Trust Fabric Framework v1.0

The Standard

The tokenized value market needed a standard built for this moment — not adapted, not approximated. This is that standard.

Version 1.0 · April 2026 · Public Standard · Settlement Integrity Institute
Overview Domains Layers Verdicts Methodology Alignment

Architecture

Framework Overview

For years, the tokenized value market moved faster than the frameworks designed to govern it. The Trust Fabric Framework was built to close that gap — with a structured, evidence-based methodology operating across three interconnected dimensions.

10
Control Domains
5
Assurance Layers
7
Trust Verdicts
10 domains × 5 layers = 50 control points  →  aggregated into 7 trust verdicts

Each control domain defines a specific category of trust that must hold continuously for a tokenized value transaction to settle with confidence. The ten domains span the full surface of risk — from the intent of a signer to the systemic exposure of an entire network.

Each domain is evaluated across five assurance layers of progressive depth — from governance policy through operational recovery. A domain with policy but no technical enforcement is scored accordingly. The framework rewards what actually works, not what is merely documented.

The resulting 50 control points each produce verifiable evidence. That evidence is aggregated through a weighted scoring methodology to produce a trust verdict — one of seven determinations, each carrying a precise meaning the market can rely on.

The framework is designed for continuous assurance, not periodic audit. Control points are monitored in real time, with verdicts reflecting current conditions rather than a snapshot from the last review cycle.

L1 Policy
L2 Technical
L3 Monitoring
L4 Evidence
L5 Recovery
D-01 Intent
01.L1
01.L2
01.L3
01.L4
01.L5
D-02 Dependency
02.L1
02.L2
02.L3
02.L4
02.L5
D-03 Reserve
03.L1
03.L2
03.L3
03.L4
03.L5
D-04 Oracle
04.L1
04.L2
04.L3
04.L4
04.L5
D-05 Compliance
05.L1
05.L2
05.L3
05.L4
05.L5
D-06 Finality
06.L1
06.L2
06.L3
06.L4
06.L5
D-07 Contract Gov.
07.L1
07.L2
07.L3
07.L4
07.L5
D-08 Key & Custody
08.L1
08.L2
08.L3
08.L4
08.L5
D-09 Recovery
09.L1
09.L2
09.L3
09.L4
09.L5
D-10 Systemic Risk
10.L1
10.L2
10.L3
10.L4
10.L5
Builds upon · BIS CPMI-IOSCO PFMI · NIST SP 800-53 / IR 8408 / CSF 2.0 · FATF Rec. 16 · FSB Crypto-Asset Framework · EU MiCA / DORA

Control Architecture

The 10 Control Domains

Ten domains. Each one addresses a category of trust the market has historically assumed rather than verified. Expand any domain to review its sub-controls, evidence requirements, and regulatory cross-references.

