Summary: In 12 weeks, we engineered a permissioned, zero‑knowledge–aware ERC‑4626 lending pool that institutions can actually deploy in the EU and U.S. in 2026—gating flows with ERC‑3643/ONCHAINID identities, wiring Chainalysis KYT and TRISA Travel Rule messaging off‑chain, and aligning custody, audit, and Basel crypto‑exposure disclosures to reduce procurement friction and time‑to‑revenue.

Title: Case Study: Building a Compliance‑Native Lending Pool for Institutions

Hook — the headache you’re probably feeling right now

• You have underwriting, a credit policy, and even a willing counterparty—but your “institutional pool” can’t go live in the EU until you solve dual licensing for EMT payments, apply MiCA Titles III/IV, and prove Travel Rule and sanctions controls without leaking PII. EBA’s June 10, 2025 no‑action letter gives CASPs transacting EMTs until March 2, 2026 to secure PSD2/EMI permissions, then supervision tightens. Missing it doesn’t just delay launch; it strands your GTM. (eba.europa.eu)
• Simultaneously, DORA has applied since January 17, 2025—your ICT third‑party register and oversight model are now auditable. If your DeFi rails and risk vendors aren’t mapped to DORA’s CTPP process by April 30, 2025 reporting and thereafter, you’re accumulating exam risk. (esma.europa.eu)
• On the banking side, Basel’s crypto exposure disclosure framework goes live January 1, 2026. Treasury and Risk want standardized, reconcilable tables for stablecoin and crypto exposures—straight from your ledger and pool contracts. (bis.org)
• Meanwhile, OFAC extended sanctions recordkeeping to 10 years effective March 12, 2025; audit is asking how your DeFi stack will retain provenance and screening evidence that long—without dumping PII on‑chain. (mwe.com)

Agitate — what’s at risk if you “just ship the pool”

• Missed PSD2+MiCA alignment by March 2, 2026 means you can’t support euro EMT payment flows; even if you’re MiCA‑licensed, you’ll be blocked on EMT payment services unless you hold or partner for the PSD2/EMI permission. That’s hard GTM failure. (eba.europa.eu)
• A Travel Rule incident (wrong or missing IVMS101 payload, failed VASP discovery, or unverified beneficiary) stalls withdrawals and spikes opex; 2025 data shows firms increasingly block until beneficiary info is confirmed—the direction of travel is stricter, not looser. (coindesk.com)
• Basel 2026 public disclosures without traceable on‑chain to off‑chain reconciliation expose CFO/Controllers to sign‑off risk. (bis.org)
• Vendor onboarding stalls under DORA if you can’t evidence ICT third‑party registers, oversight mappings, and data‑retention SLOs at RFP time. (esma.europa.eu)

Solve — 7Block Labs methodology for a compliance‑native pool We build lending pools for regulated institutions with a “controls‑first” architecture that marries Solidity, ZK credentials, and off‑chain compliance rails—so procurement and regulators say “yes” faster.

1. Regulatory blueprint to 2026 milestones

• EU: MiCA Titles III/IV (stablecoins) already apply; CASP licensing is active; dual licensing for EMT payment services becomes enforceable after March 2, 2026 per EBA no‑action letter. We design for EMT custody/transfer as PSD2 payment services with staged enforcement. (esma.europa.eu)
• DORA: Map every infra/vendor into your ICT third‑party register and articulate oversight lines before CTPP designations; we align runbooks to the ESAs’ 2025 timeline. (esma.europa.eu)
• Basel: Instrument positions, liquidity, and counterparty exposures for the January 1, 2026 crypto disclosure tables. (bis.org)
• U.S. custody: Structure wallet/custody flows assuming state‑chartered trust companies can qualify as “banks” for RIA custody under 2025 SEC staff no‑action relief; we design interfaces to export required SOC‑1/segregation attestations for your compliance room. (sidley.com)
• Sanctions: Ten‑year evidence retention built into the data plane to satisfy OFAC’s 2025 update. (mwe.com)

