Project Mandala and the Rise of Embedded Regulation

Why Project Mandala Was Created: Fixing the Broken Model of Cross-Border Compliance

For decades, cross-border payments have run on a fragile compromise. Money moves globally in seconds. Regulation moves locally, asynchronously, and often manually. Every international transaction is forced to pass through a maze of jurisdiction-specific rules: sanctions screening, capital controls, AML thresholds, reporting obligations. None of these rules were designed to operate together as a single system. They were written for domestic supervision, enforced by local institutions, and stitched together across borders through trust, correspondence, and paperwork.

The result is a compliance model built on duplication and delay. The same transaction is screened multiple times by different banks, under slightly different interpretations of overlapping rules. Approvals arrive after the fact. Reporting follows settlement. Regulators reconstruct risk from fragments of data that arrive late and often out of context. And when something breaks, the failure propagates backward through requests for information, payment reversals, and supervisory remediation.

This model survived because, for a long time, it could. Traditional payments moved in batches. Settlement had latency. Compliance had time to catch up. That time is disappearing.

Today’s financial infrastructure is being pushed toward real-time settlement, tokenised assets, and 24/7 global liquidity. Value can move across jurisdictions instantly, but regulatory assurance still moves at the speed of forms, confirmations, and post-trade controls. The mismatch is becoming structural.

Project Mandala was initiated to confront that mismatch directly.

Rather than asking how regulators and banks can monitor cross-border transactions more efficiently after they occur, Mandala asked a more radical question: What if compliance itself moved into the transaction, becoming a condition of execution rather than a consequence of it?

At a high level, Project Mandala is a public-sector experiment led by the BIS Innovation Hub together with a group of central banks across Asia-Pacific. But structurally, it is something more important than a pilot. It is one of the first serious attempts to redesign cross-border compliance as infrastructure, not oversight.

Mandala does not propose new rules. It does not harmonise regulation across jurisdictions. And it does not replace the role of banks as compliance gatekeepers. What it changes is where compliance happens.

Instead of:

• regulations being interpreted separately by each institution,
• checks being performed in sequence by intermediaries,
• and supervisors reconstructing compliance ex post,

Mandala explores a model where:

• regulatory requirements are translated into machine-readable logic,
• compliance is verified before settlement,
• and proof of regulatory conformity becomes part of the transaction itself.

In other words, Mandala treats policy not as an external constraint, but as executable infrastructure.

The project was born out of a growing recognition among central banks that the future of cross-border payments will not be held together by trust and reconciliation alone. As payment systems become faster, more automated, and increasingly tokenised, the old separation between market infrastructure and regulatory infrastructure starts to break down. When settlement becomes atomic, compliance must become atomic with it.

Project Mandala is an attempt to test what that future might look like, a world where regulatory assurance is not delivered through reporting and supervision after the event, but through cryptographic proof at the moment value moves.

Not compliance as a process. Compliance as a property of the network itself.

What Project Mandala Proves About Executable Regulation and Real-Time Compliance

Project Mandala is often described as a cross-border compliance experiment. That description is technically accurate, but it undersells what was actually demonstrated.

Mandala does not merely show that compliance checks can be automated. It shows that regulation itself can be executed as part of transaction infrastructure. That is a different category of claim.

In the traditional model, compliance is something institutions do to transactions. In Mandala, compliance becomes something transactions are conditioned on. The payment no longer asks only whether it is technically valid. It asks whether it is regulatorily permitted, and it cannot proceed until that question is cryptographically answered.

That distinction matters because it collapses three layers that have historically been kept separate:

• Policy, written in legal and supervisory language
• Compliance, implemented as operational process
• Settlement, executed by financial infrastructure

Mandala demonstrates that these layers no longer need to be sequential. They can be co-located inside the same transaction flow. This is what makes Mandala structurally different from most RegTech. It does not sit beside the payment rail. It restructures the rail itself so that regulatory assurance is generated with the transaction, not after it.

In effect, Mandala shows that regulatory compliance can be transformed from an after-the-fact interpretation of events into an execution condition for those events.

That is the core proof.

The Core Architectural Shift: From Post-Trade Compliance to Pre-Execution Enforcement

What enables this shift is not a single technology, but a reordering of where enforcement logic sits in the stack. Mandala replaces the traditional  observe → detect → report pipeline with a different sequence: define → verify → execute.

At a structural level, the model consists of three tightly coupled layers.

