Foundation to production readiness in six phases: what gets built, who builds it, what each phase delivers, and when each institutional capability and regulatory control comes online.
This is the build program for the RWA exchange and settlement platform, from architectural foundation to production readiness, organized phase by phase: timeline, theme, objectives, key activities, deliverables, and the incremental value each phase banks. It is written for architecture planning, program governance, and executive reporting all at once, which is why it ends with two cross-cutting matrices: when each capability comes online, and when each regulatory control becomes operational.
Three reading notes. First, the clock starts at the first close of the $3M Pre-Seed (opening July 1, 2026); months 1 through 12 map roughly to Q3 2026 through Q3 2027. Second, Phases 1 through 3 (days 1 to 90) mirror the 30-60-90 Technical Plan (document 03.5), where a meaningful share of the discovery work is already marked complete; this matrix carries the program through what comes after. Third, the regulatory sandbox application is targeted for Q3 2026, ahead of the Phase 5 sandbox deployment window, so the paperwork leads the build rather than chasing it.
| PHASE | THEME & OBJECTIVES | KEY ACTIVITIES | DELIVERABLES | INCREMENTAL VALUE |
|---|---|---|---|---|
| PHASE 1 Days 1–30 |
Foundation and truth-settling. Lock regulatory, institutional, and architectural truths; define domain boundaries and the core data model; stand up governance and the hiring engine | Requirements clarification with bank partners, regulators, and advisors; Architecture v1 (domains, ledger, trust boundaries); regulatory mapping (CSA, OSFI, FINTRAC); integration feasibility; organizational design and hiring plan | Architecture v1; Security Model v1; core data model; regulatory compliance map; requirements baseline; CI/CD scaffolding | A complete, defensible architectural and regulatory baseline that prevents misbuilds and enables prototype design |
| PHASE 2 Days 31–60 |
Prototype and compliance proofing. Demonstrate technical viability; prove compliance logic and permissioning; establish the DevSecOps and security foundation | Settlement and tokenized-deposit prototype; permissioning and policy-as-code; ledger MVP with auditability; sandbox environment deployment; vendor evaluation (custody, AML/KYC, infrastructure) | MVP ledger prototype; settlement flow prototype; compliance rule engine prototype; CI/CD security controls; vendor shortlist | A working prototype demonstrating settlement, compliance enforcement, and ledger integrity for regulator review |
| PHASE 3 Days 61–90 |
Pilot readiness and the execution engine. Lock MVP scope; prepare bank integration and legal architecture; formalize governance for the institutional pilot | MVP blueprint; bank-partner integration design; legal architecture for tokenized deposits and RWAs; identity and permission hardening; audit logging and admin portal design; delivery governance | MVP blueprint; integration architecture; compliance readiness plan; pilot specification; governance framework | A complete, implementable MVP specification ready for the pilot build with regulator-defensible architecture |
| PHASE 4 Months 4–6 |
MVP build, internal pilot. Build production-ready core rails; validate functionality internally; strengthen security and DevOps automation | Settlement, compliance, ledger, and tokenization module build; internal pilot flows on restricted accounts and simple assets; infrastructure deployment and monitoring; initial custody and AML/KYC vendor integrations | Production-grade core services; asset lifecycle contracts; monitoring and observability stack; automated compliance tests; MVP operational workflows | A functioning MVP with internal users validating real transaction and compliance flows |
| PHASE 5 Months 7–9 |
Sandbox and limited institutional pilot. Deploy the MVP in the regulator-aligned sandbox; run the pilot with the lead bank partner and controlled institutional participants; finalize governance and controls | Pilot asset issuance; tokenized-deposit settlement flows; bank-partner integration go-live; custody and AML/KYC integration; operational playbooks; security and performance testing | Regulator documentation; pilot modules; sandbox environment; observability framework; pilot KPIs | A regulator-aligned institutional pilot demonstrating real issuance, settlement, and compliance operations |
| PHASE 6 Months 10–12 |
Production hardening and controlled expansion. Harden for production; onboard early institutional partners; expand the tokenization modules | Security audits and penetration testing; multi-bank governance design; RWA tokenization module expansion; custody federation planning; marketplace scaffolding | Production-ready platform modules; security audit results; multi-bank governance framework; RWA tokenization modules; marketplace architecture | A secure production platform with expansion paths for RWAs, marketplace trading, and multi-custodian federation |
0–30 days: architectural and regulatory baseline. 31–60: functional prototype proving settlement and compliance feasibility. 61–90: complete MVP blueprint and pilot readiness. Months 4–6: internal pilot on real workflows. Months 7–9: regulator-aligned sandbox and institutional pilot. Months 10–12: production hardening and expansion capability.
