![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 12 12" xmlns="http://www.w3.org/2000/svg"><path d="M 5.951 4.234 L 9.674 0 L 8.792 0 L 5.559 3.677 L 2.978 0 L 0 0 L 3.904 5.56 L 0 10 L 0.882 10 L 4.296 6.117 L 7.022 10 L 10 10 L 5.951 4.234 Z M 4.743 5.609 L 4.347 5.055 L 1.2 0.65 L 2.555 0.65 L 5.095 4.205 L 5.491 4.759 L 8.792 9.38 L 7.437 9.38 L 4.743 5.609 Z" fill="rgb(14, 14, 14)" height="10px" id="XcmADpzdE" transform="translate(1 1)" width="10px"/></svg>)
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 12 12" xmlns="http://www.w3.org/2000/svg"><g d="M 0 12 L 0 0 L 12 0 L 12 12 Z M 11.475 0 L 0.525 0 C 0.225 0 0 0.225 0 0.525 L 0 11.55 C 0 11.775 0.225 12 0.525 12 L 11.55 12 C 11.85 12 12.075 11.775 12.075 11.475 L 12.075 0.525 C 12 0.225 11.775 0 11.475 0 Z M 3.525 10.2 L 1.8 10.2 L 1.8 4.5 L 3.6 4.5 L 3.6 10.2 Z M 2.7 3.75 C 2.1 3.75 1.65 3.225 1.65 2.7 C 1.65 2.1 2.1 1.65 2.7 1.65 C 3.3 1.65 3.75 2.1 3.75 2.7 C 3.675 3.225 3.225 3.75 2.7 3.75 Z M 10.2 10.2 L 8.4 10.2 L 8.4 7.425 C 8.4 6.75 8.4 5.925 7.5 5.925 C 6.6 5.925 6.45 6.675 6.45 7.425 L 6.45 10.275 L 4.65 10.275 L 4.65 4.5 L 6.375 4.5 L 6.375 5.25 C 6.6 4.8 7.2 4.35 8.025 4.35 C 9.825 4.35 10.125 5.55 10.125 7.05 L 10.125 10.2 Z" fill="transparent" height="12px" id="XoVyCGmWR" width="12.075px"><path d="M 0 12 L 0 0 L 12 0 L 12 12 Z" fill="transparent" height="12px" id="XrpckXPdq" width="12px"/><path d="M 11.475 0 L 0.525 0 C 0.225 0 0 0.225 0 0.525 L 0 11.55 C 0 11.775 0.225 12 0.525 12 L 11.55 12 C 11.85 12 12.075 11.775 12.075 11.475 L 12.075 0.525 C 12 0.225 11.775 0 11.475 0 Z M 3.525 10.2 L 1.8 10.2 L 1.8 4.5 L 3.6 4.5 L 3.6 10.2 Z M 2.7 3.75 C 2.1 3.75 1.65 3.225 1.65 2.7 C 1.65 2.1 2.1 1.65 2.7 1.65 C 3.3 1.65 3.75 2.1 3.75 2.7 C 3.675 3.225 3.225 3.75 2.7 3.75 Z M 10.2 10.2 L 8.4 10.2 L 8.4 7.425 C 8.4 6.75 8.4 5.925 7.5 5.925 C 6.6 5.925 6.45 6.675 6.45 7.425 L 6.45 10.275 L 4.65 10.275 L 4.65 4.5 L 6.375 4.5 L 6.375 5.25 C 6.6 4.8 7.2 4.35 8.025 4.35 C 9.825 4.35 10.125 5.55 10.125 7.05 L 10.125 10.2 Z" fill="rgb(14, 14, 14)" height="12px" id="RZsNoKQqh" width="12.075px"/></g></svg>)
In the first piece, we described how Arkis defines risk upfront through a Market: a bounded environment that specifies who can deploy capital, what it can interact with, and under what conditions it operates.
Defining those boundaries upfront is only useful if they continue to hold once capital is deployed. In digital markets, positions move across venues, protocols, accounts, and operators - and each transition is a point where rules can break down. The challenge is not only defining risk, but preserving the integrity of those rules as capital moves through the system. In Arkis, each of those transition points is controlled.
Execution Hubs
Capital in Arkis does not reach its destination directly. Before arriving at a DeFi protocol, a centralized exchange, or any other venue, it passes through an execution hub - a controlled infrastructure layer that sits between the Market and wherever capital is deployed. Every hub does three things: it enforces the rules defined by the Market, it governs how funds can move, and it controls who can act on the position.
Execution hubs fall into two tiers based on their control surface and third-party exposure.
Tier 1: Margin Accounts. Capital from the Market can only be allocated to Tier 1 hubs. Each Margin Account is a smart contract built on Account Abstraction - providing the highest level of funds governance and the lowest third-party exposure. Enforcement is direct: the Compliance Manager module mirrors the interface of every underlying protocol and validates each instruction before it executes. Invalid interactions are blocked at the point of action, not detected afterward.
Tier 2: CEX and off-chain venues. Centralized exchanges cannot be governed by a smart contract, they are third-party systems with their own execution environments. There is no way to restrict which tokens can be traded on a CEX through whitelisting. Instead, any position in an unsupported asset is excluded from the risk profile and becomes subject to liquidation. Capital allocated to a Tier 2 hub operates within a prime broker account structure with master account and sub-accounts. The enforcement mechanism differs from Tier 1, but the risk boundary does not.
The Capital Perimeter
The boundary governing transfers between Tier 1 and Tier 2 hubs is the Capital Perimeter. Within it, capital can move freely across different venues and accounts without changing the rules governing the position — this is what allows Arkis to maintain unified margin across disjoint venues and networks.
Movement within the Capital Perimeter is controlled by three mechanisms:
Transfer intents — any request to move capital is recorded on-chain as a signed intent issued by the Margin Account owner, creating a verifiable, tamper-evident log that acts as the trigger for initiating movement. This is currently in development.
Time delay and Transaction Caps — a mandatory block-based waiting period must elapse before the transfer executes, eliminating race conditions and protecting against market manipulation.
Compliance review — every movement is verified against the current position state and Market parameters before it is cleared.
The system behaves differently once capital attempts to leave that boundary. Withdrawals, reallocations, or changes in account structure alter the conditions under which the position was originally approved. These flows are subject to the highest level of controls.
The goal is not to observe capital movements after the fact, but to ensure that movement itself remains governed by the same risk framework.
Operational Access
Operational access can change the effective risk boundary of a position. Even when capital is allocated to approved hubs and venues, the system still needs to control who can act on that capital and what actions they are allowed to take.
For Tier 1, this will be governed by an On-Chain Policy Engine - a programmable layer that defines the scope of permissible operations at the smart contract level, ensuring that even privileged system actors cannot operate outside defined boundaries. We'll cover this in a dedicated piece.
Tier 2 hubs require advanced protection measures due to their centralized nature. Arkis employs various techniques to achieve strong segregation of duties and separation of concerns, minimizing the surface area for potential attacks, including insider threats and counterparty risk exposure. A combination of secure browser technology, transparency logs, and privileged access management significantly increases the trustworthiness of Tier 2 applications.
Together, execution hubs, the capital perimeter, and operational access ensure that the Market remains meaningful after capital is deployed across venues, operators, and changing market conditions.
The next piece covers how Arkis evaluates risk as it evolves in real time: aggregating exposure across accounts, venues, and assets into a portfolio-level view.
