Built to Withstand Scrutiny
CoralLedger Comply is independently reviewed, mathematically deterministic, and cryptographically tamper-evident. Every calculation, attestation, and audit record meets the requirements of the Bahamas VAT Act 2014 — by design, not by assertion.
Four Pillars of Compliance Confidence
Each pillar addresses a distinct risk that VAT filers and auditors face. Together they form the most complete compliance posture available to Bahamian businesses.
Independent Review
Third-party regulatory review with no material non-conformances.
107 Golden Hashes
Deterministic calculations locked against 107 canonical test cases.
Immutable Audit Trail
Hash-chained records that cannot be altered without detection.
BICA Verification
Dual-condition gate ensures only authorised practitioners can attest.
Reviewed Against Primary Legislation
CoralLedger Comply's VAT calculation engine, attestation workflow, and audit trail architecture were reviewed by an independent regulatory specialist against the Value Added Tax Act 2014 (The Bahamas) and all published Department of Inland Revenue (DIR) guidance notes. The review was conducted prior to the platform's beta launch and covered the following areas:
-
✓
VAT calculation logic cross-referenced against the Value Added Tax Act 2014 and all DIR guidance notes
-
✓
Rate classifications verified for standard-rated, zero-rated, and exempt supply categories
-
✓
Apportionment methodology reviewed against the partial-deduction rules in Schedule 3
-
✓
Attestation workflow evaluated for alignment with §32 signatory requirements
-
✓
No material non-conformances identified at the time of review
Full review available in-platform. Registered CoralLedger Comply users can access the complete review report — including the reviewer's methodology, scope, and findings — from the Compliance section of the platform dashboard.
107 Golden Hashes
Every VAT computation in CoralLedger Comply is validated against 107 canonical expected outputs. For any given set of inputs the system always produces the same result — down to the cent. Calculations cannot drift silently.
107 Canonical Test Cases
Each golden hash covers a distinct input scenario: standard-rated supplies, zero-rated exports, exempt supplies, mixed-rate apportionment, food-store licence exemptions, and rate-spanning continuous supplies.
Deterministic Output
For every set of inputs, CoralLedger Comply produces byte-for-byte identical Output Tax, Input Tax, and apportionment fractions — run the same return today or in six months, the figures never drift.
Regression-Locked Calculations
Any code change that would alter the output for an existing test case breaks the golden-hash suite and is blocked from reaching production. The calculation engine cannot silently regress.
DIR Rate Schedule Alignment
All 107 cases are mapped to specific provisions of the VAT Act 2014 and the April 2026 DIR rate schedule. Each hash is annotated with the statutory reference it validates.
What "regression-locked" means in practice
Before any code change reaches production, the full golden-hash suite runs automatically. If a change would alter the output for even one of the 107 cases — even a rounding difference of a single cent — the build is rejected and the change is reviewed before it can proceed. The calculation engine is frozen against the Act; only a statutory amendment can unlock it.
What the Audit Trail Terms Mean
CoralLedger Comply uses precise, legally meaningful terminology in every audit record. Understanding these terms helps practitioners, auditors, and business owners interpret the evidence package confidently.
Audit Entry
A single, timestamped record that captures an action performed on a VAT return or transaction — who did it, what changed, and when. Every audit entry is individually hashed.
SHA-256 Hash
A cryptographic fingerprint generated from an audit entry's content. If even one character in the entry is altered after the fact, the hash changes — breaking the chain and triggering an alert.
Chain Link
Each audit entry includes the hash of the preceding entry, forming an unbroken chain. Deleting or reordering entries severs the chain and is immediately detectable.
Tamper Event
A detected break in the hash chain. CoralLedger Comply surfaces tamper events in the Audit Defense Dashboard with the exact entry where integrity was lost and the downstream records affected.
Chain Integrity Status
A real-time indicator showing whether all audit entries from creation to present remain unaltered. A passing status is exported as part of the Audit Defense Package submitted to auditors.
Immutable Record
An audit entry that has been sealed into the hash chain. No user — including platform administrators — can modify a sealed entry without breaking the chain and triggering an alert.
Practitioner Attestation You Can Stand Behind
The Bahamas Institute of Chartered Accountants (BICA) licences the practitioners who attest VAT returns on behalf of clients. CoralLedger Comply enforces a four-step verification gate before a practitioner's identity is ever stamped on a return.
Licence Submission
The practitioner enters their BICA licence number during onboarding. CoralLedger Comply records the number against the practitioner profile.
