FILE

EOI / SUBTRAN / ANOVA / JUN-2026 / v2.0

VOLUME

01 / 01

PAGES

EXPRESSION OF INTEREST · RESTRICTED CIRCULATION

SubTran

A digital liaison and compliance agent for payment ecosystems — sitting above the rails, not beside them.

SubTran is proposed as a payment-integrity, reconciliation, support and fraud-intelligence layer that would sit above existing and future payment rails used in Barbados — including BiMPay, ACH-like transfers, card networks, SWIFT and request-to-pay flows. Its purpose is not to replace BiMPay or any regulated payment service provider, but to make payment operations more observable, explainable, reconcilable and resilient for regulators, PSPs, merchants and end users.

Reference

EOI / SUBTRAN / ANOVA / JUN-2026 / v2.0

Date

June 2026

Status

EOI — For Consideration

Classification

Restricted · Confidential

Prepared For

Central Bank of Barbados · Government of Barbados

Circulation

Limited — Named Recipients Only

Author

ANOVA / SubTran

Revision

v2.0 / final-draft

CONFIDENTIAL

Verifier

sha256:9f4a…b71c

SCROLL TO REVIEW PROPOSAL↓NODE_01 / OVERVIEW

Index

PARTIAL ACCESS

I.Executive Summary
p.3
II.BiMPay & the Barbados Context
p.5
III.Proposed SubTran Capabilities
p.7
IV.Material Benefit by Stakeholder
Restrictedp.9
V.FATF Relevance & Strategic Value
Restrictedp.11
VI.Shortcomings & Implementation Risks
Restrictedp.13
VII.Development Team & Terms of Reference
Restrictedp.15
VIII.RACI Matrix
Restrictedp.17
IX.Recommendation & References
Restrictedp.19

NODE_01 / OVERVIEW§ I

I.Executive Summary

SubTran is proposed as a payment-integrity, reconciliation, support and fraud-intelligence layer that would sit above existing and future payment rails used in Barbados, including BiMPay, ACH-like transfers, card networks, SWIFT and request-to-pay flows. Its purpose is not to replace BiMPay or any regulated payment service provider, but to make payment operations more observable, explainable, reconcilable and resilient for regulators, PSPs, merchants and end users.[1] [2] [3] [4] [5] [6] [7] [8]

This proposal is timely because BiMPay is being positioned as Barbados' national instant payment system, while the Central Bank's licensing framework expects payment institutions to demonstrate robust governance, internal controls, safeguarding arrangements, complaints handling, technology and cyber-risk management, business continuity and AML/CFT/CPF readiness. These are necessary foundations for a modern payment ecosystem, but they also create operational burdens for PSPs, merchants and smaller businesses that may lack sophisticated reconciliation, incident-handling and monitoring capabilities.[5] [9] [10] [11] [12] [1]

SubTran addresses that gap. It is conceived as an operational-intelligence and integrity platform that can unify transaction data across rails, reconcile records across institutions and accounting systems, detect anomalies and suspected fraud in real time and create a structured audit trail for operational and supervisory review. Over time, it can also support Barbados' long-run strategic interests by: strengthening data quality, transaction monitoring and supervisory visibility — areas that matter to FATF-aligned compliance and to the confidence of correspondent banks, investors and foreign partners.[4] [7] [13] [14] [15] [16] [17] [18]

Rails covered

BiMPay · ACH · Card · SWIFT · RTP · Wallet

Team size

Lean formation · strategy → SRE

FATF dimensions

Monitoring · data · trace · supervision

NODE_02 / CONTEXT§ II

II.BiMPay & the Barbados Context

BiMPay and the Barbados Context

BiMPay is the Central Bank of Barbados' national instant payment system, designed to support fast domestic payments across individuals, businesses and government, with features such as QR code payments, request for payment and confirmation of payee. Public information indicates that the system is domestic in scope today, with no current cross-border functionality, although future interoperability and broader payment connectivity are plausible strategic directions as the ecosystem matures.[2] [19] [20] [21] [1]

The Central Bank's policy and licensing materials show a clear regulatory priority: market entry must be accompanied by prudent governance, fit-and-proper management, compliance resources, safeguarding of customer funds, consumer protection, complaints procedures and technology and cyber controls. This creates an opening for infrastructure that helps participants satisfy those expectations operationally rather than only on paper.[10] [11] [15] [22] [5]

