Regulatory compliance: PCI DSS, PSD2, GDPR, KYC/KYB, AML

Updated on 01 Feb 2024

The regulations in the financial industry vary greatly across different countries and regions. However, with’s transactional engine software serving as a foundation for various fintech products and acting as a middle layer, it can be made to comply with any regulatory requirements in different areas. 

Please keep in mind that is a software platform and it does not handle the regulatory aspects of launching a financial technology product. Therefore, it is the responsibility of the customer to ensure regulatory compliance for their product built using Platform.

PCI DSS compliance

PCI DSS (Payment Card Industry Data Security Standard) compliance refers to a set of security standards that aim to ensure the protection of cardholder data and the secure handling of payment transactions. 

Since the main databases are managed by the customers on their side, the software doesn’t retain any user data or cardholder information, which means that the PCI DSS compliance regulations are not directly applicable to the Platform.

However, customers can issue payment cards for their end-users adhering to PCI DSS regulations thanks to the integration with Marqeta, a card issuing provider certified with PCI DSS level 1 and SSAE-18 compliance.

Also, is currently obtaining PCI DSS certification for its code storage and development procedure.

Alternatively, customers using it as a foundation for a product that involves payment card transactions can implement a storage system that aligns with PCI DSS compliance guidelines and use it as an autonomous standalone service with required storage and encryption within their own databases. 

GDPR compliance

Since does not store any user information or personal data, the direct application of GDPR (General Data Protection Regulation) to the platform is not possible.

As it is the customers who have control and ownership over the data (since they manage the databases where user information is stored) they are responsible for ensuring compliance with GDPR regulations. This entails establishing proper data protection protocols, implementing privacy policies, and conducting regular assessments to maintain compliance with GDPR regulations.

PSD2 compliance

PSD2 (Payment Services Directive 2) compliance refers to adhering to the regulatory requirements set forth by the European Union and primarily applied to payment service providers, banks, and other regulated entities that directly offer payment services and fall under the regulatory scope of the directive. provides the infrastructure and tools for building fintech products and is not a payment service provider or a regulated entity under PSD2. Plus, software does not handle or store user account information. This is why software itself is not directly applicable to PSD2 compliance.

So, it is the responsibility of the customer to ensure that their specific implementation and usage of the platform align with PSD2 compliance requirements. 

KYC/KYB procedures

The software onboarding process is designed to make it easy for our customers to gather all the essential end-user information needed to perform a reliable KYC check. Next, the data collected should be transferred for review to the relevant system Actor, which requires integration with a KYC/KYB provider. offers a pre-built integration with ComplyAdvantage, a KYC provider, to automate their customer identity verification process. Also, our Platform’s API-first architecture streamlines the development of custom integrations with any other third-party KYC/KYB provider if necessary. 

AML transaction monitoring is working on an integration with an AML provider, but it’s not yet available out of the box. 

However, we have created a common API that enables easy integration with any AML provider of your choice. This ensures seamless operations following a standard flow.
Learn more.

Countries and geographical regions supported

The software is not restricted to any specific geographical area or country, making it applicable for use in any region. 

An exemption applies to the countries,  business corporations and companies, representatives, shareholders, or beneficiaries of which are subject to any sanctions including, but not limited to those imposed by entities such as the United Nations, the European Union, or the OSCE + FATF.