12 sanctioned-address hits on the first 1,000 USDC transfers.
1,000 USDC transfers ingested, 38 findings across 3 deterministic checks. 12 critical sanctioned-address hits surfaced exposure to Tornado Cash, Lazarus, LockBit, and Blender.io. One velocity anomaly: 149 transfers from a single sender in a single hour. 25 transfers at or above the BSA reporting threshold, totaling $554,000. Real Etherscan public data; deterministic checks; sealed CREB™ on every finding.
JIL is not an ERP, not a procurement platform, not an accounting system, not an audit firm. It is a payment-integrity layer between the enterprise's ERP / procurement / AP systems and the payment rail. The same engine that surfaces sanctioned-address hits in public USDC flow surfaces ghost-vendor, duplicate-invoice, kickback, and pricing-anomaly patterns in real AP queues - same patterns, same court-admissible evidence package.
Here's what we surface for you.
If you run procurement, accounts payable, vendor management, or finance operations at a corporate, government agency, hospital system, or large nonprofit, this is what JIL detects in your purchase-to-pay (P2P) flows. JIL plugs in between your invoice approval and your AP disbursement function, runs 500+ checks per invoice (148 attestation catalog + 27 P2P-specific), and produces sealed evidence per finding.
Vendor onboarding fraud
New vendor registers with EIN that overlaps a previously-debarred or sanctioned entity. Beneficial owner shares an address fingerprint with another vendor that received payments and dissolved within a year. JIL surfaces the onboarding-time concerns before the first PO issues.
Three-way match failures (PO / receipt / invoice)
Invoice doesn't match the PO quantity / unit price / line items. Goods receipt is missing or doesn't match invoice quantity. JIL flags the mismatch with the specific line-item delta - faster than your AP clerk's manual reconciliation.
Duplicate invoice detection
Same vendor, same invoice number, same dollar amount submitted across multiple POs / cost centers / months. JIL cross-checks against your historical AP ledger and surfaces duplicates the rule-based check missed (different invoice numbers but identical amount + vendor + period).
Pass-through vendor (small biz front)
Vendor registered as a small disadvantaged business (federal contracts), DBE (state contracts), or HUBZone, but the actual work is being subcontracted to a Tier 1 prime. Beneficial-owner overlap with the prime, shared office address, shared bank fingerprint - JIL surfaces the pass-through pattern.
PO-vs-invoice manipulation (employee + vendor collusion)
Employee approves POs to a vendor where the employee's spouse is the beneficial owner. Or POs cluster around month-end / quarter-end with retroactive approvals. JIL flags the conflict-of-interest and timing patterns.
Sealed evidence per blocked / held disbursement
Every disbursement JIL holds gets a sealed evidence record with the specific reason. Useful for AP audit trail, internal investigation, vendor dispute resolution, and (if it escalates) civil enforcement.
How to use it: integrate at the AP / ERP layer (SAP, Oracle, Coupa, Workday). Per-invoice pricing, with volume tiers for enterprise scale. See the live POC with 38 findings against 1K real on-chain payment records.
12 sanctioned-address hits on the first 1,000 USDC transfers.
On day one, p2p-engine ingested 1,000 USDC transfers from the Etherscan public API and cross-referenced every sender and recipient against a 46-address OFAC SDN seed (Tornado Cash, Lazarus-attributed wallets, Blender, LockBit, Conti, Hydra, Garantex, etc.). It surfaced 12 sanctioned-address hits, 1 velocity anomaly, and 25 BSA-threshold ($10K+) crossings in 38 total Tier 1 findings.
What we uncovered (top 5)
| Subject | Category | Finding |
|---|---|---|
| 12 OFAC SDN hits | Tornado Cash and Lazarus-attributed addresses | BSA / OFAC reporting trigger |
| 1 velocity anomaly | >100 transfers in 1-hour window | Structuring / layering pattern |
| 25 BSA-threshold crossings | Single transfer >= $10,000 USD value | FinCEN reporting marker |
| 46 sanctioned-address seed | OFAC SDN crypto-address attribution | Cross-vertical applicable |
| Etherscan public API | Real on-chain USDC transfer data | No subscription required |
Etherscan public API + OFAC SDN crypto-address list
Block-level (~12 second) refresh; OFAC daily. No subscription, no DUA, no per-record licensing. The full ingest manifest is replayable bit-identically.
Deterministic pass
Tier 1 ran a single deterministic pass against the ingested public dataset. SQL aggregates only - no stochastic LLM in the verdict path. Ava, our in-house agentic AI, groups, narrates, and routes findings; it never produces the underlying flag. Same kernel that ships the other 7 verticals.
What this means for your business
For an exchange compliance officer, MSB BSA officer, or stablecoin issuer, this is the wallet-level OFAC + structuring + BSA-threshold queue, ranked by recency and amount, that your existing transaction-monitoring vendor produces but which you cannot defend in court because it is not court-admissible. Each finding here ships with a sealed CREB™ that authenticates under FRE 902(14) - same evidentiary standard as your bank wires.
What Tier 2 unlocks. Customer engagement adds the exchange's own KYC + transaction history + off-chain identity links. Tier 2 layers on the chain-of-custody graph (Chainalysis or TRM if subscribed; otherwise our own blockchain enrichment), the off-chain identity attribution, and the SAR-ready evidence packet for FinCEN filing.
Procurement and Accounts Payable Integrity at a glance.
Where the integrity layer sits, what it produces, and how the sealed CREB™ flows back to the buyer's existing systems.
Where this product earns its place.