First, regulatory rules are converted into executable logic. Jurisdiction-specific obligations, such as sanctions lists, capital flow limits, and reporting thresholds are no longer treated as descriptive guidance. They are translated into machine-readable conditions. Policy becomes code.

Second, compliance is verified through cryptographic proof rather than data disclosure. Instead of exchanging raw customer or transaction data, institutions generate proofs that a given rule has been satisfied. The counterparty, or the settlement system, does not need to trust the process. It can verify the proof directly.

Third, settlement is made conditional on proof verification. This is the decisive step. A transaction is not merely annotated with compliance information. It is technically unable to complete unless the relevant proofs are valid. If the proof fails, the transaction fails. Enforcement is no longer downstream. It is embedded at the point of execution.

This is where on-chain policy enforcement becomes concrete.

In digital asset environments, this logic can live directly inside smart contracts or policy wrappers that control asset movement. In legacy payment systems, it can be attached to messaging infrastructure as a mandatory pre-release condition. In both cases, the settlement layer is no longer neutral. It becomes policy-aware.

The result is a new enforcement posture:

• Not supervision that reconstructs behaviour after settlement
• But infrastructure that refuses to settle non-compliant behaviour at all

What Mandala proves, in practical terms, is that regulation does not need to chase transactions anymore. It can be made to travel with them, enforced by the same machinery that moves the money itself.

That is the architectural inversion at the heart of the project.

Why Project Mandala Is Structurally Different From Traditional RegTech

Most regulatory technology was built on a single assumption: that compliance sits outside the financial system it observes.

Traditional RegTech tools monitor activity, ingest transaction data, apply risk rules, flag anomalies, and generate reports. They sit alongside payment systems, exchanges, and custody platforms. They are observers, not participants. However advanced they become, their role remains fundamentally reactive.

Mandala breaks with that model entirely.

It does not watch transactions. It conditions their existence. This is the first structural difference. In conventional RegTech, a transaction takes place first; then it is screened, scored, investigated, and, if necessary, unravelled through enforcement and remediation. Even real-time monitoring is still downstream of execution. The system sees what happened. It does not decide what is allowed to happen. Mandala inverts that order. The transaction is not permitted to exist unless regulatory conditions are satisfied in advance. Compliance moves from detection to permissioning. Enforcement shifts from the supervisory layer into the settlement layer itself.

The second difference is where authority lives. Traditional RegTech reinforces institutional silos. Each bank interprets regulation independently. Each institution runs its own screening engines. Each regulator receives partial, delayed, and institution-specific views of the same underlying cross-border flows. Mandala does not centralise regulation, but it standardises how regulation is expressed and verified. Regulatory requirements are translated into shared, machine-readable logic. Each institution still applies the rules locally. But the meaning of the rule is now computationally aligned across the network. What differs is no longer what the rule means, but only who supplies the data to test it. This enables something traditional RegTech never achieved: mutual reliance on compliance proofs rather than duplicated compliance processes.

The third difference lies in what regulators receive. Traditional compliance produces reports. Mandala produces proof. Instead of being told that sanctions screening occurred, or that a threshold was respected, the regulator can verify that the rule was enforced at the moment of execution. Compliance becomes demonstrable as a property of the transaction itself. Traditional RegTech reduces operational friction. Mandala reduces epistemic uncertainty.

The final difference is temporal. RegTech was built for delayed settlement and post-trade intervention. Mandala is built for instant, atomic, irreversible settlement. In such a system, compliance cannot arrive minutes later. It must already be present at the moment of execution. Once assets are tokenised and finalised on shared ledgers, post-trade enforcement becomes structurally weaker. The opportunity to intervene has passed.

The Two Real-World Use Cases That Prove Embedded Regulation Works

Project Mandala’s most important contribution is not that it outlines a new compliance philosophy. It is that it executes that philosophy inside real regulatory corridors, with real central banks, real policy constraints, and real supervisory consequences.

This is not a sandbox detached from market reality. The project was tested against two concrete cross-border use cases where compliance friction is operationally painful.

Cross-Border Lending: Singapore to Malaysia

A Singapore-based lender extends a foreign currency loan to a Malaysian borrower. This routine transaction triggers:

• Sanctions screening
• AML/CFT checks
• And Malaysia’s capital flow management thresholds, requiring central bank approval above defined limits

Under the traditional model, this process is sequential, document-heavy, and trust-based. Mandala restructures this flow completely. Before any funds are released, all regulatory conditions are evaluated during pre-validation. Central bank approval is verified directly through its node. Once satisfied, a cryptographic proof of compliance is generated, and only then is settlement permitted.

