Compliance built in. Not bolted on.
5-gate jurisdiction system, 32 RBAC permissions, PII masking, immutable audit trail, and 2FA — all native to the platform.
32 RBAC permissions
Every API route is mapped to a permission. The gateway enforces access before the request reaches any service. Roles define what a user can see, edit, and export — down to individual PII fields.
- customer_view_scope: own / team / all — controls which customers a role can see
- customer_edit_scope: none / own / team / all — controls which customers a role can modify
- pii_email: full / masked / hidden — per-role email visibility
- pii_phone: full / masked / hidden — per-role phone visibility
- can_export_pii: controls CSV export access to real PII data
- Privilege escalation guard: users cannot grant permissions they don't hold
Customers
| view_customers | GET /customers, /transactions, /ftd, /risk/profiles |
| edit_customer_details | PATCH /customers/{id} |
| assign_customers | POST /customers/assign |
| export_customers | GET /customers/export |
| import_customers | POST /customers/import |
| close_accounts | POST /accounts/{login}/close |
Transactions
| create_deposits | POST /transactions/manual, /cashier |
| approve_deposits | PATCH /transactions/{id}/approve |
| process_chargebacks | POST /transactions/{id}/chargeback |
Trading
| view_orders | GET /orders, /history |
CRM
| create_tasks | POST /tasks, PATCH /tasks |
| manage_statuses | * /statuses |
| manage_workflows | * /workflows |
| manage_templates | * /email-templates, /sms-templates |
| manage_promo_codes | * /promo-codes |
Administration
| view_users | GET /users, /teams, /roles |
| edit_users | POST /users, PATCH /users/{id} |
| manage_roles | POST /roles, PATCH /roles/{id} |
Platform
| manage_groups | POST /groups, PATCH /groups/{id} |
| manage_instruments | POST /instruments, PATCH /broker/instruments |
| manage_payment_routing | PUT /payments/routing |
| manage_broker_config | * /broker-settings, /integrations |
Compliance
| manage_compliance | * /compliance, /fraud-log |
| view_audit | GET /audit-log, /stopout-events |
5-gate compliance
Every customer interaction passes through jurisdiction gates. Three tiers control access levels — from full access to complete block. IP geolocation, document verification, and pattern detection built in.
| Gate | Tier 1 (Full access) | Tier 2 (Restricted) | Tier 3 (Blocked) |
|---|---|---|---|
| Registration | Allow | Allow | Block |
| Login | Allow | Allow | Freeze at 3rd |
| Deposit | Allow | Hold for review | Reject |
| Trade | Allow | Allow | Reject |
| KYC | Log | Set restricted | Retroactive freeze |
Frozen accounts: can login, can withdraw, cannot trade, cannot deposit.
Audit trail
Immutable logs on every financial operation. Stopout events with full position details. Financial ledger as a compliance record. Note edits tracked in append-only table.
- Assignment log: every customer-to-agent assignment with timestamp and source
- Team membership log: full history of team transfers
- Note edit history: previous body preserved on every edit
- Communication records: every email and SMS with delivery status
- Consent tracking: legal document acceptance with version and IP
GET /api/backoffice/audit-log
{
"entity_type": "order",
"entity_id": "100042",
"action": "open",
"login": "10001",
"details": {"symbol": "EURUSD", "volume": 0.1},
"balance_before": 10000.00,
"balance_after": 10000.00,
"margin_used_before": 0.00,
"margin_used_after": 108.54,
"source_service": "order-service",
"created_at": "2026-03-11T14:30:00Z"
}Security infrastructure
TOTP 2FA for all CRM users. QR provisioning, 10 backup codes (shown once). Session management with device/IP tracking. Max concurrent sessions enforced.
- Short-lived access tokens (15 min) + long-lived refresh tokens (7 days)
- Session revocation: individual or all-except-current
- AES-256-GCM encrypted integration credentials at rest
- Isolated PostgreSQL, Redis, and Kafka per broker — no shared databases
POST /api/admin/auth/2fa/verify
// Request
{"code": "123456"}
// 200 OK
{
"enabled": true,
"backup_codes": [
"a1b2c3d4", "e5f6g7h8", "i9j0k1l2",
"m3n4o5p6", "q7r8s9t0", "u1v2w3x4",
"y5z6a7b8", "c9d0e1f2", "g3h4i5j6",
"k7l8m9n0"
],
"message": "2FA enabled. Save backup codes."
}Consent tracking
Record customer acceptance of legal documents with version tracking. Automatic IP and User-Agent capture. Full consent history for compliance review.
POST /api/crm/customers/{id}/consents
// Request
{
"document_type": "terms_and_conditions",
"document_version": "2.3",
"accepted": true
}
// IP and User-Agent captured automatically
// GET /api/crm/customers/{id}/consents
// Returns full acceptance history ordered by date