Pre-Clearance for federally-chartered custody.
An attestation layer designed to clear an OCC-chartered bank's compliance bar. Non-custodial by construction (asset never enters JIL). Distributed BFT signing (no single jurisdiction can compel). Court-ready evidence on every transit (FRE 902(14)). Security-questionnaire-grade documentation, not marketing copy.
Built to survive your audit, not pass it once.
Non-custodial, by construction
The asset never enters the JIL system. We sign an attestation; we do not hold, route, or co-sign a transfer. Your OCC charter, NY DFS license, and SOC 2 Type II posture are unaffected. We sit alongside, not inside, your chain of custody.
Findings, not approvals
Pre-Clearance produces evidence. Your policy engine produces decisions. The legal distinction is deliberate: we are positioned outside Money Transmitter Licensing (MTL) and MSB scope. Memo on file from outside counsel.
Court-ready by default
Every PSA anchors to CourtChain™ (sealed evidence ledger), reproducible from canonical bytes, FRE 902(14) admissible without live testimony. Material when a regulator asks "show me the transit-time evidence."
What an Anchorage InfoSec review will see.
We don't have SOC 2 Type II yet (target Q4 2027, $$$ engagement). What we do have, today, is documented controls mapped to the NIST CSF 2.0 framework, a security questionnaire pre-filled to the CSC v8 control set, defined data-residency boundaries (EU customer data anchored on EU validators), MPC 2-of-3 signing for all operator keys, 24-hour rotation of consensus authorization tokens, and a 14-of-20 BFT bridge across 13+ jurisdictions for any cross-border attestation. Independent third-party review of the L1 codebase under NDA on request.
Incident response
Sev1: 15-minute MTTA, public RFO within 5 business days. Sev2/3: documented escalation matrix, dedicated shared Slack channel for Tier B/C customers. Customer obligations spelled out: TAP fallback policy required (we are not a single point of failure for your transfer flow). Mutual indemnification frame negotiable per MSA.
A 60-day evaluation, structured for your governance cycle.
Phase 1 - Paper review (Weeks 1 to 2)
We send the security questionnaire pre-fill, OpenAPI spec, SLA, NIST CSF mapping, sample PSAs, and the L1 architecture brief under NDA. Your InfoSec, Legal, and Compliance teams review and ask follow-ups. We respond inside 48 hours.
Phase 2 - Sandbox (Weeks 3 to 6)
You provision a sandbox tenant. Your engineers wire one product line in shadow mode. Verify quorum signatures against our published validator pubkeys. Generate sample audit pulls. No production traffic, no commitment.
Phase 3 - Limited prod (Weeks 7 to 8)
If the paper passes and the sandbox holds up, move one closed-set product to enforcement. Two-week observation. Outcome: either full MSA + scoped rollout, or a clean wind-down with all data returned and deleted per spec.
Three questions we'd like to put to your team
1) What does "ready" look like for an Anchorage vendor onboarding - which controls are non-negotiable for Day 1, which can land in a roadmap? 2) Is your priority the institutional-customer-facing pre-clearance product, or internal use against your own treasury flow? 3) What's the typical evaluation cycle from first call to MSA - 60 days, 90, longer?