As a digital asset custodian and technology provider, our platform's foundation is built on providing uncompromising security by default. We implement multiple layers of protection, including industry-leading security protocols and advanced encryption standards, supported by continuous monitoring systems.

We empower our customers with essential governance tools, including customizable access controls, multi-signature capabilities, and detailed audit trails. Organizations can easily define security policies, manage permissions, and maintain complete visibility over their digital assets.

Our proactive approach includes comprehensive reporting features, compliance monitoring, and risk management solutions. This ensures our customers can focus on their core business while having complete confidence in their assets' safety, all while meeting regulatory requirements efficiently.

Primarily, this is delivered through the governance part of the platform. Allow list, Key Limits (Policies) and Approvals are the core parts of this feature-set that is exposed to the customers.

• Allow List controls which wallets you interact with
• Key Limits enable finer grained controls on the flow of liquidity
• Approvals facilitate the checks and balances

Today, we are pleased to announce some key updates to this feature set.

Hello Address book!

Highlights

• Global by default
• Out of the box support for Approval groups
• Enables counterparty record keeping and management
• Travel rule compliance

Address book is designed to help you manage your counterparties and their on-chain presence. Today, it covers counterparties like an organisation, an individual or an on-chain dapp. All entries in address book are global by default. Address book entries can be associated with any wallet across the platform using policies.

Address book plays a central role in compliance of the Transfer of Funds (TFR) regulation. As it goes into effect next year, it ensures that you have tools available in order to stay compliant.

TFR requires custodians and wallet providers to provide as well as check for travel rule data. This data is the counterparty information for both inbound as well as outbound transactions. You must make sure the counterparty information is accurate at the time of sending the transaction.

In practice, the address book provides a way to fill out this information so that you can be compliant.

Security updates

The existing allow list is a per-wallet whitelist. Therefore, any policies without specified counterparty matchers applies to all wallets within the allow list. In other words, if you have two wallets, wallet A and wallet B, and if wallet A has a policy without any counterparty matchers, then wallet A can transact with any address in wallet A’s allow list.

Address book changes this mechanic. Since addresses are now global, any policies without specified counterparty or address matchers enables that wallet to transact with any addresses across the entire allow list. This is an important consideration to keep in mind as it changes some parameters of the risk model.

In order to mitigate against any risk, you must delete any and all policies that do not have any counterparty or address matchers and replace them with policies with specified matchers. This will ensure that the wallets are able to transact with specified addresses in the policies. It will also ensure that any new wallets added to the address book also require corresponding policies applied to your wallets.

Not that the policy changes must be done after you have migrated to the address book model.

Custodial customers

The deadline for migration is 16th January 2025. After this date, the allow list will be disabled and wallets will not be able to transact without counterparty and wallet address information in the address book.

Custodial customers must provide accurate and up-to-date counterparty and wallet address information so that Palisade can appropriately attach the correct information to the transaction. You must consult the counterparty directly in case you do not have the correct information available to you (example to check if you are interacting with Coinbase Ireland vs EU vs Germany).

Migration

All addresses in the allow list MUST be migrated to address book and linked to the wallets using the policy matchers.

Migration steps:

1. Migrate all addresses from allow list to address book
   1. For every wallet that you have on the platform, you must make a list of wallet addresses from all allow lists.
   2. Identify any duplicates and remove them.
   3. Identify counterparties for every wallet address. If two wallet addresses have the same counterparty (eg. Coinbase), you can put them under the same counterparty.
   4. Add the counterparties and their respective wallet addresses to the address book.
2. Update policies
   1. Ensure every policy on the platform has a counterpartyId or addressId matcher that points to the respective counterparty or wallet address in the address book
   2. Remove any policies without aforementioned matchers
3. Update your code
   1. Update API credentials to manage addresses instead of allow lists
   2. Migrate any code using the /v2/policy-rules/addresses endpoint to the new /v2/addresses endpoint.

Non-custodial customers

The deadline for migration is 1st February 2025. After this date, the allow list will be disabled and wallets will not be able to transact without counterparty and wallet address information in the address book.

Migration

All addresses in the allow list MUST be migrated to address book and linked to the wallets using the policy matchers.

Migration steps:

1. Migrate all addresses from allow list to address book
   1. For every wallet that you have on the platform, you must make a list of wallet addresses from all allow lists.
   2. Identify any duplicates and remove them.
   3. Identify counterparties for every wallet address. If two wallet addresses have the same counterparty (eg. Coinbase), you can put them under the same counterparty.
   4. Add the counterparties and their respective wallet addresses to the address book.
2. Update policies
   1. Ensure every policy on the platform has a counterpartyId or addressId matcher that points to the respective counterparty or wallet address in the address book
   2. Remove any policies without aforementioned matchers
3. Update your code
   1. Update API credentials to manage addresses instead of allow lists
   2. Migrate any code using the /v2/policy-rules/addresses endpoint to the new /v2/addresses endpoint.