search
Fairway home

Decentralized Vaults

Fairway Vaults are off-chain, decentralized storage environments for KYC/AML data. They ensure compliance with FATF standards and GDPR/eIDAS while enabling privacy-preserving, proofs of compliance.

hashtag
Compliance Context

hashtag
FATF & AML Requirements

  • Customer Due Diligence (CDD) β†’ Collect and verify customer identity documents.

  • Record Keeping β†’ Maintain records for 5–10 years, available for regulators on request.

  • Sanctions Screening β†’ Check against updated lists (UN, OFAC, EU, local).

  • Ongoing Monitoring β†’ Reassess at regular intervals or when risk events occur.

hashtag
KYC Regulations

  • Document Verification (passport, national ID, proof of address).

  • Risk-based Approach β†’ Different levels (KYC1, KYC2, Enhanced Due Diligence).

  • Accreditation/Eligibility β†’ Investor class checks for RWA access.

hashtag
GDPR / eIDAS

  • Data Minimization β†’ only necessary data collected.

  • Right to Erasure / Portability β†’ users can revoke and migrate.

  • Encryption & Scoped Access β†’ Vault encrypts data at rest and in transit.

  • Separation of Concerns β†’ Vault handles PII; blockchains only handle proofs & commitments.

hashtag
Architecture

hashtag
Data Lifecycle

  1. Collection β†’ user submits KYC docs to Vault (off-chain, encrypted).

  2. Verification β†’ Cloud Agent validates docs (document checks, sanctions screening, AML rules).

  3. Proof Generation β†’ Witness calls Cloud Agent and Compact circuit produces ZK-proof bound to a wallet address.

  4. Recording β†’ Proof stored as a UTXO on Midnight (immutable audit trail).

  5. Reference β†’ Merkle roots (Cardano) or EAS attestations (EVM) include midnight_ref and Fairway signature.

  6. Usage β†’ dApps only check eligibility flags; no direct access to PII.

hashtag
Data Model (Vault Entry)

hashtag
Compliance Properties

  • FATF R.10 / R.11 (Recordkeeping) β†’ Vault maintains secure audit trail; regulators can request full trace via midnight_ref.

  • AML Directives (AMLD5/6, EU) β†’ sanctions screening + enhanced due diligence supported by Vault Agent workflows.

  • GDPR Articles 5 & 25 (Minimization, Privacy by Design) β†’ only commitments/flags on-chain, never PII.

  • eIDAS β†’ cryptographic signatures and proofs meet EU electronic trust service requirements.

  • Auditability β†’ any midnight_ref can be checked against Vault + Issuer records under regulator supervision.

hashtag
What Vaults Are (and Are Not)

  • βœ… Are β†’ encrypted, decentralized KYC data stores aligned with FATF/AML/GDPR.

  • ❌ Are Not β†’ on-chain databases (no PII ever published).

  • ❌ Are Not β†’ public APIs for dApps (only the Witness Agent reads them).

  • ❌ Are Not β†’ proof stores (ZK-proofs live on Midnight).

hashtag
Benefits

  • Privacy-first β†’ regulators can audit, but protocols see only β€œYES/NO”.

  • Regulatory alignment β†’ satisfies FATF, AMLD, KYC, GDPR/eIDAS simultaneously.

  • Future-proof β†’ Vault workflows adapt to new directives (e.g., FATF Travel Rule, MiCA).

  • Trust-minimized β†’ Fairway signature + Midnight proofs decouple compliance checks from raw data custody.

hashtag
Next Steps

  • See Witnesses β†’ how Cloud Agents read Vaults and generate proofs.

  • Learn Zero-Knowledge Proofs (Midnight).

  • Explore Compliance Guides for regulator mapping.

PreviousZero-Knowledge Proofs (Midnight)NextTrust Registries

Last updated

Was this helpful?