D-01
Intent Assurance
The action approved by human signers is materially identical to the action executed on-chain.
Sub-Controls
D-01.1
Transaction Preview Fidelity
Wallet and signing interfaces display transaction parameters that match the encoded payload. The human-readable representation must be a faithful translation of the machine-executable instruction.
D-01.2
Payload Integrity Verification
Cryptographic binding between displayed parameters and submitted transaction. Hash commitment ensures no modification between preview and execution.
D-01.3
Multi-Signature Coherence
All required signers approved the same transaction state. Prevents scenarios where signers approve different versions of a transaction through sequential modification.
D-01.4
Simulation Accuracy
Pre-execution simulation results match actual execution outcomes within defined tolerance. Divergence beyond threshold triggers automatic review.
Evidence Requirements
Transaction preview logs Payload hash attestations Multi-sig coordination records Simulation deviation reports
Regulatory Cross-References
NIST IR 8408 — Cybersecurity of Tokenized Assets in DeFi
BIS CPMI-IOSCO Principle 8 — Settlement Finality
MiCA Art. 68 — Obligations of CASPs regarding client information
D-02
Cross-Layer Dependency
All critical dependencies — infrastructure, oracle, bridge, custody — are healthy and trustworthy at the moment of settlement.
Sub-Controls
D-02.1
Dependency Mapping
Complete inventory of all external systems required for settlement, including infrastructure providers, oracle networks, bridge protocols, and custody solutions. Each dependency classified by criticality tier.
D-02.2
Health Attestation Protocol
Real-time health signals from each dependency with defined SLAs. Heartbeat monitoring with configurable thresholds for latency, availability, and data integrity.
D-02.3
Cascading Failure Analysis
Pre-computed failure trees identifying single points of failure and cascading failure paths. Updated when dependency topology changes.
D-02.4
Dependency Version Control
All dependency versions tracked and tested for compatibility. Upgrade notifications trigger re-assessment of dependent control points.
Evidence Requirements
Dependency topology maps Health check logs Failure tree documentation Version compatibility matrices
Regulatory Cross-References
BIS CPMI-IOSCO Principle 17 — Operational Risk
NIST CSF 2.0 ID.RA — Risk Assessment
DORA Art. 28 — ICT Third-Party Risk Management
D-03
Reserve Integrity
Tokens are fully backed and redeemable in real time, not merely at periodic attestation intervals.
Sub-Controls
D-03.1
Real-Time Reserve Proof
Continuous cryptographic proof of reserve backing, not periodic snapshots. Merkle tree proofs enabling any holder to independently verify their inclusion in the reserve commitment.
D-03.2
Asset Composition Transparency
Full disclosure of reserve asset types, custodians, jurisdictions, and maturity profiles. Concentration limits defined and monitored for each asset class.
D-03.3
Redemption Pathway Verification
End-to-end testing of redemption from token to underlying asset under normal and stress conditions. Maximum redemption latency defined per instrument type.
D-03.4
Reserve Segregation
Reserve assets legally separated from issuer operational funds. Bankruptcy-remote structure with independent custodians and documented legal opinions.
Evidence Requirements
Merkle proofs of reserve Asset composition reports Redemption test records Legal segregation opinions
Regulatory Cross-References
FSB High-Level Rec. 9 — Reserve Management for GSC
MiCA Art. 36-38 — Reserve of Assets Requirements
NIST IR 8408 — DeFi Security Considerations
D-04
Oracle & External Truth
External data feeds — price, identity, compliance — are accurate, timely, and uncompromised at the moment of settlement.
Sub-Controls
D-04.1
Source Diversity
Critical data points sourced from multiple independent providers. No single oracle failure can compromise settlement decisions. Minimum source count defined per data criticality tier.
D-04.2
Freshness Guarantee
Maximum acceptable staleness defined and enforced for each data type. Price data for settlement must be within defined temporal bounds of execution time.
D-04.3
Manipulation Resistance
Economic and technical safeguards against oracle manipulation. Cost-of-attack analysis maintained with minimum threshold relative to protected value.
D-04.4
Fallback Protocols
Defined behavior when oracle feeds fail or diverge beyond threshold. Graceful degradation rather than silent failure. Settlement paused until data integrity restored.
Evidence Requirements
Source diversity attestations Freshness monitoring logs Manipulation resistance audits Fallback test records
Regulatory Cross-References
IOSCO Principles — Financial Benchmarks
BIS Innovation Hub — Project Mariana (Cross-Border CBDC)
MiCA Art. 76 — Market Abuse Prevention
D-05
Compliance-by-Design
Transfer compliance — sanctions screening, travel rule, investor suitability — is enforced at execution time, not audited retroactively.
Sub-Controls
D-05.1
Pre-Transfer Screening
All parties screened against sanctions lists (OFAC SDN, EU Consolidated, UN) before execution. Screening results cryptographically timestamped and bound to the transaction.
D-05.2
Travel Rule Automation
Originator and beneficiary information transmitted with transaction per FATF Recommendation 16. VASP-to-VASP data exchange via standardized protocols (TRISA, OpenVASP, or equivalent).
D-05.3
Jurisdictional Compliance
Transaction rules adapt to applicable regulatory jurisdictions. Rule engine maintains current regulatory requirements per jurisdiction with automated update ingestion.
D-05.4
Compliance Evidence Immutability
Compliance decisions recorded immutably at time of execution. Audit trail cannot be retroactively modified. Evidence chain maintained for regulatory examination.
Evidence Requirements
Screening result logs VASP data exchange records Jurisdictional rule engine configs Immutable compliance records
Regulatory Cross-References
FATF Recommendation 16 — Wire Transfers (Travel Rule)
OFAC SDN List — Sanctions Compliance
MiCA Art. 67-72 — Transfer Services Obligations
D-06
Legal Finality Mapping
