What is a rule
A rule is a set of conditions that triggers specific approval requirements:- When: Conditions that must be met (operation type, amount, address type, etc.)
- Then: Approval requirements (who must approve, how many, etc.)
- “When: A withdrawal over $100,000”
- “Then: 2 of 3 senior officers must approve”
Types of rules you can create
Adding a rule
1
Open policy
Go to Settings > Policies > Vault policy or Admin policy.

2
Tap add rule
Select Add rule, Create rule, or New rule.
3
Define conditions
Specify when this rule applies. Check all that apply:
- Operation type: What operation triggers this rule?
- Amount: Any amount, or only amounts above/below certain thresholds?
- Recipient: Any address, only trusted destinations, only new addresses?
- Time: Any time, business hours only, weekdays only?
- Initiator role: Any role, specific roles only?
4
Leave conditions blank to match all
If you don’t specify a condition, the rule applies regardless of that factor.
- Leave amount blank = applies to any amount
- Leave recipient blank = applies to any address
5
Define approval requirements
Specify who must approve:
- Number of approvers: 1, 2, 3, all, etc.
- Approver selection: Any approver, specific role, specific person
- Voting rule: Simple majority, unanimous, weighted, etc.
6
Set approval timeout
How long before the approval request expires:
- Short (4-12 hours): For time-sensitive operations
- Standard (24 hours): Most common
- Long (48-72 hours): For less urgent approvals
7
Save the rule
Tap Save or Create rule.
8
Submit policy changes
Tap Submit policy or Apply changes. The new rule becomes active.
9
Approve if required
If your vault or admin policy requires approval for policy changes, the rule change must be approved.
Rule examples
Example 1: Amount-based rule
Condition: Withdrawal amount- Up to $10,000: 1 approver needed
- 100,000: 2 approvers needed
- Over $100,000: 3 approvers needed
- Create 3 rules with overlapping amount ranges
- Each rule specifies the approval threshold
Example 2: Address-based rule
Condition: Recipient address type- To trusted destination: 1 approver
- To new address: 2 approvers
- Rule 1: If recipient in trusted destinations, 1 approver
- Rule 2: If recipient not in trusted destinations, 2 approvers
Example 3: Combined rule
Condition: Withdrawal > $50,000 to new address- Then: 2 of 3 CFO, COO, CEO must approve
- Amount > $50,000
- Recipient = new address (not pre-approved)
- Approvers = 2 of {CFO, COO, CEO}
Example 4: Time-based rule
Condition: Large withdrawal during non-business hours- Then: Requires 3 approvers (extra scrutiny outside business hours)
- Amount > $X
- Time = outside 9 AM - 5 PM weekdays
- Approvers = 3 required
Rule priority and conflicts
If multiple rules could apply to the same operation, the most specific rule wins: Rule priority (most to least specific):- All conditions specified (operation + amount + address + time)
- 3 conditions specified
- 2 conditions specified
- 1 condition specified
- No conditions specified (default rule)
- Rule A: “Withdrawals over $100k” = 2 approvers
- Rule B: “Withdrawals to new addresses” = 2 approvers
- Rule C: “Withdrawals over $100k to new addresses” = 3 approvers (this rule wins)
Default rules
Every policy should have a default rule with no conditions — this applies when no other rule matches:- Default rule: “All withdrawals not covered by other rules” = 1 approver
- Purpose: Catch any operation not covered by other rules
- Recommendation: Set default to your standard approval requirement
Draft rules and testing
Before making a rule active, you can:- Create as draft — Save it without activating
- Test it — See how it would apply to recent operations
- Refine — Adjust thresholds or requirements
- Activate — Make it official
Common mistakes to avoid
Mistake 1: Overlapping rules with different requirements- Solution: Be specific with conditions; avoid creating conflicting rules
- Solution: Always create a default rule to catch operations not covered by specific rules
- Example: Rule for “withdrawals over $1 million” in a vault that never handles amounts that large
- Solution: Review rules quarterly and remove ones that never apply
- Solution: Creates bottlenecks; use tiered approvals based on risk
- Example: Rule that applies only 10 AM - 11 AM weekdays
- Solution: Use broader time windows or avoid time-based rules unless necessary
Rule documentation
When creating rules, document:- Why: Why is this rule necessary? What risk does it address?
- When: Under what conditions does it apply?
- Approval: Who must approve, and why?
- Changes: When was it created/modified?
- Owner: Who is responsible for this rule?
Managing rules over time
Rules should be reviewed quarterly:- Check effectiveness — Are the rules achieving their purpose?
- Spot trends — Do new operation patterns suggest new rules are needed?
- Remove unused rules — If a rule never applies, delete it
- Adjust thresholds — If business volume changes, update amount thresholds
- Communicate changes — Let users know about new/modified rules