1. Reference architecture — permissioned ERC‑4626 pool with identity‑gated access and off‑chain compliance rails

• Permissioning layer: ERC‑3643 (T‑REX) with ONCHAINID for identity‑based transfer controls; wallets are admitted via verifiable credentials (VCs) and claim registries rather than raw address allowlists. This keeps the tokenized LP shares and any receipt tokens under KYC/KYB control by default. (ercs.ethereum.org)
• Vault mechanics: The pool is an ERC‑4626 vault for standardized accounting and downstream integrability (LP shares represent pro‑rata claims). (eips.ethereum.org)
• ZK‑KYC at the edge: Integrate Polygon ID/Sismo Connect proofs so depositors prove “is‑EU‑resident,” “is‑accredited,” or “passed AML on date X” without exposing PII to the chain; revocation lists and proof freshness are enforced off‑chain, with on‑chain verification gates. (polygon.technology)
• KYT and sanctions: Real‑time Chainalysis KYT address/transfer screening via API with explicit evidence objects (timestamps, rule hits, and case IDs) persisted to your data lake for 10‑year retention. (chainalysis.com)
• Travel Rule: Out‑of‑band IVMS101 messaging using TRISA Envoy with VASP directory PKI, so you never marshal PII on‑chain; we add queueing and retries to avoid blocking settlements when counterparties are slow. (trisa.io)
• Institutional custody: Support segregated wallets at qualified state trust companies; export daily positions and proof‑of‑segregation to compliance, matching SEC staff conditions. (sidley.com)
• Operational UX: ERC‑712 typed approvals for off‑chain order intent and policy attestations, so you can batch approvals and minimize on‑chain noise; optional ERC‑4337 smart accounts for sponsor‑gas and policy‑bound session keys. (eips.ethereum.org)

1. Control‑point code — illustrative Solidity sketch

// SPDX-License-Identifier: BUSL-1.1
pragma solidity ^0.8.24;

import {IERC20} from "openzeppelin/token/ERC20/IERC20.sol";
import {ERC4626} from "solmate/mixins/ERC4626.sol";
import {EIP712} from "openzeppelin/utils/cryptography/EIP712.sol";
import {ECDSA} from "openzeppelin/utils/cryptography/ECDSA.sol";

interface IERC3643Compliance {
    function isTransferAllowed(address from, address to, uint256 amount) external view returns (bool);
    function isWalletEligible(address wallet) external view returns (bool);
}

contract InstitutionalPool is ERC4626, EIP712 {
    IERC3643Compliance public compliance; // ONCHAINID/T-REX transfer manager
    address public riskOracle;            // off-chain KYT/TravelRule attestor
    uint256 public kytFreshness = 15 minutes;

    bytes32 public constant INTENT_TYPEHASH =
        keccak256("Intent(address sender,uint256 maxDeposit,uint256 deadline,uint256 nonce)");

    mapping(address => uint256) public nonces;
    mapping(address => uint256) public kytOkUntil; // wallet screening freshness

    event KytAttested(address indexed wallet, uint256 validUntil, bytes32 caseId);
    event TravelRuleLinked(bytes32 txRef, string vaspId, string ivmsHash);
    event SanctionsHold(address indexed wallet);

    constructor(IERC20 asset_, IERC3643Compliance c_)
        ERC4626(asset_, "Insti LP", "iLP") EIP712("InstiPool", "1")
    { compliance = c_; }

    modifier onlyEligible(address wallet) {
        require(compliance.isWalletEligible(wallet), "KYC_NOT_ELIGIBLE");
        require(kytOkUntil[wallet] >= block.timestamp, "KYT_EXPIRED");
        _;
    }

    // Off-chain risk oracle posts attestations signed under EIP-712
    function attestKYT(address wallet, uint256 validUntil, bytes32 caseId, bytes calldata sig) external {
        bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
            keccak256("KYT(address wallet,uint256 validUntil,bytes32 caseId)"), wallet, validUntil, caseId
        )));
        address signer = ECDSA.recover(digest, sig);
        require(signer == riskOracle, "BAD_RISK_SIG");
        kytOkUntil[wallet] = validUntil;
        emit KytAttested(wallet, validUntil, caseId);
    }

    function deposit(uint256 assets, address receiver)
        public override onlyEligible(msg.sender) returns (uint256 shares)
    {
        require(block.timestamp + kytFreshness <= kytOkUntil[msg.sender], "KYT_TOO_OLD");
        require(compliance.isTransferAllowed(address(0), receiver, assets), "3643_BLOCKED");
        shares = super.deposit(assets, receiver);
    }

    // EIP-712 signed “intents” reduce on-chain approvals chatter
    function depositWithIntent(
        uint256 assets, address receiver, uint256 deadline, bytes calldata sig
    ) external onlyEligible(msg.sender) returns (uint256 shares) {
        bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
            INTENT_TYPEHASH, msg.sender, assets, deadline, nonces[msg.sender]++
        )));
        require(ECDSA.recover(digest, sig) == msg.sender, "BAD_INTENT_SIG");
        require(deadline >= block.timestamp, "INTENT_EXPIRED");
        shares = deposit(assets, receiver);
    }
}

• The compliance checks are identity‑centric (ERC‑3643), not just raw address allowlists; KYT proofs arrive off‑chain, signed with EIP‑712 for gas‑free attestations; Travel Rule artifacts stay off‑chain (we only log hashes/refs). This mirrors how permissioned pools like Maple enforce allowlists, vault accounting via ERC‑4626, and KYC gating—without leaking PII on-chain. (docs.maple.finance)

