Compliance

Our financial software for lendings is built with a strong commitment to regulatory compliance, ensuring that all operations, transactions, and data handling practices align with the latest legal requirements and industry standards.

1071 Compliance

As part of our dedication to supporting fair lending practices, our platform ensures compliance with Section 1071 of the Dodd-Frank Act, which mandates the collection and reporting of certain data related to credit applications. This includes data on the applicant’s race, ethnicity, sex, and income, and is designed to promote transparency and fair access to credit for underserved communities. Our software facilitates seamless data collection, storage, and reporting in accordance with CFPB (Consumer Financial Protection Bureau) guidelines.

Data Collection

The software allows lenders to collect and categorize relevant demographic data from applicants without compromising privacy or security. This data is stored in compliance with the regulatory standards to ensure accuracy and confidentiality.

Reporting & Documentation

The platform enables the generation of detailed reports in the format required by the CFPB, ensuring that lenders can fulfill their obligations regarding quarterly and annual reporting. All required data is easily accessible for audits and regulatory reviews.

Non-Discriminatory Practices

The system is designed to avoid any discrimination in the lending process. It ensures that all credit decisions are made based on fair, objective criteria, promoting equal access to financial products.

General Compliance with Financial Regulations

Beyond 1071, our platform is built to comply with a wide array of financial regulations, including:

PCI-DSS (Payment Card Industry Data Security Standard)

To safeguard customer payment information and ensure the secure processing of transactions, our platform complies with PCI-DSS standards, which set the security requirements for handling cardholder data.

GDPR (General Data Protection Regulation)

We prioritize the privacy of personal data. The platform is designed to help lenders manage their customers’ personal information in compliance with GDPR, ensuring that data is processed fairly, transparently, and securely.

SOX (Sarbanes-Oxley Act)

For publicly traded financial institutions, the software adheres to the Sarbanes-Oxley Act (SOX) provisions regarding data integrity, financial reporting, and internal controls.

BSA/AML (Lender Secrecy Act/Anti-Money Laundering)

Our software includes tools to assist lenders in complying with anti-money laundering regulations. It supports transaction monitoring, reporting of suspicious activities, and the collection of information for customer due diligence (CDD).

KYT (Know Your Transaction)

Our platform supports KYT protocols to help lenders monitor and assess transactions in real time. By analyzing transaction behavior against customer profiles and risk thresholds, the system can flag unusual activity, aiding in the detection of fraud, money laundering, and other financial crimes. This ensures compliance with evolving regulatory requirements while protecting the integrity of the financial system.

Audit and Reporting Features

The software incorporates robust audit trails and compliance reporting tools to ensure transparency and accuracy in all data handling. Detailed logs capture every action taken within the system, providing a clear record for audits and regulatory reviews. Automated reports are generated in real time to ensure that lenders can meet regulatory deadlines and expectations.

Data Security and Privacy

To support compliance with both financial and data protection regulations, our platform ensures the secure management and storage of all customer data. This includes data encryption, role-based access controls, and secure data backups. We also provide features to support data retention policies, ensuring that data is retained or destroyed in line with legal and regulatory requirements.

Training and Documentation

To support financial institutions in meeting compliance requirements, we offer ongoing training and support materials. Our compliance documentation, including guides for meeting Section 1071 and other regulatory standards, is easily accessible to help users understand the requirements and how the platform supports them. Additionally, our team provides assistance with any questions or issues related to compliance management.

Continuous Monitoring and Updates

As regulations evolve, we ensure our platform remains up-to-date with changes in financial compliance standards. Continuous monitoring is in place to detect and address any areas of non-compliance, and we provide regular software updates to incorporate any regulatory changes, ensuring that your institution remains compliant at all times.


By integrating 1071 Compliance alongside other regulatory requirements, our financial software provides a comprehensive solution for lenders, enabling them to meet their legal obligations while fostering fair and transparent lending practices.

SOC 2 Type II Compliance

SOC 2 Type II Compliance

SOC 2 Type II Compliance

Our financial software for lenders is designed with a strong commitment to the highest standards of security, confidentiality, availability, and privacy. As part of our dedication to protecting sensitive financial data, we maintain SOC 2 Type II compliance, demonstrating that our platform consistently meets stringent criteria for managing and safeguarding customer data in accordance with the AICPA Trust Services Criteria.

