MonCore is a production-grade financial operating system designed to act as the system of record for regulated digital money, card, and payment products. It provides a deterministic, ledger-first core with embedded compliance, reconciliation, idempotency, and multi-tenant isolation, enabling fintechs, issuers, and regulated partners to launch fully governed financial products in weeks rather than years.
MonCore is not a consumer application and not a bank. It is a financial kernel that orchestrates balances, transactions, FX, AML, reconciliation, and audit across multiple tenants and regulated execution providers, while preserving strict separation between:
- Ledger authority and balance integrity
- Compliance and risk enforcement
- External execution, custody, and settlement providers
The platform is architected to operate in sandbox and production under identical code paths, controls, and audit guarantees, with only credentials and counterparties differing between environments.
This documentation is intended for: – Issuer sponsors and safeguarding institutions evaluating sponsorship and technical readiness – Regulated fintech platforms and embedded finance operators evaluating deployment of regulated products on MonCore – Regulators, auditors, and supervisory reviewers performing architectural and control review
MonCore may be deployed as a complete regulated financial operating system, providing execution, compliance, and control layers, or embedded as a financial kernel inside existing licensed infrastructures.
MonCore is designed to serve:
- Fintech platform operators launching regulated consumer or business products
- Issuers and sponsor banks operating multi-tenant issuing and payment programs
- Embedded finance platforms providing regulated services to third-party applications
- B2B payment and corporate account providers
MonCore may be operated directly by licensed institutions or by regulated platform operators in partnership with issuer and safeguarding sponsors.
MonCore is built on six core principles:
All monetary state is derived exclusively from an immutable double-entry ledger. Balances are never stored as authoritative values; they are always computed from ledger postings or validated snapshots derived from ledger state.
Every movement of value — internal transfers, merchant payments, top-ups, FX conversions, and settlements — is recorded as atomic ledger entries with deterministic identifiers, audit trails, and reconciliation metadata.
All state-changing operations are protected by a global idempotency layer that guarantees:
- No duplicate postings
- No double settlement
- Safe retry of client and provider requests
- Replay of verified historical responses
This ensures correctness under retries, network failures, webhook duplication, and provider restarts.
Compliance is not an external add-on. AML evaluation, velocity controls, tier limits, audit logging, reconciliation audits, and regulatory exports are executed inline with financial posting.
Every transaction path produces:
- Immutable audit records
- Before / after balance snapshots
- Risk scoring and AML decision traces
- Operational reconciliation logs
MonCore supports multiple regulated tenants operating on the same kernel with strict isolation:
- Tenant-scoped users and wallets
- Capability-based service activation per tenant
- Jurisdiction-level gating and regulatory hard-stops
- Contract-gated execution domains (issuing, safeguarding, payouts, FX, open banking)
- Independent partner sessions and credentials
- Regulator-safe internal admin layer without tenant context
No tenant can observe or influence another tenant’s state.
All regulated capabilities remain disabled until explicitly activated by contract and jurisdiction.
Execution providers (issuing, acquiring, safeguarding, open banking, FX, identity) are integrated behind stable kernel interfaces.
The ledger, compliance, reconciliation, and audit layers remain invariant regardless of the provider used. This allows:
- Switching execution partners without re-architecting the core
- Operating hybrid stacks (multiple providers per domain)
- Running full sandbox simulations before issuer onboarding
The same code, ledger logic, compliance controls, reconciliation jobs, and audit paths run in both sandbox and production.
Only credentials, counterparties, and settlement endpoints differ.
This enables regulators, issuers, and partners to validate production behavior before go-live.
MonCore is designed to operate in a regulated “shadow mode” prior to issuer sponsorship and scheme onboarding.
In this mode, MonCore can execute real pilot products using Tier-1 execution providers while issuer-dependent capabilities (card issuing, BIN sponsorship, safeguarding, settlement finalization) remain contract-gated and inactive.
Current pilot-ready capabilities include:
- Open-banking account funding and withdrawals (provider-signed, idempotent, webhook-driven)
- Card-based top-ups with dispute, reversal, and hold handling
- Full KYC and KYB onboarding with liveness, document capture, UBO processing, and regulator-grade audit trails
- Embedded AML evaluation, velocity controls, tier limits, and exposure tracking
- Multi-currency wallet funding and internal transfers
All pilot flows execute through the same ledger, compliance, idempotency, and audit kernel as production.