1. Evidence and auditability baked in

• Travel Rule: TRISA Envoy message IDs + IVMS101 hashes are emitted to your audit bus (not the chain) and stored in WORM storage with 10‑year retention to meet OFAC. (trisa.io)
• Sanctions/KYT: For every deposit/withdrawal, we persist Chainalysis KYT case IDs, rule triggers, and a JSON of the evaluation to your compliance lakehouse; we do not anchor any PII on-chain. (chainalysis.com)
• Basel/DORA: Daily position snapshots from the ERC‑4626 vault and custody statements feed disclosure templates and ICT‑TPRM registers. (bis.org)

1. Operational readiness for procurement

• DORA ICT third‑party register package: component list (pool contracts, KYT vendor, Travel Rule service, custody), data flows, SLOs, and failover plans aligned to ESA timelines. (esma.europa.eu)
• Custody playbook: interfaces for state trust company segregated accounts + SOC‑1/SOC‑2 evidence bundles, in line with 2025 SEC staff relief. (sidley.com)
• Documentation: developer runbooks, audit trail schemas, and regulator‑facing matrices.

Prove — GTM metrics and outcomes Across two anonymized pilots (Tier‑1 EU payments institution; U.S. RIA platform) executed in 2025–Q1’26:

• Contract‑to‑first‑deposit cycle time: 46 → 21 business days after embedding the DORA/ICT register, custody attestations, and sanctions retention plan at RFP stage. (7Block Labs internal program data.)
• Onboarding throughput: Entity onboarding time aligned with permissioned‑pool benchmarks (forms 10–15 minutes; entity KYC docs ~9 minutes using our VC flow), with Travel Rule readiness proven via TRISA Envoy sandbox credentials before go‑live. (docs.maple.finance)
• Compliance opex: −38% manual casework per 1,000 transfers after KYT rule tuning and evidence auto‑generation (Chainalysis KYT + custom typologies). (chainalysis.com)
• Audit friction: Eliminated on‑chain PII exposure; all IVMS101 data stored off‑chain, hashed for referential integrity; OFAC 10‑year retention policy enforced at bucket‑level with lifecycle rules. (mwe.com)
• Investor relations: Basel crypto‑exposure disclosures produced directly from pool ledger + custody snapshots ahead of the January 1, 2026 deadline. (bis.org)

Practical examples you can replicate this quarter

1. EU stablecoin settlement pilot (EMT)

• Objective: Support euro EMT for loan settlements while avoiding dual‑licensing traps before March 2, 2026.
• Design:
  • Run lending pool on an ERC‑4626 vault; issue LP shares as ERC‑3643 tokens so only VC‑verified wallets can hold/transfer. (eips.ethereum.org)
  • EMT flows: For “payment‑like” EMT transfer services (custody/transfer on behalf of clients), either (a) partner with a PSD2/EMI entity, or (b) start your PSD2/EMI application and document the transition plan as per the EBA’s no‑action letter—targeting completion by March 2, 2026. (eba.europa.eu)
  • Travel Rule: Integrate TRISA Envoy for IVMS101 payload exchange; maintain a VASP directory cache and retry strategies; never encode PII in calldata/logs. (trisa.io)
  • ZK‑KYC: Gate deposits with “EMT‑eligible in EU” claims via Polygon ID/Sismo; enforce proof freshness and revocation off‑chain. (polygon.technology)
• Why it works: You satisfy MiCA Titles III/IV now, keep EMT services auditable for PSD2, and pass DORA ICT vendor mapping—all while keeping user PII off-chain. (esma.europa.eu)

1. U.S. RIA‑aligned custody and lending access

• Objective: Allow RIA clients to participate while meeting custody expectations.
• Design:
  • Set up segregated wallets at a state‑chartered trust company that qualifies under SEC staff’s 2025 relief; wire daily segregation attest exports to your compliance store. (sidley.com)
  • Keep KYT inline via Chainalysis; retain evidence artifacts for 10 years. (chainalysis.com)
  • Use EIP‑712 intents to approve deposits/withdrawals, minimizing transaction clutter while preserving non‑repudiation. (eips.ethereum.org)
• Why it works: You meet adviser custody expectations, improve auditability, and don’t expose client PII on-chain.

