Investor Briefing — Shariah-Native Infrastructure

The Infrastructure Layer
for Islamic Finance

109 Shariah-native API rails. 37 jurisdictions. 10 purpose-built engines. Banking-grade compliance wired into every transaction — not bolted on afterward.

View the Opportunity ↓
$0.0T
Market Size (TAM)
0
Specialized Rails
0
Jurisdictions
0/7/365
Always-On Settlement
The Problem

The Problem is Systemic

Islamic finance is the fastest-growing segment of global banking. Its infrastructure is decades behind.

⚠️

Shariah as an Afterthought

Conventional cores treat Shariah as a PDF layer bolted on after architecture is set. Contract structures, profit-sharing logic, and fatwa references live outside the system of record, creating structural audit gaps auditors cannot close.

Bolt-on
industry-standard Shariah layer
🔧

Fragmented Infrastructure

No unified Shariah-native API layer exists. Every Islamic financial institution rebuilds the same compliance primitives in isolation — duplicating fatwa-driven workflows, ledger logic, and jurisdictional rules in-house.

0
unified industry API layer today
🌍

Regulatory Fragmentation

37 jurisdictions. 13 regulatory regimes. Zero interoperability. Cross-border Islamic finance requires a custom compliance build per corridor — which is why cross-border scale remains elusive.

13
disconnected regulatory regimes
🏦

Batch-Era Settlement

SWIFT MT/MX cut-off windows, 1–2 day settlement, end-of-day reconciliation. Islamic finance customers — across 37 jurisdictions and 8 time-zones — cannot wait for T+1 batch cycles.

T+1
industry settlement latency
The Solution

One Platform. Every Islamic Finance Primitive.

IOF is the infrastructure layer that every Islamic financial institution needs but none has been able to build alone.

Your Apps, Agents & Partners
Fintech apps, Islamic banks, embedded finance, central banks, AI agents, LLM assistants
MCP Server — 89 Rails as Model-Context Tools
Cloudflare Worker exposing every IOF rail as an MCP tool — tenant auth, rate-limits, Shariah guardrails, audit-log baked in
Agents Rail + AI Agents Engine
12 deterministic agents (KYC routing, anomaly, reconciliation, evidence, zakat, reports) + tool-agnostic orchestrator/gateway
IOF API Layer — 89 Rails · 142+ Routes
Unified Shariah-native API — one integration, every product
10 Purpose-Built Engines
Contract · Ledger · Payments · Messaging · Compliance · Evidence · Onboarding · Treasury · Rules · Settlement
Compliance Frameworks Engine
AAOIFI FAS 1–48 · IFSB-1–17 · SOC2 Type II · GDPR · PSD2 / PSD3 · ISO 27001 · ISO 20022 · Basel III · EU AI Act · FATF · MiCA · DORA
Real-Time Financial-Grade Ledger
Deterministic double-entry — microsecond latency, atomic DvP/PvP
National Rail Messaging — 24/7/365
ISO 20022 native · always-on clearing · sub-second domestic · 5s cross-border
Multi-Jurisdiction Data Plane
37 jurisdictions · 13 regulatory regimes · tenant-scoped isolation
Platform at a Glance
Rail Categories19
Specialized Rails109
API Endpoints142+
ABAC Policies259
Shariah Primitives62
CI/CD Workflows47
Core Engines10
Deterministic Agents12
MCP Tools Exposed109
Core Engines

Ten Engines. One Platform.

Each engine is independently scalable, independently auditable, and wired into every rail. No engine runs as a bolt-on.

📑
Contract Engine

AAOIFI-native contract lifecycle — Murabaha, Ijarah, Musharakah, Mudarabah, Salam, Istisna, Wakalah, Sukuk, Takaful, Qard Hasan, Waqf. Every schema enforces SS-8 through SS-39 at the type level.

66 typed schemasFatwah on every createShariah board workflow
📒
Ledger Engine

Real-time double-entry accounting with strict debit/credit invariants, atomic multi-account transfers, immutable history. Every transaction carries a Shariah framing.

Debit = Credit invariantAtomic N-leg transfersEvidence-pack export
Payments Engine

SEPA Instant + SWIFT + RTGS routing. Auto-detects SCT / SCT Inst / SDD. IBAN ISO 13616 validation. Emits ISO 20022 pacs.008 / pacs.003 XML or JSON.

