Blockchain Wallet RFP Template: Questions for Treasury and Supply Chain Teams

A Practical, Vendor-Agnostic RFP Template for Evaluating Enterprise Wallet Solutions

Are you looking into enterprise wallet solutions for your treasury and supply chain processes? Well, check this out! We’ve got an updated RFP template for you that’ll come in handy in 2025. It takes into account all the latest changes in regulations, accounting practices, and technology. You’ll be set up for success! Check out the questions below to compare different providers based on important factors such as security, compliance, ERP integration, and the latest post-Dencun L2 economics. This will help you see how they stack up against each other!

Key Evaluation Questions

Security

Hey! What kind of security measures do you guys use to keep user data and assets safe? Sure! Can you share some information about your incident response plan? I'm really interested in how you handle things when something goes wrong. So, what kind of encryption standards do you use when it comes to storing and sending data?

Compliance

So, how do you keep up with the latest regulations in our field? What steps do you take to make sure we're staying compliant? Sure! Do you want to know about any certifications or audits I've gone through? I'd be happy to share those details with you! So, when it comes to data privacy and user consent, we take it pretty seriously. We make sure to handle all the info with care and prioritize keeping your data safe. We’re all about transparency, so we provide clear details about what data we collect and how we use it. Plus, we always ask for your consent before gathering any personal information. It’s really important to us that you feel comfortable and in control of your data!

ERP Integration

So, which ERP systems can you work with, and how smooth is the whole integration process? Sure! Could you share a few examples of past collaborations you've had with companies that are kind of like ours? It would be great to see how you've worked with similar businesses in the past!

What kind of support can I expect from you while we’re integrating and once it’s all set up?

Post-Dencun L2 Economics

So, how do your fees and transaction costs stack up against other wallet options out there? So, what kind of long-term financial perks can you expect from using our solution? So, how do you see yourself adjusting to the changes coming in the L2 landscape?

Don’t hesitate to modify these questions however you want, and best of luck in your search for the right provider! You've got this!

Why this template now (and what changed in 2024-2025)

So, Ethereum's Dencun upgrade went live on March 13, 2024, and it brought with it something pretty cool--EIP-4844 “blobs.” These little guys really made a difference by cutting down data costs for rollups quite a bit! This really brings Layer 2 fees down to a whole new level of affordability! This change is a total game-changer, especially when it comes to on-chain settlements, micropayments, and all those high-volume reconciliations. When you're putting together budgets and policies, it's a good idea to think of private/L2 routing as your go-to option. (thehemera.com).

So, here's the scoop: FASB ASU 2023‑08 is a pretty important update that says businesses need to start using fair-value accounting for certain crypto assets. This change will take effect for fiscal years starting after December 15, 2024. When you're working on your RFP, don't forget to include a few key things. Be sure to ask for period-end valuations, support for lot-level disclosures, and, of course, those crucial audit trails at fair value. These details really matter! (dart.deloitte.com).

In the EU, some big changes are on the horizon! The new rules for stablecoins, part of MiCA, will take effect for ARTs and EMTs on June 30, 2024. Plus, the EBA is launching its “travel rule” guidelines starting December 30, 2024. Mark your calendars! Hey, just a quick reminder to touch base with the issuers and custodians. You’ll want to get the scoop on their authorization status, find out about their redemption service level agreements (SLAs), and see how they’re managing data in line with MiCA/TFR. (eba.europa.eu).

Hey there! Just a heads up: the IRS has wrapped up its 1099-DA broker reporting. What that means is that starting January 1, 2025, we'll see gross proceeds for transactions kicking in. Plus, for certain transactions, the basis reporting will begin on January 1, 2026. So, mark your calendars! It's definitely a smart move for Treasury teams to make sure that exports follow these new guidelines. (irs.gov).

In the world of pharmaceuticals and logistics, visibility is really getting a fresh upgrade. So, the FDA has officially shifted its DSCSA package-level interoperable tracing from that initial “stabilization” phase to some major enforcement stages. These changes are set to roll out gradually over the next couple of years, all the way through 2025. Exciting times ahead! Just a quick note for you--if you're using wallets for EPCIS 2, keep this in mind! To make sure everything runs smoothly, the event signing and data exchange have to clear the audits. (fda.gov).

Hey, guess what? Trade documentation is going digital! Companies that are part of DCSA are all set to roll out a fully electronic bill of lading (eBL) by 2030. They even pulled off their first standards-based interoperable eBL transaction back in May 2025. Exciting times ahead! When you're putting together your RFP, don’t forget to throw in some questions about eBL signing and registry integrations. It’s definitely worth exploring! (dcsa.org).

How to use this RFP

Let’s start off with some basic questions that are relevant to any enterprise wallet, no matter the specifics.

And hey, make sure to add in the treasury and/or supply chain sections that are specific to your needs. They’re super important for the use cases you’re working with!
And don’t forget to use the scoring rubric we’ve provided at the end to evaluate the responses! It's super helpful for keeping everything on track. This will help you get everything in sync with what you’re comfortable with in terms of risk and when you want to launch.

