Compliance & Regulation
13 technical briefings from 12 companies building compliance & regulation infrastructure.
Stride.ai co-founder Virajendra Daita walks through the company's unified AI platform for financial institutions — Doc AI for multi-language document processing, Web AI for no-code scraping of regulator and market sources, and an NLU layer for entity extraction and semantic search. The briefing covers an enterprise KYC orchestration that cuts corporate onboarding from ~29 days to ~1 day (saving €2M+/year), an 80,000-docs-per-day remittance processor, and live demos of KYC screening via Refinitiv and structured + unstructured document extraction.
Kareem Saleh
Fairplay founder and CEO Kareem Saleh walks through "fairness as a service" for any algorithm making high-stakes decisions. The briefing demos customer composition and demographic imputation, proxy detection on a bias-vs-predictive-power matrix, fair lending analysis across women, Black, Hispanic, API, and American Indian applicants with Shapley-based driver attribution, census-tract-level geographic maps, a Fairness Optimizer that adds $1M of profit while closing Black-applicant approval gaps, SR 11-7 model risk documentation, and second-look models that surface thousands of additional approvals from declined applications.
Antonio Georgalis, principal solution engineer at Prime Trust, demos the Prime Trust regulated custody and liquidity platform — the API-driven back-end infrastructure that connects crypto to the US dollar financial system for fintechs. The platform covers KYC-gated account creation (/v2/accounts), settlement, cash and asset transfers, and a liquidity API (/v2/quotes) that converts between dollars and roughly eight to ten supported digital assets via a request-for-quote flow. Money-in rails include ACH pull, wire, debit card, and Signet; money-out covers ACH and wire disbursements. The demo walks through the liquidity quote lifecycle end-to-end: RFQ with a price and expiration, execute, and check settlement status. Prime Trust runs two settlement modes — instant (settle asynchronously within milliseconds of execution, default) and scheduled (execute first, move funds in later, settle end-of-day, similar to T+2 in traditional markets) — plus a hot vs. warm balance distinction for automated vs. operations-reviewed disbursements.
Jordan Valentine & Davis Hart
Davis Hart and Jordan of Paxos walk through the regulated crypto infrastructure Paxos provides to financial institutions — including PayPal, Paxos's first crypto brokerage customer from 2020. This briefing focuses on the June 2022 transfers launch: the ability for Paxos customers to enable their end users to deposit and withdraw crypto directly into their wallets without a fiat round-trip. The demo covers the PayPal web UI receive/send flows, Paxos's guaranteed network fees, and the Postman walkthrough of the three-endpoint withdrawal API: create a crypto-withdrawal fee quote (rate locked for minutes so retail users have time to review), submit the withdrawal with amount-vs-total and fee-asset-selection UX tools for developers, and track the transfer to completion with compliance checks and block confirmations. A final deposit-address walkthrough shows how Paxos issues one address per blockchain per end-user — covering Bitcoin, Bitcoin Cash, Ethereum, and the rest of the asset list.
Philip Pieper & Sam Stone
Swarm Markets presents their BaFin-licensed DeFi exchange at V-Sum Twelve. Presented by Philip Pieper, covering regulated token swaps, the dOTC peer-to-peer trading service, SX1411 token standard, and their Passport compliance system.
Brian Billingsley & James Armstead
Brian, co-founder of Basis Theory, walks through the Basis Theory platform — a developer-first tokenization and encryption service for any sensitive value on the internet. The demo covers tenants (test/prod, sub-customer, or geo-split workspaces), Elements (drop-in UI that keeps you out of PCI scope for cards, bank accounts, SSNs, and driver's licenses), and server-to-server apps gated by PCI Level 1 attestation. Basis Theory tokenizes any serializable value — strings, documents, PII, cards, bank accounts — and returns a consistent token shape with type, fingerprint, and non-sensitive metadata so developers can dedupe without decryption. Customers can roll their own keypair (bring-your-own-key) so Basis Theory only sees ciphertext. The reactor system ships pre-built serverless templates (Stripe, Braintree, BIN analysis via Perapt) and private reactors for custom integrations, allowing partners to tokenize a card once and route to multiple processors without ever touching the raw PAN.
Jason Ioannides & Monica Murthy
Monica Murthy and Jason Ioannides of Alloy demo the Alloy identity decisioning platform — an "identity command center" financial institutions use to manage the customer lifecycle across fraud detection, KYC, AML, transaction monitoring, and (launching next month) credit underwriting. The briefing focuses on Alloy's onboarding product. At the core is the Alloy workflow — a visual no-code orchestration of 70+ third-party data sources (Iovation, LexisNexis, Socure, Ekata, ID Analytics, and more) that fan out from a single API call and return a consolidated approve/review/decline outcome. Compliance teams can edit rules in plain English (IF ID Analytics score ≥ 850 OR Socure Sigma Fraud ≥ 0.985), add entirely new data sources, and flip conditional-execution gates (skip KYC/AML on obvious frauds) — all from the UI, with version control, a change log, and role-based manual-review queues. Evaluation views expose every signal that fired and every raw data-source response for audit.
