This is a guest post from Dr. Rhys Bidder, Senior Lecturer in Banking and Finance at King’s College London’s Business School. 

The rapid and accelerating growth in onchain finance is revolutionizing how markets function. Enhanced automation, improved robustness, lower costs – these all combine to offer a tantalizing future where people, businesses, financial institutions, and governments can achieve their goals more efficiently and with greater accessibility.

For this future to be realized, it is vital that onchain finance scales safely and sustainably. In the context of institutional finance, secure and compliant systems are therefore key. However, in the early years of onchain finance, uncertainty around regulatory expectations has often prevented market participants from taking full advantage of new technologies. Combining compliance with the inherently complex environment of multiple chains, decentralized applications, and pseudonymous participants has hitherto implied difficult trade-offs. Without a solution, these trade-offs will only intensify – perhaps eventually throttling the expansion of onchain finance or driving it outside the regulated perimeter.

Attuned to this concern, regulators and regulated market participants have called for better solutions. The Chainlink Automated Compliance Engine (ACE) answers that call. Various regulatory bodies and central banks have run trials that have yielded Proofs of Concept and, in some cases, even Minimal Viable Products. ACE takes many of the aims of these test cases, extends them, and brings them to production readiness. Most importantly, it combines them into a comprehensive suite of tools designed to ensure that not only will onchain finance be compliant at scale, but that it does so efficiently and with a high degree of standardization and interoperability. 

How ACE Powers Regulated Onchain Finance

Before introducing ACE, it’s important to understand the broader platform it’s built on: 

Chainlink is the industry-standard oracle platform supporting advanced blockchain applications. Institutions and developers use Chainlink to securely connect blockchains, offchain systems, and real-world data into end-to-end workflows.

This is made possible through a comprehensive set of standards designed around four pillars: Data, Interoperability, Compliance, and Privacy.

• Data — Secure access to external data like market prices, NAV, and proof of reserves via Data Feeds, Data Streams, SmartData, and DataLink. 
• Interoperability — Move data and value securely  across both public and private chains via the Cross-Chain Interoperability Protocol (CCIP).
  
• Compliance — Identity, policy, and audit data represented onchain, enforced, and monitored via the Automated Compliance Engine.
  
• Privacy — Infrastructure for private data management, confidential computing, and privacy preserving  messaging via the newly introduced Chainlink Confidential Compute, as well as the Blockchain Privacy Manager, and CCIP Private Transactions.

ACE forms the backbone of the Chainlink platform’s compliance standard, built on a core component—Cross-Chain Identity (CCID)—and is powered by a multitude of services that enable identity orchestration, programmable policy enforcement, and real-time monitoring and reporting across chains.

Cross-Chain Identity

Much of compliance relies on accurate identification of counterparties, or at least attestation that they are permitted to participate in a certain transaction. CCID provides a reusable identity framework for representing investor identities, attestations, and credentials across multiple blockchains by storing cryptographic proofs of verified credentials onchain, including KYC, AML, accredited investor status, and more. CCID is compatible with existing identity standards and uses CCIP to convey necessary information, even as personal information remains offchain.

Services

Ultimately, users of ACE are not per se interested in the underpinnings of CCID or other low-level details. They want to solve business problems. As such, ACE provides services to manage identities and policies at a higher level, and to monitor their enforcement, both as transactions occur and after the fact.

Identity Manager

Links real-world identity sources to various onchain formats, including CCID and existing standards like ON-CHAINID and EAS. It enables the registration, distribution, synchronization, and lifecycle management of identity credentials across networks without storing NPI/PII onchain.

Policy Manager

The Policy Manager is a customizable rules engine that enables users to define, manage, and enforce compliance policies directly within smart contracts, with onchain or offchain execution. Policy enforcement can be implemented to satisfy regulatory requirements (e.g., KYC/AML, allow/deny lists) or internal business rules (e.g., secure mint, transaction limits, collateral requirements).

Monitoring and Reporting Manager

A service for observing non-compliance issues, risk concentration, and other anomalies, facilitating real-time alerts, proactive risk mitigation, and strengthened operational resilience. It also enables institutions to obtain reports to support internal and regulatory compliance. Is a token or a market functioning correctly? Have compliance rules been exploited or defied? Is (or was) a token circulating in a jurisdiction or among holders that should have been proscribed? These are the types of questions that the Monitoring and Reporting Manager helps answer. 

Following Regulators’ Lead

In recent years, regulatory authorities and central banks have embraced new technologies and promoted innovation in the markets they oversee and in their own operations. Notable among these institutions has been the BIS, which has been involved in various pilots and experiments. Central banks also – sometimes in partnership with the BIS – have experimented with frontier methods too.

These projects provide insight into the sort of areas where regulators and central banks are especially keen to see innovation and improved industry practices. With such thought-leadership, regulators can stimulate innovation and promote compliance best practices within the private sector. ACE is a production-ready system that embodies this thought leadership and is backed by a growing community of users and partners—including early adopters, contributors, asset issuers, and asset operators—providing connectivity to a broad compliance ecosystem. We here lay out some of the more prominent pilots that have the closest parallels with ACE.