< 10s SEPA InstantEPC 2025 rulebookSWIFT fallback
📡
Messaging Engine

Format-agnostic financial messaging — ISO 20022 XML + JSON, SWIFT MT, and proprietary formats with SHA-256 digest and tenant-scoped delivery adapters.

pain.001 · pacs.008 · pacs.002XSD-aware parsingHTTP / SWIFT / queue adapters
⚖️
Compliance Engine

ABAC policy + evidence pipeline. 258 resource policies across AAOIFI, IFSB, SOC 2, GDPR, PSD2, ISO 27001, ISO 20022, Basel III, EU AI Act, FATF, MiCA, DORA.

< 1ms per-resource ABAC13 regimes mappedPer-tx audit trail
📜
Evidence Engine

Tamper-evident audit packs per transaction — structured, deterministic, timestamped. Export to Shariah auditor, SOC 2 examiner, GDPR Art. 30 record, PSD2 SCA log.

SHA-256 Merkle anchoringPer-regime filters7-year retention
🆔
Onboarding Engine

KYC / KYB / AML / sanctions. Biometric KYC, business-entity KYB, AML risk scoring, FATF + OFAC + EU screening, UBO declaration capture.

EU AI Act Annex III-alignedFATCA / CRS / UBOOnfido · Jumio · Persona · Sumsub
🏦
Treasury Engine

Liquidity + FX + Shariah-compliant investing. Cash position management, liquidity forecasting, Bay-al-Sarf-guarded FX, portfolio tracking for asset managers and bank treasuries.

Basel III LCR / NSFRSpot FX same-day guardPurification for dividends
📏
Rules Engine

Deterministic rule evaluator for eligibility, profit-rate caps, concentration limits, Shariah screens (halal stock filtering), jurisdictional overrides. Replay-safe.

Same input → same outputPer-tenant rule-setsRegulator-replayable
🔁
Settlement Engine

Multi-asset settlement finality — DvP, sukuk settlement, SEPA Instant finality, multi-leg clearing across cash, commodities, capital-market instruments. Shariah-compliant netting.

DvP / DvFP models< 10s SEPA Instant finalitySukuk + commodity + cash
Agents & MCP

Agent-Native. MCP-First.

IOF was built for the agentic era. Every rail is an MCP tool. Every tool is guardrailed, tenant-scoped, and Shariah-audited. AI agents and LLM assistants consume IOF the same way a bank does — through one API, one policy layer, one audit trail.

🧠
Agents Rail
12 Deterministic Agents

Purpose-built agents for finance-grade operations — KYC routing, anomaly detection, reconciliation, evidence, reporting, zakat. Every agent is replay-safe, audit-logged, and paired with a typed schema.

@iof/agent-rail-core · 12 agents · 10 schemas · workflow engine
🤖
AI Agents Engine
Tool-Agnostic Orchestrator

Framework-agnostic agent orchestration with a policy-guarded gateway. Plug any LLM (Claude, OpenAI, local) behind one typed interface. Every agent call goes through the same ABAC, rate-limit, and audit pipeline as the rest of IOF.

@iof/agent-core · orchestrator · gateway · typed agents
🔌
MCP Server
89 Rails as MCP Tools

A Cloudflare Worker that exposes every IOF rail as a Model-Context-Protocol tool. Claude, ChatGPT, and any MCP-compatible client can invoke Murabaha, Ijarah, Sukuk, Zakat — with tenant auth, Shariah guardrails, and full audit logging enforced edge-side.

workers/mcp-server · auth · rate-limit · guardrails · audit-log
Agents Rail — Deterministic
KYC Case Router
Routes onboarding cases by jurisdiction, risk tier, and document type
Compliance Alert Triage
Deterministic triage for AML, sanctions, and Shariah alerts
Anomaly Detector
Flags unusual ledger patterns — duplicate entries, off-cycle transfers
Reconciliation Break Handler
Classifies and routes reconciliation breaks between ledger and external rails
Evidence Pack Builder
Assembles per-regime audit packs on demand (SOC2, GDPR, AAOIFI, PSD2)
Zakat Calculation
Per-account zakat computation with fatwa-grade rounding and nisab thresholds
Balance Sheet Generator
Produces Shariah-framed balance sheets with IFRS + AAOIFI mappings
Income Statement Generator
Profit-sharing-aware P&L with Mudarabah / Musharakah splits
Trial Balance Generator
Debit=Credit-verified trial balance with tenant isolation
Report Commentary
Deterministic commentary on financial reports — variance, YoY, thresholds
Report Explainer
Plain-language explanations of reports for auditors and regulators
Anomaly + Report composites
Composable agents chained via the orchestrator, gateway-guarded
MCP Server — Guardrailed
🔐
Tenant-Scoped Auth
Per-tenant API keys with ABAC enforcement before any tool dispatch
🛡️
Shariah Guardrails
Built-in screens reject non-Shariah-compliant tool calls pre-execution
⏱️
Rate-Limited
Per-tenant sliding-window rate limits — no runaway agent loops
📜
Full Audit Log
Every MCP tool call logged with request_id, tenant, rail, principal
🌐
89 Rails as Tools
Entire IOF API surface exposed via MCP — agents call rails directly
Edge Deployment
Cloudflare Worker — sub-50ms cold start, global edge distribution
No conventional core banking platform ships agents or MCP natively. IOF ships both — because an infrastructure layer designed in 2025 has to be consumable by humans, services, and agents from day one.
National Rail Messaging

The 24/7/365 Rail. Not the SWIFT Window.

Islamic finance serves 1.9 billion customers across 8 time-zones. Batch windows, cut-off times, and T+1 settlement are artefacts of a 1970s correspondent banking model. IOF replaces them.

🪪

Onboarding Rail

From KYC to live in minutes, not weeks.

Identity, sanctions, PEP, adverse-media, Shariah eligibility — all evaluated in a single synchronous call. Replaces the industry-standard 5–15 day onboarding cycle with a sub-10-minute decision.

<10 min decisionGlobal sanctions listsShariah eligibility built-in
💸

Payments Rail

Always-on, ISO 20022 native, cross-border by design.

Sub-second domestic settlement, five-second cross-border, no MT/MX cut-off windows. One messaging standard across 37 jurisdictions — while SWIFT participants are still migrating to ISO 20022 through 2025.

<1s domestic<5s cross-borderISO 20022 from day one
🔁

Reconciliation Rail

End the end-of-day.

Continuous auto-matching replaces batch recon entirely. Breaks are surfaced the moment they occur, with structured evidence packs auditors can consume without translation.

Continuous matchingBreak analyticsEvidence-backed

Settlement Rail

Atomic. DvP. PvP. Finality measured in microseconds.

Financial-grade consistency on a deterministic double-entry ledger. Delivery-versus-payment and payment-versus-payment execute as a single transaction — no bridging, no netting risk, no gray zone.

Atomic DvP/PvPMicrosecond finalityZero settlement risk
🌐

Clearing Rail

Central-bank-grade clearing, without the central bank wait.

Real-time gross settlement (RTGS) and deferred net settlement (DNS) selectable per flow. Designed for sovereign deployments and cross-border corridors on a deterministic double-entry ledger.

RTGS + DNS modesAtomic multi-legCorridor-aware
🛡️

Compliance Rail

Every transaction checked. Every check evidenced.

AAOIFI + IFSB + jurisdictional rules evaluated inline, at message rate. Each decision emits an auditable evidence packet — the regulator's job becomes reviewing, not reconstructing.

Inline evaluationEvidence per callFatwa-traceable
IOF vs Correspondent Banking (SWIFT / MT-MX)
CapabilityIOF National RailSWIFT Correspondent
Operating hours24 / 7 / 365Cut-off windows, batch cycles
Settlement latencySub-second domestic, 5s cross-borderT+1 to T+2
Messaging standardISO 20022 native from day oneMigrating through 2025
Shariah logicEncoded in every messageOut of scope
ReconciliationContinuous, auto-matchedEnd-of-day, manual break handling
Onboarding<10 minutes, policy-drivenDays of bilateral agreements
Compliance, By Design

Every Framework. Encoded in the Platform.

Compliance at IOF is not a questionnaire. It is a runtime. Every rail evaluates every standard below inline, at message rate, and emits cryptographic evidence each auditor can verify independently.

