Every outgoing payment in CommunityPay passes through a multi-layer authorization system before funds move. This page describes the approval workflow, the enforcement checks, and the evidence artifact (FADR) that documents the complete authorization chain.
The Authorization Stack
Disbursement authorization operates in three layers:
Layer 1: Enforcement Guards
Before any payment can proceed, it passes through the bill_payment flow in the EnforcementDispatcher. This flow evaluates five guards in sequence:
| Guard | What It Checks |
|---|---|
| BalanceGuard (001) | Journal entry debits equal credits |
| ClosedPeriodGuard (002) | Payment is not posting to a closed accounting period |
| FundSegregationGuard (003) | Payment draws from the correct fund (operating vs. reserve) |
| FundEligibilityGuard (006) | L5 eligibility rules are satisfied for this fund operation |
| BillPaymentGuard (007) | Vendor payment amount is within configured limits |
If any guard fails, the payment is blocked and an EnforcementDecision with outcome BLOCK is recorded. The blocking guard, its failure code, and the reason are captured.
Layer 2: Approval Workflow
Payments that pass guard evaluation may still require approval depending on the amount and the HOA's configured approval thresholds.
The approval workflow supports:
- Single approval: One authorized user reviews and approves
- Dual approval: Two independent approvers required (for amounts above a second threshold)
- Board approval: Board resolution required (for amounts above a third threshold)
- Delegated approval: Approval authority can be delegated with explicit scope and expiration
Each approval step records: - Who approved (or rejected) - When they acted - What they saw at decision time (amount, vendor, bill details) - Any notes or conditions attached to the approval
Layer 3: Vendor Compliance Check
At payment time, the system checks the vendor's current compliance status via BuildRated:
- COI (Certificate of Insurance): Current, expiring, or expired
- License: Active, suspended, or expired
- Bond: Valid or lapsed
- W9: On file or missing
If the vendor has an active exclusion (e.g., expired COI triggered a BLOCK_PAYMENT exclusion), the payment is held until the compliance issue is resolved.
Approval Workflow Configuration
Each HOA configures its own approval thresholds:
| Setting | Description |
|---|---|
| Single approval threshold | Payments above this amount require one approver |
| Dual approval threshold | Payments above this amount require two independent approvers |
| Board approval threshold | Payments above this amount require board resolution |
| Auto-approval limit | Payments below this amount proceed without manual approval (guards still enforce) |
These thresholds are stored as policy configuration and snapshotted at decision time. If an HOA changes its thresholds, past approval decisions still reference the thresholds that were active when the decision was made.
The FADR Artifact
The Funds Authorization & Disbursement Record (FADR) is the evidence pack that documents the complete payment authorization chain.
What the FADR Contains
Each FADR captures:
Payment Identity - Reference number, type, status, amount, execution date - Payment method and gateway used
Vendor Identity - Vendor name, tax ID (masked), address - Payment method on file - BuildRated contractor link (if applicable)
Approval Chain - Every actor in the approval sequence - Their action (SUBMITTED, APPROVED, REJECTED, POLICY_OVERRIDE) - Timestamp of each action - Notes or conditions attached
Policy Snapshot - Approval thresholds active at decision time - Required number of approvers - Any overrides applied and their justification
Journal Entry - The balanced journal entry created by this payment - All lines with account codes, fund assignments, debit/credit amounts
Bills Paid - Every bill covered by this payment - Bill amounts, vendors, dates, and approval status
Vendor Compliance - BuildRated compliance status at payment time - COI, license, bond, and W9 status - Any active compliance alerts
Risk Assessment - Automated risk flag detection - Flags for: override usage, large payment, vendor compliance gaps, unusual patterns
Verification Status
Each FADR receives a verification status:
| Status | Condition |
|---|---|
| VERIFIED | All approvals complete, vendor compliant, no risk flags |
| NEEDS_REVIEW | Minor issues detected (e.g., single approver for amount near dual threshold) |
| FLAGGED | Risk flags detected — override used, vendor compliance gap, or unusual pattern |
Content Hash
The FADR evidence snapshot is hashed with SHA-256 using canonical JSON serialization. This hash enables independent verification that the FADR has not been modified after generation.
Version Chain
If a FADR is regenerated for the same scope, the new version links to the previous version via previous_packet_hash, creating a tamper-evident chain.
What This System Proves
For any payment in CommunityPay, the disbursement authorization system can answer:
- Was the payment authorized? — The approval chain shows who approved and when
- What rules governed the approval? — The policy snapshot shows the thresholds active at decision time
- Did the vendor meet compliance requirements? — The vendor compliance section shows credential status at payment time
- Was the journal entry correct? — The journal entry lines show the balanced posting with fund allocations
- Were any exceptions made? — Override records and risk flags show any deviations from standard process
These answers are not reconstructed from system state — they are frozen at decision time and stored in the immutable evidence snapshot. The FADR for a payment made six months ago reflects the exact state of the system at that moment, not the current state.
CARI Integration
Disbursement patterns and authorization effectiveness feed into the CARI Payment Behavior sub-score, which carries a 15% weight in the composite score. Prevented losses from guard blocks, dispute rates on completed payments, and collection rates on authorized disbursements are key signals. The ratio of override usage to standard authorization flow is also factored into the scoring computation.
For published methodology and component weights, see CARI Methodology and Scoring Framework.
How CommunityPay Enforces This
- Every vendor payment passes through the EnforcementDispatcher with bill_payment flow guards (GUARD_001 through GUARD_007)
- Configurable approval thresholds with multi-level chains: requester, reviewer, board approval for amounts above threshold
- FADR evidence pack captures the complete authorization chain from bill creation through payment execution
- Policy snapshots frozen at decision time — approval threshold changes do not retroactively affect past decisions
- Vendor compliance status (BuildRated VECR) checked at payment time and recorded in the FADR
- Risk flags auto-detected: override usage, large payment threshold, vendor compliance gaps