The strategic case for P2P as a JIL line of business - what makes the wedge defensible, what makes it economically meaningful, and how it compounds with the rest of the platform.
Highest non-healthcare ceiling in the portfolio
ACFE 2024 reports a median 5% of revenue lost to occupational fraud. With US private-sector revenue exceeding $20T, the loss base is approximately $1T annually. Procurement and AP represent the majority share.
CFOs, controllers, internal audit
Established procurement budgets, recurring-engagement patterns, direct ROI accountability. Sales motion mirrors selling provider-fraud detection to MCO compliance officers - same buyer archetype, same scrutiny standards, same procurement cadence.
ERP integration becomes infrastructure
Once integrated into SAP S/4HANA, Oracle Fusion Cloud, NetSuite, Workday Financials, Microsoft Dynamics 365, and Sage Intacct, JIL becomes embedded infrastructure. Switching costs are high; recurring revenue is structurally durable.
Every JIL vertical also runs an AP function
Every healthcare provider, every WC carrier, every grant-receiving nonprofit, every regional center, every trade-finance bank also runs an AP function. Vertical penetration anywhere creates land-and-expand here.
Net-new checks, sealed evidence.
A representative slice of the P2P-specific check pack. Each one runs in the same five-stage pipeline as the rest of the platform - intake, profile load, parallel checks, verdict, sealed CREB™ - and ships with a 14-of-20 BFT signature, a CourtChain™ L1 anchor, and a reproducibility manifest pinning the exact check-logic version.
Three-Way Match
Quantity, unit price, total, and vendor identity match across PO, goods receipt, and vendor invoice within tolerance. Flags exceptions and the user who approved the override.
Vendor Master Data Anomaly
Detects vendor record changes (banking, address) within suspicious time windows of payment processing. Cross-references vendor banking against employee payroll banking.
Ghost Vendor Detection
Verifies vendor business existence through corporate registry, physical address verification, and web presence. Flags vendors with no verifiable existence beyond the customer's records.
Split Purchase Detection
Detects transaction clustering just under approval thresholds. Cross-references by vendor, requestor, and time window. Applies Benford's Law to first-digit distribution.
Bid-Rigging Pattern
Detects parallel pricing, complementary bidding, bid rotation. Cross-references bidder communications metadata where accessible. DOJ Antitrust Division procurement-collusion guidance.
Vendor Markup Anomaly
Detects statistically anomalous markups against comparable-vendor pricing and benchmark databases (Spend HQ, GEP SMART, ProcurementIQ). Flags persistent overpricing patterns.
Sequential Invoice Number
Detects sequential or near-sequential invoice numbers from a vendor that should have many other customers. Flags single-customer-dependency or fabricated-invoicing patterns.
HR-Payroll-AP Triangulation
Phantom-employee detection. Cross-references HR records, payroll records, and AP vendor master. Detects payroll-to-vendor migration patterns and employee-vendor overlap.
Who runs this in production.
The buyer pattern for P2P - who carries the budget, who carries the regulatory exposure, and how the engagement starts. Most first engagements are a Retroactive Proof Audit on a defined lookback window; Pre-Settlement integration follows once the check pack is calibrated to the customer's profile.
SOX, FCPA, FCA
CFOs and controllers, internal-audit heads, chief compliance officers, CPOs, treasury teams. Public companies face SOX 404 baseline interest. Federal contractors face FCPA and False Claims Act exposure.
Channel economics
Deloitte, EY, PwC, KPMG forensic, internal-audit, and FCPA practices. Second-tier: BDO, Grant Thornton, RSM, Crowe, CLA, Forvis Mazars, Marcum. Channel economics with white-label tension.
Embedded compliance
SAP Ariba, Coupa, Oracle Procurement Cloud, Workday Strategic Sourcing, Ivalua, GEP SMART, Jaggaer. AP automation: Tipalti, AvidXchange, Stampli, Bill.com. T&E: Concur, Workday Spend Management.
FAR and qui tam exposure
Companies with active False Claims Act compliance exposure and FAR Part 6/43 commercial-procurement governance pressure. Multinationals with FCPA exposure on foreign vendor payments.
Four-SKU model. No percentage. No contingency.
Pricing carries over from the canonical four-SKU model unchanged - Retroactive Scan (flat fee), Retroactive Proof Audit (with credit-back against the next subscription tier), Pre-Settlement Subscription (tiered annual), and per-case CREB™ bundles (Tier 3 court-ready evidence). Asset Intelligence is the standard fifth SKU where the vertical needs it.
No percentage of recovery. No contingency. No success fees. JIL is detection and proof, not recovery. Recovery sits with the customer or its existing partners (subrogation counsel, recovery vendors, regulators). The structure is what allows JIL to operate as neutral integrity infrastructure across plaintiffs and defendants, payers and payees, regulators and the regulated, on the same case.
Ready to scope a P2P engagement?
Initial briefings are 60 minutes. Retroactive Proof Audit lookback windows, check-pack profile design, and integration runbook are available under NDA. We start where the buyer's procurement gate is shortest.
One kernel. Eight industries.
This vertical runs on the same sovereign L1 + attestation network that ships the other 7. Kernel age: 18+ months. Adding a vertical: ~1 week. Competitor moat: build the kernel first.
See also -- fraud-pillar counterparts
Identity Coherence (Primitive) -- P2P / crypto platforms commonly pair the non-fraud Money Passport flow with the standalone Identity Coherence primitive at /primitives/identity-coherence (cross-source identity proofing with synthetic-ID cluster detection).