ARCAml
Audit Trail
Every event is logged and time-stamped, creating an immutable record that simplifies audits and regulator reviews.
End-to-End Activity
Issuance, amendments, claims, identity checks, screenings, approvals, and exports—captured with actor & reason.
Tamper-Evident
Events chained with cryptographic hashes; any change is detectable and flagged.
Scoped Auditor Access
Time-boxed, read-only views with field-level redaction & export controls.
Exportable
CSV/JSON exports with signature & hash chain proof for offline review.
Retention & Redaction
Policy-driven retention with privacy-safe redaction of sensitive fields.
Evidence on Demand
Generate case bundles with documents, notes, and event timelines.
What gets logged
- Actor, role, and authenticated subject
- Timestamp (UTC), IP, user-agent, request id
- Entity & action (identity.updated, guarantee.issued, claim.submitted, export.created …)
- Before/after diffs (redacted for sensitive fields)
- Hash, previousHash, signature
Export & Retention
- CSV/JSON exports with detached signature & SHA-256 chain proof
- Retention policies by entity & jurisdiction; legal hold support
- Field-level redaction with irreversible tokenisation
Sample log event
{
"id": "evt_01HZY3Q6XK9",
"timestamp": "2025-09-28T07:45:12Z",
"actor": { "id": "usr_9ab3", "role": "issuer_approver" },
"entity": { "type": "guarantee", "id": "grt_7842" },
"action": "guarantee.amended",
"reason": "Extend expiry by 90 days",
"diff": { "expiry": { "before": "2026-03-31", "after": "2026-06-29" } },
"request": { "ip": "203.0.113.12", "userAgent": "Mozilla/5.0", "requestId": "req_45df" },
"hash": "9a1b…f7c2",
"previousHash": "7d4e…2b9a",
"signature": "MEUCIQDE…",
"labels": ["maker-checker:approved"]
}