Skip to main content

Architecture

The technical architecture of the NDCI platform is designed for maximum scalability, security, and performance.

Overview

Issuer ↔ NDCI Access Gateway ↔ (Exchange | Depository | Banks) + Supervisory Cockpit (read-only)

The NDCI architecture is built on a modular approach with clear separation of integration, standardization, supervision, and security layers. Issuers connect through the Access Gateway, which ensures authentication, authorization, and secure transfers. Market infrastructure (exchange, depository, banks) receives standardized ISO 20022 messages. The Supervisory Cockpit provides read-only access for supervision.

Modules

Architecture — interactive diagram

NDCI is an integration and supervisory interface (API + ISO 20022). Switch between use-cases (UC1–UC3) and display layers below.

Use-case:
Layer:

NDCI is not a CSD/MTF or custody provider. Record-keeping/listing/settlement and supervision are performed by licensed institutions. Cockpit is read-only under MoU.

M1: Access Gateway

Central entry point for all issuers. Provides mTLS encryption, OIDC/OAuth2 authentication, RBAC/ABAC authorization, HSM for key management, and immutable logs of all operations. Internally runs an event bus with idempotence and W3C tracing for request tracking.

M2: ISO 20022 Profile (NDCI-MP)

Mapping of key fund events to ISO 20022 message types: pain (payments), pacs (settlement), camt (cash management), seev (issuance), sese (registration), semt (corporate actions). Final confirmation of message types occurs in UAT with partners.

M3: Market Connectors

Ready-made packages for integration with exchange, depository, and banks. SIM (Simulation) environment for testing and UAT packages for validation with real partners.

M4: Supervisory Cockpit

Read-only dashboard for supervision (CNB and other stakeholders). Displays metrics, SLA, data exports. No ability to intervene in transactions. Access governed by MoU.

M5: Security & Resilience

Zero-trust architecture, key rotation, CSPM/CIEM for identity and access management, RTO/RPO for disaster recovery. Continuous monitoring and incident response.

UAT acceptance matrix & ISO 20022 trace

What we test, who owns it, and which messages we send. Exportable for audit.

Export CSV
TestOwnerMetricAcceptanceStatus

Role-filter & KPI preview

Select your role to see which parts of the flow and acceptance steps are yours.

UC1 — Issuance & registry
Your messages: sese.023, semt.017
Your acceptance: 0 critical UAT findings • Latency ≤ 5 min
What you deliver to UAT: Record-keeping confirmations & statements
UC2 — Corporate actions & NAV
Your messages: seev.031
Your acceptance: 100% recipients notified
What you deliver to UAT: Publish CA notices
UC3 — Reporting & supervision
Your messages: semt.*
Your acceptance: Daily position statements
What you deliver to UAT: Export positions for supervision
Availability
99.6%
Definition: Access Gateway availability in pilot (monthly).
MTTR
1.4 h
Definition: mean time to recovery for incidents.
Reconcile
99.0%
Definition: camt vs. internal ledger match T+0.
CA notifications
100%
Definition: delivery of seev notifications to recipients.

KPIs are demo preview for the web; binding definitions and methodologies are in /docs (Market Practice, Changelog).

Security & SoD
  • mTLS end-to-end, OIDC/SSO, RBAC/ABAC
  • HSM/KMS, key rotation, encryption at rest and in transit
  • Immutable audit logs (hash/anchor), retention policies
  • 4-eyes on production changes, monthly CAB, emergency fix process
  • WAF, rate-limiting, DDOS protection, IP allow-lists
  • SAST/DAST, SBOM, pentests 2× yearly, light bug-bounty
  • DR: RTO ≤ 4 h, RPO ≤ 1 h; regular DR drills

Create document

Note: The link opens /docs with prefilled parameters.

Privacy-by-Design

NDCI does not store unnecessary personal data. KYC/AML integration occurs at the partner level, not in NDCI.