FinToken XArchitectureIndex

FinToken X — Architecture

An end-to-end specification for a United Kingdom (UK) invoice-financing platform that turns confirmed receivables into regulated digital tokens, lets institutional lenders fund them, and lets professional investors trade slices on a permissioned secondary market — all under Financial Conduct Authority (FCA) and Bank of England (BoE) Digital Securities Sandbox (DSS) supervision. A glossary of every short form used in this doc set lives at §11.

1. The problem in one paragraph

A small UK business sends a £10,000 invoice to a corporate customer. The customer will pay — in 60 days. The seller needs cash this week. Today the options are slow, expensive, and relationship-based. Meanwhile, pension funds and asset managers would happily lend against that invoice if only they could see the receivable in a standard format and trust the checks behind it.

FinToken X is the bridge. We verify the invoice is genuine, run identity and Anti-Money Laundering (AML) checks on every counterparty, and tokenise the confirmed receivable as an Ethereum Request for Comments 3643 (ERC-3643) security token on a permissioned chain. A regulated lender funds the token; the seller gets the cash. Investors then buy and sell slices on a permissioned secondary market, with a pre-trade compliance check on every trade. Every step is auditable, and every action by every actor is recorded in a tamper-evident log we can hand to the regulator on demand.

2. Who uses the platform

Eight personas. Five customers, three staff. Click any card for the persona's full flow.

Customers (pass the gates)

Small or Medium-sized Enterprise (SME) Seller

sme_seller — Coppergate Joinery Ltd

Small UK business with an unpaid invoice. Wants cash this week, not in 60 days. Uses the browser Single-Page Application (SPA) primarily; email for confirmations.

Read flow →

Corporate Buyer

buyer_ap — Northwind Retail public limited company (plc)

The customer who owes the SME money. Confirms the invoice via a one-click email magic-link. Lighter portal for batch confirms.

Read flow →

Institutional Lender

lender — Pennine Asset Management Limited Liability Partnership (LLP)

FCA-authorised firm that funds confirmed receivables. Browser marketplace plus a first-class Representational State Transfer (REST) Application Programming Interface (API).

Read flow →

Secondary Investor

investor — Brunel Pension Partners

Professional investor or Eligible Counterparty (ECP) trading invoice-token slices post-funding. Markets in Financial Instruments Directive II (MiFID II)–gated; pre-trade check on every trade.

Read flow →

Broker

broker — Salford Commercial Finance Ltd

Commercial finance broker who introduces SMEs and earns commission. Score Application Programming Interface (API) for prequalification.

Read flow →

Staff (Role-Based Access Control (RBAC), no customer gates)

Compliance Officer / Money Laundering Reporting Officer (MLRO)

compliance_officer — Priya Lall

Reviews escalated applications, files Suspicious Activity Reports (SARs), watches lender and broker monitoring, signs off on the decision matrix.

Read flow →

Partner Admin

partner_admin — Mercia Bank plc

Staff at a white-label partner. Onboards sub-partners, manages API keys, runs Supply Chain Finance (SCF) programmes, customises theme.

Read flow →

Platform Admin

platform_admin — FinToken X staff

Internal Site Reliability Engineering (SRE) / support. Sees and does everything — every action distinctly marked in the audit trail.

Read flow →

3. The four gates

Every customer passes through four checks before they can move money. Three are blocking; one runs continuously and raises alerts without stopping anyone up-front.

Gate 1

Identity verification

Question: Are you really who you say you are?

How: Sumsub runs document, biometric, and liveness checks for individuals (Know Your Customer, KYC); Companies House (CH) lookup for legal entities (Know Your Business, KYB); Ultimate Beneficial Owner (UBO) disclosure for any beneficial owner above 25%.

Blocking. Re-runs every 6 months for sellers, 12 months for everyone else.

Gate 2

AML & sanctions screening

Question: Are you on a sanctions list, a Politically Exposed Person (PEP) list, or in adverse media?