Barbados also has a recent FATF history that makes the credibility of its financial controls strategically important. Barbados was previously on the FATF grey list — formally, jurisdictions under increased monitoring — and was removed in February 2024 after completing its action plan. Grey-listing does not ban transactions, but it increases scrutiny from counterparties, often leading to enhanced due diligence, slower onboarding, more documentation demands and greater sensitivity around cross-border banking relationships.[16] [17] [23] [24] [25] [26]

Why SubTran Matters Now

SubTran matters now because the launch of an instant-payment environment raises the operational bar for all participants. Instant payments improve speed for consumers and businesses, but they also compress the time available for fraud controls, reconciliation, dispute handling and communications. Features such as QR payments and request-to-pay improve usability, but they also add more transaction states, message flows and user-support scenarios that must be managed correctly.[19] [32] [1] [2] [28]

For many institutions, especially smaller PSPs and merchants, the challenge is not only "how to connect to the rail" but "how to run a trustworthy payment operation every day." That includes explaining failed or delayed payments, matching settlement records to ledgers, identifying suspicious activity, keeping customer complaints organized, and producing evidence for compliance and supervisory review.[12] [13] [14] [5] [10]

SubTran matters because it aims to absorb those operational burdens into a common service layer, which could lower friction for market participants while giving regulators and ecosystem operators better visibility into risk and performance.[15] [6] [27]

Above the rail, never inside it

Read-only ingest; no settlement authority.

Reconciliation as a first-class output

Cross-rail, cross-institution, cross-ledger matching.

Explainability over opacity

Every flag carries a traceable rationale and reason code.

Supervisory-grade audit

Tamper-evident, role-scoped, retention-aware evidence.

Sovereign by default

Data residency, key custody and operator controls remain local.

What is SubTran?

SubTran is a proposed software platform and operational layer for payment ecosystems. Its core design objective is to create a single, structured view of what happened across multiple rails, who is affected, whether the payment or process is trustworthy, whether funds and records reconcile and what action should happen next.[3] [6] [7] [27]

In practical terms, SubTran would provide four integrated functions: multi-rail transaction normalization and observability; inter-rail and cross-platform reconciliation for PSPs, merchants and supervisors; real-time fraud, anomaly and operational-incident detection; and structured support, escalation and audit evidence management. SubTran is therefore best understood as an integrity and control layer on top of payment rails rather than as a payment rail itself.[31] [8]

NODE_03 / SCHEMA§ III

III.Proposed SubTran Capabilities

SubTran would deliver four integrated functions: multi-rail transaction normalization and observability; inter-rail and cross-platform reconciliation for PSPs, merchants and supervisors; real-time fraud, anomaly and operational-incident detection; and structured support, escalation and audit evidence management.[3] [6] [27] [28]

Best understood as an integrity and control layer on top of payment rails rather than a payment rail itself.

FIG. 03–A · PLANES

   ┌─────────── REGULATOR · PSP · MERCHANT ───────────┐
   │            Disclosure Plane  (scoped)            │
   ├──────────────────────────────────────────────────┤
   │       Intelligence Plane  ·  signals / risk      │
   ├──────────────────────────────────────────────────┤
   │     Reconciliation Plane  ·  match / repair      │
   ├──────────────────────────────────────────────────┤
   │            Ingest Plane  ·  normalise            │
   └──┬──────┬──────┬──────┬──────┬──────┬────────────┘
      │      │      │      │      │      │
   BiMPay  ACH   Card  SWIFT   RTP   Wallet

CAPABILITY 01

Multi-Rail Normalization and Observability

SubTran should ingest data from BiMPay and any connected PSP systems and it should be architected to accommodate ACH-like rails, card-network feeds, SWIFT message flows, request-to-pay transactions, settlement files, webhook notifications and accounting-system exports. The platform would map these different formats into a canonical transaction model, so that: operations, compliance and technical teams can investigate one common case rather than multiple partial records, across multiple systems.

