CommunityPay generates resale certificates as institutional packets — statute-compliant disclosure documents produced from live ledger data, bound to a cryptographic hash, and linked to the evidence chain that produced them.
This page describes how resale certificates are structured, how statutory compliance is enforced, and what happens when data is unavailable.
What Is a Resale Certificate?
A resale certificate is a legal disclosure document required when a unit in a condominium or common interest community is sold. State statutes define exactly what the certificate must contain — financial status, reserve fund health, insurance coverage, pending litigation, governing documents, and more.
The certificate is typically requested by the buyer, buyer's agent, or escrow company. The association (or its management) is required to produce it within a statutory deadline. In Washington State, that deadline is 10 days.
CommunityPay generates resale certificates from the same ledger data that governs day-to-day financial operations. The certificate is not a separate report compiled from spreadsheets — it is a structured extraction from the system of record.
Compliance Profile Architecture
Different states — and different statutes within the same state — define different disclosure requirements. CommunityPay handles this through a compliance profile registry.
What a Compliance Profile Contains
Each profile defines:
| Element | Purpose |
|---|---|
| Statutory reference | Which law governs this certificate (e.g., RCW 64.34.425) |
| Required items | Each disclosure item with its statute subsection mapping |
| Fee caps | Maximum preparation and update fees permitted by statute |
| Delivery deadline | Days within which the certificate must be produced |
| Buyer review period | Days the buyer has to cancel after receiving the certificate |
| Mandatory disclosures | Verbatim statutory text that must appear on the certificate |
Active Profiles
| Profile | Statute | State | Required Items |
|---|---|---|---|
| Washington Condominium Act | RCW 64.34.425 | WA | 20 |
| Washington WUCIOA | RCW 64.90.640 | WA | 26 |
Washington is notable because it has two concurrent regimes. The Condominium Act (RCW 64.34) applies to communities formed before July 2018. The Washington Uniform Common Interest Ownership Act (RCW 64.90) applies to communities formed after that date, and all Washington communities transition to WUCIOA by January 1, 2028.
CommunityPay does not guess which regime applies. The compliance profile is selected explicitly at generation time. If an association is unsure which statute governs their community, that is a legal question outside the scope of this system.
Profile-Driven Generation
When a resale certificate is generated, the compliance profile determines:
- Which data sections are assembled into the snapshot
- Which statute subsection each section maps to
- What the compliance check evaluates
- Which mandatory disclosure text is included verbatim
This means the same underlying data can produce certificates under different statutory regimes, and each certificate accurately reflects the requirements of its governing statute.
Data Sections
Each required disclosure item in the compliance profile maps to a data section in the evidence snapshot. Data sections are assembled from production models — not from a separate reporting layer.
Live Ledger Sections
| Section | Statute Reference | Data Source |
|---|---|---|
| Financial status | (b) — Assessments, delinquency | AR Invoice model |
| Association past-due obligations | (c) — Obligations past due >30 days | Invoice + Bill models |
| Reserve fund status | (g) — Reserve amounts and designations | Fund model, ReserveComponentService |
| Balance sheet | (i) — Accrual basis, within 120 days | ReportsService |
| Operating budget | (j) — Current operating budget | Budget model |
| Anticipated repairs | (f) — Repairs exceeding 5% of budget | FixedAsset + Budget models |
These sections are computed from the same double-entry ledger that enforces fund segregation, runs integrity scans, and produces enforcement decisions. There is no secondary data pipeline.
Record-Based Sections
| Section | Statute Reference | Data Source |
|---|---|---|
| Insurance coverage | (l) — Description and broker contact | HOAInsurancePolicy model |
| Special assessments | (b) — Special assessment schedule | SpecialAssessmentRecord model |
| Board composition | N/A — Governance context | BoardMemberTenure model |
| Governance attestation | N/A — Attestation status | GovernanceAttestation model |
| Other fees | (e) — Fees payable by unit owners | AssessmentSchedule model |
| Governing documents | (q) — Declaration, bylaws, rules | Document records |
Unknown Sections
Some statutory requirements reference data that CommunityPay does not currently hold — pending litigation, building code violations, warranty claims, leasehold terms, declarant unit counts.
CommunityPay does not omit these sections. It does not leave them blank. It emits a structured "unknown" payload:
{
"data_status": "unknown",
"statement": "CommunityPay does not currently hold litigation records for this association. The board or managing agent should provide this information separately."
}
This is a deliberate design choice. An omitted section is ambiguous — was the data unavailable, or was the system not asked? An "unknown" section is unambiguous. It tells the recipient exactly what the system knows and does not know, and who should provide the missing information.
Every required item in the compliance profile produces a section in the snapshot. The compliance check then scores coverage based on how many sections contain live data versus unknown payloads.