Engagement Letter Requirement
An active engagement letter between the practitioner and the client entity must be on file before the prefill pathway activates. Inactive or expired engagements are automatically excluded.
Dual-Condition Gate
Both an active client assignment AND an active attestation profile must be present. Either condition missing locks the prefill — no exceptions. The system cannot be overridden.
Prefill Attribution
When both conditions pass, Comply stamps the return with the practitioner's verified name and BICA licence number. Workload assignees who are not the practitioner of record never receive the prefill.
The dual-condition gate cannot be bypassed. Active client assignment AND active attestation profile must both be present. A workload assignee who is not the named practitioner of record never receives the prefill — by architecture, not by policy.
Every Sign-Off Is Permanently Sealed
When a VAT return is attested, CoralLedger Comply creates a cryptographically sealed attestation record that is stored independently of the underlying transaction log. No administrator, no platform update, and no future filing action can alter it.
One Sealed Record Per Return
When a VAT return is attested, CoralLedger Comply creates a separate, cryptographically sealed attestation record — distinct from the underlying transaction log. The record cannot be deleted or amended.
Timestamp and Signatory Capture
Each attestation record captures the UTC timestamp, the identity of the signatory, the signatory's declared authority (e.g. director, BICA practitioner), and the filing period covered.
Linked to the Return Snapshot
The attestation record references the exact state of the return at the moment of signing — if the underlying figures are ever queried, the system can reproduce the return as it appeared when attested.
Included in Every Audit Export
Attestation records are exported as a structured component of the Audit Defense Package — auditors receive both the return data and cryptographic proof that the signatory confirmed it.
Supplies That Require Additional Review
Three supply categories require a manual practitioner verification step before CoralLedger Comply will release the attestation prefill. These carve-outs exist because the correct tax treatment cannot be determined from transaction data alone.
Real Estate Deposits
Deposits received before a rate-change date may straddle two different VAT periods and rates. CoralLedger Comply flags these deposits for manual review and withholds the attestation prefill until the practitioner confirms the correct time-of-supply rule.
Rate-Spanning Continuous Supplies
A retainer or service contract that began before April 1, 2026 and extends beyond it requires apportionment workings. Comply calculates the split automatically but requires the practitioner to verify the contract start date before the prefill is released.
Complex Multi-Entity Groups
Group VAT returns involving intra-group supplies and shared overhead apportionment require group-level attestation by an authorised group officer. CoralLedger Comply routes these returns through the Group Compliance pathway — not the standard BICA prefill.
Flagging is automatic — resolution is your call. CoralLedger Comply surfaces every carve-out item during return generation so nothing is overlooked. The practitioner confirms each item before the prefill releases. If supply type is unclear, consult a registered VAT advisor or the Department of Inland Revenue before attesting.
Frequently Asked Questions
What is a "compliance posture"?
▼
A compliance posture is the sum of technical, procedural, and evidential controls a system puts in place to ensure every calculation, attestation, and record meets the requirements of the relevant law. CoralLedger Comply's compliance posture is built on four pillars: deterministic calculation, immutable audit trails, verified BICA attestation, and per-return sealed records.
What are the 107 golden hashes?
▼
107 golden hashes are the canonical expected outputs for 107 representative VAT scenarios — covering every rate category, supply type, and edge case in the Bahamas VAT Act 2014. The calculation engine is regression-locked against these outputs: any code change that would alter a result for an existing case is automatically blocked from reaching production.
Can a user or administrator alter an audit record?
▼
No. Once an audit entry is sealed into the hash chain, it cannot be modified by any user — including platform administrators. An attempted alteration would change the entry's hash, break the chain, and trigger an immediate tamper alert. The broken chain is visible in the Audit Defense Dashboard and is exported as part of the audit package.
How does BICA licence verification work?
▼
Practitioners enter their BICA licence number during onboarding. The number is stored against the practitioner profile and is stamped onto every return where the prefill pathway activates. Activation requires both an active client assignment and an active attestation profile — neither condition can be bypassed.
Are carve-out supplies automatically excluded from the prefill?
▼
Yes. When CoralLedger Comply detects a real estate deposit straddling a rate-change date, a rate-spanning continuous supply, or a complex group return, it withholds the attestation prefill and surfaces a review prompt. The practitioner must confirm each flagged item before the prefill is released.
Where can I find the independent regulatory review?
▼
The full review report is available to registered CoralLedger Comply users within the platform. Summary findings and the reviewer's methodology are reproduced on this page.
Compliance You Can Demonstrate
Independent review, deterministic calculations, immutable records, and verified BICA attestation — all in one platform. Free during beta through September 2026.