Two ideas that rarely meet are about to: running real compute at the edge (the branch device, the customer’s phone), and ledgers that prove their own integrity. Put them together and you get something a regulator is likely to value — a device that can answer locally and detect whether it has been tampered with, without phoning home.
Queries at the edge, commands at the core
The discipline is a clean split. Queries — “if I add this standing order, do I dip below my buffer, and when?” — run on the device, over a local copy of the record. No network hop, works offline, and a bad query can only mislead that one session. Commands — anything that moves money or creates an obligation — always execute at the core, the system of record, which decides order and finality and emits the authoritative result back as an event. The device proposes; the centre disposes.
That separation is not new in the abstract (it is CQRS, it is event sourcing, it is local-first). What is new is applying it to a regulated bank where the edge holds a governed, auditable record.
The write model is the audit log
Here is the part that earns the regulator’s attention. Instead of an application that writes data and also writes an audit table you have to trust, each event is linked to the one before it by a hash. Change any event and every later link changes. The device can therefore recompute its own chain from the beginning and prove it is intact — no central trust required. Replay is deterministic: the same log produces the same state, everywhere.
And when a device reconnects, the centre compares notes by hash. Match → it fast-forwards. Mismatch → the device is quarantined with a proof of exactly where it diverged. Not “reconcile and hope” — cryptographic detection of tampering or a bug.
Why it’s the right shape for UK banking
- Resilience: the demo path survives a network or data-centre outage; failure is one session, not the whole estate.
- Isolation: separate records per domain put the wall between, say, Payments and Economic Crime at the storage layer, not just in policy.
- Auditability: “show me the chain” is answered by the device itself.
None of the primitives are exotic — hash chains, ordered logs, quorum reconciliation are all decades-proven. The contribution is composing them into a coherent, edge-native discipline for agent-native regulated banking, and naming it: queries at the edge, commands at the core, reconciliation by quorum.
We have built the novel core in a clean-room prototype — a per-event hash chain that verifies and quarantines, running in the browser. The full ledger model, the synchronisation protocol, and the schemas are available to approved bank evaluation teams under a gated technical review. If that is you, get in touch.
