area in Malaysia; clear with legal counsel and the SC before launch:
| Feature | Compliance note |
|---|---|
| Recurring buy / auto-invest | Relatively safe, but needs clear risk disclosure |
| Staking | May be a regulated investment product — needs assessment |
| Earn / lending | Highly sensitive; may touch deposit/securities regulation — often needs separate approval or is not allowed |
| Leverage / futures / derivatives | Strictly regulated, usually outside the DAX licence — do not launch unilaterally |
🚩 Red line: leverage, futures and earn/lending are high-pressure zones for Malaysian regulators. Launching without explicit permission can directly cost you the licence. Conservatism is a virtue.
12.5 V4: advanced & institutional
- More pairs (each goes through Ch.7 listing assessment).
- Institutional services (OTC block, custody, dedicated managers).
- Public API (trading/market data) with rate limiting and anti-abuse.
- Public Proof of Reserves for users.
12.6 Build vs buy (echoing Chapter 9)
- At MVP, prefer white-label; spend energy on compliance and operations and validate quickly (see Ch.9 tech path).
- After scaling, gradually build core modules (matching, wallet, risk) in-house for control and cost.
Summary / action items
- Strictly scope the MVP to “compliant loop + spot + fiat on/off-ramp”
- List V2/V3/V4 features with each one’s compliance-review status
- For staking/earn/leverage, get legal opinion before scheduling
- Use white-label for MVP; plan the in-house build path
- Put “Proof of Reserves” on the mid-term roadmap
➡️ Next: Launch & Growth