Overview of processes
We run five operational processes and one periodic audit. Each operational process has defined steps, assigned roles, and a status flow tracked in the backoffice.
1. Partner onboarding
Before anyone can request tokens from us, they must be registered as a partner entity. Customer Support registers the partner with their legal details and wallet addresses. Compliance performs KYB (Know Your Business) verification. Once approved, the partner is active and can be referenced in issuance requests.
Partners can be suspended (temporarily blocked from new issuance) or deactivated (permanently removed). Every change to a partner record — name updates, wallet additions, notes — is versioned so we can reconstruct the exact state of any partner at any point in time.
This process feeds into issuance: you cannot mint tokens to a wallet that isn't whitelisted under an active partner.
2. Issuance (fiat → tokens)
This is the process of creating new tokens. It starts when a partner requests tokens and wires euros, or when the Head of Operations identifies a need to rebalance our wallets internally.
The flow moves through six steps: Customer Support logs the request (including currency) → Compliance screens for AML/sanctions → Treasury confirms the wire has arrived in the correct currency → the Operator creates the mint transaction on the relevant token contract → the Head of Operations co-signs it → the Operator confirms on-chain finality.
The critical rule: the Operator cannot create the mint transaction until both Compliance approval and Treasury fiat confirmation are in place. These two checks can happen in either order, but both must be done before any tokens are created.
3. Redemption (tokens → fiat)
This is the reverse: a holder wants their fiat back. It is the most step-heavy process because it involves two separate compliance gates.
Gate 1 — Know the person. Before we give a holder a deposit address, Compliance verifies their identity (KYC, sanctions screening, PEP check). This prevents sanctioned persons from ever interacting with our on-chain infrastructure. A fresh temporary address is generated for each redemption request.
Gate 2 — Know the funds. After the holder sends tokens to our wallet, Compliance screens the sender address for links to mixers, stolen funds, darknet activity, or sanctioned wallets. A clean person can hold dirty tokens, so we check both.
Once both gates pass, the Operator burns the tokens, Treasury wires the fiat in the corresponding currency, and Customer Support confirms completion to the holder.
A daily cut-off time (16:00 CET) determines whether processing happens same-day or next working day. Holders can submit requests at any time — the cut-off only governs when we act.
4. Freezing assets
We maintain the ability to freeze addresses on-chain, preventing them from sending or receiving tokens. This is separate from the automatic Chainalysis sanctions oracle, which blocks sanctioned addresses on every transfer without human involvement.
The manual freeze list covers situations the oracle doesn't: law enforcement requests, stolen fund alerts, internal compliance flags, or Chainalysis KYT alerts that require human judgment. Compliance decides whether to freeze; the Head of Operations executes the on-chain freeze. Unfreezing follows the same path in reverse.
The backoffice provides an alert inbox where Compliance triages incoming risk alerts, an active freeze list view, and a full history of all freeze/unfreeze/dismiss actions for audit purposes.
5. Daily supply verification
Every working day, per currency, we prove that every token in circulation is backed by fiat in reserve.
The system pulls the current on-chain supply (the total encrypted supply is maintained on-chain and updated with every mint, burn, and cross-layer transfer — the backoffice decrypts this figure), Treasury provides the current fiat reserve balance, and three automated checks run: total supply ≤ fiat, internal consistency of public + private = total, and net change reconciliation.
Compliance reviews the results and, if everything passes, signs off. The verified figures are then automatically published on the public website. If any check fails, Compliance investigates, documents the root cause, and triggers a new verification. Failed records are never deleted — they're linked to their successor for a complete audit trail.
6. Semi-annual independent audit
Every six months, an independent audit verifies that our issued tokens match reserves. Where the daily supply verification is continuous and automated, this audit is a periodic, thorough review with full paper trail.
Three evidence sources are cross-checked:
- EMI ledger — accounting records showing every issuance and redemption, per currency
- Bank statements — proving the fiat reserve balances held in the corresponding currency accounts
- On-chain data — proving the current token supply on the blockchain
The audit confirms that all three sources agree: what the ledger says we issued, what the bank says we hold, and what the chain says exists. Process definition is not yet finalized.