Compliance & Regulations

Fidel80 maintains compliance with global regulations and industry standards, helping your organization meet KYC, AML, and data protection requirements.

Regulatory Compliance Overview

As an identity verification platform serving financial institutions and regulated businesses, Fidel80 is committed to maintaining the highest standards of regulatory compliance. We work with legal experts and compliance specialists to ensure our platform meets requirements across multiple jurisdictions.

KYC & AML Compliance

Know Your Customer (KYC)

Our platform helps institutions comply with KYC regulations by providing:

  • Government-verified identity confirmation
  • Document verification against national databases
  • Real-time identity validation
  • Comprehensive audit trails for regulatory reviews
  • Risk scoring and flagging of suspicious activities

Anti-Money Laundering (AML)

Fidel80 supports AML compliance efforts through:

  • Enhanced due diligence capabilities
  • Politically Exposed Persons (PEP) screening
  • Sanctions list checking
  • Adverse media monitoring
  • Ongoing monitoring and re-verification

Regulatory Frameworks Supported:

• Bank Secrecy Act (BSA)

• 5th Anti-Money Laundering Directive (5AMLD)

• Financial Action Task Force (FATF)

• FinCEN Customer Due Diligence

Data Protection & Privacy

GDPR Compliance

For European Economic Area (EEA) data subjects, we comply with the General Data Protection Regulation (GDPR):

  • Lawful basis for processing (legitimate interest, consent, legal obligation)
  • Data minimization and purpose limitation
  • Right to access, rectification, and erasure
  • Data portability
  • Privacy by design and by default
  • Data Protection Impact Assessments (DPIA)
  • Appointment of Data Protection Officer (DPO)
  • Standard Contractual Clauses for data transfers

CCPA/CPRA Compliance

For California residents, we comply with the California Consumer Privacy Act and Privacy Rights Act:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information
  • Right to non-discrimination
  • Transparent privacy notices

Other Privacy Regulations

PIPEDA (Canada)

Personal Information Protection and Electronic Documents Act

LGPD (Brazil)

Lei Geral de Proteção de Dados

PDPA (Singapore)

Personal Data Protection Act

Privacy Act (Australia)

Australian Privacy Principles

Financial Services Regulations

Payment Services Directive 2 (PSD2)

For EU payment service providers, our strong customer authentication (SCA) capabilities help meet PSD2 requirements for secure payment authorization.

eIDAS Regulation

We support electronic identification and trust services compliance, enabling secure cross-border transactions within the EU.

GLBA (Gramm-Leach-Bliley Act)

For US financial institutions, we maintain safeguards to protect customer financial information as required by GLBA.

Industry Standards & Certifications

SOC 2 Type II

Independent audit of security, availability, processing integrity, confidentiality, and privacy controls.

Audit Period: Annual
Report Available: Upon request under NDA

ISO 27001

Information Security Management System certification demonstrating systematic security controls.

Certification Body: BSI
Certificate: Valid until 2026

ISO 27701

Privacy Information Management System certification for data protection.

Extension of: ISO 27001
Focus: Privacy controls and GDPR compliance

PCI DSS Level 1

Payment Card Industry Data Security Standard for secure payment handling.

Assessment: Annual on-site audit
Compliance Level: Level 1 (highest)

Sector-Specific Compliance

Banking & Financial Services

  • Basel III capital requirements support
  • Dodd-Frank Act compliance assistance
  • MiFID II transaction reporting
  • FCA and PRA regulatory alignment (UK)

Healthcare

  • HIPAA compliance for patient identity verification
  • HITECH Act security requirements
  • Protected Health Information (PHI) safeguards

Telecommunications

  • SIM card registration requirements
  • Real Name Registration compliance
  • Telecommunications regulatory authority requirements

Gaming & Gambling

  • Age verification and responsible gaming
  • Gambling Commission compliance (UK)
  • Multi-jurisdiction licensing support

Audit Trail & Reporting

Fidel80 maintains comprehensive audit logs to support regulatory examinations and compliance reviews:

  • Immutable verification records with timestamps
  • Complete data lineage and processing history
  • User access logs and activity monitoring
  • API call logs with request/response details
  • Automated compliance reporting dashboards
  • Export capabilities for regulatory submissions

Retention Periods

• Verification records: 7 years (or as required by local regulation)

• Audit logs: 7 years minimum

• System logs: 1 year

• Backups: 90 days

Data Residency & Sovereignty

We understand the importance of data residency for compliance with local regulations. Fidel80 offers data residency options in multiple regions:

European Union

Frankfurt, Germany

United States

Virginia, USA

Asia Pacific

Singapore

United Kingdom

London, UK

Canada

Montreal, Canada

Australia

Sydney, Australia

Continuous Compliance Program

Compliance is not a one-time achievement but an ongoing commitment. Our program includes:

Regular Assessments

Quarterly internal compliance reviews and annual third-party audits

Regulatory Monitoring

Continuous tracking of regulatory changes across all jurisdictions

Employee Training

Mandatory compliance training for all staff with annual refreshers

Policy Updates

Regular review and update of policies to reflect regulatory changes

Compliance Inquiries

For compliance documentation, audit reports, or specific regulatory questions, please contact our compliance team.

Compliance Team: compliance@fidel80.com
Data Protection Officer: dpo@fidel80.com
SOC 2 Reports: Available under NDA
Certifications: Available on request