Automating Compliance and Security with Shield3

by Michael Zargham, Isaac Patka, Geoffrey Arone

Michael Zargham
7 min readSep 17, 2023


For compliance-focused business leaders, blockchain technology presents a paradox. On one hand, it offers transformative potential for unlocking new markets and removing barriers to accessing financial services. On the other, it comes fraught with challenges such as security vulnerabilities, regulatory uncertainty, and systemic risks. The solution to unlock the full potential of blockchain-based financial applications is a robust, automated, yet practical policy framework.

Shield3 has developed a product suite which includes data infrastructure, a policy-writing language, a library of modular workflows, and monitoring dashboards. BlockScience is collaborating with Shield3 to provide enterprise clients with custom AI-powered policies that support the enforcement of their compliance requirements and protect consumers.

Instrumenting organizations with the requisite tools to select and enforce their security and compliance policies closes a critical gap, especially for enterprises leveraging (or hoping to leverage) blockchain technology. In this piece, Shield3 and BlockScience present the architecture for our framework.

From “can do” to “should do”

While blockchain and smart contracts define a foundation of permissible actions (“can do”), they do not guide users toward actions that are strategically optimal (“should do”) given their business goals and constraints. Enterprises must make their own decisions about their strategic goals as well as how to operationalize regulatory guidance.

This is not a flaw in blockchains, as they are intended to be open and permissionless by design. However, this presents major challenges for the business leaders wanting to offer blockchain-based applications, implementers charged with deploying these applications, operators tasked with using them, and compliance teams working to mitigate compliance and security risks.

This is where a policy framework becomes critical. Acting as the operational “brains”, this layer resides below the actor and above the blockchain, interpreting complex transactions, enriching them with necessary context, and enforcing enterprise-specific compliance and security protocols.

Our policy framework is called Phage, named after the processes in the immune system that target harmful bacteria. Following along with this analogy, the policy library is made up of Viridae which target and neutralize specific threats. Like a healthy immune system, our policy framework supports adaptation to emergent threats. Adaption occurs both through data-driven policies (AI) and human oversight.

Traditionally, streamlining and securing operations present a trade-off. Relative to existing solutions available for blockchain applications, our framework improves on both security and efficiency of operations. This enables the next-generation of financial applications; since these policies are local to organizations (rather than to blockchain networks or specific smart contracts), the benefits come without compromising the decentralized nature of blockchain technology.

Decentralized Finance (DeFi) Applications

Decentralized Finance (DeFi) applications have received a lot of hype as well as a lot of criticism for the kinds of business activities they enable. DeFi offers unprecedented opportunities in terms of financial services access, but this comes at the cost of enabling attackers to exploit unsophisticated (or inattentive) users.

In order to build (or even use) blockchain based DeFi applications, an enterprise needs to be able to ensure users are protected from both targeted attacks and systemic risks that come from using public blockchains, while also ensuring they meet the compliance regulations of the markets in which they operate. This can be achieved through a combination of tailored AI models, expert systems, anomaly detection algorithms, and threat detection.

Challenges this Framework Addresses:

  • The fractured regulatory landscape is addressed by supporting the development of policies customized to be compliant in specific markets
  • Mitigation of smart contract risks through monitoring for vulnerabilities, logic changes, or other threats as well as maintaining a database of those vulnerabilities.
  • Counteracting of phishing and fraud attempts by identifying attacks through data, e.g. transactions whose message contents indicate they may have been constructed by an attacker.
  • Improving user experience through contextually-suited anomaly detection and unobtrusive alerts to users; better tuned polices are less likely to be sidestepped or ignored out of habit.

DeFi applications have led to an explosion in automated financial activity; however, most of this activity takes the form of routing trades in decentralized exchange aggregators, or the activities associated with Maximal Extractable Value (MEV) — financial benefits extracted by block builders in public blockchains.

With the introduction of this framework, we see a new approach to algorithmically-supported strategic decisions. Complex strategies can be designed, developed, and backtested off-chain, and our policy framework can be used to enforce compliance with such a strategy. While cryptonative investors experiment with complex data-driven strategies it is not advisable to give a computer program control of a significant amount of capital. AI-enabled policies could be used to prevent sub-optimal transactions from being broadcast. This is an area of forward research in which the Shield3 and BlockScience teams are pioneering development.

Defining Policy Workflows

In Shield3, policy modules are defined through a language called Banyan. Banyan is a policy language based on the Cedar language created by Amazon web Services (AWS) and adapted for blockchain use cases. Policy statements define the relevant datasets, AI models, monitoring, and routing rules relevant to the specific module.

Here is a simple example policy statement which fetches a risk score from a model and applies a block policy when the risk condition is met.

@advice("Block when transaction risk is high")
forbid (
when { context.riskConfidence.greaterThan(principal.riskLimit) };

Modules are reusable components which apply specific rules based on their context.

Modules are orchestrated into workflows which are customizable by the user via a simple dashboard.

Compliance-Oriented Automation

The inclusion of a policy framework into the blockchain tech stack provides users of these financial systems with a proactive control system that comprehends the context, objectives, and legal parameters within which they operate. Our framework offers continuous monitoring to support supervision of applications with respect to operational and regulatory constraints. This provides the essential audit trails and visibility that compliance-focused enterprises require.

Responsibly Integrating Intelligence

The policy suite available to an enterprise’s operations and compliance teams may be further enhanced with AI-based policies. In our policy framework, the decision making workflow includes continuously monitoring the events to ensure alignment with the intended objectives and compliance requirements. The feedback system also provides engineers and policy designers a way to iterate and improve models.

For enterprises that have held off on embracing blockchain technology due to compliance and security concerns, the addition of this innovative policy layer will be a game-changer. It offers a way to engage with blockchain technology, equipped with the tools for robust compliance and unparalleled security, realizing a new era in automated financial infrastructure.

Custom Policy Design and AI-Ops

A major benefit of our policy framework is that it can be localized to a specific enterprise, and even differentiated across geographic markets within a single enterprise. While we will continue to develop a library of policies which are easy to configure and use within the Shield3 product suite, we expect many enterprises will want help designing and/or monitoring their policies. Shield3 provides a robust implementation framework that can handle an extremely diverse set of policies; BlockScience has deep expertise in algorithmic policy-making and can support in developing requirements and designing and testing business policies deployable to Shield3’s infrastructure. Once deployed, Shield3 offers additional monitoring and support services.

Custom Policy Development for Your Organization

Are you interested in custom policy development? Sign up for an Appointment with Shield3.

Already a Shield3 customer? Enterprise clients who are already Shield3 users have priority access to custom policy development.

About Shield3

Shield3 is a transaction gateway with security and compliance built-in. We provide enterprises with an invisible proxy which executes tailored workflows to analyze, understand, and optimally route transactions for crypto applications.

Technical Resources

About BlockScience

BlockScience® is a complex systems engineering, R&D, and analytics firm. By integrating cutting-edge research, applied mathematics, and computational engineering, we analyze and design safe and resilient socio-technical systems. We provide engineering, design, and analytics services to a wide range of clients, including for-profit, non-profit, academic, and government organizations, and contribute to open-source research and software development.

Methods & Conceptual Frameworks

Public Project Summaries



Michael Zargham

Founder, Researcher, Decision Engineer, Data Scientist; PhD in systems engineering, control of networks.