Compliance-First Infrastructure

Security & Compliance

We built MyBank for regulated financial services from day one. Not as an afterthought.

FDIC Insured

Up to $250,000

SOC 2 Type II

Annual certified audit

256-bit AES

Encryption at rest

BSA/AML

Full compliance program

99.97% Uptime

SLA-backed availability

Six pillars of financial security

Every layer of our stack is designed with compliance, auditability, and integrity in mind.

FDIC-Insured Deposits

Deposits held at our sponsor bank partner, a Federal Deposit Insurance Corporation member institution. Each depositor insured up to $250,000.

FDIC MemberPass-through insuranceMember since 1986

SOC 2 Type II Compliant

MyBank's platform infrastructure has been audited against AICPA Trust Service Criteria. Annual SOC 2 Type II reports available to enterprise customers under NDA.

SOC 2 Type IIAnnual auditAICPA standards

Encryption at Rest & In Transit

All data encrypted with AES-256 at rest. TLS 1.3 enforced for all API and web traffic. Keys managed via AWS KMS with envelope encryption. Zero plaintext PII in logs.

AES-256TLS 1.3AWS KMS

BSA/AML Compliance

Full Bank Secrecy Act compliance including Customer Identification Program (CIP), ongoing transaction monitoring, SAR filing, and CTR reporting thresholds.

BSA compliantSAR/CTR filingKYC/CIP

Immutable Audit Ledger

Every balance change generates a write-once journal entry. Records cannot be modified, deleted, or backdated. Full export available for regulatory requests.

Write-onceTamper-evidentExport ready

Real-Time Fraud Monitoring

Machine learning anomaly detection on every transaction. Device fingerprinting, velocity checks, and behavioral biometrics on login and transfer flows.

ML anomaly detectionVelocity checksDevice fingerprinting

Banking-as-a-Service Architecture

MyBank operates as a fintech on top of regulated banking infrastructure. Our sponsor bank holds deposits and provides the regulatory licensing. We provide the product layer: behavioral controls, the dual-balance ledger, and the savings experience.

This model is fully compliant with Regulation E, Regulation D, NACHA operating rules, and applicable state money transmission regulations.

Core Banking

Double-entry ledger with real-time balance reconciliation

Sponsor Bank

FDIC-insured U.S. state-chartered bank (partner agreement)

ACH Processing

NACHA-compliant originator via Dwolla / Plaid integration

Card Network

Visa debit on Available Balance via Marqeta

KYC/Identity

Real-time identity verification via Alloy or Persona

Wire Transfers

Fedwire-enabled for outbound wires over $1,000

Incident Response

We maintain a 24/7 security operations process with documented incident response procedures. In the event of a suspected breach, we notify affected users within 72 hours per GDPR/CCPA timelines and within the timeframes required by applicable state breach notification laws.

Detection

< 15 min

Automated alerting

Notification

< 72 hrs

Regulatory requirement

Resolution SLA

P0: < 4 hrs

Critical incidents

Built to be trusted.

Open an account in 5 minutes. No fees.

Open Account Free