Section A -- Cross‑functional baseline (security, architecture, governance)

Managing Your Keys and Setting Up Your Wallet. Could you get in touch with the vendors and request their architectural runbooks and independent attestations for each item? Thanks!

Signing Models in Production: I’m curious about the signing models you all actually use in practice. Do you go for MPC threshold signing (you know, that t‑of‑n setup), on-chain multisig, contract-based smart accounts (like EIP‑4337), or maybe something like co‑custody? And while you’re at it, could you throw in the algorithms you're using? Like, do you stick with secp256k1 ECDSA, or do you lean more towards Ed25519/EdDSA? Also, how flexible are those threshold parameters? I’m interested in how they can be tweaked based on your policies. Hey, don’t forget to take a look at the NIST threshold cryptography roadmap! It’s a great resource. It might be worth discussing how your design aligns with their goals, especially when it comes to distributing trust and steering clear of those pesky single points of failure. It's all about creating a more resilient system together! (csrc.nist.gov).
MPC Key Shares: So, when it comes to MPC, where do those key shares actually live? Are they hanging out on an HSM, tucked away in an enclave, stored in a mobile secure element, or even chilling in a cloud KMS? And do you ever bring those shares back together? I’d love to hear about your methods for keeping things secure and how you go about managing quorum-attestation controls.

Hey there!

Regarding HSM custody, could you share the current CMVP certificate numbers and their security levels? Also, are these modules truly FIPS 140-3 validated? It would be super helpful if you could include links to the Security Policies and the validation status page too. Thanks! (csrc.nist.gov).

Smart-Account Features: So, do you support ERC‑4337 entry points, paymasters, and session keys? And what about those modular standards, like ERC‑7579 or ERC‑7484 module registries? They're pretty essential for keeping vendor lock-in to a minimum. (eips.ethereum.org).
Isolation and Blast Radius: So, how do you handle separating the hot, warm, and cold paths? Have you got everything in place for per-entity vaults, complete with spending limits, velocity controls, and deny-lists?
Recovery Procedures: Hey there! Could you share some detailed runbooks for different scenarios we might run into? I’m talking about (a) if someone loses a device, (b) issues with share corruption, (c) cases of insider collusion below the threshold, (d) any ransomware or compromise situations, and (e) what to do in case of cloud region failures. Also, it would be great to know your Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). Oh, and please throw in when you last did a full failover test and how that went! Thanks a bunch!

2) Policy Engine and Transaction Controls

If you want to keep your operations running smoothly, you really can’t overlook the importance of the policy engine and transaction controls. They're key players in making everything work like a well-oiled machine! Alright, let’s dive into how they actually work and why they’re important.

What is a Policy Engine?

Think of a policy engine as the brain that powers all your operational rules. It lets you set up, manage, and enforce rules that dictate how your system should act in various situations. No matter if you’re looking to boost security, stay compliant, or manage your workflow, this tool really helps keep everything running smoothly.

Why Are Transaction Controls Important?

Transaction controls are really just about keeping your activities safe and sound. They make sure that all transactions are legit and have the green light, which really helps keep fraud at bay and maintain the integrity of the data. Imagine them as the security guards for your system, always keeping an eye out for anything that seems off.

Key Benefits

1. Boosted Security: Thanks to a solid policy engine, you can create rules that kick in automatically when there are potential threats.

2. Compliance Assurance: Stay on top of regulations by weaving compliance checks right into your transactions. It’s a smart way to make sure everything stays on track!

3. Boosted Efficiency: By automating policy enforcement, your team gets to spend more time on the stuff that really matters.

4. Flexibility: You can easily tweak your policies whenever your business needs shift.

Getting Started

If you want to set up a policy engine and transaction controls in your operations, here’s a simple roadmap to get you started:

1. Set Your Policies: What kind of rules do you want to put in place? Just keep them straightforward and easy to understand.

2. Pick the Right Tools: When you're on the hunt for software, make sure to find ones that have solid policy management features.

3. Check Your Controls: Give those simulations a spin to see if everything's running smoothly. Don’t hesitate to make adjustments along the way!

4. Get Your Team on the Same Page: It’s super important that everyone knows the policies inside and out and understands how to stick to them.

If you're looking for deeper insights, take a look at this link that breaks down the best practices for adding policy engines to your system. It’s a great resource! If you want to keep your transactions safe, you should definitely check out this resource on transaction control measures. It's got some great tips!

By incorporating these elements, you’ll not only beef up your operational setup but also create a safer and more compliant atmosphere.

