Three-layer architecture
1. Off-chain screening
KeyStone’s compliance oracle screens parties via external APIs: LSEG World-Check - Entity-level screening against 100M+ records across 240+ countries:- Sanctions lists (OFAC, EU, UN, HMT)
- Politically Exposed Persons (PEPs)
- Adverse media
- Enforcement actions
- Sanctions exposure
- Mixer/tumbler interaction
- Fraud and scam associations
- Protocol risk attribution
2. On-chain attestation
After screening, the Pass result is attested to the ComplianceRegistry smart contract via an M-of-N bundle of independent EIP-712 attester signatures:3. Contract-enforced gate
The KeystoneSettlement contract checksareAllPartiesCleared(settlementId, partyHashes) on the ComplianceRegistry before executing - every party hash bound at registration must be attested Pass. No one can skip compliance: the contract enforces it at the moment funds move.
How it works in a settlement
Manual compliance decisions
When a party is flagged, a compliance officer reviews the screening details in the KeyStone Dashboard and submits a decision. Decisions can also be submitted via the API:approve- Override the flag, allow the settlement to proceedreject- End the settlement: it transitions toREJECTED(nothing was deposited yet)
Compliance data on the API
Each party’s compliance check is exposed on the settlement resource with:status-PASS,FLAGGED, orFAILper screeningchain_attested_at- when the on-chain M-of-N attestation landed in the ComplianceRegistry (nulluntil it does). Use this to distinguish “screened off-chain” from “attested on-chain and able to execute”.
principal_id, linking the check to the screened principal’s full audit trail.
Open attestation interface
KeyStone operates the default compliance oracle, but the attestation interface is open:- M-of-N attesters: A Pass is recorded only when a threshold of distinct, independent attesters each sign the same attestation - no single key can forge a Pass. The attester set and threshold are fixed at the registry’s deployment.
- Platform-operated oracles: Platforms can run their own compliance screening; on-chain enforcement is the standardized threshold gate
- Verifiable: All attestations are permanent on-chain records - a false attestation is provable liability
What KeyStone stores
The compliance provider (LSEG, CipherOwl) remains the source of truth for the actual screening data. KeyStone only records the outcome.
Screening performance
See ComplianceRegistry for full contract documentation.