This repository has been archived by the owner on Jun 22, 2021. It is now read-only.
Compliance protocol clarifications - how is it enforced? #230
Assignees
Projects
Comments
|
The compliance protocol is intended to be used between FIs.
|
|
I guess this also has the implication that the FIs tightly control people/entities that are allowed to use non-managed accounts on Stellar network to setup trade offers on the distributed exchange, etc. Since it's impossible for the average user to transfer money out to a random account. |
|
Closing this out, as there isn't anything sufficient to document. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The compliance documentation leaves quite a few holes into how the actual protocol is expected to be uses in real world and/or enforced.
The documentation starts out that as a FI I want to know where the money is coming from. But the implementation kind of only provides a way to enforce getting information about where the money is going to. For example there is nothing stopping me to skip the auth part. After I've resolved the payment address to account id I could just send the payment and the receiver would be none the wiser regarding who actually sent it.
Is all wallet software expected to implement the compliance check to some extent?
When the sender requires proper compliance implementation, how is it handled when the user tries to send something directly to an account id. Will the home domain of the account be used for the compliance check?
Would being compliant also mean that depositing/withdrawing money from/to a non-managed account should be disabled by the wallet provided by the financial instutite? Otherwise all of this compliance layer becomes kind of uselesss. User A withdraws to non-managed account; sends to user B's non-managed account; User B deposits to their managed FI account.
The text was updated successfully, but these errors were encountered: