Compliance & Security
How we structure our controls, protect customer funds, and operate as a trusted infrastructure partner.
Regulatory framework
MoneyTrans® operates as a financial technology platform in coordination with regulated financial institution and payment partners.
Banking and payment rails are provided through partners registered with relevant national authorities (e.g. FinCEN MSB in the U.S.).
Operations in each jurisdiction are conducted under the licenses of our partner network. Coverage expands as new partners are onboarded.
Originator and beneficiary information is captured and transmitted with each transfer in line with FATF Recommendation 16.
Transaction records, KYC artifacts, and AML alerts are retained for the minimum statutory period in each jurisdiction (typically 5+ years).
AML program
A risk-based framework covering onboarding, transaction monitoring, sanctions screening, and reporting.
Risk-based approach
Customers, corridors, and counterparties are scored across multiple dimensions; reviews and limits adjust accordingly.
Transaction monitoring
Real-time analytics across velocity, amount, geography, and behavioral baselines. Alerts trigger structured case management.
Suspicious activity review
Trained analysts review escalated alerts. Suspicious activity reports (SARs / STRs) are filed where required through partner channels.
Independent testing
AML controls are periodically reviewed against the BSA / FATF framework. Findings feed a remediation log.
KYC / KYB procedures
Identity, address, and business verification with tiered due diligence calibrated to risk.
KYC tiers
| Tier | Scope | Checks |
|---|---|---|
| Basic | Personal data only (name, DOB, contact). Low transfer limits. | Email verification, sanctions screen. |
| Standard | Government ID + selfie liveness. Mid-range limits, more corridors. | Document verification, ID + biometric match, address proof. |
| Enhanced | Source of funds, occupation, additional documents. Highest limits. | Enhanced due diligence, PEP screening, source-of-wealth review. |
KYB for business partners
Entity verification
Incorporation documents, registered address, and good-standing check.
Beneficial ownership (UBO)
Identification of beneficial owners ≥ 25 % with documentation and screening.
Compliance officer
Designated point of contact for AML matters at partner side.
Ongoing review
Periodic re-verification triggered by activity, geography, or risk changes.
Sanctions & PEP screening
- Real-time matching against OFAC, UN, EU and HMT sanctions lists
- PEP (Politically Exposed Person) and adverse media screening
- Screening at onboarding, before each transfer, and on list refresh
- Automatic block + analyst review for any positive match
- Transparent dispositioning with audit-ready case records
Fraud & abuse prevention
Per-transaction risk score
Combines device fingerprinting, behavioral signals, IP / geo intelligence, and historical patterns.
Velocity controls
Configurable thresholds per amount, frequency, corridor, and recipient profile.
Device & session monitoring
Device trust signals, session integrity checks, and anomalous-access alerts.
Account-takeover defense
Step-up authentication on high-risk operations and out-of-band notifications for sensitive changes.
Data security & privacy
Encryption in transit & at rest
TLS 1.2+ for all traffic; AES-256 for data at rest; pgcrypto column-level encryption for sensitive PII.
Key management
Encryption keys rotated and stored separately from the application. Production secrets segregated from non-production.
Privacy principles
Data minimization, purpose limitation, and explicit retention windows. Subject access requests honored through compliance channels.
Breach notification
Incident response plan with defined timelines for notifying affected customers and regulators where required.
Operational security
Role-based access controls
Least-privilege permissions for owners, administrators, compliance officers, analysts, and operators. Reviewed periodically.
Multi-factor authentication
OTP and TOTP enforced for staff and high-risk customer flows; mandatory step-up on sensitive operations.
Append-only audit logs
Every administrative action, ledger entry, and configuration change recorded in immutable EventLog and TreasuryAuditLog tables.
Incident response
On-call rotation, runbooks, and post-mortem culture with timely customer / partner communication.
Safeguarding of customer funds
MoneyTrans® is a financial technology platform and not a bank. Banking and payment services are provided through regulated financial institution and payment partners. Customer funds are held in custodial and / or for-benefit-of (FBO) accounts maintained by these partners, separated from MoneyTrans® operational funds.
- FBO accounts segregated per partner / tenant
- Daily reconciliation between ledger balances and bank balances
- Independent audit log of every balance movement
- Read-only treasury views for compliance staff
Need to talk to the compliance team?
Reach our compliance and legal team directly for due diligence, regulatory questions, or partner onboarding.
Contact compliance