Compliance

OpenBanq is built compliance-first. Every rail, API, and data flow maps to explicit regulatory frames. Evidence packs available under NDA for qualified prospects.

PSD2 / PSD3

In production

European Commission / EBA

Payment Services Directive — SCA, secure communication, TPP authorization, consent

Evidence: Berlin Group NextGenPSD2 v1.3.12 conformance certified

FAPI 2.0

Certified

OpenID Foundation

Financial-grade API Advanced security profile — DPoP, MTLS, PAR

Evidence: OpenID Foundation FAPI 2.0 Baseline + Advanced certification

FDX 6.0

Certified

Financial Data Exchange

North American open-banking API standard (US, CA)

Evidence: FDX 6.0 member; annual conformance test

Open Banking UK v3.1.11

Certified

Open Banking Implementation Entity (OBIE)

UK CMA Order Part 4 specifications — AISP, PISP, CBPII

Evidence: OBIE Directory registration; FCA-authorised partner

Basel III

Implemented

Bank for International Settlements

Capital adequacy, LCR, NSFR — real-time calculation engine

Evidence: Annual independent actuarial review

SOC 2 Type II

Type II audit ongoing

AICPA

Security, availability, confidentiality, processing integrity, privacy

Evidence: Independent auditor: Big-Four firm (under NDA until report issue)

ISO 27001

Certified

ISO

Information Security Management System (ISMS)

Evidence: Certificate issued 2026; recertification 2029

ISO 20022

Native implementation

ISO

Universal financial messaging standard

Evidence: All payment/settlement messages natively ISO 20022

GDPR

Compliant

European Commission

Data protection regulation; right to erasure; data portability

Evidence: DPO on staff; DPIA on every new feature; quarterly review

DORA

In scope from 2026-01-17

EU — Digital Operational Resilience Act

ICT risk management, incident reporting, resilience testing

Evidence: Register of information maintained; TLPT program scheduled

PCI DSS 4.0

Level 1 assessment in progress

PCI Security Standards Council

Cardholder data environment (where applicable to issuer/acquirer rails)

Evidence: QSA engaged; report expected Q4 2026

AML / KYC (FATF Recommendations)

In production

FATF + jurisdiction-specific (FinCEN, NCA, AUSTRAC, etc.)

Customer due diligence, sanctions screening, transaction monitoring

Evidence: ComplyAdvantage + OFAC + EU + UN lists; SAR/STR rails

Enterprise compliance pack

Prospective enterprise customers receive a full compliance evidence pack under NDA: SOC 2 Type II report, ISO 27001 certificate, penetration test summaries, DPIA templates, DORA ICT register of information, regulatory attestations, and jurisdiction-specific cloud-residency matrix.

Request via [email protected].