When an issuer sponsor is onboarded:
- Issuing, BIN, safeguarding, and settlement modules are activated by contract
- The same ledger state, users, balances, and audit history continue without migration
- No product rewrite or data transition is required
This allows:
-
Regulator and issuer sandbox walkthroughs on real flows
-
Partner pilots before scheme onboarding
-
Zero-downtime transition from pilot to regulated production
Pilot operation on MonCore does not require the platform operator or partner to hold an issuing or safeguarding license, as all regulated execution is performed by licensed execution providers until issuer onboarding.
MonCore is delivered with production-grade integrations to Tier-1 execution and compliance providers.
The platform already operates with:
- Open-banking payment initiation and account funding providers
- Card-based funding and top-up processors
- Tier-1 KYC / KYB / UBO and AML onboarding providers
All provider integrations are:
- Abstracted behind stable kernel interfaces
- Fully idempotent and webhook-safe
- Ledger-first and audit-logged
- Contract-gated and tenant-scoped
This allows MonCore to:
- Run real pilot products backed by regulated execution providers before issuer onboarding
- Switch execution providers without re-architecting the core
- Operate hybrid stacks (multiple providers per domain)
- Transition seamlessly from pilot providers to issuer-backed production
Provider integrations remain replaceable components.
The ledger, compliance, reconciliation, and audit kernel remains invariant.
All client funds and regulated execution during pilot operation are held and processed exclusively by licensed execution providers.
MonCore is delivered as a turnkey financial operating system with pre-integrated execution, compliance, and control layers.
Partners and tenants building products on top of MonCore do not need to independently integrate Tier-1 providers for:
- Open-banking payments and account funding
- Card top-ups and funding processors
- KYC / KYB / UBO onboarding and AML screening
All execution services are already integrated into the MonCore kernel and exposed through governed platform.
Every financial flow executed through MonCore automatically inherits:
- Embedded AML evaluation and velocity enforcement
- Tier limits and regulatory exposure counters
- Idempotent execution and replay protection
- Ledger posting and balance integrity
- Reconciliation readiness and settlement lineage
- Immutable audit and evidence logging
This allows partners to:
- Launch regulated products without building execution or compliance stacks
- Operate immediately in sandbox using production-equivalent controls
- Transition seamlessly to issuer-backed production without reintegration
Execution providers remain abstracted and replaceable.
The kernel, compliance, reconciliation, and audit layers remain invariant.
MonCore itself never holds client funds and never acts as custodian, issuer, or settlement institution.
MonCore is a Financial Operating System providing a complete plug-and-play regulated product backend.
Products built on MonCore do not integrate execution providers, compliance systems, security infrastructure, authentication layers, or settlement tooling directly.
MonCore delivers a full regulated operating backend, including:
– User and account lifecycle management
– Authentication, session management, OTP and multi-factor security
– Device fingerprinting, IP risk controls and login enforcement
– KYC / KYB / UBO onboarding and identity lifecycle management
– Embedded AML screening, transaction monitoring and case management
– Open-banking payments and account funding
– Card funding, disputes, reversals and chargeback handling
– Multi-currency wallets, transfers and FX execution
– Reconciliation, settlement control and regulatory audit exports
– Realtime balance events, session invalidation and telemetry
– Partner, admin and compliance dashboards
All regulated execution, compliance, security, reconciliation and audit domains are pre-integrated and governed inside the MonCore kernel.
Partners deploy products on MonCore through one of the supported operating system deployment models:
– Frontend-only product deployment using tenant identifiers and governed operating system interfaces – Backend product deployment (server-to-server control interfaces) – Full-stack product deployment using reference frontend and backend services – Hybrid Embedded-kernel deployment inside existing regulated infrastructures
MonCore is not an API service — it is a governed financial operating backend that exposes control interfaces for regulated product deployment.
In all models, partners do not independently integrate or operate:
– Authentication, OTP, session or device security systems
– Identity, onboarding or verification providers
– AML or transaction monitoring platforms
– Card processors or top-up providers
– Open-banking payment rails
– Reconciliation, settlement or audit pipelines
All regulated execution, compliance, security, reconciliation and audit responsibilities remain exclusively inside the MonCore kernel.
When an issuer sponsor is onboarded, execution endpoints are activated without product rewrite, data migration, or reintegration.
This enables true plug-and-play deployment of fully regulated financial products on a production-grade financial operating system.
Partners may launch regulated products without operating any regulated execution infrastructure of their own, relying exclusively on MonCore-governed services until issuer sponsorship is activated.
In frontend-only integration mode, partners may launch regulated products without operating any backend financial infrastructure.
The partner application authenticates directly against MonCore tenant endpoints, while MonCore provides authentication, sessions, OTP, ledger, compliance, execution, reconciliation, and audit as a managed financial operating system.