Is it possible for us to create policies using a human-friendly coding format (like a DSL) that makes it super easy to see differences and get approvals? Also, do you offer support for conditional policies that take into account things like assets, different chains, time frames, locations, and counterparty risk scores? How about we take a shot at simulating transactions before they actually go live? This would mean being aware of the different forks out there, highlighting any state differences, and also giving some solid reasons if something needs to be reverted. And don’t forget, there are automatic checks against blocklists, like the OFAC SDN, among others, and they come with archive-ready evidence hashes. Pretty neat, right? (ofac.treasury.gov).
Are there any ways to do private transaction routing? I'm thinking along the lines of Flashbots Protect or bloXroute for private transactions, and it would be cool to have the option to move to the public mempool after a set number of blocks. We also need to set up the useMempool and timeouts, plus we should put together a list of the builders that we support. (docs.flashbots.net). So, have you thought about how we can make Layer 2 costs more efficient, especially now that we have those post-EIP-4844 blobs in play? It’s a good idea to look into things like batching transactions, using gas sponsorship with paymasters, and finding ways to handle those annoying spikes in blob fees. It’d be awesome to check out the historical fee data and get a glimpse of the routing logic behind it all. (thehemera.com).

3) Compliance and Auditability

Staying on the right side of the rules is super important, and that's where compliance and auditability come into play.

So, what’s Compliance all about? Essentially, it's about following the rules and regulations that are specific to your industry. It's like playing by the book to make sure everything runs smoothly! Basically, this means you need to stick to the rules laid out by government agencies or industry standards. It's all about making sure you’re doing things the right way--both legally and ethically.
Why Auditability is Important: It’s all about being able to keep tabs on your processes and make sure they’re legit. If you can demonstrate that your decisions are in line with your compliance efforts, you're on the right track! It's really important to be open and honest, and to have some proof to back up what you're saying.

To simplify things a bit, picture compliance as your roadmap and think of auditability like your GPS guiding you along the way. You really need both to help you navigate the tricky world of regulations.

If you want to explore further, take a look at these handy links:

So, when it comes down to it, making sure your operations are compliant and easy to audit isn’t just something you do to tick a box. It’s really important for earning the trust of your customers and stakeholders.

Travel Rule: Let's see how your system vibes with the IVMS101 schema and gets along with other open protocols like TRISA and TRP. This involves using mTLS, doing some certificate pinning, and running directory lookups. Hey, just a quick reminder to make sure you include proof of those successful interoperability tests! You can find everything you need over on GitHub. Happy coding!
EU TFR compliance: So, how are you planning to implement the EBA guidelines that are coming into play by December 30, 2024, especially regarding the info that needs to accompany crypto-asset transfers? Don’t forget to align your data fields with what the guidelines specify! For more details, check out the EBA website. It’s got all the info you might need!
Sanctions program: Could you let us know how you go about screening? So, what sources do you rely on, like SDN and those consolidated lists? How often do you refresh that info? What are the match thresholds you’re using, and what's the process for escalating issues according to OFAC’s guidance on virtual currency? If you want to dive deeper into this, check out the details over at OFAC.
High-risk flow controls: Can you spot and flag any activity involving mixers? Do you think you could meet FinCEN's NPRM requirements for reporting on CVC mixing if those regulations are finalized? Make sure to explain how you gather and document the evidence. Learn more at FinCEN.
Logs and evidence: Make sure you’ve got those solid, unchangeable audit logs that are tough to tamper with and come with cryptographic timestamps. They really add that extra layer of security! Make sure you're keeping everything in line with the specific rules of your jurisdiction, and don’t forget to have your SOC 2 Type II and ISO/IEC 27001:2022 reports ready to roll!

Section B -- Treasury RFP questions (payments, liquidity, reporting)

Let's talk about stablecoins - their coverage, how they're issued, and how they get redeemed.

So, which fiat-backed stablecoins do you support right out of the box? I’m thinking along the lines of USDC, EURC, PYUSD, and maybe a few others? Also, can you tell me what networks they're available on? I’m curious about things like the Ethereum mainnet, L2s, Solana, and any other platforms you've got in mind. Hey team! Just a quick note for our EU clients--let’s double-check whether the issuer is officially recognized under MiCA as an EMI, like Circle SAS, for instance. Also, we should look into what redemption options are available based on their terms. Thanks! Oh, and make sure to include the SLAs for minting and redeeming that are specific to each region. It's important! Hey, you should definitely take a look at this CNBC article. It dives into some pretty interesting stuff about Circle getting a French license for their stablecoin. You'll find all the juicy details there!

What’s your strategy for fungibility when you’ve got tokens coming from both EU and non-EU players, like those EMTs under MiCA? How do you make sure that EU redemption rights are protected? I’d really like to dig into how you handle this--what your process looks like, what kind of disclosures you put out there, and how you go about choosing your counterparties. For some deeper insights, check out this article from Reuters. It's got some interesting info on the EU's investigation into stablecoins and the safety net for holders. You can find it here. Happy reading!

Hey, just wondering if you have any policies set up to manage maximum counterparty risk limits for transfers, as well as any rules about denying non-authorized stablecoins in the EU?

2) Payments Operations (On/Off-Ramp, ERP, and Bank Connectivity)

So, when we start chatting about payment operations, we're really getting into a few important areas: on and off-ramps, ERP systems, and the way we link up with banks. Let’s break it down:.

