The Payment Integrity Network

Executive Summary

JIL Sovereign is a sovereign Layer-1 blockchain and a verification kernel built on top of it. Together they form the network that turns every payment, claim, filing, and disbursement into a court-admissible record before it settles. We did not fork another chain. We built ours from scratch, post-quantum at the core, with named jurisdictionally accountable validators and 14-of-20 consensus across 13 and more countries. That kernel is 18+ months old today. We re-aim it at a new vertical in a week. We have already shipped eight live verticals running on real federal and on-chain data, with roughly 1,945 findings across 740,000+ records and billions of dollars flagged.

What this document is

This is the business whitepaper. It is written for institutional buyers, investors, regulators, and partners who need to understand what we built, why it exists, why it works, and what it means for them. The companion technical paper covers protocol internals. This document covers the why, the architecture in plain English, the proof, the customer outcome, and the ask.

The thesis in one paragraph

The financial system has run on a backwards premise for 50 years: move the money first, catch the fraud later. That premise produces roughly $700 billion in annual losses across banking, insurance, healthcare, and government, and an entire after-the-fact recovery economy that everyone agreed to call normal. It is not normal. It is a workaround that survived because nothing better existed. Verified-before-settlement infrastructure is now arriving regardless of who is ready. The question is who builds the network the world routes through. We built that network.

What is in the document

2. Why this exists - founder story

A friend, then me

A few years ago, a close friend lost her entire life savings to a scammer overseas pretending to be from Microsoft. Another version of the same scam claimed to be from Wells Fargo. They walked her through a wire transfer, and her bank let it go. No flags. No friction. No verification. The money was gone before anyone asked a single question about whether it should have moved.

The bank had no problem with it. The government was busy putting out other fires. So she got told what every fraud victim gets told. We are sorry. There is nothing we can do.

Not long after, it happened to me. I had a meaningful position in crypto. Someone reached out claiming they could help me leverage it and double my returns. They knew enough about my holdings to sound credible. I did not realize what was happening until I was out hundreds of thousands of dollars. I do not blame them. I blame myself. But I also looked around and saw that this was happening to people every single day, and the systems that were supposed to protect us were doing nothing.

That is when I made a promise. If I am going to spend the rest of my career building systems, I am going to build the one that fixes this. Not after the fact. Not by chasing recovery. Before the money moves. At the level where the bank, the wallet, the wire, the card, the claim, all of them, can finally answer the question they should have been asking the whole time. Should this payment happen at all?

Crypto failed me. So I built the version that works.

Most people who got hurt the way my friend and I did got hurt twice. Once by the scammer. Once by an industry that decided wallet recovery, key loss, and pump-and-dump schemes were just the cost of being early. They are not the cost of being early. They are the cost of building infrastructure with no rules.

I am not anti-crypto. I am one of the people crypto failed. The answer is not to walk away from it. The answer is to build the version that finally works. JIL is that version. You can build a memecoin on our network. You can issue a stablecoin. You can move value across borders. You can do the things crypto was supposed to make possible. But you are going to do them under rules. No pump-and-dump. No anonymous validators. No cryptography that quantum computers will break in 15 years. No wallet that loses your savings because someone phished your seed phrase.

We rotate validator keys every 7 days. Every key on the network is generated and held inside a hardware security module. The keys are never exposed to the application layer. Every signature is post-quantum. Every record is sealed by named, jurisdictionally accountable validators reaching consensus across 13 and more countries. No one bypasses the system from behind it. The interface is the only way in. The interface is hardened.

3. The arrival, not the prediction

The financial system of the next decade will look nothing like the one we have today. Identity will be verified before money moves. Sanctions will be screened in real time. Fraud will be stopped before settlement, not chased after it. Compliance will be enforced at the cryptographic layer, not bolted on as a quarterly audit. Every payment will carry a court-admissible proof of process from the moment it is authorized.

This is not a prediction. It is an arrival. Central banks are already moving in this direction. Federal program integrity offices are already demanding it. Qualified custodians already need it to defend their licenses. AmLaw litigators are already writing court orders that assume cryptographic process records. The question is no longer whether the world will move to verified-before-settlement infrastructure.

The question is who builds the network the world routes through when it does. Whoever is in market with the named-validator fabric, the post-quantum signatures, the court-admissible record format, and the per-vertical detection kernel - on the day a federal program office, an insurer, or a sovereign decides "we are doing this now" - is the network they pick. The replacement is not a feature war. It is a default-route decision.

We built that network. We built it for this moment. We built it because the moment was coming whether anyone was ready or not.

