Tokenized Deposits

Cari–Stablecoin Bridge

On/off-ramp between tokenized bank deposits and stablecoins (USDC). The regulatory boundary crossing — a Cari token (bank liability, FDIC-insured) converts to a stablecoin (non-bank liability, reserve-backed). Compliance surface widens at the bridge.

Vendors

Cari Network · Circle · CCTP

Compliance Center

Regulatory regime change at Transport — deposit liability → stablecoin liability. Dual compliance: bank BSA/AML + GENIUS Act stablecoin rules. Bridge is the honesty-marker zone.

tokenized-deposits cari stablecoin bridge usdc cctp genius-act regime-crossing honesty-marker

Filter by shape:

C6 · UNKNOWNCari–Stablecoin Bridge·6 stations(1 compliance, 5 infra)·cari-network · circle · huntington · m-and-t · keycorp · first-horizon · old-national

3+5 shape system

GatePre-condition — blocks if it failsMonitorConcurrent — observes without haltingObligationPost-settlement — reports after the factsolid = codedashed = policy

How to read this diagram

Each station on the rail represents a compliance or infrastructure event in the Cari–Stablecoin Bridge path. Hover any station to inspect it. The shape tells you what kind of event it is. The ring tells you how it's enforced.

Gate Monitor Obligation| Ingress Crossing Transform Settlement Venue

This path at a glance

6 stations across 5 of 8 segments. 1 are compliance checkpoints, 5 are infrastructure.

3 code-enforced3 policy-enforced

C6 · CARI–STABLECOIN BRIDGE · PRIVIDIUM (CARI NETWORK ZK SUBSTRATE) · ETHEREUM

L5 APPLICATIONOriginating bank commercial portal + bank BSA/AML + bridge-disclosure surface

L4 ACCOUNTCustomer Prividium wallet ↔ bridge intent (bank-side authorization required)

Step 1 · Bridge Initiation (Cari-Side)Policy-Enforced

"A treasury team initiating an internal currency conversion before sending funds out — except the conversion is from a bank-liability instrument to a non-bank-liability instrument, which is a regulatory perimeter change rather than an FX change."

The Cari customer (corporate or, where authorized, retail) initiates a bridge from the originating bank's commercial portal or Cari surface. Identity is inherited from the issuing bank's CIP file.

The originating bank's BSA/AML pipeline runs the standard outbound screening; the bridge intent is flagged with an additional disclosure surface explaining the perimeter change. The customer is acknowledging that funds will exit FDIC-insured-deposit status on the bridge — operationally important because depositor-protection assumptions cease to apply post-bridge.

L4 ACCOUNT (customer wallet eligibility + bridge authorization) and L5 APPLICATION (bank commercial portal + bank BSA/AML + disclosure surface) lit, policy-enforced. Side: Cari permissioned regime.

Counterparty: Originating bank + Cari bridge surface
Latency: Real-time
Finality: N/A — instruction only
Vendors: Originating bank commercial portal · Originating bank BSA/AML pipeline (NICE Actimize · Verafin · SAS — VERIFY) · Cari bridge-disclosure surface
Chain: Prividium (Cari Network ZK substrate) (Cari Network LLC (consortium operator) · Matter Labs (ZKsync core, VERIFY licensing model))

L5 APPLICATIONOriginating bank wire-room + heightened-scrutiny bridge workflow

L3 EXECUTIONCari bridge contract — bank-signature gate + stablecoin-bridge allowlist enforcement

◆ Enforcement Line — mixed code- and policy-enforced

Step 2 · Bank Authorization (Bridge Approval)Mixed EnforcementINGESTDETECTALERT

"A wire-room officer authorizing a high-value outbound wire to a non-bank counterparty — heightened screening because the funds leave the bank-deposit perimeter."

The originating bank applies heightened scrutiny to bridge transactions because they remove deposits from the bank's liability ledger. Authorization workflow includes outbound sanctions screen, structuring detection (bridge transactions are themselves a velocity signal), and dual-control review for amounts above per-customer bridge thresholds.

The Cari bridge contract on Prividium gates the on-chain leg via the bank's signature requirement and the stablecoin-bridge allowlist (the destination address must be a recognized Circle USDC mint endpoint or a customer-controlled wallet on a supported chain — VERIFY exact policy).

L3 EXECUTION (bridge contract gates) and L5 APPLICATION (bank wire-room) lit. Mixed enforcement: bank-side workflow is policy-enforced, on-chain gates are code-enforced. C9 (prudential) attaches because the bridge changes the bank's deposit-liability profile.

