Blockdaemon Blog

Tempo: Automating Compliance on Public Ledgers

By:
Dean
Hanson
&

Regulated financial institutions cannot afford the compliance risks associated with fully permissionless systems that lack native access controls. Retrofitting KYC/AML rules and freezing capabilities onto existing smart contracts is often costly and technically fragile.

Tempo is a payments‑first blockchain designed for regulated institutions that need both the benefits of public ledgers and the control of traditional financial systems. Instead of treating compliance as an afterthought layered on top of generic tokens, Tempo bakes policy enforcement into the way regulated assets are issued and moved on‑chain.

Today’s public chains were not built with KYC, AML, sanctions, or freezing requirements in mind.

Address lists, case management, and exception handling tend to live in off‑chain systems, while the assets themselves move on ledgers that anyone can use, often pseudonymously. The result is a permanent gap between what regulation demands and what the chain can actually express.

Tempo’s native standards, TIP‑20 for tokens and the TIP‑403 policy registry, aim to close that gap.

They give institutions a way to express who is allowed to do what with a given asset, and under which conditions, directly at the protocol level. This post looks at why that matters, how it works conceptually, and what teams can already test today while Tempo is in public testnet.

The Compliance Gap on General-Purpose Chains

After architecture, treasury, and operations have evaluated a new settlement network, one final group must sign off before any real deployment can happen: compliance.

For institutions like GlobalPay, the multinational payment processor introduced earlier in this series, the question is not whether a blockchain works technically. It is whether it can enforce the same regulatory controls they operate under today.

They cannot adopt a new settlement rail that weakens their KYC, AML, or sanctions posture, or introduces fragile admin keys and ad hoc controls. When a regulated institution such as GlobalPay issues a stablecoin or similar asset on a typical public chain, it usually has to bolt compliance on from the outside:

  • KYC happens in the institution’s own systems, with whitelists or blocklists maintained in an internal database.
  • Smart contracts are retrofitted with ad hoc controls, such as pausing transfers or allowing an admin to claw back funds.
  • Investigations and law enforcement requests require manual intervention through powerful “super admin” keys that are both risky and operationally fragile.

This creates several problems for risk and compliance teams:

  • Operational risk, because compliance logic depends on off‑chain processes that must stay in sync with on‑chain state.
  • Key risk, because highly privileged admin keys become single points of failure and insider‑risk hotspots.
  • Inconsistent controls, because every new contract may implement its own pattern, making it hard for regulators and partners to reason about how assets behave.

It does not feel like a robust control framework. It feels like a series of workarounds that just happen to touch a blockchain.

Tempo’s Approach: Policy as a First-Class Concept

Tempo treats “who can do what with this token” as a first‑class concern rather than an application‑level detail. The core ideas:

  • TIP‑20 tokens carry role‑based access control and policy hooks by design.
  • A policy registry, TIP‑403, defines and stores reusable compliance rules that tokens and applications can reference.
  • Enforcement happens at the token‑standard or protocol level, not only in bespoke application logic.

For GlobalPay, that means a regulated stablecoin or on‑chain balance is not just “an ERC‑20 with a pause function”. It becomes an asset that understands concepts such as:

  • Only KYC’d addresses from approved jurisdictions may hold or receive this token.
  • Specific compliance operators may freeze or claw back balances under defined circumstances.
  • Transfers above certain thresholds require additional approvals or must go through particular counterparties.

The institution defines these rules once, then issues and manages assets that inherit them, instead of re‑implementing controls for each new corridor, partner, or smart contract.

TIP‑20: Tokens with Built-In Roles and Controls

Conceptually, TIP‑20 extends a familiar fungible token model with:

  • Roles for issuers, distributors, compliance officers, and ordinary holders.
  • Transfer checks that fire before a transfer is allowed, evaluating relevant policies such as jurisdiction, KYC status, and limits.
  • Standardised administrative actions for freezing, unfreezing, and clawing back tokens when required by law or policy.

Applied to GlobalPay:

  • GlobalPay’s treasury or issuing desk is assigned the issuer role for their on‑chain stablecoin or settlement token.
  • GlobalPay’s compliance function is assigned specific roles for enforcement actions, with clear separation from day‑to‑day operations.
  • Merchants, payout partners, and end‑customers hold the token with a standard holder role, subject to the configured policies.

