RWA Compliance Challenges

Taylor Johnson

Jan 14, 2025

Solana

RWA

The Compliance Challenge

Bringing Real World Assets (RWAs) like Treasury Bills and Real Estate on-chain is one of the most promising applications of blockchain technology. However, this endeavor is fraught with challenges, particularly around compliance. The traditional financial system enforces many regulations to protect investors and maintain the integrity of capital markets. For financial institutions storing, moving, or trading assets, adhering to these rules is non-negotiable.

In our work with regulated institutions aiming to bring their products to Solana, we’ve observed common patterns in their on-chain compliance requirements. These insights have shaped our approach to addressing these challenges effectively.

Some of the organizations we work with already have deployments on Ethereum. These deployments often rely on established frameworks for on-chain compliance, such as:

  1. Smart contracts enabling KYC (Know Your Customer) checks.

  2. Tokenization of products, like creating token representations of Treasury Bills.

A key requirement in these frameworks is ensuring that only users who have passed off-chain KYC processes can interact with their products. Failure to enforce this can result in severe consequences, including loss of licenses or business. Consequently, compliance teams—and no one else—must have the authority to update users’ on-chain states.

Ethereum’s ecosystem supports this need with standards like the AccessControl contract. This allows developers to define roles within smart contracts and manage users dynamically. However, Solana operates differently. Without interfaces and with accounts specified prior to instruction execution, building reusable access control logic across multiple programs is a significant challenge.

Introducing the AccessControl Program

To overcome this limitation on Solana, our team developed an AccessControl program. This program serves as the entry point for all downstream programs requiring access control. Its state is structured around two key components:

  1. Controller: The Controller maintains a default admin with permissions to modify itself and create UserRoles.

  2. UserRoles: These belong to a Controller and define:

    • A list of actions each role can perform.

    • A list of users assigned to each role.

This approach centralizes access control logic, making it reusable across multiple programs. While it may not match the robustness of Ethereum’s interface implementations, it provides a strong framework for maintaining compliance without disrupting organizational workflows.

Benefits of the AccessControl Program

Adopting this pattern has significantly reduced development time when working with projects that have strict compliance requirements. It allows regulated institutions to:

  • Ensure only authorized users interact with on-chain assets.

  • Centralize and simplify the management of user roles and permissions.

  • Maintain regulatory compliance without compromising efficiency.

Conclusion

Tokenizing real-world assets on Solana is a complex but rewarding endeavor. Addressing compliance challenges is critical to the success of these projects, and our AccessControl program has proven to be an effective solution. As Solana continues to grow, frameworks like this will play a crucial role in enabling institutions to harness the power of blockchain technology.

If you’re interested in learning more about this pattern or discussing how to implement similar solutions in your projects, reach out!