TAB 02 // PRE-TRADE COMPLIANCE GATE

Order Boundary Enforcement: Hard-Rule Gate + Judgment Ensemble

A synthetic order stream is evaluated against the rules parsed from the client IPS in Tab 03 in two tiers. A deterministic hard-rule gate (ticker, leverage, concentration, strategy/sector, OFAC sanctions) blocks any single breach inline, with no vote — these are orthogonal rules, not opinions to reconcile. Orders that clear it pass to a judgment ensemble, where redundant judges weigh the same ambiguity call and the CCO's threshold ($\tau$) decides what is held for async review. Block decisions derive from the parsed JSON, not hardcoded labels.

Where rules engines stop being enough

Acknowledged: pre-trade equity restricted-list clearance is a solved problem with mature rules engines. Outside advisor review (a sitting Chief Audit Executive at a multi-billion-dollar asset manager) confirmed this in May 2026. Institutional employees already get near-instant rules-based clearance with denial rates approaching zero. Multi-model arbitration adds cost without solving a real pain in that segment.

statisTicker focuses where the rules-engine ceiling breaks: judgment-heavy fiduciary mandates, multi-jurisdictional commodity compliance, and dense consumer-credit / mortgage regulation. The arbitration architecture demonstrated below is the worked example for the OCC fiduciary segment; the same pattern, with vertical-specific evaluators and per-jurisdiction reasoning, extends to the lead verticals enumerated in Tab 01 Section D.

The Regulator’s Front-End Question

“Post-trade analysis is fine. Corrective measures are fine. But what are you doing on the front end, how do you make sure the trade doesn’t go through if it’s wrong?”

● The institutional answer

Regulators are increasingly asking the front-end question, post-trade surveillance cannot answer it.
statisTicker gives the institution a signed record: every order arbitrated, every decision signed, every rationale exportable on demand.

● Dual controls without doubling headcount

Regulators favor dual-control review. Historically that meant two human reviewers, which resulted in twice the cost center.
The ensemble is the second reviewer. Five independent evaluators with documented dissent. The CCO sets the policy; the system does the work.

● Liability stays where it must

Regulatory liability cannot be outsourced. The institution remains the first liability holder. Full stop.
statisTicker is instrumentation, not a compliance service. The CCO retains policy authority via $\tau$; we provide the audit-grade evidence chain.

Judgment Escalation Posture ($\tau$)

The hard-rule gate is always on and is not subject to τ: any single hard breach (banned ticker, leverage, concentration, strategy/sector, OFAC sanctions) blocks inline, no vote. τ below governs only the judgment tier — how many concurring judgment signals escalate a hard-clear-but-ambiguous order to an async HOLD FOR REVIEW. Consensus belongs here, where redundant judges weigh the same call — not over the orthogonal hard rules.

Hard-Rule Gate Only

Deterministic baseline. Block any hard IPS breach; judgment tier off. Nothing is held for ambiguity. Use as the sanity-check floor.

+ Judgment: 3-of-3

Hard gate, plus a HOLD only when all three judgment signals concur. Fewest holds; highest bar before consuming review capacity.

+ Judgment: 2-of-3 (default)

Hard gate, plus a HOLD when a majority of judgment signals agree an order is ambiguous. Balanced; the institutional default once judges are tuned.

+ Judgment: any 1-of-3

Hard gate, plus a HOLD on any single judgment concern. Most holds; widest review net for high-scrutiny windows. Expect more false holds.

Orders Evaluated

From synthetic stream

Hard Blocks (inline)

Hard IPS breaches, inline

Capital Retained

decomposed; see matrix ↓

Hard-Gate Latency

0.00 MS

Deterministic tier, inline. LLM judgment runs async (≈5–15s).

Order Stream, Synthetic Fixture

Streaming against parsed rules from Tab 02

ID	ACCOUNT / DESK	ORDER DETAILS	LATENCY	RESOLUTION

Ensemble Engine Arbitration Telemetry

Select a live execution block from the stream log to decode consensus reasoning and model layer weights.

Confusion Matrix & Decomposed Capital Retention

Value per intercept: $$V_{\text{retained}} = P(\text{inq}|b)\,E[F] + H_{\text{rem}}\,W_{\text{ops}} + s_{\text{bps}}\,N\,P(\text{impact})$$

Mandate Compliant

Mandate Violation

Engine Pass

True Negative (Cleared)

False Negative (Leakage)

Engine Action

False Positive (False Alarm)

True Positive (Intercept)

Regulatory Expectation

$P(\text{inq}|b) \times E[F]$
0.12 × $850K

Remediation Labor

$H_{\text{rem}} \times W_{\text{ops}}$
2.4 hrs × $285/hr

Adverse Market Drift

$s_{\text{bps}} \times N \times P(\text{impact})$
18bps × ∑notional × 0.6

TAB 04 // SYSTEM TOPOLOGY

On-Premises Parallel Arbitration Flow

Target architecture: raw order flow is mirrored off the OMS into an isolated on-prem GPU cluster. A deterministic hard-rule gate clears or blocks every order inline (sub-ms); only hard-clear-but-ambiguous orders reach the on-prem LLM judgment ensemble, which resolves on an async hold path. No order or PII ever crosses a commercial API boundary.