On/Off-Ramp: Think of this as the entrance and exit points for your cryptocurrency. It’s what allows you to swap your crypto for good old-fashioned cash and the other way around. It's kind of like a connection that links the online and offline sides of finance.
ERP: So, think of Enterprise Resource Planning systems as a way to connect all the different processes within a business. They make it easier for everything to work together smoothly. They’re all about keeping things running smoothly, handling everything from supply chain logistics to financial reporting. This way, businesses can focus on what they do best without any hiccups.
Bank Connectivity: This is super important for smooth transactions. It's all about connecting payment systems straight to banks to make transferring money super smooth. This way, everything goes off without a hitch!

These elements come together to simplify and speed up money transfers, making things a lot easier in our fast-paced world.

Hey there! Quick question about your ERP integration - do you have any built-in connectors or APIs for SAP, Oracle, and Netsuite? I’m particularly interested in SAP. Can you link up with the Digital Currency Hub using SAP Multi-Bank Connectivity? Also, just wondering if you support importing statements and if you can manage partner address books too. Oh, and could you let me know which stablecoins and networks you support, as well as the statement formats you work with? Thanks! (sap.com).

On/Off-Ramp Partners and Bank Rails: So, what are the deadlines for settling transactions? Are there any pre-funding needs we should know about? Also, what formats do you use for reconciliation files--like ISO 20022 CAMT, CSV, or JSON?
Cross-Border: When it comes to transactions, do you usually go for private ones or stick to L2 routing? I'd love it if you could share some info on what kind of end-to-end latency we can expect, plus the costs per payment for common amounts like $100, $10k, and $1 million. Oh, and if you could throw in the assumptions behind your numbers, that’d be super helpful!

3) Accounting and Tax Reporting

When you're trying to get your finances in order, keeping an eye on accounting and tax reporting is super important. Alright, let’s dive into what you really need to know.

Accounting Basics

Having a strong accounting system is really the foundation of your business. It’s a great way to stay on top of your income and expenses, giving you a clearer picture of your overall financial situation. Let’s go over a few important things to think about:

Keeping Records: It's super important to jot down all your financial transactions accurately. Trust me, it’ll save you a ton of headaches down the road! This covers everything from sales and expenses to any other financial transactions happening.
Financial Statements: Make sure to create financial statements regularly, such as balance sheets and income statements. These documents really help you get a sense of how your business is performing.

Tax Reporting Essentials

Tax season can definitely be a pain, but if you stay organized throughout the year, it’ll make things so much smoother. Alright, let’s get into the key points you should really pay attention to:

Get Familiar with Your Responsibilities: It’s super important to know what tax rules apply to your specific type of business. Different types of businesses, like LLCs and corporations, come with their own set of rules and regulations.
Deductions and Credits: Don’t forget to look for any deductions and credits that might help you save some cash!
You can think about a bunch of things here, like business expenses, deductions for your home office, and so on.

Helpful Resources

Hey, if you want the latest scoop on taxes, just hop over to the IRS website. They keep everything super current!

You might want to check out accounting software such as QuickBooks or FreshBooks. They can really help make your record-keeping and reporting a lot easier!

Keeping up with your accounting and tax reporting isn’t just about avoiding chaos when tax season rolls around--it’s a great way to get a handle on your business's financial health, too. Plus, you’ll feel way more relaxed when it’s time to file!

ASU 2023-08: We’ve got to provide proof for fair-value measurements at the end of the period, explain how gains and losses affect net income, and make sure we include all the necessary disclosures. This covers info like the asset's name, how many units there are, the cost basis, the fair value, and any restrictions that might apply to that specific asset. Just a quick reminder to make sure you send over the export schemas and the SOX controls when you can! Thanks! Take a look at this link: dart.deloitte.com. It’s got some interesting info!
1099‑DA Prep (US): Alright, let’s gear up for the 2025 gross-proceeds exports and figure out how to line up the 2026 basis fields with the IRS boxes. It's super important to back up client-side reconciliations and keep those audit trails in good shape. Just a heads-up to remember any transition relief stuff and the TIN matching processes you’ve got going on. More info here: irs.gov.
Close Automation: We need to share those period-end snapshots, pull together the data from all our entities, show the FX rates, and lay out the different lot-level PnL methods, such as FIFO or specific IDs.

4) Liquidity and Risk

When it comes to investing, you really need to get a good grasp on liquidity and risk. These two concepts are key players in the investment game, and understanding them can make a big difference in your decision-making. Let’s take a closer look at them.

Liquidity is all about how quickly you can turn an asset into cash without causing a big change in its value. Here’s how to think about it: when you’re in a crunch to sell something fast, you really want to make the process smooth and avoid losing too much money in the process. Let’s break down the various types of assets and how easily you can turn them into cash.

Cash: It's super convenient! You can use it whenever you want.
Stocks: They’re generally pretty easy to buy and sell, but it really depends on what's happening in the market at the time.
Real Estate: It's not exactly the easiest thing to cash in on quickly. Selling a house isn’t usually a quick process. It often requires a good amount of time and patience.
Collectibles: These can be a bit of a challenge. It could take some time to find someone who's interested in buying it.

