Financial Processing Resilience & Idempotency Policy¶
| Code | OPS-007 |
| Domain | Operational Resilience |
| Owner | Chief Risk Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD08 |
| Review date | 2027-03-31 |
Regulations: CPS 230 Operational Risk Management · DTA Operational Resilience Standard¶
Purpose¶
Govern idempotent financial-event handling, safe replay, duplicate prevention, and controlled recovery from infrastructure or integration failures affecting the financial processing layer.
Scope¶
All financial commands, posting events, decision publications, and recovery procedures across the banking platform.
Policy statements¶
Every financial command or event entering a posting path SHALL carry an idempotency key or equivalent deterministic deduplication reference.
The platform SHALL prevent duplicate posting of the same financial event even when upstream retries, network failures, or downstream acknowledgement signals are ambiguous.
Replay of historical financial events for recovery or rebuild purposes SHALL be safe, deterministic, and auditable — replay SHALL produce the same financial outcome as the original event with no side effects on already-applied state.
Where replay or recovery cannot safely reissue a historical effect, the platform SHALL require controlled compensating action rather than silent reprocessing.
Financial recovery procedures SHALL preserve immutable evidence of the original event, the replay attempt, the final disposition, and any compensating entry.
Monitoring SHALL detect abnormal duplicate attempts, replay drift, out-of-order event application, and repeated suspense routing with configured severity thresholds and escalation paths.
Decision publication write-backs (Snowflake → Neon, per ADR-036) SHALL use idempotency_key deduplication before applying to operational state; duplicate publications SHALL be acknowledged without re-applying.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-001 | Double-entry posting engine | LOG |
Double-entry ledger creates an immutable audit trail for every financial transaction — provides the primary evidence base for operational risk event reconstruction. |
| MOD-150 | Risk management platform | LOG |
Idempotency key collision rates, reprocessing events, and settlement reconciliation outcomes are continuously tracked and logged against this policy. |
Part of Operational Resilience · Governance overview
Compiled 2026-05-22 from source/entities/policies/OPS-007.yaml