Plica is an independent forensic boutique for regulated file workflows. We audit the gap between the file your client submitted and the file your stack actually examined.
Most KYC teams believe they verify the customer's file. In reality, the detector often sees a pipeline copy — already resized, recompressed, normalised, or sanitised by the intake stack.
That means the verdict may be valid for the derivative object — but not defensible for the original evidence.
"Show me exactly what you examined in that document — and prove it." When that question arrives from a regulator, a confidence score is not an answer.
Where the file came from. Does its digital biography match what was claimed?
What changed before the decision. Every pipeline transform — logged with before/after hash.
What physical signals survived. PRNU, DCT, FFT — the signals that distinguish a camera from a generator.
Whether signal layers agree. Metadata vs. sensor physics vs. compression history.
Whether the result can be defended under scrutiny. Reproducible verdict, 90 days later.
Formalised in SDB-26 — an open benchmark framework for measuring synthetic document bypass rate. Published under CC BY 4.0.
sdb26.com →Send a ZIP of labelled document images. We return a signal-level breakdown of what your current stack catches, what it misses, and where provenance breaks. No infrastructure, no PII, no commitment.
We map upload → pipeline → decision and show where the file stops being what your client submitted. Transform log design, hash chain repair, audit trail gap report. Three deliverables: ops, audit, board.
When your KYC vendor updates their model, you'll know what changed in FPR and bypass rate within the same week — not when a regulator asks.
Plica produces a structured evidence record per decision — FRC reason codes, intake hash, transform log. Reproducible. Citable in regulatory review.
We measure bypass rate by generator, attack level, and pipeline stage. You see exactly where the gap is — before the next incident.
We quantify the evidence gap — what fraction of past decisions can be reconstructed to original upload — and what it takes to close it.
The EY case and the harder version of the problem: source documents that are text-valid but physics-invalid.
Survivorship bias in document workflows — the three gaps standard KYC metrics systematically miss.
No. Plica is an independent forensic layer — not a replacement for Sumsub, Onfido, or Veriff. We audit what they produce and the pipeline that feeds them.
JPEG, PNG, WebP. No real PII at Phase 0 — use anonymised or synthetic labelled samples. PDF and video from Phase 1.
Yes. Phase 1 requires mutual NDA, DPA, agreed retention limits, and subprocessor disclosure before any data transfer. We prepare standard templates.
MLRO, Head of Compliance, Head of Fraud, or CRO — whoever owns the KYC decision process and has visibility into vendor contracts and audit obligations.
Especially then. The gap Plica addresses is in the pipeline before the vendor, and in the evidence record after. Vendors don't certify their own decisions. We do — independently.
An open benchmark framework for measuring synthetic document bypass rate. Published on GitHub under CC BY 4.0. P-L-I-C-A and FRC reason codes are formalised there. sdb26.com →
Start with Phase 0. 48-hour turnaround. Send a ZIP of labelled document images. We return a signal-level breakdown — what your stack catches, what it misses, where provenance breaks.
We'll be direct if we can help — and equally direct if we can't.