ZK Audit Trail

Financial institutions spend significant time and resources manually re-performing monthly model backtests during independent validation and internal audit reviews. This process is slow, operationally risky, and difficult to make tamper-proof, especially when third-party model providers or multiple teams are involved.

ZK Audit Trail introduces a cryptographic audit workflow for model governance. Each month, the model development team runs a local audit script on the calibration data folder used for backtesting. The script executes inside the RISC Zero zkVM, where it verifies that the correct dataset version and reference date are being used, computes a SHA-256 hash of the exact files, and records the control outcome (PASS/FAIL).

The key innovation is that the control logic itself is executed inside the zkVM. This generates a zero-knowledge proof certifying that the checks were run correctly on the precise file bytes used during the process. The proof is then submitted to XRPL Groth5 Devnet and verified on-chain via a Wasm verifier. The resulting transaction hash serves as an immutable Audit ID.

Instead of re-running historical backtests, auditors only need to retrieve the Audit ID and verify the on-chain proof and associated metadata. This drastically reduces manual audit effort while preserving full integrity, traceability, and non-repudiation.

The solution creates a zero-trust model governance framework where trust shifts from manual processes to mathematical proof. It is designed as a scalable prototype for ALM, risk model validation, ICAAP, and broader regulatory audit workflows.

Les slides de la présentation se trouve sur le lien "https://docs.google.com/presentation/d/1Hp_7BVJnh4C5XVcbSURID_kf-8_vEKjV/edit?usp=sharing&ouid=110852868168771398771&rtpof=true&sd=true"