The practical value is significant. A merchant or PSP should be able to ask a single question — "what happened to this payment?" — and see the event timeline, beneficiary/originator data, rail-specific status, exceptions, alerts, and related case actions in one place.[33] [3] [8]

[7][13][3][4][8][27]

CAPABILITY 02

Inter-Rail and Cross-Border Reconciliation

Although BiMPay is currently domestic, SubTran should be designed from the outset to reconcile across domestic and future cross-border rails. The platform should support reconciliation for:

RTP / instant-payment flows
ACH-like batch or delayed-settlement transfers
SWIFT-originated or SWIFT-confirmed transactions
Card-network transactions, including authorization, clearing, chargeback and settlement views
Merchant internal books, ERP systems and general ledger outputs

Suggested reconciliation features include:

Canonical data mapping across rails[3] [27]
Match-and-exception logic for duplicates, delayed settlement, failed reversals, amount mismatches, missing confirmations and incomplete beneficiary data[34] [35] [33]
Daily and intraday books-ready exports for finance teams[7] [13]
A "ledger confidence score" indicating how fully a merchant's or PSP's books reconcile for a given period
Cross-rail cash-position visibility showing expected versus actual funds by rail, institution, or counterparty[6] [7]

This capability is material because multi-platform payments often impose the heaviest cost after the payment has already been initiated: proving the books are correct, tracing missing funds and resolving breaks before they become disputes or liquidity stress.[12] [13] [6]

[20][21][13][4][6][7]

CAPABILITY 03

Real-Time Fraud and Anomaly Detection using GNN Architecture

A major differentiator for SubTran should be its use of graph-based intelligence, including graph neural network (GNN) architecture, to detect fraud and suspicious behavior in real time. Traditional rule-based controls can detect known issues such as amount thresholds, blocked destinations, repeated attempts, or missing fields, but they often fail to see the network structure of fraud: linked devices, mule accounts, circular flows, repeated counterparties and cross-rail attack sequences.[29] [36] [37] [28]

SubTran's GNN-based fraud layer should model the payment ecosystem as a graph consisting of entities and relationships such as:

Payers and payees
Merchants and PSPs
Devices and sessions
IP addresses and locations
Accounts, aliases, cards and identifiers
Transactions across multiple rails over time[36] [38] [29]

In this model, suspicious behavior is detected not only from the attributes of a single payment, but from the structure and evolution of the network around it. For example, a GNN can help surface cases where a new beneficiary is linked to multiple recently opened accounts, where the same device originates transactions across different rails and institutions in an abnormal sequence, or where small value "probing" transfers precede a larger real-time payment.[37] [38] [36]

A real-time fraud architecture for SubTran should therefore combine:

Rules for known patterns and policy constraints[30] [29]
Streaming anomaly detection for velocity, sequence and behavioral deviation[38] [29]
GNN or graph-risk scoring for network-connected patterns and mule-ring detection[36] [37]
Case-management outputs with reason codes and human-readable evidence[28] [30]

This gives SubTran three advantages. First, it can detect cross-rail fraud patterns that a single-rail system may miss. Second, it can improve decision quality by contextualizing an event within a relationship network, instead of treating it as isolated. Third, it can support both operational fraud response and AML/CFT-focused monitoring by preserving the evidence needed for escalation and review.[14] [18] [15] [29] [28] [36]

[29][36][37][28][38]

CAPABILITY 04

AI Agents and Operational Orchestration

SubTran's operational model should include specialized AI agents for different types of incidents. The current concept is coherent and should be maintained:

CSIRAAGENT

Computer Security Incident Response Agent

Focused on cyber threats, credential abuse and account compromise.

FIRAAGENT

Financial Incidence Response Agent

Focused on financial discrepancies, suspicious transactions, reconciliation breaks and compliance routing.

NERAAGENT

Network Emergency Response Agent

Focused on rail disruption, integration outages, delayed responses and infrastructure instability.

PORAAGENT

Payment Operations and Reconciliation Agent

Embedded within the Customer Trust / Technical Support function and focused on matching, exception creation and case preparation.

This multi-agent structure makes sense because not all anomalous events are fraud. Some are operational failures, some are message-quality problems and some are true financial-crime indicators. SubTran's value lies partly in separating those categories quickly and consistently.[15] [30] [34] [38]

[39][40][41][42]

CAPABILITY 05

Payment Integrity Control Tower

The most strategically valuable feature to add to the SubTran suite is a Payment Integrity Control Tower. This would be a cross-rail command view for regulators, PSPs and large merchants that brings together:

Real-time transaction monitoring[14] [30]
Reconciliation confidence and unresolved exceptions[13] [7]
Message-quality and data-completeness checks, especially for future cross-border transfers and FATF Recommendation 16 expectations[43] [44] [4]
Service uptime, latency, webhook reliability and integration failures[8] [34]
Fraud and anomaly alerts with drill-through to evidence and resolution status[29] [28]
Supervisory dashboards and trend views for ecosystem-wide analysis[18] [15]

This would give SubTran utility beyond merchant support or back-office automation. It would become a trust and supervision tool for a growing payments ecosystem.[18] [15]

[14][30][13][7][43][44][8][29][18][15]

NODES 04 — 09

Restricted Sections

SECTIONS IV — IX

§ IVCLASSIFIED

Material Benefit by Stakeholder

████ ███ ███████ ████████ ██ ████ ███████ ██ ███ ██████ ████████ █████ ███ ██ █████████ █████████ ██ ████ ███████.