Pipeline Processing Nodes, Pre-Trade Verification

Node 01 // Input

IPS Rule Extraction

Investment team pastes the client IPS into the workflow surface (Tab 03). The parser produces structured rule JSON. Public demo: local deterministic extraction only. Production target: on-premises open-weight models with strict output schema and per-clause citations.

Isolation: client-side parser · no cloud inference on public site

Node 02 // Mirror

Order-Flow Mirror Tap

A read-only FIX session or OMS sidecar mirrors proposed orders before they leave the desk. Evaluation runs in parallel with the desk’s native risk check; no critical-path latency added.

Integration target: Charles River / Aladdin / OMS-native

Node 03 // Core

Two-Tier Arbitration

Tier 1 — Hard-Rule Gate (deterministic, sub-ms): orthogonal checks on ticker/sector, leverage, concentration, strategy, and OFAC sanctions (SDN + jurisdiction). Any single breach blocks inline — no vote, because these are disjoint rules, not opinions to reconcile. Tier 2 — Judgment Ensemble (LLM, async): redundant judges weigh a hard-clear-but-ambiguous order on the same call; the CCO’s $\tau$ sets the consensus needed to HOLD for review. Consensus lives here, not over the hard rules.

Hardware target: on-prem 4×A100 / dual H100 box (Tier 2 only)

Node 04 // Output

Verdict + Audit Surface

The Tier-1 block/clear verdict returns to the OMS within the order’s pre-trade window (deterministic, sub-ms). Tier-2 judgment HOLDs resolve on an async path (≈5–15s on the on-prem ensemble) — a soft hold, never an inline block, so a multi-LLM read never sits in the critical execution path. Every verdict, hard-rule hit, and judgment rationale is written to a tamper-evident audit log for the CCO and regulator.

Surface: dashboard + signed JSON-LD audit export

Engine Capabilities (v0.3)

What the arbitration engine does today — and why each property matters to a compliance officer.

Two-Tier Arbitration

A deterministic hard-rule gate blocks any single bright-line breach inline (sub-ms, no vote). A judgment ensemble weighs only hard-clear-but-ambiguous orders, with the CCO’s τ deciding what is escalated to an async HOLD.

Hard limits are enforced reliably and instantly; consensus is reserved for genuine judgment calls. A banned ticker can never be “voted” clear.

Fail-Loud Parse Coverage

Every IPS parse reports which rule-bearing clauses it could not map, with a coverage score. Unmapped clauses are surfaced on the execution gate, and any CLEAR issued under incomplete coverage is tagged provisional.

An unparsed limit is an unenforced limit. Under-enforcement is made loud, never silent — the failure mode a CCO most needs to see.

Audit Provenance Binding

Every verdict binds the IPS fingerprint, ruleset + parser version, active posture (τ), per-evaluator versions, and a timestamp — shown in the arbitration telemetry.

A verdict stays reconstructable after the IPS changes. The minimum a tamper-evident audit log needs to actually be tamper-evident.

In-View Disclosure

Each evaluator that is a stub today is badged where it renders — DET·STUB on the hard-rule checks, STUB on the judgment signals.

No one mistakes a deterministic proxy for live model inference. Disclosure sits next to the claim, not buried in a footnote.

Regression-Tested Logic

The parser, evaluators, and two-tier arbitration run against golden fixtures (npm test) loaded from the live engine source — nine checks, offline, no API key.

The compliance logic can’t silently regress. The suite pins the invariant that a hard breach blocks under every posture.

Build Status, what’s real, what’s stubbed, what’s planned

We are explicit about state because it matters to a CCO and to us. Demo today is the deterministic-parser end-to-end loop; production-grade pieces are scoped below.

● Working today (v0.3)

Deterministic IPS parser (Tab 03): regex/keyword extraction over real IPS phrasing, with a coverage report.
Live binding from parsed JSON to the gate. What you paste decides what blocks — no hardcoded labels.
Two-tier arbitration: an always-on deterministic hard-rule gate (any single breach blocks inline) plus a judgment tier where the τ posture escalates ambiguous orders to an async HOLD.
OFAC sanctions enforcement: the hard gate blocks orders whose counterparty hits the SDN screen or whose jurisdiction is sanctioned, whenever the IPS mandates screening.
Fail-loud parse coverage: unmapped IPS clauses are surfaced on the gate, and CLEARs issued under incomplete coverage are flagged provisional.
Audit provenance binding on every verdict (IPS fingerprint + ruleset/posture/evaluator versions + timestamp).
In-view stub disclosure badges, plus golden-fixture regression tests (npm test).
Confusion matrix and decomposed value formula updated live against the synthetic stream.