On the flip side, risk is really just about the chance that you might lose some cash or not see the returns you were hoping for. When you're aiming for bigger returns, you usually have to be ready to take on more risk. So, here’s a quick overview of how various investments usually stack up:

Government Bonds: These are usually a safe bet, offering consistent returns over time.
Stocks: They're a bit risky, but you might end up with some pretty nice returns if things go well.
Cryptocurrency: It's definitely a wild ride! Super volatile and risky, but hey, that thrill is what some folks really dig about it!

To find that sweet spot between liquidity and risk in your portfolio, it's a good idea to mix things up with different types of assets. This way, you can grab cash whenever you need it while still going after those juicy returns.

Getting a grip on where your investments sit in terms of liquidity risk can really boost your ability to make savvy, well-informed choices for your financial future.

Cash management: Keep tabs on your multi-chain balances with ease, set up smart sweep rules, and automate your transactions between mainnet and L2. This way, you can save on those pesky gas fees once Dencun drops! (thehemera.com).
Counterparty and address risk: Use some cool analytics tools and pre-trade risk scores to manage your counterparty risks. Don't forget to put in place some policy-driven blocks for any sanctioned or high-risk areas. And make sure you’re keeping all that evidence stored securely! (ofac.treasury.gov).
Private-TX is the go-to option for big-time treasury operations: We're talking about those significant redemptions and rebalancing moves that really shake things up. Take a look at the relays and builders we support, along with our fallback options and monitoring tools. We've got some great choices for you! (docs.flashbots.net).

Section C -- Supply chain RFP questions (track‑and‑trace, e‑documents, IoT)

Capturing events, signing them, and making sure everything works well together.

**EPCIS 2. Are you set up to manage EPCIS 2? Hey there! Just checking in to see if you’ve worked with JSON/JSON-LD for capturing or querying data using REST, particularly in relation to GS1 Digital Link URIs. If you have, could you share the schemas you’re using? I’d love to know about the versions you support too. Also, any info on options for signatures or attestations to help keep event integrity intact would be super helpful. Thanks! If you want to dive deeper, check out gs1.org for more details!
**DSCSA (U.S. Hey there! I'd be happy to break down how our wallet and event service work when it comes to package-level tracing. We’ve designed it to not only verify identifiers but also handle any exceptions that might pop up. Plus, we’ve got it all set to manage any FDA inquiries or audits as we gear up for those enforcement phases coming in 2025.

On top of that, I’m really interested in how we tackle issues like master-data mismatches and handling saleable returns. It’s definitely a crucial part of our strategy. Let me know if you need any more details or specific examples! If you’re looking for more details on this topic, check out fda.gov. They’ve got a ton of useful info!

Choosing Your Chain: So, when should you go with public L2s for your supply-chain proofs instead of sticking with permissioned ledgers? I’d love to hear your thoughts on the costs and performance after EIP-4844 rolls out. Also, what’s the game plan if blob prices take a sudden jump? If you want to dive deeper into this topic, be sure to head over to thehemera.com. There’s a ton of great info waiting for you!

2) Connecting Trade Documents and Payments

When we talk about international trade, the connection between trade documents and payments really plays a crucial role. Here's how it all comes together:

Trade Documents: These are super important papers that lay out all the details of a transaction. When you think about all the paperwork that comes with shipping, it’s hard not to picture things like invoices, packing lists, bills of lading, and certificates of origin. They make sure everyone knows what’s being bought and sold, so there’s no confusion.
Payments: This is where we talk about the cash flow. You have a few options when it comes to making payments. You can use letters of credit, go for wire transfers, or if you prefer, there’s always the classic cash on delivery. Whatever works best for you! Every method comes with its own set of advantages and disadvantages, and really, the decision usually boils down to what the buyer and seller can agree on.

Alright, let’s dive into how they work together!

1. Verification: Before making a payment, it’s common to double-check trade documents to make sure everything’s in order. So, let’s say you’re dealing with a bank. They might ask for certain documents to make sure that the goods have actually been shipped before they go ahead and process your payment. It’s just their way of double-checking everything.

2. Risk Mitigation: Making sure you have the right documents ready can really help safeguard both the buyer and the seller. This helps cut down on payment disputes, making sure that everyone gets exactly what they’re looking for.

3. Compliance: Basically, it’s all about sticking to the rules and regulations out there. Governments and banks need specific documents to stick to international trade laws, so it’s super important to have everything sorted out for hassle-free transactions.

Basically, when we talk about coupling trade documents and payments, we’re focusing on making sure that information and money move together smoothly. It's all about keeping things in sync! When both sides are on the same page, it really boosts trust and makes trade operations run a lot smoother.

eBL: So, who are the eBL providers or registries you've partnered with? We're really interested in checking out how your signing processes align with DCSA standards. Plus, we’d like to hear about how you handle things like title transfers and endorsements, and how you make sure everything works seamlessly without tying us down to just one vendor (we’re aiming for May 2025 on this). If you want to dive deeper into the details, just click here for more info!
Milestone-based payouts: We’re on the lookout for some help with releasing funds based on specific milestones. This could involve escrowed releases, whether that’s through smart contracts or following set policies, that connect with changes in EPCIS or eBL states. Before any funds are released, it's super important to have those simulations and exception reviews set up. They really help make sure everything runs smoothly!