How: ComplyAdvantage for name screening across UK Treasury, the United States Office of Foreign Assets Control (OFAC), the European Union (EU), and the United Nations (UN). Chainalysis for any wallet address connected to the subject.

Blocking. Continuous: any list update fires a reassessment within 24 hours.

Gate 3

Risk score + MLRO review

Question: Does everything add up, and does our compliance officer approve?

How: Internal risk model produces LOW / MEDIUM / HIGH. HIGH and any rule-flagged case routes to the MLRO queue for human review.

Blocking. Decisions are recorded with rationale to the audit log.

Gate 4

Continuous monitoring

Question: Is anything about you changing for the worse?

How: Daily delta on sanctions lists, FCA register, Companies House (insolvency, dissolution), Chainalysis (new attribution). Adverse change opens an alert in the MLRO queue.

Non-blocking. Raises alerts, never stops a user up-front.

Per-role gate matrix. Buyer has the lightest set (Gates 1 + 2 only — they are not handling investor money). Lender adds an FCA permissions check between Gate 1 and Gate 2. Investor adds a MiFID II classification check after Gate 3 (professional investor or ECP only — retail prohibited). Broker adds an FCA register check + AML policy attestation after Gate 1. Seller is the strictest — Gate 3 is mandatory MLRO-reviewed because most invoice fraud starts with a fake seller.

4. Who can do what

"Gates 1–3" means the actor must have cleared all three blocking customer gates before they may take the action. Staff bypass is RBAC-driven and audit-marked.

"Score API" is the Application Programming Interface (API) the broker uses for prequalification.

Role	Submit invoice	Confirm invoice	Fund invoice	Receive settlement	Trade secondary	Use Score API
SME Seller	Gates 1–3	—	—	Gates 1–3	—	—
Corporate Buyer	—	Gates 1–2	—	—	—	—
Lender	—	—	Gates 1–3 + FCA	Gates 1–3	—	—
Investor	—	—	—	—	Gates 1–3 + MiFID II + pre-trade	—
Broker	—	—	—	—	—	Gates 1–3 + FCA register
Compliance Officer	audit-marked bypass	audit-marked bypass	audit-marked bypass	audit-marked bypass	audit-marked bypass	—
Partner Admin	scope: own tenant	scope: own tenant	scope: own tenant	scope: own tenant	—	scope: own tenant
Platform Admin	audit-marked bypass	audit-marked bypass	audit-marked bypass	audit-marked bypass	audit-marked bypass	audit-marked bypass

5. Money-control rules

Twelve invariants that govern what each persona is allowed to see and do. Violating any of these in a screen is a compliance defect, not a UX choice.

Seller's bank account is never rendered to the buyer or to the lender. Lender disburses to a FinToken-X-issued bankable virtual account; buyer pays the obligor instruction, which routes to FinToken X collections.
Buyer's bank account is never rendered to the seller. Buyer pays the channel FinToken X provides; seller never sees buyer's banking details.
FinToken X transit / settlement wallet is never rendered to the seller. Seller sees their own bank; money "just lands" with a FinToken X reference.
Internal IDs (subject IDs, audit IDs, contract addresses, tokenIds) are never rendered to anyone except platform admin and (optionally) the lender's API consumer. Customer-facing screens use the canonical invoice reference (FX-INV-23A4F) and human-readable bank details.
Funding is manual. No countdown, no auto-execute. The lender explicitly approves every receivable in step F2 → F3.
Platform fee is shown only to the seller in their settlement breakdown. Never on lender, investor, or buyer screens.
Discount rate / discount income is shown to the lender, investor, and (in summary form) the platform admin. Never to the seller (they see net cash) or to the buyer (none of their business).
Buyer confirmation is a hard gate. No funding screen, no token mint, no investor visibility until C2 confirmation lands.
Repayment is gated on inbound credit notification from the obligor's bank with a matching invoice reference. A buyer email saying "we paid" is never sufficient on its own.
Tokenisation happens server-side, post-confirmation, post-risk-clear. Token reference is shown to the lender, investor, and admin. Seller sees plain English — never 0x… addresses, never tokenId=….
Settlement currency is Great British Pound (GBP) fiat by default. Stablecoin (USD Coin, USDC) settlement is opt-in per lender, gated by Chainalysis wallet screening. Mixed currency is never offered to the seller.
Audit log marks every actor. When a platform admin acts on behalf of a customer, the entry is tagged actor_role=platform_admin, on_behalf_of=<subject_id> — non-negotiable for the regulator-facing audit trail.