Compliance Check
After the snapshot is assembled, the system computes a compliance check. This is not a pass/fail judgment — it is a structured assessment of coverage against the statutory requirements.
What the Compliance Check Produces
| Field | Description |
|---|---|
| Total items | Number of required items in the compliance profile |
| Known items | Items with live data from the system of record |
| Unknown items | Items emitting "unknown" payloads |
| Coverage percentage | Known items divided by total items |
| Gap list | Specific statute subsections with unknown data |
What It Does Not Do
The compliance check does not determine whether the certificate is "legally sufficient." That is a legal conclusion that depends on the specific transaction, the parties involved, and potentially local custom. CommunityPay provides the data and the coverage assessment. Legal sufficiency is determined by the parties and their counsel.
Risk Flags
Each certificate includes risk flags — severity-ranked indicators of conditions that may affect the transaction or the certificate's completeness.
| Flag | Severity | Trigger |
|---|---|---|
| BALANCE_SHEET_STALE | CRITICAL | Balance sheet data is older than 120 days (statutory freshness requirement) |
| UNIT_DELINQUENT | HIGH | The selling unit has a past-due assessment balance |
| NO_INSURANCE | HIGH | No insurance policies are on file for the association |
| COMPLIANCE_GAPS | MEDIUM | Required disclosure items have unknown data status |
| INSURANCE_EXPIRING | MEDIUM | An insurance policy expires within 90 days |
| NO_ATTESTATION | MEDIUM | No governance attestation is on file |
| NO_RESERVE_STUDY | MEDIUM | No reserve study is on file |
| BOARD_NOT_FULL | LOW | Board seats are not fully filled |
Risk flags are sorted deterministically: CRITICAL first, then HIGH, MEDIUM, LOW. Within the same severity, flags are sorted alphabetically by code. This ensures identical inputs always produce identical flag ordering — a requirement for content hash consistency.
Cryptographic Integrity
Every resale certificate is an institutional packet with the same integrity guarantees as all CommunityPay attestation artifacts.
Content Hash
The evidence snapshot is serialized to canonical JSON (sorted keys, minimal separators, UTF-8) and hashed with SHA-256. The hash is computed from the JSON snapshot, not from the rendered PDF.
Version Chain
If a new certificate is generated for the same HOA, unit, and compliance profile, the previous certificate's content hash is stored in the new certificate's previous_packet_hash field. This creates a tamper-evident chain. An escrow company receiving version 3 of a certificate can verify the chain back to version 1.
Immutability
Once generated, the evidence snapshot, content hash, public ID, reference number, and scope cannot be modified. Lifecycle fields (status, delivery date, sharing settings) remain mutable. This is enforced at the application layer — the save() method rejects updates to immutable fields.
Mandatory Disclosures
Each compliance profile includes mandatory disclosure text that must appear verbatim on the certificate. These are statutory requirements, not CommunityPay editorial.
For Washington Condominium Act certificates:
Pursuant to RCW 64.34.425, the purchase agreement is voidable by the purchaser until the certificate has been provided and for five days thereafter, or until conveyance, whichever occurs first.
For WUCIOA certificates, an additional conspicuous notice is required:
The unit you are purchasing is part of a common interest community. As an owner, you will be obligated to pay assessments to the association. Failure to pay assessments may result in a lien on your unit and possible foreclosure.
These disclosures are embedded in the compliance profile definition, not composed at generation time. They cannot be edited, omitted, or paraphrased during certificate generation.
Multi-Jurisdiction Design
The compliance profile registry is designed for multi-state expansion. California (Civil Code 4525-4530) and Oregon (ORS 94.670) profiles exist as stubs with the statutory reference and jurisdiction identified but required items not yet mapped.
Adding a new jurisdiction requires:
- Mapping the statute's required disclosure items to data keys
- Defining fee caps, delivery deadlines, and buyer review periods
- Adding mandatory disclosure text from the statute
- Activating the profile
No changes to the generation engine, snapshot assembly, compliance check, or cryptographic infrastructure are required. The engine is jurisdiction-agnostic — the compliance profile provides the jurisdiction-specific logic.
How CommunityPay Enforces This
- Every disclosure item maps to a specific statute subsection (e.g., RCW 64.34.425(b) for assessments)
- Unknown data sections emit structured "unknown" payloads with explanatory text — never omitted
- Compliance check computed post-snapshot: coverage percentage, gap list, risk flags per statutory requirement
- Content hash (SHA-256) computed from canonical JSON snapshot, not rendered PDF
- Version chain links consecutive certificates via previous_packet_hash for tamper-evident history
- Compliance profile registry supports multiple regimes per state (e.g., WA condo vs. WUCIOA)