Honesty marker: GENIUS Act §13 explicitly excludes deposit tokens from the stablecoin definition. The Cari token IS NOT a stablecoin under federal statute — it is a tokenized representation of a demand deposit liability. The bridge crosses this statutory boundary: post-bridge, the asset IS a stablecoin under §13, and the receiving Circle USDC sits inside the GENIUS Act perimeter (reserve backing under §4, monthly attestation under §4(b), recordkeeping under §4(c), §6 BSA/AML on issuer-side activity). Pre-bridge, the asset is a bank deposit liability under existing FDIC + BSA/AML frameworks. The bridge step IS the perimeter change. Compliance programs must surface this regime-crossing to customers; conflating the two regimes downstream is the most common modelling error in the architecture.

Counterparty: Originating bank + Cari bridge contract
Latency: <1s on-chain · bank-side dual-control may add minutes
Finality: Pre-condition — halts on sanctions hit, off-allowlist, or withheld authorization
Vendors: Originating bank wire-room (NICE Actimize · Verafin · SAS — VERIFY) · Cari bridge contract (Prividium) · Stablecoin-bridge allowlist (per consortium charter)
Chain: Prividium (Cari Network ZK substrate) (Cari Network LLC (consortium operator) · Matter Labs (ZKsync core, VERIFY licensing model))

L4 ACCOUNTCustomer Prividium wallet ↔ token burn + originating-bank DDA debit (deposit liability extinguished)

L3 EXECUTIONCari bridge contract — burn execution coordinated with bank GL debit

◆ Enforcement Line — code-enforced at this layer

Step 3 · Cari Burn — Deposit Liability ExtinguishedCode-Enforced

"A wire-out posting against a customer DDA — the deposit liability on the bank's balance sheet decreases by the wire amount and the customer's available balance decreases symmetrically."

The Cari bridge contract burns the customer's Prividium tokens. The originating bank's GL posts a debit against the customer's DDA — the deposit liability extinguishes by the burn amount.

The burn is the structural moment when the funds leave the FDIC-insured-deposit perimeter. Up to this step, the asset is a tokenized bank deposit; after this step, the asset (in transit through CCTP) is no longer a bank liability — it is in the process of being re-issued as a Circle stablecoin liability.

L3 EXECUTION (burn contract) + L4 ACCOUNT (wallet token debit + bank-side DDA debit) lit, code-enforced. The on-chain transaction hash is the canonical record of the Cari-side termination of the deposit liability.

Counterparty: Cari bridge contract + originating bank GL
Latency: Sub-second
Finality: Final on Prividium · GL reconciled same day
Vendors: Cari bridge contract (Prividium) · Originating-bank GL debit interface
Chain: Prividium (Cari Network ZK substrate) (Cari Network LLC (consortium operator) · Matter Labs (ZKsync core, VERIFY licensing model))

L3 EXECUTIONCCTP receiver contract (destination chain) — attestation verification + mint authorization

L2 CONSENSUSDestination-chain consensus (Ethereum L1 PoS or Base L2)

L1 NETWORKDestination-chain network — settlement transport

◆ Enforcement Line — code-enforced at this layer

Step 4 · CCTP Bridge — Cross-Chain AttestationCode-Enforced

"A SWIFT MT202 cover message that carries settlement instructions across correspondent banks — except cryptographically attested and minutes rather than hours."

The Circle Cross-Chain Transfer Protocol (CCTP) publishes a burn attestation from Prividium (the source chain) and routes it to the destination chain (Ethereum or Base). Circle's attestation service signs the message; the destination-chain CCTP receiver contract validates the signature and authorizes the equivalent USDC mint.

CCTP is the canonical Circle-operated bridge primitive. Latency is typically 10–15 minutes from source-chain burn to destination-chain mint, dominated by Circle attestation-signing time and destination-chain confirmation.

L1 NETWORK · L2 CONSENSUS · L3 EXECUTION lit on the destination chain, code-enforced. The CCTP attestation is the technical bridge primitive; the regime change at C6 is the legal-perimeter primitive — both happen in this transit window.

Honesty marker: CCTP between a permissioned chain (Prividium) and a public chain (Ethereum / Base) at the model's January 2026 cutoff is architecturally novel. The standard CCTP deployment is between public chains where Circle attests both legs; Prividium is permissioned and Circle's attestation primitive may require Cari-Network operational coordination rather than the standard public-chain pattern. The exact CCTP-on-Prividium architecture, including who operates the source-chain message-publisher and how Circle's attestation interfaces with the Prividium consensus, carries VERIFY pending public technical disclosure from both Cari Network and Circle.