6. Unit economics

What the platform charges and what each transaction costs to run. The rates below are the canonical values the billing, settlement, and partner modules apply; every figure on a screen anywhere in the doc set derives from this table. Money-control rules (§5) still govern who sees which figure.

Primary market — platform fees

Fee	Rate	Trigger	Charged to	Visible to
Tokenisation fee	0.20% of face value	At token mint (state `CONFIRMED` → `TOKENISED`)	Seller (originator)	Seller, platform admin. Reflected in the seller settlement breakdown.
Settlement fee	0.50% of face value	At final settlement (state `SETTLED`)	Seller (originator)	Seller, platform admin.
Credit scoring fee	£15.00 per invoice scored	At Gate 3 risk run	Broker (if broker-referred) or seller (direct sign-up)	Charged party, platform admin.
API licensing fee	£2,500 / lender / month, flat	First business day of each calendar month, pro-rated on first month	Lender (any lender using the Representational State Transfer (REST) API + webhooks surface)	Lender, partner (if tenant-scoped), platform admin. Surfaces on `/lender/api-keys` + lender invoicing.

Money-control rule 6 still applies. The seller sees a single "platform fee" total in their settlement breakdown — the sum of tokenisation + settlement components is what they read on screen. The split into tokenisation vs. settlement is internal to the billing module and is exposed on the lender's discount disclosures only as a "platform fee retained from face" line. Seller-side screens never break the platform fee down into sub-components — that would expose internal cost structure to a party who does not need it.

Primary market — cost-of-goods per invoice

Operational cost per invoice processed. Inputs to the platform's gross margin model; not shown on any customer-facing screen.

Cost item	Per-invoice cost	Where it lives in the architecture
Anti-Money Laundering (AML) screening	£6.00	Gate 2 — Sumsub + ComplyAdvantage + Chainalysis blended (§3)
Blockchain / settlement infrastructure	£3.00	Tokenisation module + FinToken X Network gas + outbound payment rails (Faster Payments / Bacs / stablecoin)
Cloud compute	£2.00	Production environment per-transaction allocation
Support & operations	£4.00	Allocated overhead per transaction
Total cost per primary-market invoice	£15.00	—

Secondary market — trading fees

Fee	Rate	Trigger	Charged to	Visible to
Listing fee	£150.00 per invoice listed	At listing creation (state `LISTED`)	Lister (lender or investor listing a slice)	Lister, MLRO, platform admin.
Trading fee	0.40% of trade value	At trade execution	Investor buying the slice	Buying investor, MLRO, platform admin. Surfaces on the trade ticket + audit log `SECONDARY_TRADE` entry.

Secondary market — cost-of-goods per trade

Cost item	Per-trade cost	Where it lives in the architecture
Settlement	£4.00	Stablecoin + smart-contract execution on the FinToken X Network
Compliance	£5.00	Markets in Financial Instruments Directive II (MiFID II) pre-trade check + Anti-Money Laundering (AML) re-screen
Platform operations	£3.00	Allocated infrastructure and support
Total cost per secondary-market trade	£12.00	—

Volume model parameters

The assumptions the platform sizes capacity, rate limits, and per-lender concentration caps against. Editable per partner deployment; surfaces on /admin/config.

