The job to be done
Your sanctions and AML team already runs every crude counterparty through Refinitiv World-Check, Dow Jones Risk & Compliance, and LexisNexis Bridger. What it cannot independently verify today is the OFAC continuous-diligence trail and the environmental-compliance claims attached to a specific physical volume. Sovereign Ledger issues a signed certificate — the Digital Passport — that makes both verifiable.
The artifact is additive. Worst case, your team sets it aside; nothing about your screening workflow changes. There is nothing to integrate and nothing to migrate — the Passport slots beside the screens your team already trusts, and a post-issuance OFAC flip can reach your compliance desk through a webhook in seconds rather than surfacing weeks later.
How it slots in
Three paths into your workflow exist, ordered by friction. We lead with the lowest-friction one and treat the rest as outcomes you earn later, not preconditions.
Path B — Bank-internal compliance evidence (primary)
Your compliance team pulls the Passport, or a signed Audit Bundle, as supplemental corroborating evidence during OFAC and environmental due-diligence review — alongside World-Check, Dow Jones, and Bridger. No UCP recognition is required, no LC clause is negotiated, no IT integration is needed. It is sold per-seat against your existing compliance budget, the same shape as a compliance data feed.
Path C — SPA-required deliverable
The buyer’s sale-and-purchase agreement requires the seller to deliver a Sovereign Ledger Passport for each cargo. This is independent of the letter of credit and settled by bilateral negotiation only — useful where the buyer carries downstream ESG or CBAM reporting obligations.
Path A — Named document in the letter of credit
The credit’s documentary requirements list the Passport as a required presentation document under UCP 600 sub-article 14(f) — the same mechanism that puts a Chamber of Commerce Certificate of Origin into an LC today. This carries the highest contractual stickiness, but it needs three-party coordination per credit. Treat it as an earned outcome after Path B and Path C give an issuing bank a reason to template-list the Passport.
MLETR and the UK Electronic Trade Documents Act 2023 do not apply — the Passport is an attestation, not a transferable instrument conveying a right of performance. It needs no statutory recognition to function on any of the three paths.
Technical due-diligence packet
A compliance engineer should be able to inspect the artifact format before scheduling a call. The files below are byte-exact copies of what our production API produces for a Subscriber pulling an Audit Bundle for a compliance-team review, signed with a committed sample key. Verify the signature against /samples/sample-jwks.json; production bundles verify against /.well-known/jwks.json.
- sample-audit-bundle.pdf — the audit-bundle artifact your compliance team reads (cover page + per-UUID entries).
- sample-audit-bundle.json — the canonical payload, SHA-256 hash, Ed25519 signature, and signing key id.
- sample-jwks.json — the sample public key in JWKS form, scoped to verifying the sample bundle only.
- README.md — the four-step verification procedure.
Ed25519 signing and public JWKS
Every Digital Passport and every Audit Bundle is signed with an Ed25519 key. The signing_key_id on each artifact corresponds to a kid in the published JWKS, so key rotations do not invalidate historical passports. Your IT team can pin the JWKS fetch into whatever signed-response verification stack you already run; there is no Sovereign Ledger SDK to install to do so.
Canonical JWKS URL: getsovereignledger.com/.well-known/jwks.json. See /security for the complete cryptographic and operational posture, and /how-it-works for the canonical payload shape under the signature.
Webhooks
A Subscriber registers an HTTPS endpoint and a watchlist of UUIDs. On any state change — new passport issued against a watched UUID, post-issuance OFAC flip, severance flip, watchlist TTL expiry — we POST a signed event to the endpoint, Stripe-style: idempotency key in a header, HMAC-SHA256 signature in X-Sovereign-Signature, retry on 5xx at roughly 1s, 4s, 16s, 64s, 4m, 15m before permanent failure. A delivery history and manual re-send are available in the Subscriber dashboard.
An example batch.flagged body:
{
"type": "batch.flagged",
"batch_uuid": "ec3d5870-1a2b-4c0d-9e3f-0a1b2c3d4e5f",
"subscriber_id": "11111111-1111-4111-8111-111111111111",
"occurred_at": "2026-04-11T02:18:04Z",
"reason": "ofac_hit",
"current_status": "FLAGGED"
}
See it live
The Track a Barrel demo hits our production verify endpoint from your browser — one demo passport resolves GREEN, one resolves genuinely FLAGGED. The same page a compliance officer reaches by scanning the QR code on a Passport is at /verify.
When the buyer asks for an LC-named-document workflow
Some buyers will want the Passport named as a required document in the letter of credit itself (Path A above). When that happens, the same signed artifact already carries a cover page and per-UUID entries formatted for documentary-credit presentation — the Audit Bundle PDF is presentation-ready. This is a downstream option, not a precondition: nothing about Path B depends on your LC templates changing.
Vendor-intake references
- /docs/api — Subscriber API reference (full OpenAPI spec in progress; see issue #29).
- /security — cryptographic primitives, US-only data residency, event-sourced architecture, SOC 2 roadmap, coordinated disclosure.
- status.getsovereignledger.com — live backend uptime.
- /.well-known/jwks.json — production public signing keys.
Request a compliance-team demo
We respond to bank and insurer evaluation requests from sales@getsovereignledger.com within one business day. The demo walks your sanctions, AML, or credit-compliance team through the Passport as additive evidence — no integration is required to evaluate it. The form below is attributed to the bank/insurer pipeline so your note reaches the right inbox.