notary/cloud
ProductHow it worksChainsSecurityFAQFor partnersTrust
Scope a pilot
Pilot protocol

A pilot that needs no customer data, no production decisioning, and no access to your systems.

Designed so a compliance, model-risk, or audit reviewer can evaluate the evidence object safely.

Inputs

What the pilot uses.

ALLOWED
  • Synthetic cases.
  • The institution's own redacted historical cases.
  • One scoped decision class with examination risk.
EXCLUDED
  • No production decisioning.
  • No customer or suspicious-activity data.
  • No SAR content.
  • No live access to the institution's systems.
Output

What gets produced.

The deliverable is a small evidence set for one decision stream the institution already carries examination risk on.

RECORDS

Signed sample records

Sample decision records for one class, such as automated adverse action, AML alert disposition, or model-risk-relevant compliance call.

VERIFY

Browser verification

Each record can be opened and independently verified in the browser against separately served public key material.

CHANGE

Pre-change and post-change pair

The same decision class is recorded before and after a simulated model or vendor change, then re-verified to show that the record still verifies.

Review

What the reviewer checks.

  • Each record verifies against a separately served public key.
  • The committed input hash matches the supplied synthetic or redacted inputs.
  • Verification still holds after the simulated model or vendor change.
  • The record exposes only allowlisted fields.
Scope

90 days. One stream. One verifier path.

01

One decision stream

Pick one consequential decision class with examination risk.

02

One evidence schema

Define the allowlisted fields and input-hash shape for that stream.

03

One verifier path

Publish or share the verifier path for the signed sample records.

04

Walk-away deliverable

Signed sample records, review notes, and a go/no-go production outline. No annual lock-in.

Limits

A no-PII pilot lowers risk. It does not skip review.

  • The institution still runs its own procurement and vendor-risk process.
  • HSM/KMS-backed signing and customer BYOK are not live yet.
  • Production claims require the planned transparency surfaces to ship first.
Routes

The same evidence object reads differently by role.

A pilot should let each reviewer inspect the record from their own control surface.

BSA / MLRO

Examiner-ready decision evidence

A scoped record for the decision the examiner will ask the institution to reconstruct.

MODEL RISK

Validation and change control

Evidence that binds version, limitation, monitoring, and change context to a decision.

AI GOVERNANCE

Oversight and log control

Inventory, accountability, and log-control evidence outside the runtime under review.

AUDIT / GC

Independent record surface

A record produced outside the runtime under question, with visible limits on what it proves.

Next

Scope only the record surface.

The page stays readable without a form. The pilot request flow is separate.