1. Executive Summary
Numo is a Digital Public Infrastructure (DPI) based on a Real-Time Gross Settlement (RTGS) engine. Designed to act as the Root Node for Central Banks and Governments, it orchestrates atomic operations between connected financial institutions. Written primarily in Go, it uses decoupled microservices synchronized through immutable event buses.
2. Root Node Topological Architecture
Legacy national payment systems often suffer from database throttling and monolithic architectures. Numo solves this by decoupling processing from definitive storage, acting as a highly available event bus.
- NumoCore (The Engine): Stateless microservice responsible for ingesting transactions, validating cryptographic signatures, and checking business rules (limits, schedules).
- NumoLedger (The Ledger): The source of financial truth. It uses segregated high-concurrency databases to settle atomic clearings (debit account A, credit account B).
- API Gateway: The contact frontier where Financial Institutions (FIs) and Payment Institutions (PIs) connect.
- NumoTrust: The Master of Ceremonies (PKI) module. Responsible for issuing, renewing, and revoking digital certificates for the entire ecosystem.
3. Integration Matrix (FIs and PIs)
Numo has no end-user (citizen) screens. The system exposes RESTful and gRPC APIs so that participating institutions' banking cores connect to the Central Bank's central clearing engine.
- Direct Participants: Large institutions that maintain a Settlement Account directly with the Central Bank. They integrate to the main bus via continuous messaging (NATS or Kafka).
- Indirect Participants: Smaller institutions that use Direct Participants as sponsoring settlers. Integration and settlement flow through standardized gateways under Numo's governance.
4. Anatomy of a Settlement (ISO 20022)
The core adopts restricted semantics aligned to ISO 20022. A typical transfer follows a real-time gross settlement (RTGS) flow with Double-Entry guarantees:
[NumoCore] -> Verify Sender Balance (FI_A): OK.
[NumoCore] -> Verify Receiver Limits (FI_B): OK.
[Lock] -> Reserving Funds (P1)...
[NumoLedger] -> COMMIT debit FI_A, credit FI_B.
[NumoStream] -> Publish pacs.002 (SETTLED) to Subscriptions
The strict use of pacs.008, pacs.002, and camt.052 grammars ensures native out-of-the-box compatibility with cross-border payment arrangements.
5. State-Level Security (HSM & Zero-Trust)
To meet military/government requirements (e.g., Open Banking FAPI), the transport layer adopts an explicit Zero-Trust framework.
Every institution connecting to Numo requires transport under mTLS 1.3 (Mutual TLS). Certificates use the SPIFFE/SPIRE framework with automated rotation of short-lived keys, backed by the roots of trust maintained by the Central Bank in Hardware Security Modules (HSM via PKCS#11).
6. Data Governance
In a modern DPI system, privacy is a baseline asset. Numo processes transactions but does not centralize the individual consumption history. The Central Bank maintains custody of the corporate settlement metadata, while institutions retain the edge transaction details (edge execution), preventing large-scale central leaks.