Policies

The heart of Multi-Layer Security Wallet is the policy engine—rules that define what transactions can be executed, by whom, and how often. When creating a transaction via web or API, the initiator selects which policy applies to it.

Policy concepts

Approval type: Sets whether transactions auto-approve or require manual review from Members or Groups.
Transaction type: Defines what the policy applies to—any transaction, token transfers, or contract interactions.
Transaction parameters: Filters which transactions match based on criteria like source account, initiator, token, or recipient.
Time limitations: Caps how often a policy can be used within a set interval.

Policy configuration

Approval types
Transaction type
Transaction parameters
Time limitations

Determines whether matching transactions require manual review or execute automatically. Approval type can be set to auto-approval or manual review.

Type	Behavior	Example
Auto-approval	Executes immediately	Transfers under $500 from petty cash
Manual review	Requires approval from specified Members or Groups	Large transfers require 2 of 3 Finance members

Transactions can also be rejected using the same threshold, which blocks execution on-chain.

Specifies what kind of transaction the policy applies to.

Type	Use for	Example
Any	Broad policies that apply regardless of transaction type	”All transactions from the Operations account require 1 approval”
Token transfers	Sending tokens to recipients	”USDC transfers under $10,000 require 1 approval”
Contract interactions	Calling smart contract functions	”Aave deposits require Treasury approval”

Narrow which transactions match your policy. Available conditions vary based on the transaction type.For all transaction types:

Condition	Example
Source Account	Only transactions from the “Treasury” account
Initiator	Only transactions initiated by the Finance group

Only for token transfers:

Condition	Example
Token	Only USDC transfers
Recipient	Only to addresses on a list of allowed vendors
Amount	Only transfers under $5,000

Only for contract interactions:

Condition	Example
Contract	Only the Aave lending pool contract
Function	Only the `deposit` function
Arguments	Only deposits where the asset is USDC

Argument filters support: Bool (exact), Uint/Int/Enum (exact or range), Address (exact or allowlist), Fixed bytes (exact), Bytes/String (exact).

Restrict how often a policy can be used within a time interval. Limits can be applied by initiator, source account, or destination—and scoped per (each individually) or across (all combined):

Scope	Per	Across
Initiator	Each initiator can transfer up to $50,000/month	All initiators combined can transfer up to $50,000/month
Source account	Each account can send up to $100,000/week	All accounts combined can send up to $100,000/week
Destination	Up to $25,000/day to each recipient	Up to $25,000/day to all recipients combined

Example policies

High-value transfers require multiple signatures

“If a transaction is sending more than $10,000, require approval from 2 out of 3 Finance team members”

DeFi deposits auto-approve for API key

“If a transaction is depositing into the Aave lending pool and initiated by the Treasury API key, auto-approve”

RWA whitelist updates require Compliance approval

“If a transaction is adding an address to the RWA token whitelist, require approval from the Compliance team”

Overview

Core Concepts

Key Management

User Flow

Advanced Enterprise Controls

Policy concepts

Policy configuration

Example policies

High-value transfers require multiple signatures

DeFi deposits auto-approve for API key

RWA whitelist updates require Compliance approval

Overview

Core Concepts

Key Management

User Flow

Advanced Enterprise Controls

​Policy concepts

​Policy configuration

​Example policies

High-value transfers require multiple signatures

DeFi deposits auto-approve for API key

RWA whitelist updates require Compliance approval

Policy concepts

Policy configuration

Example policies