3) Device and Operator Wallets

When you're handling your money and making transactions, the wallets on your devices and from your service providers are super important. Alright, let’s jump in and take a closer look at what they are and how they actually work!

Device Wallets

Device wallets keep your cryptocurrencies right on your device. It's a convenient way to store them securely! This means you have complete control over your private keys, and that’s a big win for your security! Check out some of the main features:

Control: You’re the only one who has access to your keys.
Security: If you're using offline storage solutions like hardware wallets, it’s a lot tougher for hackers to break in.
Convenience: You can grab your money whenever you need it, and you don’t even have to be online to do it!

Just keep in mind that there are a few downsides to consider. If your device gets lost or damaged and you haven't backed up your stuff, you might end up losing your funds. It's a good idea to keep backups to avoid that headache!

Operator Wallets

On the flip side, you've got operator wallets, which are taken care of by third-party services. When you think about popular exchanges or wallet apps, what comes to mind? Just a quick reminder for you:

User-Friendly: These things usually have simple interfaces, which makes it a breeze for newcomers to figure things out.
Backup Options: A lot of these wallets come with handy recovery features. This means you won’t have to stress about losing your funds if things go sideways.
Super easy to access: You can check out your wallet from different devices since it’s usually stored in the cloud.

Just keep in mind that when you use operator wallets, you’re really putting your trust in someone else to handle your keys. Make sure to do your homework so you can pick a trustworthy service. It really pays off to know who you're dealing with!

Conclusion

Both device wallets and operator wallets come with their own set of advantages and little quirks. Device wallets are great because they give you that comforting feeling of control and security. On the flip side, operator wallets are all about convenience and being user-friendly. It's all about what works best for you! It really depends on what you’re looking for and how comfortable you feel--one option might just click with you more than the other! Make sure to think things through and explore all your options to protect what you have!

Warehouse/IoT: So, here’s the deal--it's all about managing those device-specific credentials. We’ve got to set some spending limits for machine-to-machine transactions, and don’t forget the importance of regularly updating those credentials! On top of that, you’ve got human approval with FIDO2/WebAuthn, plus offline signing modes for those times when your connection isn’t the best.
Field Ops: Imagine having a special wallet for every shipment or consignment. Each one comes with automatic address assignments, making it super easy to keep everything organized and reconcile with your WMS, TMS, or ERP systems. It’s all about simplifying the process and keeping things running smoothly!

Section D -- Privacy, data protection, and residency

PII Minimization: It’s super important to keep any personally identifiable information (PII) tied to the Travel Rule safe. So, remember to send that info off-chain using encrypted channels, such as TRISA or TRP. It's really important that this info doesn't end up on public ledgers. We need to make sure it's kept safe and follows the specific timelines that different places have set. If you want to know more, head over to trisa.dev for all the details!
Data Residency: Check out your deployment choices! You can go for a single-tenant VPC, set up an on-premises solution, or even host it in the EU region. It's all about what works best for you! Oh, and don't forget to think about how you're managing your logs and keys! It's really important to keep them separated based on location.
Evidence Packaging: Make sure you provide cryptographic receipts for all the compliance decisions you make. It’s a great way to keep everything transparent! This could involve stuff like hash chains and timestamps, you know?

Section E -- Resilience, assurance, and SLAs

Don't worry, we've got your back when it comes to availability and performance SLAs for various regions. Plus, with L2 relayer and bundler redundancy, along with a bunch of RPC options, we're all set to keep things running smoothly for you! Hey there! Need some solid third-party assurance? We've got you covered! Check out our SOC 2 Type II and ISO/IEC 27001:2022 certifications. Plus, we have penetration test reports and a well-defined bug bounty program. Let us help you feel secure! If you're interested in cryptographic agility, take a look at our roadmap for some cool algorithm upgrades. We've got the exciting new 4337 EntryPoint on the way, along with module registries like ERC-7484. It's definitely worth checking out! If you want to explore this further, just click here for more info!
No need to stress--we really do take disaster planning seriously! Our last game-day drill was all about handling key losses and regional failovers. Plus, we’ve documented everything, from the results to the corrective actions we put in place afterward.

Example “copy‑paste” RFP questions (shortlist)

Alright, let’s jump into your threshold-signing (MPC) setup. Sure! So, I've been working on setting up my quorum configurations, and I made sure to align everything with NIST's principles of threshold cryptography to really focus on distributing trust.

First off, I decided to go with a multi-signature setup. This means that instead of one single keyholder, I've got a group of people who each hold a portion of the key. That way, it’s not just one person in charge - we’re spreading the responsibility around. In line with NIST's guidance, this approach helps mitigate risks; if one keyholder is unavailable or compromised, we can still get things done.

Next, I made sure that the configuration requires a minimum number of signatures to authorize any transaction - that’s where the whole "quorum" idea comes in. It’s like having a team huddle before making a big decision; we only move forward when enough of us are on board. This not only boosts security but also ensures that everyone has a say in the process, which I think is super important.