MonCore supports jurisdiction-aware execution, tenant-scoped regulatory domains, and contract-gated activation of regulated capabilities, enabling a single kernel to operate across multiple regulatory regimes while preserving strict separation of licensing, safeguarding, and settlement responsibilities.
The ledger is the single source of truth.
All balances are derived exclusively from immutable double-entry postings and continuously validated snapshots.
Features:
- Double-entry postings for every monetary movement
- Atomic debit / credit pairs for transfers and FX
- Row-level locking for double-spend protection
- FX-aware postings with base / quote currency tracking and applied rate persistence
- Charge-level uniqueness guarantees for card and bank funding flows
- Immutable triggers preventing deletion or tampering of ledger rows
- Before / after balance materialization (
available_after,pending_after) per posting - Dispute holds, early holds, releases, reversals, and settlement finalization postings
Supported flows include:
- Internal peer-to-peer transfers
- Multi-currency FX transfers
- Merchant payments with wallet aggregation
- Card authorization, capture, dispute, and settlement debits
- Card and bank top-ups with reversal and chargeback handling
- Issuer settlement finalization with cryptographic lineage
In addition to immutable ledger postings, MonCore maintains balance snapshot tables used as a performance and reporting layer.
Snapshots are derived exclusively from immutable ledger state and refreshed deterministically from ledger postings using controlled refresh functions. The ledger remains the sole source of truth at all times.
Characteristics:
- Snapshot rows are never authoritative and never mutated directly
- One snapshot row per user / currency
- Snapshots are refreshed from ledger state via deterministic refresh jobs
- Used for real-time balance display and fast integrity checks
Integrity guarantees:
- Ledger postings remain the only authoritative financial record
- Snapshots are continuously reconcilable against ledger history
- Drift detection is supported through ledger-to-snapshot comparison queries
- Regulator-grade reconstruction is always performed from ledger, not snapshots
Snapshots serve strictly as a performance cache and reconciliation surface.
The ledger remains the single canonical source of truth.
Each user may hold multiple wallets across currencies.
Capabilities:
- Automatic wallet creation on demand
- Wallet prioritization by primary currency
- Partial funding across wallets
- FX conversion embedded inside posting
For merchant payments, MonCore can fund a single transaction from multiple wallets and currencies, performing FX conversions only for uncovered portions.
FX is executed inline with ledger posting.
Features:
- Deterministic rate lookup from controlled rate tables
- Atomic debit / credit with FX metadata
- Base / quote currency tracking per entry
- Audit-safe FX attribution
- Settlement reconciliation alignment
Every external request is protected by a kernel idempotency contract:
- Per-route idempotency keys
- In-progress execution blocking
- Verified response replay
- Correlation IDs propagated across logs, audits, and jobs
This guarantees exactly-once semantics across client retries, webhooks, and background jobs.
Risk enforcement is executed inline before any posting:
- Velocity rules (rolling windows, per-direction limits)
- Tier-based caps and thresholds
- AML evaluations per transaction type
- Automatic case creation and escalation hooks
Blocked or flagged transactions never reach the ledger.
MonCore maintains rolling regulatory exposure counters for every user and product domain.
Capabilities:
- Per-product rolling windows (24h, 7d, 30d)
- EUR-normalized exposure tracking across currencies
- Velocity counts and threshold enforcement
- Tier-aware caps and escalation triggers
All counters are:
- Written transactionally with ledger postings
- Replay-safe and idempotent
- Queryable for compliance dashboards and regulator exports
This enables:
- PSD2 / EMI volume caps
- AML transaction aggregation
- Tier-based product gating
- Continuous exposure supervision
MonCore includes a deterministic settlement reconciliation engine designed for issuer-led production deployment.
The platform implements:
- A scheduled daily reconciliation scheduler (armed at 03:00 UTC)
- Idempotent reconciliation execution with startup and interval execution
- System-level reconciliation audit events (job start, completion, failure)
- Hard idempotency guards and advisory-lock protection
The reconciliation engine is architected to:
- Fetch pending issuer settlements
- Verify ledger debits exist exactly once
- Finalize settlement records
- Generate cryptographic payload hashes
- Emit immutable reconciliation audit events
In pre-issuer pilot and shadow mode operation, reconciliation execution is active and audit-logged, while issuer settlement finalization remains contract-gated and inactive.
This design enables:
- Regulator and issuer walkthroughs before scheme activation
- Zero-migration activation of settlement finalization after onboarding
- Deterministic transition from pilot to issuer-backed production
All critical actions produce audit records:
- Financial intents and results
- Compliance decisions
- Admin and partner actions
- Reconciliation lifecycle events
Audit records support:
-
Payload hashing
-
Provider correlation
-
Chain-of-evidence reconstruction
-
Regulator-grade CSV / PDF exports
MonCore includes a built-in system control layer composed of deterministic, audited background jobs responsible for continuous regulatory enforcement, integrity validation, and operational hygiene.