Transactions map to defined legal outcomes across all applicable jurisdictions. On-chain finality does not equal legal finality.
Sub-Controls
D-06.1
Finality Definition
Clear specification of when a transaction achieves legal finality per jurisdiction. Distinguishes between on-chain confirmation, economic finality, and legal settlement finality.
D-06.2
Conflict-of-Law Resolution
Pre-defined rules for jurisdictional conflicts. Choice-of-law provisions documented and enforceable. Governing law specified for each transaction type.
D-06.3
Enforceability Attestation
Legal opinion confirming enforceability of on-chain settlement in relevant jurisdictions. Updated periodically and upon material regulatory change.
D-06.4
Insolvency Treatment
Documented treatment of tokenized assets in issuer/custodian insolvency. Netting enforceability, stay applicability, and asset segregation under bankruptcy regimes.
Evidence Requirements
Finality definitions per jurisdiction Conflict-of-law matrices Legal enforceability opinions Insolvency treatment analysis
Regulatory Cross-References
UNIDROIT — Digital Assets and Private Law
BIS CPMI-IOSCO Principle 8 — Settlement Finality
EU Settlement Finality Directive — 98/26/EC
D-07
Smart Contract Governance
Contract logic is audited, upgrade-controlled, and formally verified before settlement reliance.
Sub-Controls
D-07.1
Audit Coverage
All settlement-critical contracts audited by qualified third parties. Audit scope covers logic correctness, access control, economic invariants, and composability risks.
D-07.2
Formal Verification
Critical invariants formally verified — not just tested. Mathematical proof that contract behavior matches specification for all possible inputs and states.
D-07.3
Upgrade Governance
Contract upgrade mechanisms require multi-party authorization and timelock. Upgrade proposals subject to community review period. Emergency upgrade paths defined with elevated authorization requirements.
D-07.4
Immutability Guarantees
Clear documentation of which contract elements are immutable versus upgradeable. Settlement-critical logic preferentially immutable. Upgrade scope limited to non-critical parameters where possible.
Evidence Requirements
Third-party audit reports Formal verification proofs Upgrade governance documentation Immutability attestations
Regulatory Cross-References
NIST IR 8408 — DeFi Security Considerations
EBA Guidelines — ICT Risk Management
DORA Art. 11 — ICT Change Management
D-08
Key & Custody Integrity
Cryptographic key management meets institutional-grade operational and security standards.
Sub-Controls
D-08.1
Key Generation Ceremony
Documented, witnessed key generation following established protocols. Ceremony records retained with cryptographic proof of process integrity. Independent observers required for root key generation.
D-08.2
Hardware Security Module Compliance
Keys stored in FIPS 140-2 Level 3 or higher HSMs. Physical tamper resistance verified. HSM firmware integrity monitored continuously.
D-08.3
Access Control & Separation
Multi-party computation or threshold signatures for critical operations. No single individual can execute settlement-critical transactions. Separation of duties enforced between key holders.
D-08.4
Key Rotation & Revocation
Defined key lifecycle management with rotation schedules. Revocation procedures tested and operational. Key compromise response procedures documented and drilled.
Evidence Requirements
Ceremony logs HSM compliance certificates Access control audit logs Key lifecycle documentation
Regulatory Cross-References
NIST SP 800-57 — Key Management Recommendations
SOC 2 Type II — Trust Services Criteria
ISO 27001 — A.10 Cryptography Controls
D-09
Containment & Recovery
Failure isolation and recovery mechanisms are tested and operational before they are needed.
Sub-Controls
D-09.1
Circuit Breaker Mechanisms
Automated pause capabilities triggered by anomaly detection. Configurable thresholds for volume, velocity, and value anomalies. Manual override with appropriate authorization levels.
D-09.2
Transaction Rollback Capability
Defined mechanisms for reversing erroneous transactions where legally permissible. Rollback scope, authorization requirements, and time limits documented per jurisdiction.
D-09.3
Disaster Recovery Testing
Regular testing of recovery procedures including cross-chain scenarios. RTO and RPO targets defined and measured. Recovery drills conducted quarterly with documented results.
D-09.4
Communication Protocols
Defined stakeholder notification procedures for incident response. Escalation matrices with defined response times. Regulatory notification requirements pre-mapped per jurisdiction.
Evidence Requirements
Circuit breaker test logs Rollback procedure documentation DR test results Communication plan documentation
Regulatory Cross-References
BIS CPMI-IOSCO Principle 17 — Operational Risk
DORA Art. 11-12 — ICT Business Continuity
NIST CSF RC.RP — Recovery Planning
D-10
Systemic Risk Visibility
Concentration risks, contagion vectors, and interconnection effects are continuously monitored at the system level.
Sub-Controls
D-10.1
Concentration Monitoring
Real-time tracking of exposure concentration across counterparties, assets, and infrastructure providers. Thresholds defined for acceptable concentration levels with automated alerting.
D-10.2
Contagion Modeling
Stress testing models that simulate cascading failures across interconnected systems. Scenarios include oracle failure, bridge exploit, custodian insolvency, and chain reorganization.
D-10.3
Interconnection Mapping
Complete topology of system interconnections with risk-weighted edges. Updated in real time as new dependencies are established or existing ones modified.
D-10.4
Regulatory Reporting Integration
Automated generation of systemic risk reports for supervisory authorities. Data formats aligned with emerging regulatory reporting standards. API-based submission where supported.
Evidence Requirements
Concentration dashboards Stress test results Interconnection topology maps Regulatory report archives
Regulatory Cross-References
FSB Framework — International Regulation of Crypto-Asset Activities
BIS CPMI-IOSCO Principle 3 — Framework for Risk Management
ESRB Recommendations — Systemic Cyber Risk