| CAPABILITY | P1 (0–30D) | P2 (31–60D) | P3 (61–90D) | P4 (4–6M) | P5 (7–9M) | P6 (10–12M) |
|---|---|---|---|---|---|---|
| Identity & access | Requirements and design | Policy engine prototype | Permission model hardened | Integrated into MVP | Institutional onboarding | Multi-bank identity federation |
| Compliance & regulatory controls | Regulatory mapping | Policy-as-code prototype | Compliance readiness plan | Automated regulatory testing | Sandbox compliance reporting | Production supervision model |
| Tokenization engine | Domain model defined | Tokenized deposit primitive | RWA issuance blueprint | Asset lifecycle contracts | Pilot issuance | Expanded RWA tokenization |
| Settlement & payments | Ledger model design | Settlement prototype | Bank integration design | Production settlement rails | Pilot settlement flows | Multi-bank settlement readiness |
| Custody integration | Vendor landscape review | Custody vendor shortlist | Integration architecture | Custody adapter implemented | Pilot custody operations | Federated custody model |
| Trading / marketplace layer | Concept definition | Feasibility review | Marketplace blueprint | Internal trading simulation | Pilot secondary flows | Marketplace infrastructure |
| Audit & reporting | Compliance requirements | Ledger auditability | Audit framework design | Operational audit logging | Pilot reporting workflows | Regulatory reporting engine |
| Platform infrastructure | CI/CD scaffolding | DevSecOps baseline | Integration architecture | Production infrastructure | Sandbox environment | Production-grade infrastructure |
The same twelve months, read through the supervisor's eyes: when each compliance layer becomes operational, framework by framework.
| FRAMEWORK | P1 (0–30D) | P2 (31–60D) | P3 (61–90D) | P4 (4–6M) | P5 (7–9M) | P6 (10–12M) |
|---|---|---|---|---|---|---|
| CSA securities (NI 45-106, 31-103, 21-101) | Regulatory mapping | Compliance logic prototype | Legal architecture defined | Automated rule enforcement | Sandbox regulatory oversight | Production compliance |
| FINTRAC AML/KYC | AML obligations identified | KYC workflow prototype | Identity verification design | KYC integration live | AML monitoring during pilot | Full AML reporting |
| OSFI banking controls | Banking interface requirements | Deposit token prototype | Bank integration architecture | Secure payment rails | Bank pilot integration | Multi-bank operational model |
| PIPEDA / privacy | Data residency and privacy rules | Privacy controls implemented | Identity security model | Data governance automation | Sandbox audit review | Production privacy compliance |
| PFMI settlement principles | Settlement model design | Ledger settlement prototype | Clearing architecture defined | Operational settlement rails | Pilot settlement operations | Production clearing readiness |
| ISO 27001 / security | Security framework design | Security controls baseline | Security architecture finalized | DevSecOps enforcement | Security testing | Certification readiness |
Basis: the structured roadmap matrix prepared for program governance, June 2026 revision, anchored to the first close of the Pre-Seed. Phases 1 to 3 align with the 30-60-90 Technical Plan (document 03.5), where current completion status is tracked item by item. Bank-partner references reflect the lead design-partner relationships described in documents 02.4 and 10.4.
Prepared for approved data room members. This document does not constitute an offer to sell securities or a solicitation of an offer to buy securities. 4orm Finance Holdings Inc. is the parent entity of 4orm OpCo, 4ormEx OpCo, and 4orm Trust Co; technology is developed by KCS Capital, an independent research and development firm.