4. What we actually built - a sovereign L1, from scratch

JIL is a blockchain. Distributed ledger. Cryptographic consensus. Immutable state. By the technical definition, that is what we are. And we are not another blockchain.

Not a fork. Not a wrapper. Not a skin.

Everyone else took someone else's chain and repackaged it. They forked Ethereum. They wrapped Bitcoin. They skinned Solana. They added a frontend and called it theirs. That is packaging. Packaging inherits every limitation of what is underneath, and every limitation underneath was designed for retail speculation, not regulated finance.

We built ours from scratch. Roughly 1.4 million lines of original code. Our own consensus engine. Our own ledger. Our own validator admission protocol. Our own settlement layer. Our own bridge contracts. Our own registry, attestation, and proof artifacts. Every line written for one purpose, which is regulated payment integrity at institutional and sovereign scale.

Post-quantum at the core. In production today, not on a roadmap.

Every other blockchain in existence today uses signatures that quantum computers will break inside 15 years. Bitcoin. Ethereum. Solana. All of them. The industry is walking toward a cryptographic extinction event and almost no one is ready.

We use a hybrid signature scheme on every record: Ed25519 plus Dilithium-III. Ed25519 for performance, Dilithium-III for post-quantum security. Both signatures are required. Every record sealed on JIL is verifiable today on classical hardware and verifiable in 2050 on a quantum-capable adversary. We layer Kyber-1024 for key encapsulation on bridge handshakes. This is in production at every validator today. It is not a roadmap item. It is not a v2. It is the only mode the chain has ever run in.

7-day validator key rotation. HSM-bound. Never exposed.

Every validator runs five distinct key types: an Ed25519 signing key, a Dilithium-III post-quantum signing key, an HMAC integrity key, an API authentication key, and an SSH operator key. All five are generated inside a hardware security module on the validator host. The keys never leave the HSM. The application layer never touches them. The validator binary asks the HSM to sign; the HSM signs. Every 7 days, the validator rotates keys on a coordinated cadence and the prior epoch is sealed forward. The chain knows which key signed which record at which moment, indefinitely.

Named, jurisdictionally accountable validators. Across 13 and more countries.

Every validator on JIL is a named entity. Every validator operates in a documented jurisdiction. The current mainnet is 10 validators across 13 jurisdictions: United States, Germany, European Union, Singapore, Switzerland, Japan, United Kingdom, United Arab Emirates, Brazil, plus the network's compliance affiliations. Each validator publishes its operator name, regulatory registration, and jurisdiction-of-record. Anonymous validators are not permitted by design. That is not an oversight. That is the precondition for institutional adoption.

14-of-20 BFT consensus. 70% threshold. Adaptive quorum.

A record is finalized only when at least 14 of the 20 validator slots co-sign it. Below 10 healthy validators the chain halts. The 70% supermajority is the same threshold the industry's strongest BFT proofs assume; we did not weaken it for throughput. Bridge withdrawals require the same threshold. Cross-jurisdictional records require representation from at least three jurisdictions.

FRE 902(14) court-admissible by default.

Every sealed record on JIL is structured as a self-authenticating electronic record under Federal Rule of Evidence 902(14). The signature set, the validator manifest, the post-quantum proof, and the chain-of-custody artifacts are emitted in a format an AmLaw litigator can submit to a US federal court without an additional expert witness. We did not invent that standard. We built to it from day one. Other chains assume an expert will explain the signature in court. Our records explain themselves.

This is what blockchain was supposed to be before the industry got lost. We kept the cryptographic truth. We removed the anonymity. We made the validators sovereign and known. We sealed the records to be court-admissible. We made it quantum-proof from day one. That is the spine of everything else in this document.

5. The Sovereign Compliance Network

Underneath everything we have built is a fabric we call the Sovereign Compliance Network. It is the validator layer plus the rules that govern who can sign and how. Every validator is a named entity. Every validator operates in a documented jurisdiction. Every signature is post-quantum. Every record is court-admissible under Federal Rule of Evidence 902(14). Anonymous validators are not permitted. That is the design.

Why "named" is the precondition

A central bank cannot route reserves through an anonymous signer. A qualified custodian cannot defend an anonymous signer to its examiner. An insurer cannot cite an anonymous signer in a claim defense. A federal program integrity office cannot use an anonymous signer's attestation in a fraud referral. An AmLaw litigator cannot submit an anonymous signer's record under FRE 902(14). Every category of customer that will buy verified-before-settlement infrastructure cannot, at any price, accept an anonymous validator.

That is why every other public chain is structurally disqualified from the institutional default-route market. They cannot retrofit named validators without breaking the chain they sold to retail. We did not start from retail. We started from the institutional precondition and worked outward. The result is a network the institutions can actually use.

