KeyStone OS enforces compliance at settlement time using two complementary screening layers. Every party in every settlement is screened before any assets move.
Dual-layer architecture
Off-chain: LSEG World-Check
Entity-level screening against 100M+ records across 240+ countries:
- Sanctions lists (OFAC, EU, UN, HMT)
- Politically Exposed Persons (PEPs)
- Adverse media
- Enforcement actions
On-chain: CipherOwl
Wallet-level risk scoring across 50+ blockchains:
- Sanctions exposure
- Mixer/tumbler interaction
- Fraud and scam associations
- Protocol risk attribution
How it works in a settlement
When the settlement engine reaches a compliance_check action:
- All parties are screened through both providers simultaneously
- Results are evaluated against the platform’s risk policy
- If all parties pass: settlement advances to
COMPLIANCE_CLEARED
- If any party is flagged: settlement pauses for manual review
Manual compliance decisions
When a party is flagged, a compliance officer reviews the screening details in the KeyStone Dashboard and submits a decision. Decisions can also be submitted via the API:
curl -X POST https://api.keystoneos.xyz/v1/settlements/$ID/compliance-decision \
-H "Authorization: Bearer $TOKEN" \
-d '{"decision": "approve"}'
approve - Override the flag, allow the settlement to proceedreject - Reject the settlement, transition to ROLLED_BACK
Both decisions are recorded in the settlement’s event history with full audit context.
What KeyStone stores
KeyStone never stores raw KYC/AML data. We store only compliance status (pass/fail/flagged) and a reference ID pointing to the compliance provider’s record.
- No personal data in our database
- Compliance providers remain the source of truth
- Re-screening happens at every settlement (not cached from previous checks)
| Metric | Value |
|---|
| Average screening time | 2-4 seconds |
| Auto-pass rate | ~95% |
| Supported jurisdictions | 240+ countries |
| Re-screening | Every settlement (not cached) |