Parameter	Value	Architectural consequence
Average primary invoice face value	£150,000 (range £50,000 – £500,000)	Invoice service face-value validation range; below floor or above ceiling routes to MLRO queue for manual review.
Primary invoices per lender per month	100 at launch · target 500+ at maturity	Rate-limit floor per lender API key; concentration-cap sizing in the marketplace module.
Lender / broker integrations	configurable per tenant	Tenant-scoped API key issuance + webhook endpoints (`/lender/api-keys`, `/broker/api-keys`, `/partner/api-keys`).
Share of primary invoices listed on the secondary market	30%	Sizing assumption for the marketplace module's secondary-listing tables; not all invoices reach `LISTED`.
Average secondary trade size	£75,000 (slices common — face is divisible)	Drives the fractionalisation default on lender listing creation.
Average secondary trades per listed invoice	2	Sizing assumption for the trades table volume and the audit-bus event rate.
Modelled operating window	12 months rolling	The window the unit-economics roll-up on `/admin/config` sums across.

Reconciliation with the canonical example invoice

The canonical example (§8 below) shows a £100 platform fee on a £10,000 face value — a round 1% used for narrative clarity across persona files. Under the rates above, the £10,000 example breaks out as tokenisation £20 + settlement £50 + credit scoring £15 = £85 directly attributable, with the remaining £15 representing the operational margin baked into the seller-side composite. Persona screens continue to render the composite total per money-control rule 6; only this page exposes the split.

Out of scope on this page

Value Added Tax (VAT) treatment. Figures above are pre-VAT; the billing module computes VAT at invoicing time per UK tax rules.
Discount rate / lender discount income — that is the lender's earning, not a platform fee. See lender flow for how discount rate is set, disclosed, and paid out.
Commission paid to brokers — covered on the broker flow (broker.html) under commissions.

7. Token mechanics

FinToken X uses Ethereum Request for Comments 3643 (ERC-3643) tokens — also known as Token for Regulated EXchanges (T-REX) — on the permissioned FinToken X Network. Each confirmed invoice mints exactly one receivable token, divisible into slices for the secondary market, and burned on settlement.

Standard

ERC-3643 (T-REX) — the regulated security-token standard. Includes an Identity Registry (every wallet bound to a verified subject), Compliance Module (every transfer passes pre-trade rules), and Trusted Issuers Registry (FinToken X is the sole trusted issuer).

Network

FinToken X Network — a permissioned Ethereum Virtual Machine (EVM) chain on Hyperledger Besu. Validators run by FinToken X, Mercia Bank, and a future second partner. No public bridge. Block time 2s. All transactions visible to the MLRO; explorer access for lenders and investors covers their own holdings only.

Identity

Every wallet (seller, lender, investor) has an OnchainID identity contract. Know Your Customer (KYC), Anti-Money Laundering (AML), and MiFID claims are issued as on-chain attestations by FinToken X. Wallet ↔ subject binding is enforced at transfer time.

Transfer compliance

Every transfer call passes through Compliance Modules — sanctions, MiFID classification, jurisdictional rules, lock-up — before tokens leave the source wallet. Failure aborts the transaction on-chain.

Settlement

GBP fiat by default (Faster Payments Service (FPS) / Bankers' Automated Clearing Services (Bacs)), executed off-chain with on-chain settlement events. Optional USDC on-chain settlement available to lenders who opt in (gated by Chainalysis wallet screening).

Burn

Token is burned on settlement. The settlement transaction hash and final state are stored on the receivable record and exposed to the lender, investor, and admin. Audit retains the full transfer history per FCA Sandbox terms.

Lifecycle states

PENDING_INVOICESeller submits AWAITING_BUYERBuyer confirms CONFIRMEDRisk passes TOKENISEDERC-3643 minted

TOKENISED FUNDEDLender disburses LISTEDAvailable on secondary SETTLEDBurned, lender paid

DISPUTEDBuyer rejects VOIDToken never minted

FUNDED PAST_DUEObligor late > 5 Business Days (BD) DEFAULTAfter 30 BD past due

Full state machine — including SUBMITTED → VERIFYING → RISK_PASSED sub-states and reversal paths — lives in backend.html § Invoice state machine.

8. Named entities

Canonical placeholder names used across every persona file. Don't introduce new named entities — use these. They are deliberately UK-flavoured and unambiguous.

