Overview

Institutional Vault uses three categories of restrictions to control which operations require approvals and from whom. Each category protects a different class of operations.

Category	What it protects	Has filters
Transaction Restrictions	On-chain operations: transfers, contract calls, deploys, raw signing, staking, sponsored transactions, allocations	Yes (symbol, amount, source, destination, function)
Config Restrictions	System configuration changes: asset registration, chain management, ERS keys, cold-wallet master key attachment	No (applies to all config operations)
Policy Restrictions	Governance changes: approver groups, restriction rules, pricing rates, user keys	No (applies to all governance operations)

Operations that do not fall into any of these categories (account creation, user registration, address derivation) are uncategorized and always execute without policy approval.

Key Principles

Allow-by-default. If no restriction exists for a category, operations in that category are allowed without approvals.

Additive evaluation. When multiple restrictions match an operation, all of their approval requirements accumulate. The operation proceeds only when every requirement is satisfied.

Maker/checker. The initiator of an operation never counts as one of the required approvers.

🗣️We Are Here to Help!

Please contact us via email or support chat if you encounter an issue, bug, or need assistance. Don't forget to include any relevant details about the problem. To request a wallet form and Institutional Vault Approver form, please click here or contact our sales team.