Overall, the way I've set things up not only meets NIST's standards but also creates an environment of shared trust. It feels good knowing that our digital assets aren't resting on the shoulders of just one person. Instead, it’s a team effort, and I think that makes us all a bit safer! Make sure to toss in any diagrams and formal threat models you’ve got! They really help to clarify things. If you want to dive into the NIST guidelines, you can find them right here. Happy reading!

Sure thing! Could you send me the FIPS 140-3 validation certificate numbers and the Security Policies for your cryptographic modules that you have in production right now? If you haven't gone through the validation process yet, no worries! Just let me know what compensating controls you have in place and when you plan to get that validation sorted. Thanks! Check out this link for more info: csrc.nist.gov. It’s got everything you need!

So, let’s dive into your policy engine. How does it handle private transaction routing? You know, something like Flashbots Protect or something along those lines? I’m really curious about how it works, especially with that fallback feature after N blocks. Also, if you could share any settings or monitoring dashboards you use for this, that would be awesome! If you're looking for some handy info, check this out here. It's got some great stuff you might find helpful!

So, about the EU travel rule--could you share your data model that matches up with the EBA guidelines that are slated to roll out on December 30, 2024? Thanks! We'd really appreciate it if you could share any proof of the conformance tests you've done. Thanks! If you're looking for more information, just hop over to the EBA site here. You'll find all the details you need!

Hey there!

Could you send over some samples that align with the ASU 2023-08 fair-value disclosures for accounting? We’re really interested in getting the nitty-gritty details for each asset--like the name, units, cost basis, fair value, any restrictions, and how everything connects to your General Ledger. Thanks a bunch! If you want to dive deeper into the details, you can check it out here.

Hey there! Just a quick request for the tax stuff--could you share your mapping for the 1099-DA for the 2025 and 2026 phases? Also, I'd love to hear your strategy for figuring out the basis for covered versus non-covered securities. Thanks! For more info, just check out the IRS website here. They’ve got all the details you need!

Finally, when it comes to your supply chain management, how are you showcasing EPCIS 2? Hey, could you share the event signatures and eBL endorsement flows following the DCSA standards? Also, it would be great to check out any exception worklists you've put together ahead of the milestone-based payouts. Thanks! Hey! If you want to dive into the standards, you can check them out right here. Happy exploring!

Scoring rubric (tune to your priorities)

Security and Key Management (25%): We're getting into the details of threshold signing, making sure we check the FIPS status, and piecing together those important recovery runbooks.
Compliance and Auditability (20%): This part is really focused on making sure we're playing by the rules. It involves things like sticking to the Travel Rule and EBA mapping, managing OFAC workflows, and gathering all the right evidence to back us up. We'll go over DSCSA/eBL when it feels relevant. If you want to dive deeper into this, feel free to check it out here.
Payments, Liquidity, and ERP Integration (20%): In this section, we're diving into stablecoin issuers, all thanks to MiCA. We'll also chat about those useful SAP and Oracle connectors, making sure we've got reliable on/off-ramp SLAs in place. If you want to dive deeper, feel free to check this out: here. It’s got all the details you need!
Cost/Performance (15%): We really need to keep in mind how crucial it is to fine-tune L2 routing, look into private transaction options, and tackle that must-have post-EIP-4844 gas optimization. Check out the details here. You’ll find some great info waiting for you!
Accounting and Tax (10%): We’re getting ready for ASU 2023-08 and making sure we’re all set for 1099-DA. Let’s make sure we nail this! If you’re looking for more details, you can check it out here. It’s got all the info you need!
Vendor Assurance and Roadmap (10%): In this part, we’re all about making sure everything’s up to snuff with SOC 2 and ISO compliance. We'll also be doing some pen tests to catch any vulnerabilities. Plus, we’ll be putting together the AA roadmap (4337/7579) to guide us on our way. Get the details here.

Worked examples: what “good” looks like

Treasury: A US subsidiary is all set to pay an invoice in euros to a supplier using USDC on Layer 2. Alright, so here’s how it all began: we started off with a supplier VASP handshake using TRISA. After that, we exchanged the IVMS101 payload. Then we did a quick check for counterparty risk--thankfully, our policy gave us the green light! (trisa.dev).

Route and fees: So, we ran a simulation of the transaction on Base/OP Mainnet. We decided to go for a private transaction route using the builder, and guess what? We’re looking at a total cost that’s under $0! 05 after EIP-4844. We'll go ahead and commit, and then we'll have a backup all set to jump into the mempool after we hit 25 blocks. (thehemera.com).
Accounting: We're diving into lot selection, keeping an eye on the FX rate, and figuring out real-time fair value. On top of that, we're also going to export disclosures that meet the ASU 2023-08 requirements. (dart.deloitte.com). Hey, just a quick reminder about taxes! Make sure to include the proceeds and basis fields for any 1099-DA exports if we have a broker in the mix. If not, no worries--we'll just hang on to our internal records as a backup. Thanks! (irs.gov).

