HomeGetting startedRegulatory compliance: PCI DSS, PSD2, GDPR, KYC/KYB, AML

Regulatory compliance: PCI DSS, PSD2, GDPR, KYC/KYB, AML

Updated on 19 Jul 2023

The regulations in the financial industry vary greatly across different countries and regions. However, with SDK.finance’s transactional engine software serving as a foundation for various fintech products and acting as a middle layer, it can be made to comply with any regulatory requirements in different areas. 

Please keep in mind that SDK.finance is a software platform and it does not handle the regulatory aspects of launching a financial technology product. Therefore, it is the responsibility of the customer to ensure regulatory compliance for their product built using SDK.finance Platform.

PCI DSS compliance

PCI DSS (Payment Card Industry Data Security Standard) compliance refers to a set of security standards that aim to ensure the protection of cardholder data and the secure handling of payment transactions. 

Since the main databases are managed by the customers on their side, SDK.finance software doesn’t store any user information or cardholder data. Therefore, PCI DSS compliance regulations do not directly apply to the SDK.finance Platform.

When using SDK.finance Platform as a foundation for a product that involves payment card transactions, you can implement the required measures to design and implement a storage system that aligns with PCI DSS compliance guidelines and use it as an autonomous standalone service with required storage and encryption within your own databases. 

GDPR compliance

Since SDK.finance does not store any user information or personal data, the direct application of GDPR (General Data Protection Regulation) to the SDK.finance platform is not possible.

As it is the SDK.finance customers who have control and ownership over the data (since they manage the databases where user information is stored) they are responsible for ensuring compliance with GDPR regulations. This entails establishing proper data protection protocols, implementing privacy policies, and conducting regular assessments to maintain compliance with GDPR regulations.

PSD2 compliance

PSD2 (Payment Services Directive 2) compliance refers to adhering to the regulatory requirements set forth by the European Union and primarily applied to payment service providers, banks, and other regulated entities that directly offer payment services and fall under the regulatory scope of the directive. 

SDK.finance provides the infrastructure and tools for building fintech products and is not a payment service provider or a regulated entity under PSD2. Plus, SDK.finance software does not handle or store user account information. This is why SDK.finance software itself is not directly applicable to PSD2 compliance.

So, it is the responsibility of the customer to ensure that their specific implementation and usage of the platform align with PSD2 compliance requirements. 

KYC/KYB procedures

The SDK.finance software onboarding process is designed to make it easy for our customers to gather all the essential end-user information needed to perform a reliable KYC check. Next, the data collected should be transferred for review to the relevant system Actor, which requires integration with a KYC/KYB provider. 

Although there is no pre-built integration with a KYC vendor, our Platform’s API-first architecture streamlines the development of custom integrations with any third-party KYC/KYB provider you prefer. 

AML transaction monitoring

SDK.finance software does not come integrated with an AML provider out of the box, as it is used in different countries with varying AML requirements. 

However, we have created a common API that enables easy integration with any AML provider of your choice. This ensures seamless operations following a standard flow.
Learn more.

Countries and geographical regions supported

The SDK.finance software is not restricted to any specific geographical area or country, making it applicable for use in any region. 

An exemption applies to the countries,  business corporations and companies, representatives, shareholders, or beneficiaries of which are subject to any sanctions including, but not limited to those imposed by entities such as the United Nations, the European Union, or the OSCE + FATF.