Shariah Standards
AAOIFI FAS 1–48
Financial Accounting Standards
AAOIFI SS-8 → SS-39
Shariah Standards for Islamic contracts
IFSB-1 → IFSB-17
Prudential standards for IFIs
Fatwa Registry
Board-attested rulings, versioned
Security & Privacy
SOC 2 Type II
Security, availability, confidentiality
ISO 27001
Information security management
GDPR
Data minimisation, portability, erasure
PCI DSS
Payment card data protection
Financial Regulation
PSD2 / SCA
Strong Customer Authentication
Basel III
Capital adequacy, LCR, NSFR
FATF 40
AML/CFT recommendations
MiFID II
Best-execution, transaction reporting
Financial Messaging
ISO 20022
Native payment & settlement messaging
LEI (ISO 17442)
Legal Entity Identifier
BIC (ISO 9362)
Business Identifier Code
ISIN (ISO 6166)
Security identification
Jurisdictional Rulebooks
CBUAE · SAMA · CBB
UAE · Saudi · Bahrain
BNM · OJK · SC
Malaysia · Indonesia · Securities
FCA · SBP · BRSA
UK · Pakistan · Türkiye
+28 more
37 jurisdictions total
Open Banking
UK Open Banking
PSD2 RTS + Read/Write API v3.1 aligned
Berlin Group NextGenPSD2
Consent + accounts + PISP routes
SEPA SCT Inst v2024
TIPS / RT1 clearing, pacs.008 native
AAOIFI-aligned overlays
Shariah filters on every OB flow
Every call emits a regulator-ready evidence pack. Structured JSON · cryptographic signatures · fatwa citations · jurisdictional stamps · immutable audit trail.
Economic Impact

Measured in Basis Points. Earned Every Day.

Tier-1 pricing for tier-1 infrastructure. The question is never whether IOF is cheap — it is how many basis points a bank recovers every month on settlement spread, compliance overhead, integration cycles, and incident cost. Every capability below converts directly into bps.

🛤️
89 rails · 150 routes · 19 categories

Every Islamic finance primitive — from Murabaha and Ijarah to Sukuk, Takaful, Waqf, and Zakat — exposed behind one canonical API.

🕌
62 Shariah primitives, natively encoded

Contract templates, permissibility flags, profit-sharing logic, and fatwa citations all live in the schema — not in a PDF addendum.

🏛️
37 jurisdictions · 13 regulatory regimes

Pre-built rulebooks for every major Islamic finance corridor. Switch jurisdictions with a header, not a six-month legal review.

🔐
259 ABAC policies at the edge

Attribute-based access control (ABAC) evaluated at the global edge — sub-millisecond authorization, close to every user and corridor.

📊
Financial-grade real-time ledger

Double-entry, deterministic, architected for million-TPS throughput. The same primitive used by central banks and clearing houses — shipped multi-tenant.

☁️
Multi-tenant SaaS + BYOC

Fully managed on AWS + Cloudflare, or deployed into customer VPCs via Helm, Terraform, and Docker Compose. One codebase, zero forks.

SEPA Instant native (SCT Inst v2024)

TIPS + RT1 clearing, pacs.008 / pacs.002 reconciliation, IBAN + BIC validation, UETR / endToEndId tracking — built into the payments engine, not bolted on.

💹
Measured in basis points

Settlement spread compression, compliance-evidence automation, integration cycle replaced by one API — every capability is priced against the bps it returns. Tier-1 pricing, tier-1 economics.

🤖
AI-native operations

Failure inbox, auto-remediation, and fingerprinted incident learning — resident AI engineers watching CI, deploys, and runtime 24/7.

Market Opportunity

A $4.9 Trillion Opportunity

Islamic finance is growing at 10.6% CAGR — the fastest segment of global banking — with $6.7T projected by 2030. The infrastructure layer has never been built.

Market Size (TAM / SAM / SOM)
$4.9T
TAM
Total Islamic Finance
$890B
SAM
Digital/API-addressable
$12B
SOM
IOF 5-year target
Islamic Finance Growth Trajectory ($B)
2018$1.8T202020222024202620282030$6.7T
20182025 (now)2030 (proj.)
68%
Banking
15%
Sukuk
12%
Takaful
5%
Funds
Defensibility

A Defensible Moat on 5 Dimensions

Each dimension reinforces the others. A competitor would need to win all five concurrently — not sequentially.

⚖️

Regulatory Depth

13 regulatory regimes, 37 jurisdictions — pre-built, maintained, and versioned. Years of policy research crystallised into machine-readable rules that competitors would need to re-derive from scratch.

7+ years to replicate
🕌

Shariah Architecture

62 Shariah primitives and AAOIFI FAS 1–48 + IFSB standards encoded at the schema layer. Fatwa citations and board attestations ride every contract — not a PDF supplement.

AAOIFI + IFSB native
🔗

Network Effects

Every new institution strengthens the compliance graph. Shared Shariah audit trails, reusable fatwa rulings, and cross-jurisdiction clearing pathways compound with each new participant.

