RAP Compliance Rating
When a buyer agent must decide, among thousands of sellers, whether one is safe to buy from, it won't read a prose review — it queries a machine-readable signal: what is this party's compliance trust level? The RAP Compliance Rating is that signal. It compresses how well a payment participant satisfies the seven pillars of the RAP framework into a comparable, queryable grade.
What we rate · seven dimensions
Attribution (KYA)
Traceable to an accountable entity
Mandate & limits
Payment within an explicit mandate
Controls
Firewall / hijack resistance / kill-switch
Screening (AML)
Counterparty sanctions / risk screening
Auditability
Immutable logs and accountability chain
Privacy
Data minimization and cross-border boundaries
Interoperability
Credential formats interoperable across protocols
Grades · L0 → L3
Below bar
Missing attribution or basic screening. Buyer agents should decline by default.
Basic
Attributed + basic limits + sanctions screening. Small-value, low-risk.
Standard
L1 + firewall + Travel Rule + full audit + hijack resistance. Commercial platforms.
Institutional
L2 + continuous monitoring + human escalation + third-party audit. Regulated institutions.
Rating status · three confidence tiers
Based on the subject's public disclosures / positioning, preliminarily rated by OceanAlt. Open to response and verification.
Derived from the subject answering the RAP checklist; not independently verified.
Issued after OceanAlt or a partner (e.g. a security-audit firm) verifies the evidence.
Inaugural ratings · by type
This first release rates by type, focused on observable public positioning rather than a verdict on any single company. Any party may respond, submit evidence, or request a Verified rating.
| Subject / type | Grade | Status | Basis |
|---|---|---|---|
| OceanAlt · mcp-payRAP reference implementation | L2 | Self-attested | Runs KYA + firewall + AML (five gates) before settlement; 8/8 unit tests, end-to-end verified; not third-party audited, hence self-attested. |
| Licensed-facilitator typeIdentity + compliance + licensed-bank route | L2–L3 (potential) | Public info | Publicly pursues KYC + licensing; direction satisfies attribution and AML; exact level pending disclosure or verification. |
| Anonymous-relay typeMarkets no-KYC / anonymous settlement | L0 | Public info | Public positioning routes around identity and screening; structurally fails Pillar 1 (attribution) — buyer agents should decline by default. |
| Settlement rail (e.g. x402)Protocol / rail itself | N/A | — | The rail itself does no KYA; compliance must be added on top — which is exactly why this rating (and OceanAlt) exists. |
Get your agent / service rated
Want buyer agents to trust your service and list it in the Trusted Agent Service Registry? Self-attest for a provisional badge, or request verification for a formal rating. To see compliance enforced before settlement, try it in 200Lab.