What Lerian STA does — and does not — do
- It is the transport and integrity boundary between the institution and BACEN’s file hub. It moves the bytes, authenticates the exchange, verifies the SHA-256, and records the outcome — it does not interpret the file’s business content.
- It does not post to a ledger. On a completed inbound download, Lerian STA publishes a terminal event carrying a claim-check; the consuming domain product (for example, Lerian SISBAJUD) fetches the artefact and reconciles it into the Midaz ledger. The ledger posting belongs to the consumer, not to Lerian STA.
- It is multi-tenant from the ground up, with physical database-per-tenant isolation — one deployment serves many institutions with full isolation.
Who it serves
Lerian STA serves financial institutions that operate on BACEN rails and need a governed, auditable path for file exchange with the Banco Central. A single deployment serves many institutions at once. Downstream, it serves the Lerian products that consume the files it delivers. Each inbound file is routed to a source product — the downstream product that owns the file’s business meaning — which subscribes to its own events and takes it from there.
Glossary
| Term | Meaning |
|---|---|
| Lerian STA | Lerian’s client-owned integration to BACEN’s file-exchange hub (Sistema de Transferência de Arquivos). |
| Transfer | One inbound or outbound exchange of a single file between the institution and BACEN, tracked through its lifecycle. |
| Outbound transfer | A file the institution submits to BACEN. |
| Inbound transfer | A file BACEN makes available for the institution to download. |
| Protocol number | The BACEN-assigned identifier for a transfer; the reconciliation and idempotency key. |
| Inbound source configuration | A per-tenant policy binding a BACEN system code to a source product, with polling cadence, credential, retention, and maximum file size. |
| Trust store | The tenant’s uploaded X.509 root certificates trusted for mutual TLS to BACEN. |
| Credential | An encrypted BACEN operator password, identified by institution code and operator ID. |
| Password rotation | The three-phase change of a BACEN password — stage, change at BACEN, promote locally. |
| Claim-check | The object key, SHA-256, size, name, and document type carried on an inbound-success event so a consumer can fetch and re-verify the artefact. |
| Source product | The downstream product a discovered inbound file is routed to (for example, Lerian SISBAJUD). |
| Lerian SISBAJUD | The judicial asset-order product that consumes Lerian STA inbound-file events. |

