A whitelist can be a contact address, wallet address, or smart contract address that the organization trusts and allows to execute transactions without MPA.
After an address is whitelisted the requirement of MPA is disabled and the transaction can be immediately executed, as long as the spending limits, for both asset and user, haven’t crossed their limits.

An organization cannot have multiple whitelists with the same address and blockchain type. Each whitelist has a unique set of addresses and blockchains.
Every whitelist is stored and managed by the organization, and when a whitelist is created, it gets a unique ID (UUID) that helps the organization manage the whitelists.

Whitelist - when is it needed?

As explained before, the whitelist criteria is relevant only when the asset and user spending limits are valid.

For example:
A wallet address is whitelisted for Ethereum in the organization and a user is trying to spend ETH but he or the asset itself has exceeded the spending limit. In such cases, the MPA will be required and the whitelisting criteria will be irrelevant.

Note: The whitelist criteria is taken under consideration only up to the predefined spending limit.

Another example:
This time, both asset and user have not exceeded r their spending limits, but the organization has not yet whitelisted the wallet address.
In this case, when the user tries to spend currency from the asset, the transaction would have to go through the MPA pipeline because the wallet address is not yet whitelisted.
Only when MPA is approved this transaction is resumed.