SECURITY & COMPLIANCE
The most advanced technologies to stay compliant to GDPR, KYC, AML
KYC / AML Compliance
Here at Sumsub data protection and financial compliance are at the core.
Sumsub’s identity verification platform is globally applicable, as our approach and methodology are carefully designed according to FATF recommendations regarding AML and CTF requirements (specifically, Article 10), which served the international basis for local AML laws.
The system is built on risk-based approach and follows global and local regulatory norms (including FATF, FINMA, FCA, CySEC, MAS). Our expertise in compliance and a range of technologies help businesses and financial authorities to speak in common language.
Enhanced KYC verification
The platform is equipped with tools for completely automatic verification as well as for checks based upon human review which is complied to current European legislation to non-face-to-face customer identification in banking industry.
We constantly monitor all the existing users’ profiles to manage the risks associated with your customers. The system will notify you if the user has been put on a Sanction list or his document has expired, so, you can react immediately in case of any changes.
Data Privacy Compliance
We at Sum&Substance established a comprehensive ongoing GDPR compliance program and give trainings and meetings on how important Data protection is for the whole core team. Just to show how we built transparency, here are a few examples of what we have in place:
We receive a customer consent before processing personal data. It is a separate checkbox before requesting a verification, so, a user clearly understands, what exactly he or she agrees with.
In the policy it is stated comprehensively, how the data will be used and for how long to give a user transparency and fair information about the purposes and methods of processing.
European Data Centers and Data Protection Officer
We store all the data in Amazon GDPR compliant servers which are located in EU. Overall responsibility for all data lies on DPO (Data Protection Officer), who lives and work in Berlin,Germany and doesn’t have any conflict of interest.
Despite of all the preparations, something always can go wrong. We have a tested process and technologies that allows us to detect and address breaches within 72 hours.
We know that data security is paramount, that’s why we’d like to tell you a bit about how we ensure it.
Secure data Storage
User data is stored in an encrypted format on our servers, which are kept at Uptime Institute classified Tier III data centers compliant with TIA-942 and PCI DSS standards. The data centers are protected technically and guarded physically around the clock by specially audited security personnel.
Leading Encryption Technologies
All data transfered on a protected channel with cryptographic encryption based on the TLS 1.2 protocol. Decryption keys are stored separately from the actual data, so people with criminal intent won’t get access to your sensitive data.
We work with independent experts from the sphere of information security in order to find and prevent potential vulnerabilities. Our site, iFrame, and API undergo constant penetration testing, security checks, threat detection, and testing of “white” and “black” drawers.
Our information security team performs regular checks on all aspects of our security systems.