Skip to main content Skip to navigation

Now available: The State of Financial Crime 2025

Data privacy and security essentials in ComplyAdvantage Mesh

AML Compliance Knowledge & Training

No compliance professional gets up in the morning to assess the privacy and security credentials of their RegTech vendors. Yet ensuring that data is properly stored alongside clear and effective data governance procedures are in place is an essential foundation that must be established before a financial crime risk management partnership can begin.

This article outlines the data privacy and security work that underpins the ComplyAdvantage Mesh platform. It is designed to provide an overview of our security credentials that compliance leaders can share with IT and information security stakeholders, enabling them to focus on the core compliance capabilities and value-adds ComplyAdvantage offers that will help them improve the efficiency and efficacy of their compliance program. 

This article is part of a series on the capabilities of the ComplyAdvantage Mesh platform. Rather than being a dedicated privacy and security solution, Mesh is designed to provide a 360-degree view of risk in a single platform. Links to the rest of the series are available at the end of this article. 

The role of data privacy and security in financial crime compliance

While every RegTech vendor will need to meet key data privacy and security requirements to credibly offer services to customers, the nature and history of their technology stack play an important role in the ease with which they can deliver the best possible data protection.

ComplyAdvantage’s software stack is cloud-native, running largely in short-lived containers that are regularly recycled and updated, making them harder to attack. In addition to effective automation procedures, we have a dedicated InfoSec team that provides security training to our engineers and regularly reviews our processes. 

AML regulations on data privacy and security 

Whereas AML regulations are typically set at the national level or by a regional body such as the European Union, data security and data privacy standards are often international. The key requirements many firms will look to be certified against are:

  • ISO 27001: This international security standard provides a framework for “establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.” It is designed to help companies protect key information assets and comply with legal and regulatory requirements.
  • SOC 2: While ISO 27001 and SOC 2 overlap, some analysts have argued that SOC 2 takes a more flexible approach, built around five key criteria: security, availability, processing integrity, confidentiality, and privacy. 
  • GDPR: The General Data Protection Regulation is an EU law, but its scope and the breadth of the bloc’s coverage means it has implications for global firms. It also applies to firms processing EU citizens’ data, even if the company is not in the region. GDPR provides extensive guidance on how personal data should be handled and the consent firms need to get before using this data. Fines for non-compliance can reach 20 million Euros or 4 percent of global revenue, whichever is higher. 
  • OAuth 2.0: Short for “open authorization,” this standard is designed to allow a website or application to access resources hosted by other web applications on behalf of a user. It is the industry standard for online authorization.

How ComplyAdvantage Mesh approaches data security and privacy

The ComplyAdvantage Mesh platform meets these core global security standards, offering a number of certifications and capabilities, including:

  • ISO27001 compliance.
  • SOCII compliance.
  • OAuth2 is built into our REST API.
  • GDPR-compliant solutions and data handling practices.
  • Encryption at rest.
  • Encryption in transit.
  • The ability to separate and segregate data geographically.
  • Identity authentication.
  • Single sign-on (SSO) across a range of identity providers.
  • Configurable passwords.
  • Configurable roles-based permissions.

Find out more about ComplyAdvantage Mesh by reading the other articles in the series:

Explore how ComplyAdvantage Mesh gives firms a 360-degree view of risk

Find out more about how Mesh combines industry-leading AML risk intelligence with actionable risk signals to screen customers and monitor their behavior in near real-time.

Learn more

Originally published 21 January 2025, updated 27 January 2025

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2025 IVXS UK Limited (trading as ComplyAdvantage).