○ Stubbed for demo

The hard-rule checks and the judgment-tier “judges” are deterministic rule/signal proxies today (badged in-view), not live on-prem model inference.
Transaction stream is a synthetic fixture, not a live OMS mirror.
KDE / statistical layer uses a hand-set z-score per fixture row; no real density model yet.
Coverage scoring and the IPS fingerprint are heuristic / non-cryptographic stand-ins for the production schema-diff and SHA-256 signing.
OFAC enforcement is live, but the SDN / sanctioned-jurisdiction list is a demo fixture; production wires the live OFAC feed.
IPS parsing is deterministic and runs entirely in the browser on this public demo. No IPS text is sent to a cloud API.

◇ Planned (next 30 days)

Hard-gate expansion DOMAIN LEAD INPUT PENDING
The deterministic hard-rule gate now blocks ticker, leverage, concentration, strategy/sector, and OFAC sanctions (SDN + jurisdiction) breaches inline. Still to wire: settlement restrictions, firm-wide blacklists, and the live OFAC feed (the SDN list is a demo fixture today). Awaiting Persia’s failure-mode taxonomy brief.
Dual-scope rule layering: institutional × account DOMAIN LEAD INPUT PENDING
The arbitration must evaluate against the union of two rule layers: the institution’s firm-wide policy (always applies to every order) and the account/mandate-specific IPS (applies only to that book). Fiduciary contexts (trust companies, RIAs) cannot be served with single-scope rules. Schema and parser changes deferred to Persia’s scope-taxonomy input.
Parallel workflow convergence: Investment Team ↔ Operations DOMAIN LEAD INPUT PENDING
IPS authoring is owned by the investment team; ingestion and execution live in operations. The pre-trade gate is where the two organizational tracks converge. TAB 03 today shows a linear pipeline; production design needs explicit swim-lanes with a defined hand-off contract. Persia is mapping the interdepartmental flow.
On-prem IPS extraction via open-weight models (vLLM); multi-shot extraction + per-rule citation back to the IPS span.
On-prem GPU cluster running the four LLMs via vLLM; quantized 4-bit checkpoints.
Real KDE fit on rolling per-desk feature windows (volume, realized vol, structure).
FIX-tap reference adapter + JSON-LD audit log export.
Pilot synthetic-feed harness for warm-logo evaluation (JD lane).

Agentic Primitives Roadmap (3 to 6 months)

Capabilities maturing in the broader AI ecosystem that this architecture is designed to incorporate. Each is labeled by reality: shipped = available today; maturing = production-credible in 3–6 months; ecosystem trend = directionally relevant, explicitly not load-bearing for the v1 pitch.

● Long-context document reasoning

Shipped: 200K–1M-token context windows (Claude, Gemini).
Maturing: 10M-token windows with sub-linear cost: entire loan files, full IPS documents, complete regulatory texts ingested in a single reasoning pass.

● Multi-jurisdictional regulatory reasoning

Shipped: retrieval-augmented agent loops over per-jurisdiction regulatory corpora.
Maturing: jurisdiction-specialist agents reasoning across CFTC + REMIT + FCA + MAS + exchange-specific rules concurrently, with conflict resolution.

● Citation-grounded outputs

Shipped: structured outputs with source spans; every claim cites the specific regulation, paragraph, and page.
Defensibility upgrade for examiners: the audit narrative is verifiable down to the cited authority, not just the model's word.

● Continuous regulatory monitoring

Shipped: scheduled retrieval + diff against prior corpus.
Catches rule changes the day they publish; routes the diff into the affected agents' working contexts within the same business day.

● Multi-agent harness with resolver

Shipped: AutoGen, LangGraph, Anthropic MCP for domain-specialist agents per jurisdiction or rule class.
Maturing: resolver agent reconciles dissent into a single audit-grade narrative with documented minority opinions retained for examiner replay.

● Ecosystem trends we track (NOT load-bearing for v1)

Agent harnesses with persistent cross-session memory (Hermes-style).
World-model-grade context for regulatory-landscape simulation.
Sub-100ms inference (Cerebras, Groq LPU) for real-time compliance loops.

Each row above maps to a capability that exists today or has a credible path to production within six months. The v1 pitch does not rest on speculative primitives.