Security & Compliance

Banking security your
regulators expect.

VeriFlow is built from the ground up for regulated financial services. Every session, every document, every identity check — encrypted, auditable, and fully compliant.

✓ AES-256 Encryption
✓ TLS 1.3 in transit
✓ ISO 27001 certified
✓ CBK · BoT · BoB compliant
Security architecture
Security built for financial services
🔐
End-to-End Encryption
All video sessions, documents, and identity data encrypted from the moment they leave the customer's device to the moment they reach the agent's screen.
  • AES-256 for data at rest
  • TLS 1.3 for data in transit
  • AWS KMS for key management
  • Zero plaintext exposure at any layer
🛡️
Session Integrity
Every session produces a cryptographically signed, tamper-proof audit trail. Timestamps, biometric results, document checks, and agent actions are all immutably recorded.
  • Cryptographically signed session records
  • CloudTrail audit logging for all API calls
  • Immutable session recordings in Amazon S3
  • 5-year retention per regulatory requirement
🔒
Identity Verification
Multi-layer identity confirmation: biometric face match, document OCR, IPRS national register cross-check, LexisNexis screening, and live liveness detection against spoofing.
  • Amazon Rekognition biometric matching
  • Liveness detection against photo/video spoofing
  • IPRS national register cross-check
  • LexisNexis screening integration
🏛️
Infrastructure Security
Deployed on AWS with enterprise security controls — WAF, GuardDuty, Security Hub, and VPC isolation. Regular penetration testing and vulnerability assessments.
  • AWS WAF and DDoS protection
  • GuardDuty threat intelligence
  • VPC network isolation per tenant
  • Quarterly penetration testing
🔑
Access Controls
Role-based access control with principle of least privilege. Multi-factor authentication for all agents and admins. Session tokens expire after inactivity. No shared credentials.
  • Role-based access control (RBAC)
  • MFA required for all agents and admins
  • Session token expiry on inactivity
  • AWS IAM with least-privilege policies
📋
Data Residency
Customer data remains in the region of their home bank. Tanzanian bank customers' data stays in AWS af-south-1. Kenyan data in eu-west-1. Full data residency compliance.
  • Region-isolated data storage per bank
  • No cross-border data transfer without consent
  • GDPR-compliant data handling
  • Right to erasure supported
Regulatory compliance
Compliant with every regulator that matters
VeriFlow is fully compliant with banking regulators across all active corridors — and proactively audited against each framework.
CBKCentral Bank of Kenya
KYC, AML, eKYC guidelines, session recording, and agent certification requirements fully implemented.
✓ Compliant
BoTBank of Tanzania
Tanzania data residency, CRDB and NMB compliance frameworks, and BoT digital banking regulations.
✓ Compliant
BoBBank of Botswana
BIHL and FNB regulatory requirements, Botswana KYC framework, and financial sector digital guidelines.
✓ Compliant
ISOISO 27001
Information security management system certified. Annual surveillance audits. All controls independently verified.
✓ Certified
GDPRGDPR
EU General Data Protection Regulation compliance for diaspora customers in Europe, including right to erasure and data portability.
✓ Compliant
AWSAWS Advanced Partner
SHINRAI Technologies holds AWS Advanced Tier Partner status — highest tier of AWS partner certification in East Africa.
✓ Advanced Tier
SOCSOC 2 Type II
Security, availability, processing integrity, confidentiality, and privacy controls audited and certified.
✓ Certified
PCIPCI DSS Level 1
Payment Card Industry Data Security Standard Level 1 compliance for any payment data handling within sessions.
✓ Compliant