All system jobs are:
- Idempotent and overlap-safe using advisory database locks
- Fully audit-logged into the immutable audit chain
- Executed under snapshot-consistent database transactions
- Safe for regulator and issuer inspection
Key system jobs include:
AML Continuous Risk Sweep
- Periodic AML case evaluation
- Automatic risk decay, tier-aware enforcement, and account freezing
- Velocity spike detection with hard account suspension
- Full audit trail of sweep start, decisions, and outcomes
Audit Chain Integrity Validation
- Full replay and verification of the cryptographic audit hash chain
- Detection of chain breaks, payload tampering, or mutation
- Boot-time and on-demand execution with regulator-grade logging
Geo-Risk Enforcement
- Continuous country-risk enforcement against banned jurisdictions
- Atomic enforcement with snapshot-isolated transactions
- Idempotent audit logging with cryptographic payload hashing
Card Lifecycle Enforcement
- Automatic termination of one-time cards after use or expiry
- Advisory-lock protected execution
- Hash-chained audit logging of every terminated card
Fraud & Velocity Counter Reset
- Periodic reset and normalization of rolling fraud counters
- Chain-safe audit insertion preserving non-repudiation
Settlement Reconciliation Scheduler
- Daily reconciliation job armed at fixed UTC schedule
- Startup execution supported
- Full reconciliation lifecycle audit events
This background enforcement layer ensures MonCore remains continuously compliant, auditable, and regulator-safe even in the absence of manual operator intervention.
MonCore includes a built-in realtime telemetry and user notification layer:
- Balance update broadcasts
- Session invalidation events
- Kernel telemetry stream
- Deterministic heartbeat and room isolation
This enables instant UI updates and operational monitoring without polling.
All monetary flows are executed inside database transactions with:
- Explicit BEGIN / COMMIT / ROLLBACK
- Row-level ledger locking
- Snapshot isolation for balances
Partial state cannot be committed.
Settlement finalization includes:
- Canonical payload hashing
- System-level cryptographic signatures
- Signature persistence with settlement records
This provides legal-grade non-repudiation of settlement outcomes.
- Ledger entries cannot be deleted
- Duplicate tx_id and charge guards enforced
- Audit payload hashes enforced by uniqueness constraints
All critical system jobs and financial control processes are protected against concurrent execution and race conditions through:
- Advisory database locks for single-execution guarantees
- Snapshot-isolated transactions for regulator-grade consistency
- Idempotent audit insertion with conflict-safe uniqueness constraints
- Deterministic restart-safe execution semantics
This guarantees:
- No duplicate enforcement
- No double reconciliation
- No overlapping AML sweeps
- No inconsistent system state under restarts or crashes
MonCore includes a hardened authentication and access control layer supporting multi-factor authentication, role-based access enforcement, and full audit logging of all authentication and authorization events, designed to satisfy issuer, scheme, and regulatory supervision requirements.
All authentication events are audit-logged and correlated with financial activity.
MonCore supports three execution planes:
- End-user APIs (payments, transfers, wallets, QR)
- Strong authentication and session control
- Tier and risk enforcement
- Tenant-scoped dashboards and APIs
- Read-only compliance, ledger, and export access
- Capability-based service activation
- Partner authentication and role enforcement
- No tenant context
- Read-only global views
- Forensic exports
- System events and reconciliation audits
- Immutable admin audit logs
Regulators and issuer partners may be granted read-only access to compliance, ledger, and reconciliation views for supervised operation and audits.
MonCore exposes a modular financial operating system composed of governed kernel services and optional execution domains.
Core kernel services include:
- Canonical ledger and balance engine
- Multi-wallet and multi-currency engine
- Embedded FX conversion engine
- Global idempotency and correlation framework
- AML, velocity, tier and exposure engine
- Reconciliation and settlement engine
- Immutable audit and evidence engine
- System control and enforcement scheduler
Execution and product modules include:
- Open-banking funding and withdrawals
- Card funding, authorization, capture and dispute lifecycle
- Internal transfers and P2P payments
- Merchant and QR payments
- Voucher and closed-loop schemes
- Corporate and business account flows
Governance and control modules include:
- Tenant and capability management
- Jurisdiction and regulatory gating
- Partner and regulator dashboards
- Export and forensic tooling
All modules are:
- Capability-gated per tenant and jurisdiction
- Fully auditable and replay-safe
- Deployable independently or as a full stack
This modular design allows MonCore to operate as:
- A full digital banking core
- An embedded finance kernel
- A regulated payment orchestration layer
- A multi-tenant financial infrastructure platform
Typical partner integrations on MonCore require weeks rather than years, as execution providers, compliance engines, reconciliation, and audit tooling are pre-integrated into the kernel.