Our financial software for lenders is designed with a strong commitment to the highest standards of security, confidentiality, availability, and privacy. As part of our dedication to protecting sensitive financial data, we maintain SOC 2 Type II compliance, demonstrating that our platform consistently meets stringent criteria for managing and safeguarding customer data in accordance with the AICPA Trust Services Criteria.

1

Overview of SOC 2 Type II Compliance

Overview of SOC 2 Type II Compliance

SOC 2 Type II compliance is based on the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. A SOC 2 Type II audit evaluates both the design and operational effectiveness of controls over a defined period (typically 6 to 12 months), ensuring that the platform consistently operates according to rigorous security standards.

Our financial software undergoes independent third-party audits to assess and confirm that our internal controls and processes are compliant with the SOC 2 Type II criteria. The audit results provide transparency and assurance to our clients that their sensitive financial data is being managed securely.

2

Key Trust Services Criteria (TSC) Areas

Key Trust Services Criteria (TSC) Areas

Security

We employ a multi-layered security strategy to protect against unauthorized access, data breaches, and system vulnerabilities. Key features include:

Access Controls: Role-based access management and multi-factor authentication (MFA) to ensure that only authorized users have access to sensitive data and financial systems.

Encryption: All data transmitted across the platform is encrypted using TLS/SSL protocols, and sensitive data at rest is encrypted using AES-256 encryption.

Firewalls and Intrusion Detection: Comprehensive network security measures, including firewalls, intrusion detection systems (IDS), and continuous vulnerability scanning.

Availability

We maintain a highly available platform with 99.9% uptime to ensure reliable access to lending services. Our availability practices include:

Disaster Recovery & Backup: Automated daily backups, with encrypted off-site storage, and a robust disaster recovery plan to ensure business continuity in case of system failure or data loss.

Redundancy: Geographic and system redundancy to minimize downtime and ensure that services remain operational even during unexpected events.

Monitoring & Incident Response: Continuous monitoring and a dedicated incident response team to detect and address availability issues promptly.

Processing Integrity

We ensure the accuracy, completeness, and reliability of all transactions processed by our software. This includes:

Transaction Validation: Comprehensive validation checks for all financial transactions to ensure their accuracy and integrity before being processed.

Error Handling & Corrections: Clear procedures for detecting and addressing errors or discrepancies in financial processing, ensuring that all issues are promptly corrected and communicated to relevant stakeholders.

System Testing: Regular testing and quality assurance procedures to verify that our systems perform as expected, with no data integrity compromises.

Confidentiality

We protect the confidentiality of sensitive financial data and customer information by implementing the following practices:

Data Encryption: All sensitive data, such as customer records and transaction details, are encrypted both in transit and at rest, preventing unauthorized access.

Access Control: Strict access control policies ensure that only authorized personnel can access confidential information.

Third-Party Risk Management: We conduct thorough due diligence and security assessments on third-party vendors to ensure that they meet our confidentiality and security standards.

Privacy

We adhere to privacy laws and regulations, ensuring that customer personal information is handled in accordance with industry best practices. Our privacy practices include:

Data Collection & Usage: Transparent data collection processes, ensuring that customers are fully informed about how their data is used and shared, and that it is only used for the intended purposes.

GDPR & CCPA Compliance: Our platform is fully compliant with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) to ensure that customer data privacy rights are respected.

Data Retention & Disposal: We maintain strict data retention policies, ensuring that customer data is only kept for as long as necessary, and securely disposed of when no longer needed.

3

Regular Audits and Assessments

Our platform undergoes annual SOC 2 Type II audits performed by independent third-party auditors. These audits assess the effectiveness of our controls across the five Trust Services Criteria and provide assurance that we consistently meet the required standards. We maintain detailed reports that are available for clients to review, offering transparency into our security and compliance practices.

4

Client Assurance

SOC 2 Type II compliance ensures that our clients can trust that their data is being handled securely and in compliance with the highest industry standards. By choosing our platform, financial institutions can be confident that their sensitive financial data is protected, their operations are secure, and they are meeting their own regulatory obligations.

5

Ongoing Commitment to Security and Compliance

We are committed to continuously improving our security practices and maintaining SOC 2 Type II compliance year after year. This commitment includes regular updates to our security infrastructure, user access protocols, and data protection practices to stay ahead of evolving threats and regulatory requirements.

© 2025 Landjourney Technologies Inc. All rights reserved.