§ VCLASSIFIED

FATF Relevance & Strategic Value

§ VICLASSIFIED

Shortcomings & Implementation Risks

§ VIICLASSIFIED

Development Team & Terms of Reference

§ VIIICLASSIFIED

RACI Matrix

§ IXCLASSIFIED

Recommendation & References

Apparatus · References51 sources

[1]Global Government Finance — Barbados Instant Payment System (BiMPay) Launch Date.
[2]Central Bank of Barbados — Three BiMPay features you should know about.
[3]Oceanobe — Multi-rail Payments overview.
[4]SWIFT — Payments Data Quality.
[5]Central Bank of Barbados — Framework for Licensing & Authorising Payment Service Providers (Sep 2025).
[6]Payments Journal — Automating Reconciliations and Optimizing Operations.
[7]Payments Journal — A Single Source of Truth: Automation's Impact on Payments Reconciliation.
[8]Vayqube — Payment Gateway Development Guide.
[9]Central Bank of Barbados — BiMPay Delay FAQs.
[10]Central Bank of Barbados — Licensing Application Form for Payment Institutions (Sep 2025).
[11]Central Bank of Barbados — Guideline for Safeguarding Customer Funds (Sep 2025).
[12]OptimusTech — Payment Reconciliation Challenges for SMEs.
[13]DEUNA — Payment Reconciliation Challenges: Transforming Complexities into Strategic Advantages.
[14]Facctum — What is Transaction Monitoring and how it works.
[15]Partisia — Transaction Monitoring Systems: the core of financial-crime detection & AML compliance.
[16]Central Bank of Barbados — Barbados no longer under increased monitoring by the FATF.
[17]U4 — The Impact of Grey-Listing by the FATF.
[18]BIS — Financial Stability Institute summary on AML/CFT banking supervision.
[19]Central Bank of Barbados — QR codes and BiMPay (blog).
[20]Central Bank of Barbados — Instant Payments True or False (blog).
[21]Oriana Barbados — Central Bank launches BiMPay instant payment.
[22]Government of Barbados — National Payment System Act 2021.
[23]KPMG — Barbados removal from FATF grey list.
[24]Silent Eight — Greylisted: what it really costs and what it takes to be removed.
[25]Rates.fm — FATF Lists: why they matter.
[26]NRD Companies — FATF lists: impacts of inclusion.
[27]PortX — Payment Manager product overview.
[28]Banking Vision — AI-driven Payment Fraud.
[29]Oscilar — Transaction Monitoring blog.
[30]Visa — Transaction Monitoring insights.
[31]BankBuddy.ai — Payments Hub platform.
[32]PwC India — Adoption of Faster Payments.
[33]Transyt — Payment Webhooks.
[34]NestJS Courses — Reconciliation & event-driven design article.
[35]TechInterview — Stripe-style payment system design (idempotency, ledger reconciliation, webhooks).
[36]Preprint — Graph Neural Networks for fraud detection (publication status repository).
[37]IJCA — GNN-based anomaly detection in payment graphs.
[38]RisingWave — Real-time Fraud Detection.
[39]Microsoft Dynamics 365 — Payment Reconciliation Agent template.
[40]Rexi Finance — Reconciliation Automation blog.
[41]Automation Anywhere — AI in the Payments Industry.
[42]Beam AI — Invoice Reconciliation Agent.
[43]ipid.tech — FATF Recommendation 16 guide.
[44]ACAMS — Navigating FATF Recommendation 16.
[45]Enterprise Barbados — BiMPay and the massive benefits of instant payments for small businesses.
[46]Medium / J. Mumthas — Real-time Fraud Detection Systems Architecture behind Secure Banking.
[47]FSC Barbados — Message from the Attorney General of Barbados.
[48]Barbados Today — Barbados still on grey list (2022 archival).
[49]Built In — Forward Deployment Engineer role profile.
[50]Experteer — Cyber Security Operations Specialist role profile.
[51]Careers Page / Black Pen Recruitment — Specialist role profile.