Regulatory compliance: PCI DSS, PSD2, GDPR, KYC/KYB, AML
The regulations in the financial industry vary greatly across different countries and regions. However, with SDK.finance’s transactional engine software serving as a foundation for various fintech products and acting as a middle layer, it can be made to comply with any regulatory requirements in different areas.
Please keep in mind that SDK.finance is a software platform and it does not handle the regulatory aspects of launching a financial technology product. Therefore, it is the responsibility of the customer to ensure regulatory compliance for their product built using SDK.finance Platform.
PCI DSS compliance
PCI DSS (Payment Card Industry Data Security Standard) compliance refers to a set of security standards that aim to ensure the protection of cardholder data and the secure handling of payment transactions.
Since the main databases are managed by the customers on their side, the SDK.finance software doesn’t retain any user data or cardholder information, which means that the PCI DSS compliance regulations are not directly applicable to the Platform.
However, SDK.finance customers can issue payment cards for their end-users adhering to PCI DSS regulations thanks to the integration with Marqeta, a card issuing provider certified with PCI DSS level 1 and SSAE-18 compliance.
Also, SDK.finance is currently obtaining PCI DSS certification for its code storage and development procedure.
Alternatively, SDK.finance customers using it as a foundation for a product that involves payment card transactions can implement a storage system that aligns with PCI DSS compliance guidelines and use it as an autonomous standalone service with required storage and encryption within their own databases.
Since SDK.finance does not store any user information or personal data, the direct application of GDPR (General Data Protection Regulation) to the SDK.finance platform is not possible.
As it is the SDK.finance customers who have control and ownership over the data (since they manage the databases where user information is stored) they are responsible for ensuring compliance with GDPR regulations. This entails establishing proper data protection protocols, implementing privacy policies, and conducting regular assessments to maintain compliance with GDPR regulations.
PSD2 (Payment Services Directive 2) compliance refers to adhering to the regulatory requirements set forth by the European Union and primarily applied to payment service providers, banks, and other regulated entities that directly offer payment services and fall under the regulatory scope of the directive.
SDK.finance provides the infrastructure and tools for building fintech products and is not a payment service provider or a regulated entity under PSD2. Plus, SDK.finance software does not handle or store user account information. This is why SDK.finance software itself is not directly applicable to PSD2 compliance.
So, it is the responsibility of the customer to ensure that their specific implementation and usage of the platform align with PSD2 compliance requirements.
The SDK.finance software onboarding process is designed to make it easy for our customers to gather all the essential end-user information needed to perform a reliable KYC check. Next, the data collected should be transferred for review to the relevant system Actor, which requires integration with a KYC/KYB provider.
SDK.finance offers a pre-built integration with ComplyAdvantage, a KYC provider, to automate their customer identity verification process. Also, our Platform’s API-first architecture streamlines the development of custom integrations with any other third-party KYC/KYB provider if necessary.
AML transaction monitoring
SDK.finance is working on an integration with an AML provider, but it’s not yet available out of the box.
However, we have created a common API that enables easy integration with any AML provider of your choice. This ensures seamless operations following a standard flow.
Countries and geographical regions supported
The SDK.finance software is not restricted to any specific geographical area or country, making it applicable for use in any region.
An exemption applies to the countries, business corporations and companies, representatives, shareholders, or beneficiaries of which are subject to any sanctions including, but not limited to those imposed by entities such as the United Nations, the European Union, or the OSCE + FATF.