Purpose-bound money

Until recently, all monies were alike. They may have been denominated differently, and issued or accepted in different jurisdictions, but they were paper or metal, or simple digital ledger entries without inherent programmable features. Now, with the advent of blockchain, money defined by smart contracts can (and do) differ in many respects. As noted by Chiu and Monnet (2025), this conceivably can lead to trade-offs between programmable features and the fungibility of money. More broadly, fragmentation of liquidity is a huge concern for regulators (and, indeed, market participants).

As the Monetary Authority of Singapore (MAS) has noted:

“A touted benefit of digital money is its ability to support programmability features. However, this is a subject of ongoing discussion and debate. Operators will need to ensure that programmability does not come at the expense of digital money’s ability to serve as a medium of exchange. The singleness of money should be preserved, and programmability should not limit the distribution of money and lead to fragmentation of liquidity in the system.”

As part of their planning for how to avoid the risks of fragmentation, while still allowing for innovation in programmable tokens, MAS proposed the concept of “purpose bound money” (PBM) whereby a digital money (which itself is relatively “simple”) is wrapped within a more elaborate token.

In their words:

“PBMs contain digital money as a store of value and programming logic denoting its use based on programmed conditions. Once the conditions are met, digital money is released, and it becomes unbounded once again.”

In fact, ACE draws on much of the same intuition in its use of the Cross Chain Token Standard (CCT), blended with the widely adopted ERC-3643 standard. As discussed above, CCT is token logic agnostic, allowing a wide variety of innovative tokens to be deployed within the framework. In particular, ERC-20 and ERC-3643 tokens retain their core functionality but can be augmented within CCT in various ways. For example, CCT can enable programmable transfers whereby tokens and messages can be transferred in a single transaction, which allows applications to abstract away the presence of multiple chains. A consistent approach to deploying the core contract across multiple chains is thus enabled, promoting multi-chain interoperability and fungibility. By collaborating with the ERC-3643 association and by promoting consistent token standards (see Bidder (2025) for example), Chainlink is laying the groundwork for programmable – and yet fungible – tokenized assets at scale.

Project Pyxtrial

Project Pyxtrial, run out of the BIS Innovation Hub (BISIH) London, saw the development of a proof-of-concept monitoring tool for stablecoins, emphasizing the importance of timely and detailed information for safety and soundness. At its heart is the collection and processing of both on- and offchain data for the monitoring of stablecoin balance sheets. Of course, Chainlink Proof of Reserve and Proof of Composition services are ideally suited to this, and can be deployed from within the ACE suite of tools.

There are already real-world examples (see TrueUSD, Wenia and IDA’s HKDA stablecoin) where Chainlink Proof of Reserve has been incorporated into the process of stablecoin minting. This enables “secure mint” functionality that guards against excessive issuance of coins that are insufficiently backed by reserves. In a complementary solution, Chainlink’s Unified Golden Record (a data container embedded within a stablecoin’s smart contract and synchronized across chains) allows the sort of standardized representation of a stablecoin’s reserves portfolio that Pyxtrial alludes to.

Pyxtrial also emphasized monitoring capabilities. As assets move across networks and engage in various types of transactions, they generate large volumes of data. This includes information about policy execution, some of which is recorded onchain via transaction records and events emitted by smart contracts, while other portions are produced in an offchain policy execution environment. This data is tracked by ACE’s Monitoring and Reporting Manager and can be delivered back to the data consumers in real-time.

Project Mandala

The automation of compliance is especially difficult when dealing with cross-jurisdictional transactions. Ambiguity over which rules must be applied in which jurisdiction can render straight-through-processing (STP) impractical. Indeed, even if the rules can be identified, they may be difficult to interpret. Proving that rules have been satisfied may require passing data through disparate systems that vary across institutions and jurisdictions. Project Mandala, run out of the BISIH Singapore office, was designed to address these problems – exploring how to automate compliance within the domain of cross-border payments.

Mandala built a PoC that featured a dynamically updated library of rule templates (a “rules engine”) that represent regulatory policies in a machine-readable manner. This makes the rules easily identifiable and centrally accessible, while also enhancing their interpretability. Similarly, ACE features a powerful “Policy Manager” rules engine, entailing an onchain component (a set of smart contracts) but also an offchain component, reflecting the necessity of interoperability with legacy systems. With consistency in mind, the Policy Manager comes “pre-loaded” with commonly required policy templates, such as rate limits (useful in limiting the damage from zero-day exploits or protecting users from their own fat-finger mistakes), allow/deny lists, role-based access controls, and so on.

