Skip to main content
Lerian STA is the client-owned messaging integration between a financial institution and BACEN’s STA (Sistema de Transferência de Arquivos), the Banco Central file-exchange hub. It moves regulatory and operational files in both directions — files the institution submits to BACEN (outbound) and files BACEN makes available for the institution to download (inbound). Lerian STA authenticates every exchange with a stored per-institution BACEN operator credential over mutual TLS, drives each transfer through BACEN’s protocol state machine, verifies file integrity by SHA-256, stores inbound artefacts durably, and publishes terminal events that other Lerian products consume. It is multi-tenant, with physical database-per-tenant isolation, and API- and event-first.

What Lerian STA does — and does not — do


  • It is the transport and integrity boundary between the institution and BACEN’s file hub. It moves the bytes, authenticates the exchange, verifies the SHA-256, and records the outcome — it does not interpret the file’s business content.
  • It does not post to a ledger. On a completed inbound download, Lerian STA publishes a terminal event carrying a claim-check; the consuming domain product (for example, Lerian SISBAJUD) fetches the artefact and reconciles it into the Midaz ledger. The ledger posting belongs to the consumer, not to Lerian STA.
  • It is multi-tenant from the ground up, with physical database-per-tenant isolation — one deployment serves many institutions with full isolation.

Who it serves


Lerian STA serves financial institutions that operate on BACEN rails and need a governed, auditable path for file exchange with the Banco Central. A single deployment serves many institutions at once. Downstream, it serves the Lerian products that consume the files it delivers. Each inbound file is routed to a source product — the downstream product that owns the file’s business meaning — which subscribes to its own events and takes it from there.

Glossary


TermMeaning
Lerian STALerian’s client-owned integration to BACEN’s file-exchange hub (Sistema de Transferência de Arquivos).
TransferOne inbound or outbound exchange of a single file between the institution and BACEN, tracked through its lifecycle.
Outbound transferA file the institution submits to BACEN.
Inbound transferA file BACEN makes available for the institution to download.
Protocol numberThe BACEN-assigned identifier for a transfer; the reconciliation and idempotency key.
Inbound source configurationA per-tenant policy binding a BACEN system code to a source product, with polling cadence, credential, retention, and maximum file size.
Trust storeThe tenant’s uploaded X.509 root certificates trusted for mutual TLS to BACEN.
CredentialAn encrypted BACEN operator password, identified by institution code and operator ID.
Password rotationThe three-phase change of a BACEN password — stage, change at BACEN, promote locally.
Claim-checkThe object key, SHA-256, size, name, and document type carried on an inbound-success event so a consumer can fetch and re-verify the artefact.
Source productThe downstream product a discovered inbound file is routed to (for example, Lerian SISBAJUD).
Lerian SISBAJUDThe judicial asset-order product that consumes Lerian STA inbound-file events.
For how Lerian STA sits alongside the other native rails and the provider interfaces, see Native Messaging.