For Institutions
Settlement infrastructure for the regulated end of agentic commerce.
Banks, asset managers, regulated fintechs, and corporate treasury teams use Rivier as the agentic-commerce layer they can pass an audit with. Chainlink CCIP for the wire, ERC-3643 for the gate, Proof-of-Reserve for the mint, AP2 for the audit trail, and Travel Rule for the regulator. Every claim on this page maps to running code.
$18B
CCIP March 2026 monthly volume
$27B
RWA sector AUM, April 2026
11k+
Swift members reachable via CCIP
15
Chains in the wallet provisioning matrix
Coverage
Every form of digital money.
Digital currency in 2026 is four things: stablecoins, tokenized deposits, tokenized funds, and CBDCs. Rivier covers all four — permissionless where Rivier owns the rail, partner-gated where licensed banks and central-bank-licensed PSPs do.
Stablecoins
Permissionless. Rivier owns the routing — multi-bridge router quotes every viable path and picks the safest by output ratio + per-provider risk bias.
Tokenized deposits
Bank-issued commercial-bank money on-chain. The issuing bank gates onboarding via corporate / institutional-treasury relationship — Rivier surfaces availability and deeplinks to bank-direct onboarding.
Tokenized funds
NAV-based investment vehicles. KYC + accreditation gated by the issuer (Securitize, Hashnote, Ondo, Maple). The router refuses to quote — direct-link onboarding instead.
CBDCs & corridors
Sovereign digital money + cross-border interbank rails. Central-bank-licensed PSPs gate access. CBDCs and wholesale corridors connect tokenized deposits across borders.
The Stack
Six pillars, all already wired.
Most agent-payment narratives in 2026 are slideware. Rivier’s institutional surface is in production code today — contract-enforced where the contract is the right place, policy-enforced where flexibility matters more.
Chainlink CCIP — primary settlement rail
RIVR registers via the self-serve Cross-Chain Token (CCT) standard on CCIP v1.5. Burn-and-mint pool, per-lane rate limits, and a CCIP_ADMIN role-split that's enforced at deploy time. Same rail as BUIDL, OUSG, syrupUSDC, Coinbase Wrapped Assets — institutional flow stays in one neighborhood.
ERC-3643 + ONCHAINID compliance
T-REX standard verification at the router layer for permissioned RWAs — the swap path runs an on-chain ONCHAINID identity check before quoting, so a non-eligible holder never sees a route they can't execute. KYCRegistry-gated and allowlist-gated tokens surface issuer onboarding deeplinks instead of failed transactions.
Chainlink Proof-of-Reserve gate
RIVR's mint() and mintReserve() functions consult a Chainlink PoR feed before issuing. Stale feed reverts. Non-positive answer reverts. Issuance above attested reserve reverts. Bypass-by-default while POR_FEED == address(0) is documented and intentional for testnet bootstrap; mainnet operators wire the feed via the CCIP admin multisig before going live.
Chainlink ACE — automated compliance engine
Policy-engine pre-flight runs ACE attestation lookups before any high-value movement. Sanctions screening, jurisdictional gating, and counterparty risk classification land as policy decisions before the router fans out to bridge adapters — not after the transaction has cleared.
AP2 mandates · x402 settlement
Every agent-driven action is wrapped in a Google AP2 IntentMandate carrying principal, agent identity, intent class, and spend constraints. Mandate constraints project directly into Coinbase x402 EIP-3009 settlement — the wallet enforces caps and asset allowlists before signing. Forward-compatible with Stripe Tempo and the Visa / Mastercard agent-payment standards as they finalise. Audit trail by construction.
CCTP V2 + Hooks for canonical USDC
Direct integration with Circle's CCTP V2 with Hooks for canonical USDC burn/mint — no LP risk, no wrapped-token surface, settlement finality determined by Circle attester quorum. Sits alongside CCIP and DLN in the bridge router with a +0.02 priority bias on USDC pairs.
Travel Rule
IVMS 101 by default.
FATF Recommendation 16 isn’t a future problem. Rivier emits IVMS 101-shaped originator and beneficiary payloads on every transfer that crosses the regulator’s de minimis line, and the outbound mailbox is compatible with Sumsub, Notabene, and TRP-compliant counterparties out of the box.
IVMS 101 originator + beneficiary payloads
FATF-aligned data shape on every transfer above the regulator's de minimis threshold.
Sumsub / Notabene-compatible signed messages
Outbound mailbox conforms to the major Travel Rule rails — drop-in for institutional counterparties already on either network.
Pre-flight VASP discovery
Counterparty VASP lookup runs before settlement — never broadcast a transfer to a destination we can't verify.
Per-jurisdiction de minimis honoured
FinCEN $1,000, EU TFR ~$1,100, MAS ~$1,100, HKMA $1,000 — thresholds enforced at the policy layer, not the application layer. FATF high-risk jurisdictions trigger reporting at any notional.
What you can show your auditor on day one.
- Per-transfer mandate trail. Every agent action carries an AP2 IntentMandate with principal, agent identity, intent, and spending constraints. Mandates are durable and replayable.
- On-chain reserve attestation. RIVR mint events carry the PoR feed timestamp and answer that authorised them. Issuance is mathematically bounded by attested reserves.
- Permissioned-token gating. The router refuses to quote BUIDL / OUSG / syrupUSDC for non-verified addresses; refusals are logged with the gating reason.
- Bridge selection rationale. Every bridge route the system picks is logged with the score breakdown — output ratio, speed, and per-provider bias. Reproducible after the fact.
- MPC custody.Server-side key shares never reconstruct the full key in memory. User shares stay client-side. Rivier cannot move funds without the user’s passkey ceremony.
- Travel-Rule mailbox. Outbound IVMS 101 messages, inbound counterparty receipts, and VASP discovery results all land in a queryable audit log.
Get In Touch
Underwriting agentic commerce
starts with the rail.
If your team is evaluating settlement infrastructure for tokenized securities, agent-driven treasury operations, or programmable B2B payments — we’d like to walk you through the stack live.