Under Mandala’s procedures, counterparties need to generate a proof of compliance with relevant rules in the process of a transaction. The proof, rather than the underlying data used to create the proof, would then be included with the transaction payload. Much as Mandala minimized the recording and communicating of sensitive transactions, ACE also pursues this approach, making use of foundational Chainlink privacy standards. A key driver of this is to avoid difficulties arising from the immutability and transparency of blockchain conflicting with restrictions on the recording and handling of personal information (as in the case of PII under GDPR, for example). Another example of where the data-minimizing approach could be useful is in the application of the FATF “Travel Rule”. In this case, virtual asset service providers must collect and store various personal information about counterparties, with some transactions possibly requiring the data to be shared across entities in multiple jurisdictions, which may vary in the quality of data protections and privacy regulations. Passing proofs that the travel rule data has been gathered appropriately, and which still allow compliance to be verified, could be transformative in allowing cross-jurisdictional onchain finance.

ACE also shares other important motivations with Mandala in that both are influenced by the BIS CPMI’s efforts to promote the use of global digital unique identifiers, akin to the LEI. Indeed, Chainlink ACE has been launched in partnership with GLEIF, so as to embed best practices on digital identity.

Real-time monitoring and post-transaction audit

The transparency and decentralized nature of blockchains offers new opportunities for monitoring and auditing. While some information may remain offchain or in non-consolidated form, the ability to convey proofs and to apply multi-party computation means that the effectiveness of governance need not be impaired. ACE allows the sort of automated compliance that has long been sought by regulators (see Auer (2019)).

Various central bank pilots have explored how central banks or other regulatory agencies can retain partial oversight of transactions. In Helvetia Phase 1, infrastructure providers (SDX) were unable to see or validate the business content of transactions, while in Inthanon Phase 1, the central bank did not know the contents of the transactions even if it could check for problems such as double spends. Partial decryption of information, to allow KYC/AML oversight, was also experimented with in SARB’s Project Khokha Phase 1. Clearly, ACE’s monitoring and reporting manager provides the sort of fine-grained control that these pilots were aiming for, but for far more elaborate real-world applications.

Furthermore, ACE provides an auditable and trusted transaction log that records why each transaction was authorized or declined. This log becomes a verifiable source of truth, enabling institutions, auditors, and regulators to trace every decision made by the policy engine, whether the enforcement occurred onchain or offchain. The recorded data can then be fed into external analytics and monitoring platforms such as Chainalysis, Kaiko, and Bluprynt. These partners repackage and enrich the data to deliver dashboards, identify gaps and possible compliance breaches, real-time alerts, and detailed compliance reports.

While the BIS has undertaken important experiments on machine learning and big data methods for anti-money laundering in financial systems (notably Project Aurora and Project Hertha), Aldasoro et al (2025) emphasize the value of graphing and other big data techniques for assessing AML risks without reliance on a centralized trusted intermediary. They stress how important it is to have a consistent source of reliable data, and interoperability systems that allow this data to be used at on and off ramps between digital asset platforms and regulated financial institutions.

Holding limits

In debates around CBDC and – in the case of the UK – stablecoins, holding limits have been mooted as a possible guardrail around the scale of adoption. In the CBDC case, concerns have been raised that competition from a CBDC as an alternative digital money could disrupt commercial banks’ deposit models in destabilizing and unpredictable ways. As such, it has been suggested by some that holdings of CBDC be limited. Stablecoins, particularly if they bear yield and are backed by assets other than bank deposits, would also provide competition for commercial banks. In a recent speech, Sasha Mills of the Bank of England raised the possibility of holding limits for stablecoins, while the issue has also been raised by industry bodies.

Given the ease with which multiple wallets can be established by a given entity on a given blockchain, and the need to maintain wallets on multiple chains, there is a clear need for an identity solution, since holding limits will presumably apply at the entity, rather than the wallet level.

Looking beyond simply holding limits, any logic that requires addresses controlled by a particular entity to be treated coherently could rely on CCID’s flexible framework for representing investor identities, attestations, and credentials across multiple blockchains by storing cryptographic proofs of verified credentials.

Conclusion

The journey toward a globally integrated, onchain financial system hinges on resolving the inherent tension between rapid technological innovation and the imperatives of regulatory compliance. As demonstrated by numerous central bank and supranational pilot projects, regulators have clearly articulated the need for solutions that offer interoperability, automated policy enforcement, and privacy-preserving identity verification. The Chainlink Automated Compliance Engine (ACE) directly answers this call, not with a narrowly defined proof-of-concept, but with a holistic, production-ready suite of tools. By integrating foundational cross-chain and compliance elements, ACE provides the critical connective tissue that allows financial institutions to build and scale with confidence.

Ultimately, ACE is more than a mere compliance tool – it is an enabling platform for the future of finance. By providing a standardized and scalable framework for embedding compliance enforcement directly into the architecture of onchain assets and transactions, it removes one of the most significant barriers to institutional adoption. This allows market participants to harness the full potential of tokenization and decentralized finance—enhanced efficiency, greater accessibility, and novel market structures—without straying from the established regulatory perimeter. In doing so, ACE helps ensure that the migration of financial markets onchain is not only innovative but also safe, sound, and sustainable.

Onchain compliance, as embodied by ACE, turns compliance from a burden into a competitive advantage, empowering early adopters to lead in an increasingly transparent, automated, and interconnected financial ecosystem.