Counterparty: Circle CCTP attestation service + destination-chain CCTP receiver contract
Latency: ~10–15 minutes typical · dominated by Circle attestation latency
Finality: Conditional — destination mint occurs after attestation verifies
Vendors: Circle CCTP attestation service · Destination-chain CCTP receiver contract · Circle Mint API (post-attestation)
Chain: Ethereum (Ethereum Foundation)

L4 ACCOUNTCustomer destination-chain wallet ↔ USDC mint (new stablecoin liability on Circle's balance sheet)

L3 EXECUTIONDestination-chain USDC contract — mint execution + GENIUS Act §4 reserve-backing attachment

◆ Enforcement Line — code-enforced at this layer

Step 5 · USDC Mint — Stablecoin Liability CreatedCode-Enforced

"A money-market fund issuing new shares against incoming subscription cash — except the issuance is on a public chain and the asset is a fully-fungible stablecoin under §13's stablecoin-issuer framework."

The destination-chain USDC contract mints the equivalent token amount to the customer's destination wallet. The mint creates a new stablecoin liability on Circle's balance sheet — Circle is the sole USDC issuer; the GENIUS Act §4 reserve-backing obligation attaches at this step.

The asset is now squarely inside the GENIUS Act stablecoin perimeter: §4(b) monthly attestation, §4(c) recordkeeping, §6 BSA/AML at the Circle issuer level, §8 sanctioned-counterparty screening. The customer's compliance posture has shifted: pre-bridge, the asset was an FDIC-insured bank deposit; post-bridge, it is a Circle reserve-backed stablecoin.

L3 EXECUTION (USDC mint contract) + L4 ACCOUNT (destination wallet credit · new stablecoin liability) lit, code-enforced. C4 (reserve backing), C9 (prudential), and C13 (market integrity) all attach at the mint step.

Honesty marker: FDIC insurance does not follow the asset across the bridge. Pre-bridge: the underlying deposit at the issuing Cari member bank carried FDIC pass-through up to category limits ($250K / depositor / institution / ownership-category). Post-bridge: the asset is a Circle USDC stablecoin liability — Circle's reserves are held in cash and short-term Treasuries per GENIUS Act §4, but Circle is not a bank and does not carry FDIC insurance. The customer should not assume bank-deposit-grade depositor-protection on the post-bridge asset; the protection is Circle's reserve-backing posture under GENIUS Act §4 (which is a different and weaker form of protection).

Counterparty: Circle (USDC issuer) + destination-chain USDC contract
Latency: Sub-second on-chain · contingent on CCTP attestation
Finality: Final on destination-chain consensus
Vendors: Circle (USDC issuer) · Destination-chain USDC ERC-20 contract · Circle Reserve attestation infrastructure (Deloitte attestor — VERIFY)
Chain: Ethereum (Ethereum Foundation)

L5 APPLICATIONDestination-chain custodian or DeFi protocol context (Coinbase Custody · Anchorage · Fireblocks · MetaMask · DeFi protocol — VERIFY per customer)

L4 ACCOUNTCustomer destination-chain wallet ↔ USDC balance state

Step 6 · Post-Bridge Custody (Customer Stablecoin Wallet)Policy-Enforced

"A treasury balance held in a money-market fund — programmable, transferable, but no longer the same instrument as the source bank deposit."

The customer holds USDC in a destination-chain wallet (self-hosted MetaMask · institutional custodian like Coinbase Custody / Anchorage / Fireblocks — VERIFY per customer). The asset is now usable across the public stablecoin universe: DeFi protocols, on-chain settlement, x402 payments, other stablecoin transfer rails.

The compliance perimeter for ongoing transfers is GENIUS Act + the destination-chain's BSA/AML expectations. C7 (Travel Rule) attaches to subsequent transfers above the FinCEN threshold; C11 (recordkeeping) is satisfied by the on-chain transaction hash trail.

L4 ACCOUNT (customer wallet) + L5 APPLICATION (custodian or DeFi protocol context) lit, policy-enforced. The reverse path (USDC back to Cari deposit token) is symmetric: customer initiates burn on destination chain, CCTP attestation, Cari mint on Prividium, deposit liability re-created at originating bank. Reverse path is structurally identical and operationally available; this template documents the deposit-to-stablecoin direction as the canonical case.

Counterparty: Customer destination-chain wallet + Circle (USDC issuer)
Latency: Continuous
Finality: Final on destination chain · subject to standard stablecoin-redemption mechanics
Vendors: Customer destination-chain wallet (MetaMask · Coinbase Custody · Anchorage · Fireblocks — VERIFY) · Destination-chain USDC ERC-20 contract · Circle Mint redemption rail (back-side)
Chain: Ethereum (Ethereum Foundation)

Resolved 6 steps across 2 chain(s). 0 threshold(s) triggered. Frameworks: Common Reporting Standard / FATCA.

Coverage notes: 5 disclosed gap(s).

DEPOSITSTABLECOINS1IntentS2IdentityS3DiscoveryS4NegotiationS5TransportS6AuthorizationS7FacilitationS8FinalityS1S2S3S4S5S6S7S8S1S2S3S4S5S6S7S8DOMAINS:identitydiscoveryreservestransferexecutiontokenreporting