Evidence-first
The console is designed so sensitive actions leave a trail examiners can follow. Export packs and control mapping are product workstreams — we do not claim SOC, PCI, or NACHA certification on this site.
Security & compliance stance
Institutions need honest vendor fitness — architecture, process, and evidence kits — not a claim that consensus code is “CU-compliant.”
The console is designed so sensitive actions leave a trail examiners can follow. Export packs and control mapping are product workstreams — we do not claim SOC, PCI, or NACHA certification on this site.
Third-party risk is managed through an allowlist. Core, OFAC/AML, and ACH run via customer vendors and processors — Bitcoin Quay does not become the ODFI or the BSA system of record.
GLBA-minded query-through patterns; no PAN in product scope (PCI out of CDE by design). Beachhead and marketing forms never collect member NPI.
Sensitive actions require maker/checker flows. Money movement is modeled as intents correlated to vendor decision IDs — not freeform sends.
This page is posture narrative for early conversations. It is not a security whitepaper, attestation, or substitute for your institution's TPRM process.
Request a briefing