The result is:

• No drawdown without capital control compliance
• No manual approval letters
• Cryptographic linkage between drawdown and repayment
• And real-time central bank visibility into CFM utilisation

This is capital control enforcement through transaction permissioning, not reporting.

Cross-Border Capital Investment: South Korea to Australia

The second case involves acquisition of unlisted debt securities with offsetting and netting. Under the legacy model, Korean banks must manually determine:

• Whether the transaction qualifies as a capital transaction
• Whether netting applies
• Which thresholds are triggered
• And which authority must be notified

Mandala relocates this into pre-validation logic. Thresholds are evaluated automatically. Reporting obligations are triggered programmatically. Only once these conditions are satisfied does the transaction proceed. Capital flow compliance stops being documentary. It becomes an execution condition.

Together, these corridors show that embedded regulation is not theoretical. It already operates where regulatory pressure is highest, at the border between jurisdictions, currencies, and legal regimes.

Project Mandala Phase 2: Embedded Regulation Becomes Systemic Infrastructure

If Phase 1 of Mandala proved that compliance can be embedded into cross-border infrastructure, Phase 2 signals something more consequential: this model is now being tested as candidate systemic infrastructure.

More central banks joined. Scope expanded. The focus shifted from feasibility to institutional consequence.

Phase 1 asked: Can regulatory rules become executable without breaking privacy, sovereignty, or institutional responsibility?

Phase 2 asks: What happens to the financial system if that logic becomes foundational?

Payments are becoming programmable. Assets are becoming tokenised. Settlement is becoming atomic.In such an environment, regulation must become operable by machines at the moment value moves.

Phase 2 shifts the question from cryptographic correctness to governance over regulatory code itself:

• Who controls rule logic
• How updates are authorised
• How errors propagate
• How legal accountability maps onto executable policy

Once regulation becomes infrastructure, the unit of supervision is no longer just the institution. It is the policy logic itself. That is where this is headed.

From Public Infrastructure to Market Reality: Evergon Labs and Embedded Compliance

Project Mandala shows what becomes possible when infrastructure treats compliance as a system function rather than a supervisory afterthought. The same structural shift is now underway in private markets, across tokenised assets, permissioned DeFi, and institutional on-chain finance.

This is the space where Evergon Labs operates.

Most tokenisation and DeFi platforms were designed around an assumption that compliance would remain external. Identity off-chain. Screening after execution. Reporting after settlement. That model is now under pressure.

As assets become programmable and settlement becomes atomic and irreversible, enforcement must move into the execution path itself. This is exactly the logic Mandala exposes at the public-infrastructure level. Evergon applies it at the market-infrastructure level.

Rather than treating compliance as a workflow that wraps around smart contracts, Evergon treats it as a gating layer that conditions transaction execution. Transactions are authorised only after policy conditions are satisfied.

Compliance moves:

• From monitoring to permissioning
• From post-trade remediation to pre-trade enforcement
• From institutional attestations to machine-verifiable execution logic

This is the private-market version of compliance by design.

Dynamic Compliance for Tokenised Assets and DeFi

Regulation changes. Sanctions update. Thresholds evolve. Hard-coding policy into immutable smart contracts risks immediate obsolescence.

Evergon resolves this by separating:

• Asset logic, what the token or protocol does
• Policy logic, who is allowed to interact with it

Instead of rewriting contracts when rules change, Evergon inserts a lightweight authorisation layer before execution. Transactions are signed and released only after compliance conditions are met, while policy remains adaptive.

This creates programmable permissioning:

• Dynamic transfer restrictions
• Jurisdiction- and risk-based access controls
• Atomic settlement with adaptive compliance

The Deeper Convergence

What ultimately links Mandala and Evergon is not technology, but a shared response to the same structural shift:

• From delayed settlement to atomic settlement
• From periodic supervision to continuous assurance
• From legal interpretation to executable policy

As financial infrastructure becomes programmable, regulation cannot remain purely textual. It must become operable. Mandala shows what this means for cross-border public infrastructure. Evergon shows what it means for tokenised assets and DeFi.

Together, they point toward the same destination: a financial system where compliance is not observed after the fact, but enforced as a condition of participation.

Not compliance as a department.

Compliance as infrastructure.

If you’re building tokenised assets, permissioned DeFi, or institutional-grade on-chain finance, Evergon gives you a way to move compliance into the execution layer, without freezing your protocol in legal stone.

Contact the Evergon team to start the conversation.

‍