6. What is broken - the fraud rationale

The leak is 3-8% of every dollar that moves

Every regulated payment system in the world leaks between 3% and 8% to fraud, waste, error, and abuse. Banking is at the lower end. Healthcare and federal grants are at the higher end. The aggregate is on the order of $700 billion annually in the US alone. The number does not move because no one in the existing system is incentivized to measure it. The bank books the wire fee. The processor books the interchange. The insurer raises the premium. The federal program books the obligation. The leak is socialized into rate cards and budgets, and after-the-fact recovery is run as a separate line item nobody promotes.

The industry is reactive, by structural choice

The compliance and fraud-prevention industry is structurally reactive. It investigates after the loss. It litigates after the loss. It claws back after the loss. The reason is that the underlying payment rails do not stop a payment in flight. Once SWIFT releases, once ACH posts, once a card auths, once Medicare adjudicates, the money has moved and the only remaining lever is recovery. The recovery industry is roughly $50 billion a year and it recovers on average less than 30% of what was lost. The other 70% becomes a permanent transfer to the fraudster.

Compliance is bolted on, not built in

Existing compliance is a bolt-on tax. Banks pay 5-12% of operating cost to KYC, AML, sanctions screening, transaction monitoring, suspicious-activity reporting, and audit response. Healthcare payors pay 4-7% to claims-edit vendors and special-investigations units. Federal grants pay to the Inspector General after the fact. None of these costs change the leak. They only change how the leak is reported.

No one measures the leak as the customer experiences it

The hardest part of the fraud problem is that no one in the existing supply chain has the data and the incentive to measure it end-to-end. The payor sees its slice. The receiver sees its slice. The intermediary sees its slice. The regulator sees the report. The customer sees the loss. That asymmetry has kept the leak invisible to the people who would otherwise have replaced the system 30 years ago. Verified-before-settlement infrastructure exposes the leak by definition. That is why the existing supply chain has not built it.

7. The platform leverage thesis

One Layer-1. One verification kernel. N verticals. The kernel is 18+ months old. Adding a vertical takes a week. A competitor entering any one of our verticals has to build the kernel first, which takes the better part of two years. That asymmetry is the moat.

The kernel

The kernel is the cross-vertical verification engine. It takes a record (a payment, a claim, a filing, a disbursement, a wallet operation) and runs it through:

• A 4-way large-language-model gate (four independent models must agree the record is consistent with policy and free of common fraud signatures).
• A deterministic check pipeline (sanctions, KYC, KYB, BEC, BID, address sanity, IBAN and BIC validation, UBO graph, premise-business compatibility, payment-instruction-change hold).
• Cross-source corroboration against authoritative public sources (SEC EDGAR, OFAC SDN, NPPES, USAspending, DOL LCA, FAA NextGen, etc).
• A sealed verdict written to the L1 in the FRE 902(14) format.

The kernel is vertical-agnostic. The verticals are configurations of the kernel: which sources to corroborate against, which policies to enforce, which deterministic checks to run, which output format to emit. Adding a vertical is a configuration job, not a code job. The week-to-add number is real.

The leverage math

Every additional vertical adds revenue and adds detection signal that improves the kernel for every other vertical. A premise-business mismatch detected in healthcare improves the same check when it appears in EB-5 capital deployment. A bank-fingerprint cluster detected in workers' compensation improves the same cluster when it appears in federal grants. The kernel compounds. A competitor coming in vertical-by-vertical has to rebuild that compounding from scratch. We have already paid for it.

8. The eight industries

Each vertical has a live proof-of-concept running on real, named, public-source data. The numbers below are from the live POCs, not projections.

8.1 Capital Markets - chronic FTD detection

• Buyer: Capital-markets compliance LOB at a regulated broker-dealer or alternative-trading system.
• Input: SEC fail-to-deliver dataset, 339,000 rows, ~$287 billion in chronic FTD exposure.
• Live POC headline: 250 findings flagged for chronic-FTD pattern with named issuer and named borrower correlations.

8.2 P2P - retail-wallet integrity

• Buyer: Retail wallet, neobank, P2P remittance platform with KYC and sanctions pressure.
• Input: Real on-chain wallet flow audit across multi-chain corridors.
• Live POC headline: 196 findings on impersonation, payment-instruction-change abuse, and sanctioned-counterparty exposure.

8.3 Trade Finance - bank fingerprint clusters

• Buyer: Trade-finance LOB at a global bank or commodity-finance fund.
• Input: Letter-of-credit and standby payment flows.
• Live POC headline: 178 findings clustering counterparties around shared bank fingerprints suggestive of shell-trade activity.