MonCore can be integrated in three primary ways:
- Ledger + payments + FX + compliance
- Partner provides UI and orchestration
- MonCore acts as system of record
- Consumer wallet APIs
- QR and P2P payments
- Card and bank funding flows
- Realtime balance updates
- Admin and partner dashboards
- Ledger + reconciliation only
- Payments + AML only
- Card settlement only
All modes preserve audit, idempotency, and reconciliation guarantees.
MonCore is designed as a programmable financial kernel on which regulated products and applications are built.
Partners and issuers may:
- Build consumer and business applications directly on MonCore APIs
- Embed MonCore as a regulated backend inside existing products
- Operate multiple products and tenants on a single kernel instance
MonCore provides:
- Stable financial APIs for wallets, payments, transfers and funding
- Realtime event streams for UI synchronization
- Regulator-grade export and reporting interfaces
- Capability and jurisdiction controls at product level
Applications built on MonCore inherit automatically:
- Ledger-first correctness
- Embedded compliance and AML enforcement
- Idempotent execution semantics
- Settlement and reconciliation readiness
- Regulator-grade auditability
This allows new regulated products to be launched without rebuilding financial infrastructure.
MonCore may be operated as:
- A centrally hosted multi-tenant financial kernel
- A dedicated single-tenant regulated instance
- A hybrid deployment integrated into partner infrastructure
All deployment models preserve:
- Full tenant isolation
- Identical sandbox and production code paths
- Regulator-grade audit and reconciliation guarantees
This allows MonCore to support:
- Fintech platform operators
- Issuers and sponsor banks
- Embedded finance and B2B payment providers
MonCore is designed for issuer-led deployment:
- All issuer-dependent functions are contract-gated
- Settlement logic remains inactive until onboarding
- Sandbox can be audited as production-equivalent
The platform already exposes:
- Ledger and settlement exports
- Compliance timelines
- AML case histories
- Reconciliation audit trails
The reconciliation, settlement, and audit architecture is designed to satisfy scheme (Visa / Mastercard) technical onboarding and issuer program certification requirements. All ledger state, audit records, and compliance evidence remain under the control of the platform operator or licensed institution operating MonCore.
Before issuer onboarding, MonCore already operates live provider-backed execution flows using production-equivalent controls.
This includes:
- Open-banking funding with signed requests, webhook settlement, and ledger posting
- Card-based funding with dispute, reversal, and hold lifecycle support
- Full KYC and KYB onboarding with UBO handling and tier promotion
- AML evaluation, velocity controls, and exposure counters
- Real-time balance propagation and regulator-grade audit trails
All flows execute through the same ledger, idempotency, compliance, and reconciliation kernel as issuer-backed production.
This enables:
- Issuer technical validation on real flows
- Regulator sandbox walkthroughs
- Partner pilot deployments before scheme activation
MonCore is designed to transition regulated products from pilot execution to issuer-backed production without data migration, product rewrites, or user disruption.
During pre-issuer pilot operation:
- Users, wallets, balances and ledger history are created in production-equivalent schema
- All flows execute through the full compliance, idempotency and audit kernel
- Issuer-dependent execution remains contract-gated
When an issuer sponsor is onboarded:
- Issuing, safeguarding and settlement capabilities are activated by contract
- Execution endpoints are switched from pilot providers to issuer processors
- Existing users, balances and ledger state remain unchanged
- Audit history and compliance timelines remain continuous
This enables:
- Zero-downtime transition from pilot to regulated production
- Regulator and issuer validation on real historical data
- Continuous audit lineage across the entire lifecycle
- Multi-currency wallets
- Neobank applications
- Card issuing programs
- Corporate payment accounts
- QR and instant payment apps
- Voucher and closed-loop schemes
- Merchant acquiring backends
- Embedded finance platforms
MonCore is a financial operating system that compresses years of regulated infrastructure engineering into a deterministic, auditable, multi-tenant kernel.
It provides:
- Ledger-first correctness
- Embedded compliance
- Idempotent execution
- Settlement reconciliation
- Provider-agnostic integration
- Regulator-grade auditability
Designed to integrate issuers, banks, and fintech products into a single governed financial fabric, MonCore enables rapid deployment of compliant financial services without sacrificing safety, traceability, or regulatory control.