I agree that 'governance' should not be allowed to *change* business logic. It should only check/validate against predefinded rules and notify any violations and block the message from being processed by business logic. So it all happens *before* it is handed over to the business logic. If we allow it to change business logic then we have crossed a line and we are no longer 'governing', but rather became part of the business logic. We might offer other 'interceptors' to do this but thay should not be part of governance imo.