8.4 EB-5 - premise-business compatibility

• Buyer: Regional center, qualified custodian for EB-5 escrow, USCIS adjudication-quality review.
• Input: Real EB-5 capital-deployment records cross-checked against premise registration and business activity.
• Live POC headline: 142 findings of premise-business mismatch on EB-5 deployments where the registered business activity does not match the registered premise.

8.5 H-1B - DOL Labor Condition Application audit

• Buyer: Department of Labor Wage and Hour Division, USCIS, corporate immigration compliance LOB.
• Input: Real DOL LCAs - 337,000 records.
• Live POC headline: 459 findings flagging wage-floor, premise, and sponsor-pattern anomalies.

8.6 Federal Grants - USAspending integrity

• Buyer: Federal program integrity office, agency Inspector General, GAO improper-payment review.
• Input: USAspending dataset spanning $2.96 trillion in obligations.
• Live POC headline: 66 findings on duplicate disbursement, recipient-shell pattern, and award-amendment fraud signature.

8.7 P&C Insurance - claims-mill clusters

• Buyer: Property-and-casualty Special Investigations Unit (SIU) at a national or regional carrier.
• Input: Claims-flow records across the carrier's lines.
• Live POC headline: 248 findings clustering claims around shared premises, shared adjuster networks, and shared bank-account fingerprints.

8.8 Workers' Compensation - premise + bank fingerprint

• Buyer: State workers' compensation board, monoline carrier, large self-insured employer trust.
• Input: Premise records and bank-receipt fingerprints from a workers' compensation flow.
• Live POC headline: 206 findings on premise-business mismatch combined with bank-fingerprint clustering.

9. The proof

Across the eight live verticals, the kernel has produced approximately 1,945 findings on real federal and on-chain records totaling more than 740,000 input records, with billions of dollars flagged for review. These are not synthetic numbers. The inputs are the SEC FTD dataset, real DOL LCAs, USAspending, real on-chain wallet flow, and real claims flows from POC partners.

What the proof says

The kernel works. It works on real data. It works across verticals that have nothing to do with each other on the surface (a DOL LCA looks nothing like an SEC FTD record looks nothing like a workers' comp claim). The premise-business compatibility check, the bank-fingerprint cluster check, the 4-way LLM gate, and the deterministic pipeline all generalize. That is the platform thesis confirmed by output, not by argument.

10. What a customer gets

Week 1

Customer signs the agreement. We onboard their detection scope (which records, which policies, which corroboration sources). The kernel runs the customer's first batch and emits Tier 1 findings at flat fee per record. Every flagged record is handed off to Ava, the agentic layer between Tier 1 and Tier 2, which groups and cost-optimizes the substantiation plan.

Week 4

Tier 2 substantiation completes on the prioritized findings. Each substantiated finding produces a sealed CREB(TM) - Court Ready Evidence Bundle - which is the customer's deliverable. The CREB is FRE 902(14)-formatted, includes the full chain-of-custody, the validator manifest, the post-quantum signatures, and the corroboration record. A customer using JIL on day 1 has a court-admissible record on day 28.

Year 1

The customer's full record flow is now running through the kernel. Every payment, claim, filing, or disbursement in the customer's scope produces a sealed verdict on the L1. The customer's loss rate drops by single-digit-to-low-double-digit percent (depending on baseline). The customer's audit response time drops from quarters to seconds. The customer's litigation cycle - when there is one - opens with a court-admissible record already in evidence. The compliance budget shifts from after-the-fact recovery toward in-flight prevention.

Sealed CREB on every record

Customers do not get a "report" the way a traditional fraud-detection vendor delivers a report. Customers get a sealed record on the L1 for every input record processed, whether it cleared or flagged. The cleared records carry the same FRE 902(14) signature as the flagged ones. That is what verified-before-settlement actually means at the customer level: the customer's whole flow becomes its own audit trail, in real time, at court-admissible quality.

The customer holds the data; JIL holds the proof

CREB(TM) bundles, T1/T2/T3 result tables, and Ava agentic-layer outputs are written directly to a customer-owned AWS S3 bucket in the customer's own AWS account, under the customer's KMS keys, in the customer's region. JIL Sovereign Technologies never persists customer payload data at rest. The audit record - hash, timestamp, engine version, check IDs, and the 14-of-20 BFT validator signature set - is anchored to the L1 across 13 jurisdictions. The customer's own Snowflake account reads its own bucket via Apache Iceberg external tables; the customer's BI stack (Tableau, Power BI, Sigma, Looker) connects natively. The customer pays Snowflake directly for compute. JIL's bill is for the attestation work, not for storing your evidence.

