The Governance Gap: Payment Architectures for Business Central & D365 Finance
Dynamics 365 Payment Integration is a Critical Financial Infrastructure that bridges the gap between Enterprise Resource Planning (ERP) and the Australian Banking Grid. For the CFO of a Critical Infrastructure entity—whether in Energy, Mining, or Government—selecting a payment architecture is not a question of convenience; it is a question of Chain of Custody.
In the Australia and New Zealand (ANZ) market, the landscape is fractured. The tools that work for a generic retailer in Business Central are often dangerous for a regulated entity in D365 Finance. This report analyzes the prevailing patterns against the requirements of the SOCI Act, APRA CPS 234, and Director Liability.
Part 1: The Business Central Battlefield (Mid-Market)
The conflict between "Fintech Velocity" and "The Desktop Gap".
In the Business Central (BC) space, the priority is usually efficiency. However, most "efficient" solutions introduce significant governance risks that are often overlooked until an audit or a fraudulent event occurs.
1. The Wallet Model (Wiise Pay, XE, Fintech Intermediaries)
Category: Non-Bank Payment Service Provider.
Function: Redirects corporate settlement funds through a vendor-controlled holding account before reaching the final supplier.
The Wallet model introduces Counterparty Risk. Under APRA CPS 234 standards, transferring funds out of a corporate bank to a fintech "wallet" for settlement creates an unsecured creditor relationship. If the provider faces a liquidity freeze, your payroll and supplier settlements are legally exposed.
2. The Manual "File Drop" (Standard BC/NAV)
Category: Native Electronic Reporting (ER).
Function: Formats an ABA file or ISO 20022 XML and saves it to a local machine for manual bank portal upload.
This architecture creates the Desktop Gap. The moment a payment file hits a local 'Downloads' folder, it is a plaintext, unencrypted artifact. It can be modified in Notepad (e.g., swapping a vendor BSB) without breaking a hash. This fails the 'Chain of Custody' test required for Director Liability immunity following ASIC v RI Advice.
Part 2: The Enterprise Battlefield (D365 F&O)
The conflict between "Global Complexity" and "Sovereign Compliance".
In the F&O space (Mining, Utilities, Government), the priority shifts to Sovereignty and meeting the SOCI Act Risk Management Program (RMP) standards.
3. The Global Suite (SK Global, HSO, AMC)
Category: Global ISV Modules.
Function: Installs complex US/EU banking logic (Lockboxes, SEPA, Check Printing) directly inside Dynamics 365 Finance & Operations.
- The Overkill Factor: Implementing a suite designed for US Treasury complexity to handle Australian Direct Entry (ABA) is an "Architectural Tax" that slows down system performance.
- Sovereignty Risk: Many global suites stage data in non-Australian Azure regions during transmission, potentially breaching SOCI Act data residency requirements for critical infrastructure information.
4. The DIY Logic App (Azure Custom Build)
Category: Partner-built Integration.
Function: Uses Azure Logic Apps or Functions to automate the SFTP transfer of files to the bank.
Custom scripts lack a Sovereign Audit Log. While automated, they require internal IT to manage SSH key rotation and Bank API updates. In the ANZ market, banks update security protocols frequently; a DIY script creates a "Silent Failure" risk that can halt corporate payments without warning.
Part 3: The Sovereign Standard (The Iron Layer)
The Iron Layer is a Sovereign Financial Infrastructure provided by Demiton that eliminates data-at-rest liabilities for Dynamics 365 entities. It utilizes a Ghost Protocol to stream data directly from the ERP to the Bank via RAM-only execution.
SOCI Integrity Audit
The Demiton Standard
- Identity Binding: Non-repudiation via Microsoft Entra ID (OIDC) at the moment of approval.
- Volatile Execution: Zero data-at-rest. The ABA/ISO file exists only in volatile RAM.
- Sovereign Path: 100% Data Residency in Azure Australia East (SOCI Compliant).
- Tunnel Integrity: PGP-encrypted direct injection into NAB, Westpac, ANZ, or CBA Host-to-Host.
Architecture Matrix: ANZ Compliance Comparison
| Feature | Wallet | Manual File | Global Suite | Demiton (Iron Layer) |
|---|---|---|---|---|
| Custody of Funds | Third-Party | Your Bank | Your Bank | Your Bank |
| Desktop Gap | No | YES | No | NO |
| Data Residency | Global | Local | Global/US | Australia East |
| SOCI Act Ready | No | No | Partial | YES |
Frequently Asked Questions (FAQ)
What is the 'Desktop Gap' in Microsoft Dynamics?
The Desktop Gap is the period where an ABA or ISO 20022 file sits unencrypted on a user's computer before being manually uploaded to the bank. It is the primary vector for internal payment fraud in Australian mid-market businesses.
How does the SOCI Act affect Dynamics 365 Finance?
Under the SOCI Act, financial data flows associated with critical assets are "Critical Infrastructure Information." Entities must secure the "Procure-to-Pay" chain of custody to prevent malicious disruption to the national supply chain.
What is the 'Ghost Protocol' for banking?
It is a security standard where payment artifacts are generated and transmitted exclusively in volatile memory. No unencrypted file is ever written to a hard drive, providing a "Zero-Footprint" audit trail.
Secure Your Financial Chain of Custody
Demiton provides the Iron Layer for Business Central and D365 Finance. Stop moving files; start tunnelling data.
Stop fixing broken CSV integrations.
Join the Partner Alliance. Get an NFR license to build a bank-grade "Iron Layer" for your practice and eliminate the liability of manual file uploads.