SettleMint

Compliance and security

Choose the right DALP compliance and security guide for public-chain privacy, pre-launch review, source verification, the layered security model, and the per-asset compliance modules that enforce regulated operations.

Each DALP compliance or security topic answers a specific reviewer question. Open with privacy when you need to know what becomes visible on EVM networks. Turn to security when you need the control model. Use compliance modules when you need per-asset transfer rules. Use source verification when you need deployment and audit evidence.

This page is a navigation hub, not a legal opinion. DALP documents the platform controls and evidence surfaces. Your organisation still owns policy choices, jurisdictional approvals, custody arrangements, recovery targets, and operating procedures.

Security and procurement reviewers on SettleMint-hosted or managed deployments can also use the SettleMint Trust Center for security questionnaires, compliance frameworks, and governance policies. Operators can check the SettleMint status page for published platform availability and incident history.

Rendering diagram...

The pages below cover documented platform controls. They do not commit to regulator-specific approval, custody terms, SLA terms, or non-EVM deployment support. Treat those as organisation-specific controls unless a detail page states the DALP position explicitly.

What DALP covers

DALP organises compliance and security review into four surfaces: public-chain privacy patterns, the layered security controls, EVM compliance modules, and deployment records that let an auditor reproduce what was deployed and what happened after.

AreaDALP definesYour organisation defines
PrivacyWhat stays off-chain by default, the public-chain visibility model, and supported routing patternsNetwork selection, RPC, and routing decisions, legal review of public disclosure, and pre-launch approval ownership
SecurityIdentity, authentication, authorization, wallet verification, compliance, custody split, and routingOperator role assignment, policy approvals, custody arrangements, secret rotation, and incident response
CompliancePer-asset compliance modules for identity, geography, supply, approvals, collateral, and timelockModule configuration, policy thresholds, jurisdictional approvals, and review evidence
Audit evidenceSource verification, deployment auditability, indexed events, and operating-record retention modelRetention policy, regulator-specific reporting, control testing, and escalation procedures
ExclusionsDocumented platform behaviour and supported review surfacesLegal opinions, SLA commitments, custody arrangements, and bridge or cross-chain operating decisions

Pick the right path

If you need to...Start hereThen read
Decide if a regulated asset can use a public chainPublic chain privacyPublic EVM visibility model for the chain-visible data set
Inspect what is visible on EVM networksPublic EVM visibility modelTransaction ordering privacy for pre-confirmation exposure
Compare privacy architecture patternsPrivacy architecture patternsPre-launch privacy review before a regulated asset goes live
Trace deployed contracts and operating evidenceSource verification and deployment auditabilityThe deployment, bytecode, upgrade, and indexed-event sections inside the same page
Review the layered security control modelSecurity overviewAuthentication, Authorization, Wallet verification
Inspect identity and compliance evidenceIdentity and compliance control modelCompliance and custody split
Review per-asset compliance modulesAsset policyAsset policy concept, compliance modules overview, and the identity, country, supply, approvals, collateral, and timelock module pages
Review cross-chain and stablecoin trust boundariesBridge and cross-chain securityStablecoin operating responsibilities

Review model

The four review surfaces break down as follows:

  • Privacy review answers what becomes visible on EVM networks, when public-chain visibility is acceptable, and which controls belong in the deployment architecture.
  • Security review inspects the layered control model: authentication, authorization, wallet verification, identity enforcement, compliance enforcement, custody split, and routing. Start here when evaluating access controls or signer permissions.
  • Compliance module review covers the per-asset rules DALP enforces on EVM. These include identity and geography restrictions, supply caps, transfer approvals, collateral requirements, and holding periods.
  • Audit evidence review traces deployed contracts, upgrade history, indexed events, and operating records that document what was deployed and what happened after.

Most regulated programmes go through all four. Start with the privacy pages when the network is undecided, move to the security controls when reviewing platform access, open the compliance module pages when configuring per-asset policy, and use the source verification page when packaging audit records.

Privacy

Use these pages to decide what becomes visible on a public EVM network, select an appropriate architecture pattern, and satisfy a pre-launch review checklist.

Source verification and audit evidence

Use this page to trace deployed EVM contracts, reproduce bytecode, and assemble deployment records for an auditor.

Security overview

These pages cover the layered control model. A security or procurement reviewer typically starts at the overview, then drills into authentication and authorization before examining the custody split.

Security overview

Inspect the layered control model covering identity, access controls, wallet verification, compliance enforcement, and custody.

Authentication

Review how the platform authenticates both browser callers and server-to-server integration clients through session tokens, passkeys, 2FA flows, and API key credentials.

Authorization

Inspect platform RBAC, organisation context, and on-chain roles for restricted operations.

Identity and compliance

Connect participants, wallets, OnchainID claims, trusted issuers, and module evaluation.

Compliance and custody split

Separate identity and compliance decisions from custody approvals and signing policy. Operators and auditors use this page to map which party owns each control.

Mint replay and idempotency

Tie EVM mint retries to a single queued transaction so supply limits hold even when a transaction is resubmitted. The platform preserves nonce ordering and supply controls across retries.

Vendor governance

Split DALP controls from third-party services. Use this page for outsourcing reviews, DORA compliance, and vendor governance evidence.

Private mempool routing

Route DALP transactions through a private or encrypted mempool service. This page identifies which routing decisions stay operator-owned.

Wallet verification

Gate blockchain write operations behind PIN, TOTP, or backup-code verification.

Bridge and cross-chain security

Review where DALP controls end and which external-route evidence operators must own. Use this page before any cross-chain deployment.

Stablecoin operating responsibilities

Map which party owns each stablecoin responsibility. Covers minting and burning, reserve management, compliance decisions, governance choices, and which controls the operator must hold directly.

Compliance modules

Each page below covers a module that the platform enforces on-chain. Operators configure these modules per asset to control who can hold and transfer tokens.

On this page