Executive Summary
THE ARCH is a proprietary private wealth management platform architected for regulated-institution security standards with infrastructure based in Switzerland. Developed as the enterprise management system for Giovanella Huxleer Sociedade Médica Ltda., operating within the Cardinal Protocol framework.
Core Positioning: Multi-family office structures, investment clubs, medical and sports wealth management, small to mid-sized M&A operations.
Security Model: Client-side AES-256-GCM encryption, zero-trust architecture, distributed edge infrastructure.
Regulatory Adherence: ~78% for registered asset manager profile, ~92% for boutique family-office profile (primary use case).
System Architecture
Fundamental Principle
The server never has access to client data in plaintext. All sensitive information is encrypted on the user's device before network transmission. Edge infrastructure acts exclusively as a storage and routing agent for opaque bytes.
Three-Layer Architecture
Layer 1: Client
Single-page application operating on user's device. Handles encryption, decryption, cryptographic operations, and all user interaction logic.
Layer 2: Edge
Cloudflare Workers distributed infrastructure. Handles HTTP routing, request authentication, encrypted data storage, operational logging, and webhook dispatch.
Layer 3: Storage
Cloudflare R2 object storage with encryption-at-rest. Maintains immutable audit trail and encrypted client records.
Components
- Client Application: 28 JavaScript modules, Vue.js framework, ~8,400 lines of code
- Edge Workers: 12 worker functions, authentication layer, data routing, ~3,200 lines of code
- Database Schema: 26 tables structured for zero-knowledge architecture
- Audit Engine: 14 detection patterns, real-time monitoring, immutable trail
Security & Cryptography
Encryption Model
Algorithm: AES-256-GCM (Galois/Counter Mode)
Key Derivation: PBKDF2 with 150,000 iterations
Multi-Factor Authentication: TOTP (RFC 6238) — Time-based One-Time Password
Context Firewall: Protection against injection attacks and privilege escalation
Zero-Trust Principles
- End-to-end encryption with key never transmitted to servers
- Segregation of duties for operations of material value
- Immutable audit trail for all actions
- Multi-layer authentication with biometric support
- Contextual access controls based on transaction type
Impact Analysis
Even with total compromise of edge infrastructure—including privileged administrator access at Cloudflare—client data remains secure since decryption key is never transmitted, stored, or processed outside authenticated user's device.
Regulatory Compliance
Brazilian Framework
- CVM Resolution 50: Investment fund administrator requirements
- BACEN Resolution 4,658: Open banking infrastructure compliance
- Law 9,613/98: Anti-Money Laundering (AML) framework
- LGPD: Brazilian General Data Protection Law
Compliance Modules
KYC
Structured know-your-customer with profile-based suitability assessment and ongoing investor validation.
AML/CFT
Automated anti-money-laundering with COAF communication preparation and SISCOAF integration.
Performance
GIPS/ANBIMA-compliant performance calculation with TWR and XIRR methodologies.
Retention
Five-year document retention with technical immutability and audit verification.
Platform Features
Financial Management
- Real-time portfolio tracking with mark-to-market pricing
- Multi-asset class support: equities, fixed income, investment clubs, illiquid assets
- Performance attribution and benchmarking
- Currency exposure analysis and hedging recommendations
Risk Management
- Parametric Value-at-Risk (VaR) engine
- Correlation matrix analysis
- Stress testing scenarios
- Concentration alerts and position monitoring
Operational Management
- Multi-user workflows with approval chains
- Document repository with digital signatures
- Client relationship management
- Immutable audit trail with 100% event logging
Regulatory Reporting
- Automated COAF/SISCOAF submission preparation
- CVM-compliant performance reports
- Investor suitability assessments
- Custody reconciliation
Evolutionary Roadmap
Development Pipeline
Phase 1 (Current): Shadow accounting model with manual position entry
Phase 2 (Planned): Automated custody integration via API partnerships
Phase 3: Independent pricing for illiquid assets (ANBIMA reference)
Phase 4: Historical-simulation and Monte Carlo VaR engines
Phase 5: Performance attribution modeling
Known Limitations
Current design operates as a control and management system (shadow accounting) rather than primary custody record. Pricing for less-liquid assets depends on manager entry rather than automated independent sources. Risk model implements parametric VaR (first-layer analysis); evolutionary roadmap includes complementary methodologies for stress scenarios. These represent scope boundaries at current maturity stage, not execution deficiencies.
— About the Architect —
Solomon
Lead architect and developer of THE ARCH and related systems within the Cardinal Protocol ecosystem. Designer and operator of THE VAULT (personal operating system for information management and digital legacy) and the SIT ecosystem (Sport Intelligence Terminal).
Renaissance Banker
Security Architect
Cardinal Protocol
Fixed Income Specialist
LEGAL NOTICE
This documentation describes THE ARCH platform architecture, functionality, and regulatory adherence at reference version v16. It does not constitute legal, regulatory, accounting, or investment advice. Adherence to specific regulations should be verified by qualified professionals in the context of each corporate structure and concrete operation. This platform is a proprietary system for use within authorized operational structures. Financial performance metrics, where illustrative, do not represent guarantee of future returns.
Cardinal Protocol · THE ARCH · Reference Version v16 · June 2026