For Banks · Custodians · Asset Managers · Clearing Houses
Settlement rails where KYC is portable, every API call is ML-DSA-65 signed, OTC rates lock at instruction time, and finality arrives in 10 seconds — not T+2.
The Problem
Legacy infrastructure was not designed for a world where quantum computers exist, counterparty trust must be cryptographically verifiable, and compliance cannot be re-run from scratch on every shared client.
Every institution re-runs full KYC on every shared client. $500–$2,000 per customer per institution per year. The trust built at onboarding is not portable to any counterparty.
API authentication via bearer tokens creates a single revocable secret. Compromise means unlimited access until manual rotation. There is no cryptographic proof of which system made which call.
Settlement delay exists because counterparties cannot independently verify the other's authorisation without callbacks and confirmations. The technology is fast. The trust layer is not.
How It Works
Each step removes a point of process that exists only because the trust layer beneath it was insufficient. KXCO replaces process with proof.
A single verified credential is issued to the institution's client and anchored on Armature L1. Every operator on KXCO rails can read the credential without re-running KYC. Trust is portable.
The server stores only the institution's ML-DSA-65 public key. Every request is signed at origin. There is no shared secret to intercept, rotate, or compromise. NIST FIPS 204 in production today.
The ML-DSA-65 signature on the payment instruction is itself the proof of authorisation. No callback required. No confirmation round-trip. The counterparty verifies independently.
The rate committed in the signed instruction is immutably applied on execution. Slippage risk is eliminated. Settlement occurs on Armature L1 with deterministic QBFT finality.
Compliance metadata — purpose codes, beneficiary references, sanctions screening attestations — travels with the transaction in an ML-KEM-768 encrypted memo field. Recipient-only decryption.
Every instruction, every signature, every settlement event is recorded on-chain. Independently verifiable by regulators without requiring the institution to produce records. ISO 20022 field mapping maintained throughout.
The Platform
Each product is deployable independently and operates on the same quantum-resistant cryptographic foundation. Licensed institutions deploy the software and hold all regulatory relationships with end customers.
Custody software for regulated custodians. FIPS 140-3 HSM integration. Every vault operation signed with ML-DSA-65. Multi-institution settlement without shared secrets. Deployed by licensed custodians — KXCO holds no assets.
ProductionWhite-label B2B2C banking platform deployed by licensed financial institutions. Accounts, payments, and instant settlement on KXCO rails. ISO 20022 native. The operating institution holds the licence; KXCO provides the software layer.
AvailableEnterprise identity and signing platform. Portable KYC credentials issued on-chain via Sumsub verification webhook. ML-DSA-65 signing keypairs. HSM-backed key management. One credential, valid across all operators on KXCO rails.
ProductionML-DSA-65 per-request API authentication. No bearer tokens. No shared secrets. Every API call independently verifiable against the caller's registered public key. Drop-in replacement for OAuth bearer flows. NIST FIPS 204/205 compliant.
ProductionTraditional rails compensate for missing trust with process — callbacks, confirmations, reconciliations. KXCO replaces process with proof. The signature is the authorisation.
Standards Alignment
KXCO does not replace the standards institutions already report against. It implements them natively at the protocol layer so compliance is structural, not procedural.
Payment instructions carry ISO 20022 structured data end-to-end. pacs.008, pacs.009, and camt message types are supported natively. Regulators and correspondent banks receive data in the format they already consume.
KXCO Sign and KXCOIdentity are production implementations of NIST FIPS 204. Every signature is ML-DSA-65. Every key encapsulation is ML-KEM-768. No classical fallback is offered — quantum resistance is not optional on KXCO rails.
Armature L1 is designed against the PFMI framework for systemically important FMIs. Deterministic finality, settlement asset clarity, operational risk controls, and cyber resilience provisions are addressed at the protocol layer.
NSA CNSS Policy 15 requires PQC migration for national security systems by 2035. Institutions deploying KXCO infrastructure today meet the mandate before it arrives. Early movers set the interoperability standard for those who follow.
Next Steps
The cryptographic migration window is open. The institutions that move first establish the interoperability baseline, the audit standard, and the correspondent network that latecomers will have to join on their terms.