Soups Ranjan & Aditya Goel
Soups Ranjan, CEO and co-founder of Sardine, walks through the Sardine fraud and compliance API — a single endpoint for fintechs, crypto exchanges, challenger banks, and NFT platforms to prevent fraud, run KYC, monitor crypto transactions, and stay on top of AML and sanctions (PEP/SDN) screening. The demo shows how Sardine catches fraudsters running mobile emulators like BlueStacks, disposable phone numbers, and stolen dark-web identities — combining behavioral biometrics, device intelligence, and telco/social-graph enrichment with live Chainalysis and Coinbase Analytics calls. A no-code rule editor lets ops analysts chain dozens of fraud and AML typologies without writing code, and adverse-media signals cut AML false positives that plague traditional transaction-monitoring rules.
Credolab is a Singapore-headquartered company building smartphone-based behavioral credit scoring for the financially underserved. The demo shows how Credolab\'s lender-embedded SDK (Android) captures behavioral metadata alongside the borrower\'s consent during a standard loan-application flow — with no PII ever leaving the phone (50,000 behavioral data points compressed into a 50 KB JSON). The borrower sees transparent Google-policy permission prompts (allow/deny per permission), Credolab reports coverage completeness (e.g. 83% if some permissions are denied), and the score plus metadata (record ID, device ID, timestamp, permissions) surfaces in the lender\'s dashboard in real time. The Credolab score focuses on intent to repay (behavioral patterns matched against known defaulter features via proprietary ML) rather than ability to repay — so it complements existing bureau data rather than replacing it. Use cases span emerging markets without credit bureaus (thin-file approvals on fair terms), developed markets (risk-based / relationship-based pricing), and instant-decision products like short-term loans, buy-now-pay-later, e-commerce, and e-wallets. Credolab has 86 clients across 26 countries.
Riddhiman Das
TripleBlind demos a cryptographic platform for privacy-preserving data and algorithm exchange — an alternative to the status-quo model of decrypting and replicating third-party data (the Capital One / Experian problem). TripleBlind\'s novel one-way encryption is homomorphic-like but roughly a trillion times faster than full homomorphic encryption, and it works across text, voice, video, and images. The data can only be used for the purpose explicitly authorized, and algorithms themselves can also be encrypted — protecting IP and training data from reverse-engineering. The live demo uses Kaggle\'s customer-transaction-prediction dataset split across three mock organizations (Standard Chartered, JPMorgan Chase, BNP Paribas) running in three different browsers. Privacy-preserving EDA lets a data scientist see shape, distribution, and plots without seeing individual records. A feed-forward neural network (dense + ReLU layers) is trained across all three parties — each granting cryptographic consent with a justification — and produces a privacy-preserving PyTorch object that can be used for local inference or secure multi-party compute predictions (both algorithm and data stay hidden from each other). Training runs in minutes where FHE would take weeks, and the code is drop-in compatible with PyTorch, Pandas, TensorFlow, and XGBoost — GDPR, CCPA, and FDIC compliant.
Zach Kwartler
Zach Portler, product lead at Paxos, introduces Paxos as the regulated-custodian gateway between physical and digital assets, built for the multi-decade migration of $600T of assets from closed ledgers to public blockchains. Paxos is unusual in offering regulated custody and tokenization across four asset classes — crypto, cash, commodities, and securities — including USD-backed stablecoins (wire in, Paxos mints 1:1-redeemable tokens) and Pax Gold (PAXG), where tokenized gold balances on Ethereum are backed by physical gold in an unallocated account. This earlier briefing zooms in on the PayPal crypto partnership Paxos powers: the Paxos admin portal's signing ceremony for moving assets between banks and blockchains, and the four Paxos API endpoints PayPal uses under the hood (list-historical-prices for the chart, list-quotes to price a buy, create-quote-executions for the actual order, tickers for real-time holdings).
Peter Tapling & George Throckmorton
George (Nacha) and Peter demo Phixius — Nacha\'s business-focused data-services network for financial institutions, fintechs, and payment networks. Where consumer open banking addresses account holders, Phixius addresses the payment-provider side: exchanging data (ACH account validation, electronic payment information, etc.) between Credentialed Service Providers (CSPs) before a payment hits the rail. Phixius is point-to-point — no centralized storage, no give-to-get model. It combines standardized Nacha APIs with a blockchain/shared-ledger layer used for authentication, audit trail, and rule enforcement. Each request uses an authentication token that is effectively the address of a smart contract between the requesting CSP and responding CSP for that specific purpose. The demo runs two exchange services: an ACH account validation (routing + account → valid/invalid for Nacha), and an Electronic Payment Information exchange where Care-Free Catering at High-Rise Bank subscribes to payment info for Best Spreads at Low-Rise Credit Union — replacing the PDF-form email loop with an authoritative API exchange. A smart-contract subscription fires a notification when Best Spreads adds Zelle to their profile, proving the ongoing-update pattern.
Eli Polanco
Nivelo presents real-time ACH risk detection for payroll processors, ACH originators, and third-party senders. Instead of waiting the usual four-to-five-day ACH settlement window to find out a payment has failed, Nivelo's single API scores each debit and credit at the moment of origination — sub-second — combining identity, account, device, and behavioral signals into a machine-learned expected-loss score. The demo walks through a payroll processor flow (think ADP or Gusto) catching impersonation fraud at origination, triggering a real-time phone verification with the employee, and then exposing full score explainability in Nivelo's developer dashboard so ops teams can tune against false positives without a black-box model. Because Nivelo plugs in before the ACH batch file is built, it can act on richer payload data — payer/payee relationship, portal behavior, last account change — that the ACH network itself never sees.