Role	Name	Authorised representative	Domain
SME Seller	Coppergate Joinery Limited (Ltd)	Aisha Mahmood, Director	`aisha@coppergate.co.uk`
Corporate Buyer	Northwind Retail plc	Tom Whitfield, Accounts Payable (AP)	`tom.whitfield@northwind.co.uk`
Institutional Lender	Pennine Asset Management LLP	Caroline Beck, Head of Private Credit	`c.beck@pennineam.co.uk`
Secondary Investor	Brunel Pension Partners	Faisal Quereshi, Portfolio Manager	`f.quereshi@brunelpp.co.uk`
Broker	Salford Commercial Finance Ltd	Dan Egglestone, Managing Director	`dan@salfordcf.co.uk`
Partner	Mercia Bank plc	Helena Rourke, Head of Trade Finance Products	`helena.rourke@merciabank.co.uk`
MLRO	FinToken X (staff)	Priya Lall	`priya.lall@fintokenx.uk`
Platform Admin	FinToken X (staff)	Marcus Doyle	`marcus.doyle@fintokenx.uk`
Platform	FinToken X	—	`platform@fintokenx.uk`

Canonical example invoice

Reference

FX-INV-23A4F

Issued 22 May 2026 · Due 21 Jul 2026

Face value

£10,000.00

60-day tenor

Discount rate

2.4%

over the 60-day tenor

Discount income (lender)

£240.00

Net advance

£9,760.00

Platform fee (1%)

£100.00

Cash to seller

£9,660.00

These numbers appear identically in every screen across every persona file. If a screen needs a different invoice for narrative reasons (e.g. a defaulted receivable example), use the secondary canonical: FX-INV-29F12, £24,000 face value, 90-day tenor, defaulted on day 32 past due.

9. Regulatory framing

FinToken X operates under live and proposed UK rules. The doc set treats these as load-bearing constraints, not marketing flourishes.

Regulation	What it requires of us	Where it shows up
FCA Handbook — Principles for Businesses (PRIN), Senior Management Arrangements, Systems and Controls (SYSC), MiFID Prudential sourcebook (MIFIDPRU), Conduct of Business Sourcebook (COBS)	Authorised firm conduct, governance, capital, conduct of business, client classification.	Lender FCA permissions check, broker FCA register check, MiFID II investor classification.
FCA / BoE Digital Securities Sandbox (DSS)	Pre-trade compliance check on every secondary trade; approved settlement rails; tamper-evident audit trail; quarterly regulator reporting.	Investor pre-trade gate (7 questions); compliance pre-trade log; audit-log immutability; `/compliance/specification` regulator export.
MiFID II	Categorise every investor as Professional, Eligible Counterparty (ECP), or Retail. Retail prohibited from this venue.	Investor onboarding step I3 (classification); MiFID register; pre-trade re-check on every trade.
Money Laundering Regulations 2017 (MLR 2017)	Customer due diligence proportionate to risk; Politically Exposed Person (PEP) and sanctions screening; ongoing monitoring; record retention.	Gates 1–4; SAR queue; record retention console (5 years standard, 6 years for SARs).
Proceeds of Crime Act 2002 (POCA)	Suspicious activity reporting to the National Crime Agency (NCA); tipping-off offence (we may not tell the suspected party they were reported).	SAR queue with hashed party identifiers; `/compliance/sar` screen redacts names visible to non-MLRO compliance staff.
UK General Data Protection Regulation (UK GDPR) & Data Protection Act 2018 (DPA 2018)	Lawful basis, data minimisation, retention limits, subject access rights, processor agreements with all providers.	Onboarding consent flow; Data Processing Agreement (DPA) per provider in `/compliance/providers`; retention console; subject access export from `/admin/users`.

