Security & Compliance Built In
Financial infrastructure demands the highest standards. Our platform is designed with security-first principles and multi-layered compliance controls at every layer.
Know Your Customer (KYC)
Tiered verification framework
Our KYC framework uses a risk-tiered approach. Lower-volume customers can onboard quickly, while higher-volume senders undergo additional verification steps to ensure regulatory compliance.
Up to $10,000 / month
- Company name and registration
- Business email verification
- Terms of service acceptance
- Use case description
Up to $150,000 / month
- All Tier 1 requirements
- Certificate of incorporation
- Beneficial owner ID verification
- Business bank statement
- Compliance questionnaire
Unlimited volume
- All Tier 2 requirements
- Full AML policy documentation
- Ultimate beneficial owner chain
- Third-party KYC report
- Ongoing annual review
Anti-Money Laundering (AML)
Multi-layer transaction monitoring
Transaction Monitoring
Every transaction is scored in real time using our proprietary risk engine. Transactions exceeding velocity thresholds or exhibiting suspicious patterns are flagged for manual review before processing.
- Real-time velocity checks
- Pattern anomaly detection
- Cross-customer linkage analysis
- Automated SAR filing support
Sanctions Screening
All senders, recipients, and associated parties are screened against global sanctions lists including OFAC SDN, UN Security Council, EU, and HM Treasury lists.
- OFAC SDN list screening
- UN consolidated sanctions list
- EU and UK sanctions registers
- PEP (Politically Exposed Person) screening
Risk Scoring
Each transaction receives a composite risk score based on geography, counterparty risk, behavioral signals, and on-chain analytics for the USDC source wallet.
- On-chain source-of-funds analysis
- Geographic risk weighting
- Counterparty risk assessment
- Behavioral velocity scoring
Compliance Reporting
Comprehensive transaction reporting for your own compliance obligations. Export transaction data with full audit trails, risk scores, and screening results.
- Full transaction audit trails
- Risk score history export
- Screening result documentation
- Regulatory report generation
Data Security
Encryption, isolation, and access controls
Encryption at Rest
All data is encrypted at rest using AES-256-GCM. Encryption keys are managed via a dedicated KMS with strict access policies and automatic rotation.
Encryption in Transit
All API and webhook traffic is enforced over TLS 1.3. We do not support TLS 1.0 or 1.1. Certificate pinning is available for mobile SDK integrations.
Environment Isolation
Production and sandbox environments are fully isolated at the network level. Separate databases, separate keys, separate infrastructure.
Access Controls
Role-based access control (RBAC) for dashboard users. API keys scoped by permission set. All privileged access is logged and audited.
Audit Logging
Immutable audit logs for all administrative actions, API calls, and data access events. Logs are retained for 7 years in tamper-evident storage.
Incident Response
Documented incident response procedure with a target RTO of 4 hours for Severity 1 events. Security incidents are disclosed to affected customers within 72 hours.
Regulatory Framework
[PLACEHOLDER โ Requires legal review]
Settlra Technologies Ltd operates under applicable regulations in our operating jurisdictions. We maintain a compliance program aligned with FATF recommendations for virtual asset service providers (VASPs). Our compliance documentation is available to enterprise customers under NDA.
SOC 2 Type II
In Progress โ Expected Q4 2025
FATF VASP Compliance
Aligned [PLACEHOLDER]
GDPR
Compliant [PLACEHOLDER]
ISO 27001
Roadmap 2026 [PLACEHOLDER]
Need our security documentation?
Enterprise customers can request our full security whitepaper, penetration test reports, and compliance documentation.
Contact Security Team