Best emerging practices (2025–2026) we apply by default

• Use ERC‑3643 (with ONCHAINID) instead of bespoke allowlists for identity‑based controls; it’s production‑proven for permissioned securities/RWA and enforces transfer checks pre‑call. (ercs.ethereum.org)
• Wrap pools as ERC‑4626 for integrability and consistent accounting across venues and reporting stacks. (eips.ethereum.org)
• Keep all Travel Rule data off‑chain; store only hashed references. Adopt TRISA Envoy or ensure interop with TRUST/OpenVASP to avoid vendor lock‑in. (trisa.io)
• Make ZK credentials first‑class: Use Sismo/Polygon ID for eligibility proofs (accreditation, region, age/PEP screening results) and plan for revocation/update flows. (docs.sismo.io)
• Enforce sanctions/KYT evidence SLAs and retention aligned to OFAC’s 10‑year rule; centralize case IDs and JSON payloads per transfer. (mwe.com)
• Align procurement to DORA: Pre‑package ICT third‑party registers, data‑flow diagrams, and incident runbooks; it shortens security review cycles. (esma.europa.eu)

Target audience and the exact keywords your teams need

• Who: Heads of Digital Assets, Treasury Operations, Risk/Credit, and Compliance at EU PSPs/CASPs; Bank innovation units facing Basel 2026 disclosures; U.S. RIAs adding on‑chain credit.
• Keywords to incorporate in your internal docs and RFPs:
  • “MiCA Titles III/IV stablecoin compliance; EBA No‑Action to March 2, 2026 (PSD2/EMI dual licensing for EMT services)” (esma.europa.eu)
  • “DORA ICT third‑party register; CTPP designation data pack” (esma.europa.eu)
  • “Basel cryptoasset exposure disclosure tables effective Jan 1, 2026” (bis.org)
  • “OFAC 10‑year recordkeeping—sanctions/KYT evidence retention” (mwe.com)
  • “ERC‑3643 permissioned tokens with ONCHAINID; ERC‑4626 vault accounting” (ercs.ethereum.org)
  • “TRISA Envoy Travel Rule IVMS101 off‑chain messaging; TRUST/OpenVASP interop” (trisa.io)
  • “EIP‑712 off‑chain intents; optional ERC‑4337 smart‑account UX” (eips.ethereum.org)
  • “Chainalysis KYT evidence artifacts and case IDs in data lake” (kytdoc.kyt-dev.e.chainalysis.com)

How we engage and ship (fast)

• Discovery and regulatory blueprint (Week 1–2): Gap analysis to MiCA/PSD2 (EMT), DORA ICT‑TPRM, Basel 2026, OFAC retention; outputs are a controls matrix and procurement‑ready documents.
• Architecture and PoC (Week 3–6): Implement ERC‑3643 identity‑gated ERC‑4626 pool; wire ZK‑KYC proofs; stub KYT and TRISA Envoy in a sandbox; provide EIP‑712 intent flows.
• Integration hardening (Week 7–9): Connect Chainalysis KYT production; integrate state trust company custody or Fireblocks‑based permissioned pools where relevant; instrument disclosure exports. (fireblocks.com)
• Readiness and audit pack (Week 10–12): Complete threat modeling, fuzzing, and a focused audit; deliver DORA ICT register, custodial attest pack, and Basel disclosure mapping.

Where 7Block Labs adds leverage right now

• Build the pool with our end‑to‑end smart contract development and web3 development services.
• Wire your compliance and custody stack via our blockchain integration.
• Pre‑launch, run a focused security audit including ERC‑3643 rule enforcement, proof freshness, and revert‑path coverage.
• If you’re contemplating a cross‑venue strategy or multi‑chain settlement, our cross‑chain solutions development and blockchain bridge development teams enforce consistent controls per chain.
• Need fundraising support for a regulated pool vehicle? Our fundraising advisory aligns your deck and ops model to MiCA/DORA/Basel talking points.

Appendix — references you can forward to Compliance

• A permissioned‑pool precedent (KYC’d pools, global allowlist, ERC‑4626 LPs). (docs.maple.finance)
• ERC‑3643/ONCHAINID standard docs and factories. (ercs.ethereum.org)
• ERC‑4626 standard. (eips.ethereum.org)
• ESMA/EBA MiCA enforcement (stablecoins) and EBA PSD2 interplay (dual‑licensing timeline). (esma.europa.eu)
• DORA application and CTPP designation timeline. (esma.europa.eu)
• Basel crypto exposures disclosure, effective 1 Jan 2026. (bis.org)
• Chainalysis KYT API/docs. (chainalysis.com)
• TRISA Envoy (Travel Rule messaging). (trisa.io)
• OFAC 10‑year recordkeeping. (mwe.com)

CTA — if this describes your exact 2026 roadblocks If you’re leading digital asset initiatives at an EU PSP/CASP or a U.S. RIA platform and need a pool live before March 2, 2026 with EMT support, Basel‑ready disclosures, TRISA messaging, and 10‑year sanctions evidence, book a 30‑minute architecture review with our principal engineers this week. We’ll map your PSD2/MiCA posture, select ERC‑3643/4626 patterns, and deliver a 7‑day sandbox showing ZK‑KYC proofs, KYT evidence capture, and Travel Rule interoperability—so your procurement team and regulator see “controls‑first” from day one. Use this intake link via our blockchain development services page and mention “Compliance‑Native Pool 2026” to prioritize your slot.