Compounding moat
🏦

Switching Costs

Core banking integration depth — contract lifecycle, ledger state, compliance attestations, fatwa lineage. Switching away means rebuilding years of regulator-accepted transaction history.

High retention
📊

Data Advantage

First-mover in structured, cross-jurisdictional Islamic finance transaction data. The only dataset in the world that can power AI-driven compliance, risk, and pricing models for IFIs.

Proprietary dataset
Compounding moat dimensions
Each dimension reinforces the others
Competitive Landscape

Where IOF Stands

Incumbents retrofit Islamic finance onto conventional core banking. We started Shariah-native — and built the rest around it.

CapabilityIOFFinastraTemenosCustom Build
Shariah-native architecture✓ NativePartialPartial
API-first designPartialVaries
Multi-tenant SaaS
24/7/365 rail messaging✓ ISO 20022 nativeBatch / SWIFT MTBatch / SWIFT MT
Real-time ledger✓ NativePartialPartial
Open Banking (OBP / PSD2)Partial
AAOIFI + IFSB complianceNativeAdd-onAdd-onManual
Time to production3 months18+ months24+ months24–36 months
Jurisdictional coverage37 pre-builtPer-market engagementPer-market engagementNone
Evidence-backed audit trail✓ Per-callReportsReportsManual
Value Calculator

Model Your Operating Impact

Explore the operational deltas — time-to-market, jurisdictional reach, settlement throughput, compliance evidence volume.

10
150
50,000
1K500K
Deployment profile: Production → Multi-rail
Time to production
9 months faster vs custom build
15 months
Jurisdictions unlocked
Pre-built regulatory coverage
21 / 37
Compliance incidents avoided
Shariah-native architecture eliminates bolt-on risk
29/yr
Shariah attestations generated
AAOIFI + IFSB-compliant audit trail
170/yr
Settlements per day
24/7/365 real-time clearing, not SWIFT batch windows
1,667
Revenue Model

Nine Revenue Streams. One Platform.

Hackathons build pipeline. Pilots validate. Annual licenses monetise. Metered usage scales. BYOC captures sovereign budgets. Every stream feeds the next.

🏆
Community → Pipeline
Hackathons & Developer Challenges

Sponsored challenges with regulators, universities, and Islamic banks. Every team ships against the live sandbox — winners convert into pilot customers.

OIC-wide Takaful Hackathon · GCC FinTech Challenge
🧪
Land
Paid Pilots

90-day production-grade pilots with tier-1 Islamic banks and challenger neobanks. Structured conversion path to multi-year licenses.

3 rails · 1 jurisdiction · regulator-observable
📜
Expand
Annual Platform License

Per-tenant, per-jurisdiction, per-rail annual licenses. Multi-year enterprise agreements with SLA, dedicated Shariah board, and regulator liaison.

Per-rail × per-jurisdiction × volume tier
📈
Scale
Usage-Based Metering

Per-transaction, per-API-call, per-settlement metering for embedded finance partners and high-volume payment rails.

Stripe-style metered billing
☁️
Sovereign
BYOC Deployment

Self-hosted into customer VPC via Helm, Terraform, and Docker. Annual platform fee + support contract + upgrade cadence.

Central banks · sovereign funds · regulated IFIs
🎓
Adoption
Certification & Training

Shariah audit certification, AAOIFI implementation training, IFSB compliance accreditation. Creates a marketplace of IOF-certified talent.

IOF Certified Engineer · Shariah Auditor
🗂️
Compounding
Data Licensing

Aggregated, anonymised Shariah compliance and transaction datasets licensed to insurers, rating agencies, and regulators for benchmarking.

Rating agencies · reinsurers · policy institutes
🤝
Leverage
Partner & Channel Revenue

Revenue share with Big 4 consultancies, system integrators, core banking vendors, and sovereign Islamic finance authorities.

SI partners · core banking vendors · ministries
🛠️
Strategic
Professional Services

Custom rail development, bespoke fatwa-driven workflows, white-glove regulatory filings, and jurisdictional go-live acceleration.

Custom rails · regulator liaison · go-live
Join the Round

Infrastructure for a
$4.9T Market

We are raising to accelerate go-to-market across GCC, Southeast Asia, and the UK. Open to strategic angels, sovereign / development funds, corporate VCs, and mission-aligned institutional capital.