Instead of bespoke “god mode” contracts, they get a consistent, well‑documented pattern. Issued tokens behave in predictable ways that map onto existing lines of responsibility.

TIP‑403: A Policy Registry for GlobalPay’s Rules

TIP‑403 complements TIP‑20 by providing a registry where policies live as structured, on‑chain objects:

  • Policies encode rules such as “only allow transfers if both sender and receiver are approved customers” or “block transfers to addresses matching this sanctions list”.
  • TIP‑20 tokens and compliant applications reference policies by ID, rather than hard‑coding all the logic themselves.
  • Policies can be updated or replaced under governance, with changes visible and auditable to relevant stakeholders.

This lets GlobalPay separate concerns:

  • Legal and compliance define policies that reflect internal standards and regulatory obligations.
  • Engineering wires TIP‑20 tokens and payment applications to those policies, without re‑implementing rules every time.
  • Audit and risk review both transaction history and the active policy set that governed those transactions.

Instead of a proliferation of one‑off admin functions across many contracts, they get a single, coherent policy layer that all on‑chain products can plug into.

A Concrete Scenario: GlobalPay’s Regulated Stablecoin

Imagine GlobalPay sponsoring or operating a regulated settlement token for institutional clients and payout partners:

  • They issue a TIP‑20 token that designates GlobalPay as issuer and GlobalPay Compliance as the administrator for enforcement actions.
  • They register policies in TIP‑403 that define who can hold the token, how transaction limits work, and which addresses can be frozen under what conditions.
  • They configure the token to reference these policies before any transfer or administrative action is executed.

Day to day, when a client sends this stablecoin on Tempo:

  • The token checks that both sender and receiver satisfy the relevant policies.
  • If a rule is violated, the transfer simply does not execute.
  • If regulators require a specific address to be frozen, a GlobalPay compliance officer uses their designated role to apply that action via standard functions, with all changes recorded on‑chain.

For GlobalPay, this behaves much closer to managing accounts and balances in their existing systems, with the difference that the policy engine is now shared and verifiable on a public ledger.

What GlobalPay-Style Institutions Can Test on Tempo Testnet

While Tempo is in public testnet, institutions can already explore this model without touching real customer funds:

  • Prototype TIP‑20 style tokens representing internal “play money” or test stablecoins wired to policies that mimic real KYC and AML frameworks.
  • Experiment with different role structures, such as who can issue, who can freeze, and who can update policies, and check they align with segregation‑of‑duties requirements.
  • Dry run regulatory scenarios, for example freezing an address, executing a court‑ordered clawback, or enforcing new jurisdictional restrictions, using test assets.
  • Involve internal audit, legal, and risk early to review how on‑chain policy definitions and enforcement paths align with existing control frameworks.

By the time Tempo is ready for mainnet, teams like GlobalPay’s will not be starting from scratch. They will have a concrete, tested view of how their specific compliance obligations can be expressed as first‑class objects on a public ledger and where they want additional governance or monitoring on top.

Interested in reading more on Tempo?

Share

Get Started with
Blockdaemon Today!

Contact us to learn how we can help you power your blockchain business.

Unparalleled Security & Compliance
Seamless Integration & Scalability
Dedicated Customer Support
mpc wallets & vaults
Institutional VaultBuilder VaultEnterprise KMS
Staking
Staking APIsStaking AppRestakingLiquid StakingReporting APIValidatorsEarn Stack
Nodes & APIs
Chain WatchWallet TransactRPC APIDedicated NodesDeFi API
Protocols
Aave
Aleo
Algorand
Aptos
Arbitrum
Arc
Avalanche
All Protocols
Company
FoundationsAbout UsCareersPartnership Program
Expertise
SecurityInfrastructure
Buzz
BlogResourcesNewsletterPressMedia Kit
documentation
All Documentation REST APIsInstitutional VaultBuilder VaultDeFi API
Support
FAQsSupportSystem Status
Vulnerability Disclosure Program PolicyTerms & ConditionsCookie PolicyPrivacy PolicyGovernance Policy
Connect with blockdaemon
Newsletter
Sign up for our newsletter to receive the latest news and product updates.