Webdevelop Docs

Appearance

Wallet Management & Liquidity Operations

In this architecture, the "Wallet" functions as a ledger for Stored Value. It acts as an intermediate staging ground for capital, allowing the investor to deploy funds into multiple offerings without triggering separate bank transfers for every transaction. Because the Wallet holds custodial funds, its operations are strictly governed by Banking Secrecy Act (BSA) and SEC Customer Protection Rules.

1. Inbound Liquidity (Adding Funds)

The "Add Funds" mechanism allows the investor to move capital from a verified external bank account into the platform ecosystem.

Operational Workflow

  1. Source Selection: The system restricts funding sources to bank accounts that have been previously linked and verified via micro-deposits or instant authentication (e.g., Plaid).

  2. Authorization: The investor authorizes the ACH pull or Wire transfer.

  3. Settlement: Funds are held in a "Pending" state until cleared by the banking network (typically 1–3 business days for ACH).

Compliance Guards (Source of Funds)

  • Anti-Money Laundering (BSA/AML): To prevent "Placement" (the first stage of money laundering), the system must validate that the incoming funds originate from a domestic entity matching the investor's identity.

  • Record Retention (SEC Rule 17a-4): The platform creates an immutable record of the deposit, including the originating bank routing number and timestamp. This ensures a complete audit trail for regulatory examinations.

2. Outbound Liquidity (Withdrawals)

The "Withdrawal" process is the highest-risk function regarding fraud and account takeover. Therefore, it requires additional security layers.

Operational Workflow

  1. Request: The investor requests to move funds from the Wallet back to a bank account.

  2. Identity Verification (Regulation S-ID): The system analyzes the request for "Red Flags" (e.g., a withdrawal request immediately following a password change).

  3. Execution: Upon approval, funds are released from the custodial account to the user's bank.

Compliance Guards (The "Closed-Loop" System)

  • Fraud Prevention (FINRA Rule 2090): To prevent third-party theft, withdrawals are typically restricted to the Original Source Account. This "Closed-Loop" architecture ensures that even if an account is compromised, the attacker can only withdraw funds back to the victim's own bank account.

  • Privacy & Data Security (Regulation S-P): Any transmission of banking details during the withdrawal process is encrypted to protect non-public personal information (NPI).