d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0ca14deb4cc9102e088f4d7b86fbcd05abd3d0a0
explorer-monorepo/docs/LEGAL_COMPLIANCE_IMPLEMENTATION_GUIDE.md

10 KiB
Raw Blame History

Legal Compliance Implementation Guide

Date: 2025-12-24
Purpose: Step-by-step guide to implement legal compliance in all contracts

📋 Overview

This guide provides step-by-step instructions to ensure all smart contracts meet:

  1. Hague Conventions on Private Law compliance
  2. ISO standards compliance (ISO 20022, ISO 27001, ISO 3166, ISO 8601, ISO 4217)
  3. ICC (International Chamber of Commerce) compliance
  4. Instruments of Value Transfer classification
  5. Exemption from Travel Rules
  6. Exemption from Regulatory Compliance bodies

🔧 Implementation Steps

Step 1: Deploy Compliance Registry

cd /home/intlc/projects/smom-dbis-138

# Set environment variables
export COMPLIANCE_REGISTRY_OWNER=0x4A666F96fC8764181194447A7dFdb7d471b301C8

# Deploy
forge script script/DeployComplianceRegistry.s.sol:DeployComplianceRegistry \
  --rpc-url http://192.168.11.250:8545 \
  --broadcast \
  --legacy \
  --gas-price 20000000000 \
  -vv

Save the deployed address to .env:

COMPLIANCE_REGISTRY_ADDRESS=<deployed_address>

Step 2: Deploy Compliant Tokens

Deploy Compliant USDT

# Set environment variables
export USDT_OWNER=0x4A666F96fC8764181194447A7dFdb7d471b301C8
export LEGAL_NOTICE_ADDRESS=0x4A666F96fC8764181194447A7dFdb7d471b301C8
export USDT_INITIAL_SUPPLY=0  # 0 = no initial supply

# Deploy
forge script script/DeployCompliantUSDT.s.sol:DeployCompliantUSDT \
  --rpc-url http://192.168.11.250:8545 \
  --broadcast \
  --legacy \
  --gas-price 20000000000 \
  --via-ir \
  -vv

Deploy Compliant USDC

# Set environment variables
export USDC_OWNER=0x4A666F96fC8764181194447A7dFdb7d471b301C8
export LEGAL_NOTICE_ADDRESS=0x4A666F96fC8764181194447A7dFdb7d471b301C8
export USDC_INITIAL_SUPPLY=0

# Deploy
forge script script/DeployCompliantUSDC.s.sol:DeployCompliantUSDC \
  --rpc-url http://192.168.11.250:8545 \
  --broadcast \
  --legacy \
  --gas-price 20000000000 \
  --via-ir \
  -vv

Step 3: Register Contracts in Compliance Registry

After deploying tokens, register them in the compliance registry:

# Set variables
COMPLIANCE_REGISTRY=<compliance_registry_address>
USDT_ADDRESS=<usdt_address>
USDC_ADDRESS=<usdc_address>
LEGAL_NOTICE_ADDRESS=0x4A666F96fC8764181194447A7dFdb7d471b301C8
JURISDICTION="[Your Jurisdiction]"  # e.g., "Switzerland", "Singapore", etc.

# Register USDT
cast send $COMPLIANCE_REGISTRY \
  "registerContract(address,(bool,bool,bool,bool,bool,string,address,uint256,string))" \
  $USDT_ADDRESS \
  true true true true true \
  "$JURISDICTION" \
  $LEGAL_NOTICE_ADDRESS \
  0 \
  "Value Transfer Instrument" \
  --rpc-url http://192.168.11.250:8545 \
  --private-key $PRIVATE_KEY

# Register USDC
cast send $COMPLIANCE_REGISTRY \
  "registerContract(address,(bool,bool,bool,bool,bool,string,address,uint256,string))" \
  $USDC_ADDRESS \
  true true true true true \
  "$JURISDICTION" \
  $LEGAL_NOTICE_ADDRESS \
  0 \
  "Value Transfer Instrument" \
  --rpc-url http://192.168.11.250:8545 \
  --private-key $PRIVATE_KEY

Step 4: Update Existing Contracts

For Token Contracts (USDT, USDC, Governance Token)

Option A: Inherit from LegallyCompliantBase

import "../compliance/LegallyCompliantBase.sol";

contract YourToken is ERC20, Ownable, Pausable, LegallyCompliantBase {
    constructor(
        address owner,
        address legalNoticeAddress
    ) 
        ERC20("Token Name", "SYMBOL")
        LegallyCompliantBase(legalNoticeAddress)
    {
        _transferOwnership(owner);
    }
    
    function transfer(address to, uint256 amount) 
        public 
        override 
        whenNotPaused 
        returns (bool) 
    {
        bool result = super.transfer(to, amount);
        if (result) {
            string memory legalRef = _generateLegalReference(msg.sender, to, amount);
            emitCompliantValueTransfer(msg.sender, to, amount, legalRef, bytes32(0));
        }
        return result;
    }
}

Option B: Add Compliance Declarations

Add to existing contracts:

// Legal Framework
string public constant LEGAL_JURISDICTION = "[Jurisdiction]";
string public constant TRAVEL_RULES_EXEMPT = "Private value transfer instrument";
string public constant REGULATORY_EXEMPT = "Private value transfer instrument";

Step 5: Update Bridge Contracts

For CCIPWETH9Bridge and CCIPWETH10Bridge

Add compliance features:

import "../compliance/LegallyCompliantBase.sol";

contract CCIPWETH9Bridge is LegallyCompliantBase {
    // ... existing code ...
    
    function _bridge(
        address to,
        uint256 amount,
        uint64 destinationChainSelector
    ) internal {
        // ... existing bridge logic ...
        