The structural consequence: JIL never custodies funds. JIL never holds your keys. JIL never stores customer data at rest. The audit record lives on a 14-of-20 validator L1 across 13 jurisdictions - not on a JIL database we could lose, alter, or be compelled to surrender. Subpoena resistance is architectural, not procedural. Privilege preservation is structural, not promised. See Data Architecture for the full layer-by-layer breakdown.

11. Patents

We hold 75 patent claim families today (15 independent claims and 88 dependent claims) covering the consensus, settlement, attestation, custody, identity, and verification layers of the network. An additional 20 to 30 net-new claims are in active drafting covering the 2026 verification kernel and CREB(TM) format.

What the portfolio covers

• Affinity-Partitioned BFT Settlement (claim 49) - jurisdictional partitioning of consensus that lets named validators co-sign cross-border records without leaking sovereignty.
• Non-Custodial Pre-Clearance Authorization (claim 50) - the wallet pattern that lets a holder authorize verification of an outbound payment without moving the asset to a custodian.
• Inherited-Quorum Retroactive Verdict (claim 51) - the mechanism for sealing prior records when a new finding emerges, without rewriting the chain.
• Stateless Deterministic Docs Key Rotation (claim 52) - the 7-day rotation pattern that does not require any persisted state on the application layer.
• Civil-Admissible Sealed Verdict Record (claim 53) - the FRE 902(14) record format we built CREB(TM) around.

The portfolio is held by JIL Sovereign Holdings, LLC (Wyoming) and licensed perpetually and irrevocably to JIL Sovereign Technologies, Inc. (Delaware). The Holdings / Technologies separation is a deliberate asset-protection structure: the operating company carries the commercial relationships and the litigation surface; the holding company owns the intellectual property and is structurally insulated.

Why this matters as a moat

A competitor cannot copy the platform thesis without infringing on at least one of the structural claims. The 4-way LLM gate, the named-validator BFT pattern, the post-quantum hybrid signature, the FRE 902(14) record format, and the 7-day HSM rotation are each independently claimed. The portfolio is not aggressive, it is defensive. We do not intend to license offensively. We intend to make sure the network we built cannot be cloned by a fast follower at the protocol layer.

12. Pricing

Four SKUs. No contingency on dollars recovered. We sell detection and substantiation, not recovery. Customers want the predictable line item; the recovery upside, where it exists, is theirs.

No contingency. No share-of-recovery. No "we get paid if you litigate." JIL is detect-and-notify infrastructure. The customer decides what to do with the finding. That separation is deliberate; it is what lets the customer cite our record in court without conflict-of-interest exposure.

13. Purpose in the system

If value flows through a system at this scale, some of it should flow back into the world. So we hard-coded it. Not a corporate giving program that gets cut when revenue dips. A percentage of the network economics is routed to human flourishing, written into the protocol itself, with no governance path to remove it.

I have led humanitarian work across five continents. That work changed me. The systems we build at this scale are going to shape how the next generation lives. The hard-coded allocation is not branding. It is the only way to make sure the discipline survives a future fundraising round, a future board change, or a future quarterly earnings cycle.

14. Team and company

Founder

JIL Sovereign Founder, Founder and CEO. 42 years in systems architecture. NASA. Department of Defense. National laboratories. Apple, where I helped shape what became iOS. Microsoft, where I helped move Windows 3.1 into Windows NT. Oracle. Ingres. Deloitte. Accenture. CDC. IBM. The pattern across all of them was the same. Systems were rigid. Architectures did not evolve. Code could not adapt. JIL is the system that does.

Team

The technical team carries the same shape: deep prior systems experience at NASA, DoD, Apple, Microsoft, Oracle, IBM, and federal contractor environments where failure is not an option. We did not staff this company out of crypto-native talent pools. We staffed it out of the regulated-infrastructure talent pool that has spent careers building things that have to stay running.

Company structure

The Holdings / Technologies separation is a lawyer-driven asset-protection structure. The operating company is where the litigation surface lives. The holding company is where the IP lives. They are not the same balance sheet. That is intentional.

15. The ask

We are raising $40 million to scale the named-validator footprint, ship the next 8 verticals, and put a CREB(TM) on the desk of every federal program integrity office, AmLaw litigator, qualified custodian, and SIU lead in the United States by the end of the calendar year.

If you are a strategic investor, an institutional partner, or a federal counterparty: contact us at jilsovereign.com/connect. The companion business plan and tokenomics whitepaper are available at jilsovereign.com/docs/whitepapers/. The founder's full message is at jilsovereign.com/founder.