10. Document conventions

Step tags. Each screen has a tag like S3 (seller step 3), FCA SYSC 6.3 (regulator anchor), Gate 2, or INVOICE_TOKENISED (state-machine event). State chips never appear inside browser screens or email bodies — only in commentary cards.
Pills. Status pills follow a fixed palette: Settled Listed Past due Default Tokenised.
Commentary cards. Blue-bordered boxes with engineering-side notes on state, Service-Level Agreement (SLA), error branches. Aimed at the doc reader, not at the persona on screen.
The flow strip. Each persona's screen-by-screen flow lives in a horizontal scrollable strip. Free-scroll, no snap.
Routes. Every browser-frame URL bar shows the actual route from src/App.tsx. If a route is annotated as "new — needs implementation", that means the spec calls for it but the codebase doesn't have it yet.

11. Glossary of abbreviations

Every short form used across the architecture, spelled out. Pages spell each term out in full on first use; this table is the canonical reference for everything that follows.

Short form	Full form	What it is
AIS	Account Information Service	Open Banking read-only access to bank account data, used for settlement reconciliation.
AML	Anti-Money Laundering	Body of regulation (UK: Money Laundering Regulations 2017) requiring firms to detect and report financial crime.
AP	Accounts Payable	The corporate buyer's payables function — the team that confirms and pays supplier invoices.
API	Application Programming Interface	Machine-to-machine surface (REST + webhooks) for lenders, investors, brokers, and partners.
Bacs	Bankers' Automated Clearing Services	The UK batch payments rail, used for outbound disbursement when speed is not critical.
BD	Business Days	Working days excluding UK bank holidays — used for Service-Level Agreement (SLA) windows.
BoE	Bank of England	The UK central bank; co-operator of the Digital Securities Sandbox (DSS) with the FCA.
CH	Companies House	The UK companies registrar; source of legal-entity facts for Know Your Business (KYB).
COBS	Conduct of Business Sourcebook	FCA Handbook sourcebook governing conduct toward clients.
CoP	Confirmation of Payee	UK Open Banking name-match check on a bank account.
DKIM	DomainKeys Identified Mail	Email-signing standard; each partner tenant signs outgoing email from its own domain.
DPA	Data Protection Act 2018 · Data Processing Agreement	The UK statute (DPA 2018) and, in different context, the contract between a controller and a processor under UK GDPR.
DPD	Days Past Due	Days an obligor's payment is overdue against the maturity date.
DSAR	Data Subject Access Request	A subject's UK GDPR right to receive a copy of personal data held about them.
DSS	Digital Securities Sandbox	The FCA / Bank of England (BoE) live regulatory regime under which FinToken X tokenises and trades receivables.
ECP	Eligible Counterparty	One of the two Markets in Financial Instruments Directive II (MiFID II) classifications permitted on the secondary market (the other is Professional). Retail is prohibited.
ERC-3643	Ethereum Request for Comments 3643	The regulated security-token standard (also known as Token for Regulated EXchanges, T-REX) used for FinToken X receivable tokens.
EU	European Union	Source of one of the four sanctions lists screened at Gate 2.
EVM	Ethereum Virtual Machine	The execution environment for smart contracts; the FinToken X Network is permissioned EVM-compatible.
FATF	Financial Action Task Force	Inter-governmental body whose typologies drive AML risk indicators.
FCA	Financial Conduct Authority	The UK financial regulator. Authorises lenders and brokers; supervises the DSS.
FPS	Faster Payments Service	The UK near-instant bank payments rail, used for disbursement and settlement.
GBP	Great British Pound (sterling)	The platform's default settlement currency.
GDPR	General Data Protection Regulation	The UK retains GDPR via the Data Protection Act 2018 ("UK GDPR").
GPU	Graphics Processing Unit	Parallel-compute hardware used for training and inference of the `compliance-ai` service.
HSM	Hardware Security Module	Tamper-resistant hardware that holds signing keys (DomainKeys Identified Mail (DKIM), webhook secrets, audit Merkle commit, chain transaction signing).
IBFT	Istanbul Byzantine Fault Tolerance	The consensus protocol used by the permissioned FinToken X Network on Hyperledger Besu.
KPI	Key Performance Indicator	Headline metrics on operator dashboards (queue depth, SLA, alert volume, etc.).