Pharma Supply Chain: Package-Level Trace and Milestone Payment

Hey, guess what? We’ve got the EPCIS 2! We've got this awesome event stream going on that captures everything in real-time! It tracks everything from commissions, all the way through to packing, shipping, and receiving. It's like having eyes on every step of the process! Everything's all signed and locked down at regular points, so if something strays from the plan, we’ll catch those exceptions right away. Also, it’s totally set up to tackle any DSCSA questions you might have. Check it out here.

Alright, here’s where it gets really intriguing: the electronic Bill of Lading, or eBL for short! It keeps tabs on title transfers and endorsements according to DCSA standards. Thanks to smart contracts, we're now seeing 30% of the payment released as soon as the goods are loaded onto the vessel. The remaining amount gets paid out after we verify everything during the "out-turn" process. If you want to dive deeper into this topic, check it out here. It’s got all the details!

Emerging best practices we’re seeing in 2025

If you're dealing with sensitive transactions--like moving money around for the treasury or making large trade payments--having default-private routing is essential. You really don't want those details becoming public knowledge! Consider mixing up your builders and implementing some mempool fallback policies. It'll give you that extra layer of protection you might need! (docs.flashbots.net).

Jump on the smart-account bandwagon! By using modular standards like the ERC-7579 and ERC-7484 registries, you can avoid getting stuck with one wallet vendor. Plus, you'll have the freedom to set up more specific approvals and session keys. It's a win-win! (eips.ethereum.org).

Hey there! If you're diving into stablecoin operations, definitely keep an eye on those MiCA regulations. It's a smart move to partner with issuers who have EU EMI authorization for your transactions in the EU. Trust me, it’ll make things a lot smoother! Just a quick reminder: we need to keep the policies for unauthorized tokens separate and also jot down those redemption SLAs. Thanks! (cnbc.com).

Once EIP-4844 rolls out, it’s really going to be all about those L2-first cost strategies. You’ll want to start batching those little payouts together, use paymasters to handle those gas fees, and keep an eye out for any sudden jumps in blob fees. Just stay sharp! (thehemera.com).

You can really make the Travel Rule work smoothly through open implementations like TRISA or TRP. They help with interoperability, which is key! This will definitely make things easier by reducing the hassle of managing all those bilateral integrations, and it'll help keep your personal information safe off-chain. (trisa.dev).

Hey there! It's time to really dive into digitizing your supply chain. If you haven’t already, now’s the perfect moment to start thinking about integrating electronic Bill of Lading (eBL) into your operations. Getting ahead of the game will definitely pay off before that 2030 mandate rolls around. And don’t forget to leverage EPCIS 2--it’ll make a world of difference! Zero event signatures are needed to set up payments that depend on a confirmed logistics status. (dcsa.org).

Final checklist for your RFP package

Hey, take a look at the architecture diagrams! They’ve got all the info you need on MPC, multisig, and smart accounts. Plus, there’s a really solid threat model and a list of dependencies thrown in there too. Alright, we've gathered a nice little collection of important documents for you. It includes the FIPS 140-3 validation details, along with our SOC 2 and ISO certificates. We even tossed in a summary of our penetration tests! If you’re looking for more details, you can check out NIST. They have a lot of useful information there! Hey there! Just a heads-up--if you're looking to stay compliant, check out our mappings. They include everything from the EBA travel-rule checklist to the OFAC program memo. We've also got insights on FinCEN's views on CVC mixing and the latest on MiCA issuer statuses depending on the tokens. Take a peek! If you're looking for more information, just check out the EBA website. They've got all the details there! We’ve put together some ERP runbooks that lay out the plan for integrating with the SAP Digital Currency Hub. Plus, there’s a handy reconciliation and close checklist included too! Hey, take a look at this on SAP! You can find some cool stuff about their digital currency hub right here. Hey! Just a quick heads-up - we've got some samples ready for the ASU 2023‑08 disclosures and the 1099‑DA mappings when it comes to accounting and tax stuff. Let me know if you need to take a look! If you're interested, check out this in-depth look at Deloitte. It's a great resource for getting the scoop on the recent updates and insights related to crypto assets.

And to wrap things up, the supply chain section has the latest on EPCIS 2. So, we’ve got zero schemas and signatures, plus some integrations with eBL providers, and then there’s the whole DSCSA audit process to consider. If you want to dig deeper, take a look at GS1 for more details!

What 7Block Labs can help you do next

Collaborate with your team to put together the RFP, making sure to assign weights that align with your risk appetite and timeline for going live.
Host some bake-offs: go through a few scripted scenarios, like private transaction settlements and eBL endorsements, with the vendors you’ve narrowed down. It'll be a great way to see how they handle things!
Put together some control libraries that combine ASU 2023-08, 1099-DA, the EBA travel rule, and DSCSA into a convenient evidence pack for the auditors. It'll make their job a lot easier! Take a look at this: (dart.deloitte.com). You might find it interesting!

If you take a look at the sections above, you’ll be able to cut through all the marketing noise and figure out what’s really happening. This way, you can choose a wallet platform that’s not only secure but also compliant and budget-friendly for scaling up in 2025.