Compliance & Regulatory

Built to the standards regulated missions depend on.

Our platform is governed by a layered compliance program spanning financial-crime, cybersecurity, federal information security, and privacy regimes — with the controls to demonstrate adherence.

Home/Compliance
BSA / AML
Financial-crime controls
NIST CSF 2.0
Cybersecurity baseline
FISMA
Federal info security
Privacy Act
5 U.S.C. § 552a
GLBA
Data safeguards
Regulatory Domains

Five domains, one program.

Each domain has a governing authority, the obligations it imposes, and the controls we maintain to meet them.

Bank Secrecy Act (BSA / AML)

31 U.S.C. § 5311 · FinCEN · AMLA 2020
  • SAR & CTR reporting workflows
  • Customer Due Diligence / KYC
  • The five AML program pillars

Cybersecurity

NIST CSF 2.0 · SP 800-53 · FFIEC
  • Govern, Identify, Protect, Detect
  • Respond & Recover playbooks
  • Encryption in transit and at rest

FISMA

44 U.S.C. § 3551 · RMF · FIPS 199/200
  • System categorization by impact
  • Authorization to Operate (ATO)
  • Continuous monitoring

Privacy Act of 1974

5 U.S.C. § 552a
  • System of Records Notices (SORNs)
  • Individual access & amendment rights
  • Disclosure restrictions & accounting

Data Compliance

GLBA Safeguards · State privacy law
  • Classification & retention schedules
  • Breach-notification obligations
  • Vendor & third-party controls

Cross-Cutting Governance

Where the five domains interlock
  • Shared evidence & chain-of-custody
  • Coordinated compliance-officer roles
  • Single escalation flow
Governance

The domains interlock, they don't silo.

One discipline of recordkeeping and one escalation path serve every regime at once — so a single incident is handled coherently across the program.

  • Shared evidence trailChain-of-custody discipline serves BSA, FISMA, Privacy Act, and breach response simultaneously.
  • Coordinated role mapBSA Officer, CISO, Privacy Officer, and Data Governance lead aligned on one response.
  • Single escalation flowTrigger → owner → reporting obligation, defined before an incident occurs.
Compliance role map
BSA / AML Officer · financial-crime reporting
CISO · security & incident response
Privacy Officer · SORNs & individual rights
Data Governance Lead · classification & retention
Compliance Owner · program oversight
Authorities

Governing references.

The primary statutes and frameworks our program maps to.

01
Bank Secrecy Act — 31 U.S.C. § 5311 et seq.; 31 C.F.R. Chapter X
02
Anti-Money Laundering Act of 2020
03
NIST Cybersecurity Framework — CSF 2.0
04
NIST SP 800-53 / SP 800-37 — controls & RMF
05
FISMA 2014 — 44 U.S.C. § 3551; FIPS 199 / 200
06
Privacy Act of 1974 — 5 U.S.C. § 552a
07
Gramm-Leach-Bliley Act — GLBA Safeguards Rule
08
Applicable state privacy statutes

Statutory citations and reporting thresholds are subject to change. Verify against primary sources before relying on this summary; this page is a high-level overview, not legal advice.

Questions about our compliance posture?

Talk to our compliance team about how our controls map to your regulatory obligations.

Contact Sales →