# Custom Permissioning As we are dealing with securities when doing RWA pools, we must ensure to comply with all relevant Anti-Money Laundering (AML) regulations, which dictate only KYC'd entities may hold or trade securities. To accommodate for that, we must ensure only eligible parties ever hold RWAs on Mystic. Our solution to this is to set access rules individually per pool, depending on its assets' requirements (e.g. only non-US investors can supply or borrow from a specific pool). To support all asset classes whilst still making markets as permissionless as possible, three levels of access are possible: * Permissionless - no one needs to KYC/KYB, as the asset is freely transferable. * Semi-permissioned - only borrowers and liquidators must KYC/KYB - if there are liquidators in the pool and we know lenders will never touch the asset, then supplying may be permissionless. If borrowers have KYC'd with issuer already, Mystic will read from their whitelist to prevent them having to KYC again. * Permissioned - all participants must KYC/KYB, due to asset, issuer or market requirements. Mystic ties access to each market to roles, which are then attributed based on KYC/KYB information upon user registration or partner KYC whitelist integration. ### Custody Since Mystic is not a registered broker, we must keep all securities with a custodian. This is also better for borrowers from a risk perspective, as they know their assets are being safekept with a custodian during their interaction with the protocol. Our approach is quite simple and elegant - we have integrated our protocol with a custodian, such that whenever an RWA is locked/deposited on our pools, it is sent to a custodian for safekeeping. We do, however, also enable assets to be remain on our smart contract. This combination of centralisation and decentralisation is one of the things that makes Mystic so appealing and which makes us so uniquely positioned to bridge TradFi and DeFi. By default, the protocol is fully non-custodial. This feature exists as a backstop for more illiquid or sensible collateral. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mysticfinance.xyz/overview/custom-permissioning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.