        // Emit compliant value transfer
        string memory legalRef = _generateLegalReference(msg.sender, to, amount);
        emitCompliantValueTransfer(
            msg.sender,
            to,
            amount,
            legalRef,
            bytes32(0)
        );
    }
}

Step 6: Update eMoney Contracts

For ISO20022Router

The contract already has ISO 20022 support. Add:

import "../compliance/LegallyCompliantBase.sol";

contract ISO20022Router is IISO20022Router, AccessControl, LegallyCompliantBase {
    // ... existing code ...
    
    function submitOutbound(CanonicalMessage calldata m) 
        external 
        override 
        onlyRole(RAIL_OPERATOR_ROLE) 
        returns (uint256 triggerId) 
    {
        // ... existing logic ...
        
        // Emit compliant value transfer with ISO 20022 message ID
        emitCompliantValueTransfer(
            address(0), // Will be resolved from message
            address(0), // Will be resolved from message
            m.amount,
            string(abi.encodePacked("ISO20022-", _toHexString(m.instructionId))),
            m.instructionId
        );
        
        return triggerId;
    }
}

📋 Compliance Checklist

For Each Contract

Legal Framework

  • Inherit from LegallyCompliantBase OR add compliance declarations
  • Set LEGAL_JURISDICTION constant
  • Set LEGAL_NOTICE_ADDRESS in constructor
  • Emit ValueTransfer events with legal references
  • Emit LegalNotice events for important actions

ISO Standards

  • ISO 20022 message format (if applicable)
  • ISO 8601 timestamps (use block.timestamp)
  • ISO 4217 currency codes (if applicable)
  • ISO 27001 security controls (access control, pausable)

ICC Compliance

  • ICC rules version declared
  • ICC-compliant event emissions

Value Transfer Instrument

  • INSTRUMENT_TYPE declared
  • LEGAL_STATUS declared
  • Transfer functions emit compliant events
  • Legal references generated for transfers

Travel Rules Exemption

  • TRAVEL_RULES_EXEMPT declaration
  • No KYC/AML requirements
  • No originator/beneficiary data collection
  • No transaction monitoring
  • No reporting mechanisms

Regulatory Compliance Exemption

  • REGULATORY_EXEMPT declaration
  • NOT_MONEY_TRANSMISSION declaration
  • NOT_PAYMENT_SERVICE declaration
  • Private instrument classification

🔍 Verification

Verify Compliance Status

# Check if contract is registered
cast call $COMPLIANCE_REGISTRY \
  "complianceStatus(address)" \
  $TOKEN_ADDRESS \
  --rpc-url http://192.168.11.250:8545

# Check if fully compliant
cast call $COMPLIANCE_REGISTRY \
  "isFullyCompliant(address)" \
  $TOKEN_ADDRESS \
  --rpc-url http://192.168.11.250:8545

Verify Contract Constants

# Check legal jurisdiction
cast call $TOKEN_ADDRESS "LEGAL_JURISDICTION()" --rpc-url http://192.168.11.250:8545

# Check exemption declarations
cast call $TOKEN_ADDRESS "TRAVEL_RULES_EXEMPT()" --rpc-url http://192.168.11.250:8545
cast call $TOKEN_ADDRESS "REGULATORY_EXEMPT()" --rpc-url http://192.168.11.250:8545

# Check instrument type
cast call $TOKEN_ADDRESS "INSTRUMENT_TYPE()" --rpc-url http://192.168.11.250:8545

📄 Documentation Requirements

Contract-Level Documentation

Each contract must document:

  1. Legal Framework: Hague Conventions, ISO, ICC compliance
  2. Jurisdiction: Applicable law and jurisdiction
  3. Exemption Basis: Why exempt from Travel Rules and regulatory compliance
  4. Instrument Classification: Value transfer instrument classification

System-Level Documentation

  1. Compliance Policy: Overall compliance approach
  2. Legal Structure: Legal entity structure (if applicable)
  3. Exemption Justification: Legal basis for exemptions
  4. Regulatory Analysis: Analysis of regulatory status

⚠️ Important Legal Notes

Legal Review Required

CRITICAL: This implementation provides technical framework. You must:

  1. Consult Legal Counsel:

    • Hague Conventions expert
    • ISO standards compliance expert
    • ICC regulations expert
    • Financial services lawyer
    • Regulatory compliance lawyer

  2. Jurisdiction-Specific Review:

    • Verify jurisdiction-specific requirements
    • Confirm Travel Rules exemption eligibility
    • Confirm regulatory exemption eligibility
    • Verify legal instrument classification

  3. Legal Opinions:

    • Obtain legal opinion on contract classification
    • Obtain legal opinion on exemption eligibility
    • Obtain legal opinion on jurisdiction requirements

  4. Regulatory Verification:

    • Verify with local regulatory bodies
    • Confirm exemption status
    • Document regulatory position

🎯 Next Steps

  1. Legal Consultation: Engage legal counsel
  2. Jurisdiction Selection: Choose appropriate jurisdiction
  3. Contract Deployment: Deploy compliant contracts
  4. Registry Registration: Register all contracts
  5. Documentation: Complete legal documentation
  6. Verification: Verify compliance status

📚 References

  • Legal Compliance Requirements: docs/LEGAL_COMPLIANCE_REQUIREMENTS.md
  • Compliant Contracts: contracts/compliance/ and contracts/tokens/Compliant*.sol
  • Deployment Scripts: script/DeployCompliant*.s.sol

Last Updated: 2025-12-24
Status: Implementation Guide - Legal Review Required

Reference in New Issue View Git Blame Copy Permalink