KYB	Know Your Business	Identity and standing checks on a legal entity (Companies House, UBO disclosure, director identity).
KYC	Know Your Customer	Identity verification on an individual, including document, biometric, and liveness checks.
LLP	Limited Liability Partnership	UK corporate form used by several named entities (lender, broker).
MiFID II	Markets in Financial Instruments Directive II	UK-retained EU rules requiring investor classification and pre-trade compliance checks.
MIFIDPRU	MiFID Prudential sourcebook	FCA Handbook sourcebook on prudential requirements for investment firms.
MLR 2017	Money Laundering Regulations 2017	The UK statutory instrument that operationalises AML obligations.
MLRO	Money Laundering Reporting Officer	The named role required by MLR 2017 / POCA 2002 with authority to file SARs and freeze customer activity.
mTLS	mutual Transport Layer Security	Two-way certificate-authenticated transport; used by external Application Programming Interface (API) clients (lenders, partners) and by the relay that brokers Remote Procedure Call (RPC) access to the FinToken X Network.
NCA	National Crime Agency	The UK agency that receives Suspicious Activity Reports (SARs).
OCR	Optical Character Recognition	Vision pass that extracts structured data from an invoice PDF.
OFAC	Office of Foreign Assets Control	US Treasury sanctions list; one of four lists screened at Gate 2.
PEP	Politically Exposed Person	Individual in a position of public influence; requires Enhanced Due Diligence under MLR 2017 §35.
plc	public limited company	UK corporate form for the named buyer (Northwind Retail plc) and partner (Mercia Bank plc).
POCA	Proceeds of Crime Act 2002	The UK statute that creates Suspicious Activity Report (SAR) obligations and the tipping-off offence.
PRIN	Principles for Businesses	FCA Handbook sourcebook setting out the eleven high-level principles for authorised firms.
RBAC	Role-Based Access Control	The permission model for staff roles (compliance officer, partner admin, platform admin).
REST	Representational State Transfer	HTTP-based API style used for all external machine surfaces.
RLS	Row-Level Security	Database feature that pins each connection to a tenant, enforcing tenant isolation at the data layer.
SAR	Suspicious Activity Report	A confidential disclosure to the National Crime Agency (NCA) under POCA 2002 §330.
SCF	Supply Chain Finance	Programme run by a partner where the partner pre-approves a roster of suppliers funding against a single corporate buyer.
SES	Simple Email Service	Amazon Web Services transactional email service used by the notification service.
SIC	Standard Industrial Classification	UK industry code; used as a risk-model input to flag higher-risk sectors.
SLA	Service-Level Agreement	A contractual or operational time budget for completing a task (e.g. MLRO queue items decided within 5 business days).
SME	Small or Medium-sized Enterprise	The originator persona — the seller seeking working capital against an unpaid invoice.
SPA	Single-Page Application	The browser frontend pattern used for every customer-facing surface.
SRE	Site Reliability Engineering	The platform-admin function — engineers who own production availability, incident response, and on-call.
SYSC	Senior Management Arrangements, Systems and Controls	FCA Handbook sourcebook on internal governance.
T-REX	Token for Regulated EXchanges	The reference implementation of ERC-3643 (the regulated security-token standard).
UBO	Ultimate Beneficial Owner	Any natural person owning or controlling more than 25% of a legal entity; subject to KYC at onboarding.
UK	United Kingdom	FinToken X is UK-registered, UK-regulated, UK-domiciled.
UN	United Nations	Source of one of the four sanctions lists screened at Gate 2.
USDC	USD Coin	A US-dollar-pegged stablecoin; opt-in settlement asset for lenders who clear Chainalysis wallet screening.
VPC	Virtual Private Cloud	A network-isolated cloud environment; production customer data lives only inside the production VPC.
XAI	Explainable Artificial Intelligence	AI architectures that produce human-readable rationales alongside their outputs. SparseScore is the platform's XAI engine.

12. Where to read next

If you want to understand how a single invoice flows from submission to settlement across all personas — read end-to-end view.
If you want services, data model, integrations, and full state machines — read backend & data.
Otherwise pick the persona whose journey you care about from the cards above.