Depth

The 5 Assurance Layers

Policy without enforcement is aspiration. Enforcement without monitoring is assumption. The five assurance layers exist to ensure that what an entity claims to do is what it actually does — and that the evidence proves it.

L1
Policy & Governance
The rules exist.
Documented policies, standards, and governance frameworks are approved by appropriate authority. Board-level or equivalent oversight is established. Policy review cadence is defined and followed.
Evidence Types
Board-approved policy documents Governance charter Committee meeting minutes Policy review schedules
L2
Technical Control
The rules are enforced.
Technical mechanisms implement and enforce policy requirements. Controls are automated where possible, with manual controls documented and tested. Control effectiveness is measured against defined metrics.
Evidence Types
Control configurations Enforcement logic documentation Automated test results Control effectiveness metrics
L3
Continuous Monitoring
The enforcement is watched.
Ongoing surveillance detects deviations from expected behavior in real time. Monitoring covers both control effectiveness and environmental conditions. Alert thresholds calibrated to minimize false positives while ensuring genuine anomalies are detected.
Evidence Types
Monitoring dashboards Alert configurations Incident response triggers False positive rate metrics
L4
Evidence & Attestation
The watching is proven.
Cryptographic evidence creates immutable assurance records. Attestations are independently verifiable. Evidence chain maintains integrity from source through aggregation to verdict. Third-party attestation providers are qualified and monitored.
Evidence Types
Merkle proofs Signed attestations Timestamp authority records Attestation provider qualifications
L5
Recovery & Continuity
The failure is survived.
Tested recovery mechanisms ensure operational continuity when controls fail. Recovery time objectives (RTO) and recovery point objectives (RPO) are defined, measured, and met. Business continuity plans address both technical and operational failure modes.
Evidence Types
DR test results RTO/RPO measurements BCP validation records Post-incident reviews

Outcome

The 7 Trust Verdicts

A verdict is the market's most valuable signal. Every SII assessment produces one — weighted by domain criticality, aggregated across all five layers, and expressed in a language the entire market can act on.

V-01
Settlement Ready
All domains pass at all layers. The transaction may proceed with full assurance. No compensating controls required. Continuous monitoring remains active.
Criteria: All 50 control points assessed · No critical or high findings · All evidence current within defined freshness windows
V-02
Conditionally Ready
Minor gaps identified in non-critical domains or at non-critical layers. Proceed with documented risk acceptance and compensating controls. Gap remediation tracked with defined timeline.
Criteria: No critical findings · Max 3 high findings in L1-L2 only · Compensating controls documented and approved
V-03
Under Review
Material gaps in one or more domains. Settlement paused pending remediation evidence. Active assessment in progress with defined review timeline.
Criteria: 1+ high findings at L3-L5 · OR 4+ high findings at any layer · Remediation plan required within 5 business days
V-04
Elevated Risk
Systemic or cross-domain concerns detected. Enhanced monitoring and executive sign-off required for any settlement activity. Risk acceptance escalated to board level.
Criteria: Critical finding in 1+ domain · OR cross-domain dependency failure · Executive risk acceptance required
V-05
Not Ready
Critical domain failures across multiple control points. Settlement must not proceed until remediation is verified. Full re-assessment required before verdict upgrade.
Criteria: Critical findings in 2+ domains · OR any D-01/D-03/D-06 critical finding · Settlement prohibited
V-06
Suspended
Previously certified entity has fallen below threshold. Active suspension of assurance status. Public notification issued. Remediation pathway available with expedited re-assessment.
Criteria: Previously V-01 or V-02 · Degradation detected through continuous monitoring · Suspension effective immediately
V-07
Critical Failure
Immediate containment required. Fabric integrity compromised across multiple domains. Active incident response initiated. Regulatory authorities notified per applicable requirements.
Criteria: Active exploitation or integrity compromise detected · Multiple domain failures · Containment procedures activated

Process

Assessment Methodology

Traditional audits produce a record of what was true on a given day. Markets move every second. The Trust Fabric Framework employs continuous assurance — an evaluation model designed to reflect current conditions, not past ones.

Continuous Assurance
Trust Fabric assessments are continuously updated — not filed away after a review cycle. Control points are monitored in real time, and verdicts reflect current evidence. A platform that earns Settlement Ready status holds it only as long as the evidence supports it. That is not a limitation. That is the point.
Independent Assessors
Every assessment is conducted by an independent assessor accredited by SII — with demonstrated expertise across distributed systems security, financial regulation, and cryptographic assurance. Independence is not a formality here. It is the structural basis on which the verdict's authority rests.
Evidence-Based Scoring
A verdict built on self-attestation is only as reliable as the entity attesting. Every SII control point is assessed against verifiable, cryptographically timestamped evidence. Scoring rubrics are public and deterministic — the same evidence produces the same score regardless of assessor. The standard is the standard.
Weighted Aggregation
Not all domains carry equal weight for every instrument. Intent Assurance and Reserve Integrity weigh most heavily for stablecoins. Smart Contract Governance is the critical variable for complex DeFi instruments. Weights are published, instrument-type-specific, and applied consistently — so the score reflects the actual risk profile of what is being assessed.

Foundation

Regulatory Alignment

The world's principal financial bodies have defined what responsible tokenized infrastructure looks like. The Trust Fabric Framework is built on that foundation — synthesizing BIS, NIST, FATF, FSB, MiCA, and DORA into a single operative standard the market can be assessed against.

Domain BIS CPMI-IOSCO NIST FATF / FSB EU (MiCA / DORA)
D-01 Intent Principle 8 — Settlement Finality IR 8408 — DeFi Security MiCA Art. 68
D-02 Dependency Principle 17 — Operational Risk CSF 2.0 ID.RA DORA Art. 28
D-03 Reserve Principle 9 — Money Settlements IR 8408 FSB GSC Rec. 9 MiCA Art. 36-38
D-04 Oracle IOSCO Benchmarks MiCA Art. 76
D-05 Compliance FATF Rec. 16 MiCA Art. 67-72
D-06 Finality Principle 8 — Settlement Finality SFD 98/26/EC
D-07 Contract Gov. IR 8408 DORA Art. 11, EBA ICT
D-08 Key & Custody Principle 11 — CSDs SP 800-57 MiCA Art. 75
D-09 Recovery Principle 17 — Operational Risk CSF RC.RP DORA Art. 11-12
D-10 Systemic Risk Principle 3 — Risk Management FSB Crypto Framework ESRB Recommendations
Framework alignment assessed against · BIS CPMI-IOSCO PFMI (2012, rev. 2022) · NIST SP 800-53 Rev. 5 · FATF Updated Guidance (2021) · EU MiCA Regulation (2023) · EU DORA (2025)