PayKeeper Licensing and Regulatory Compliance

PayKeeper, Inc. is a Licensed Escrow Company in the State of Utah, USA;  and as such it engages in the control and/or disbursement of funds payable to laborers, contractors, subcontractors, material suppliers or others, for the purpose of satisfying bills incurred in construction projects. Additionally, PayKeeper manages the escrow process for various other applications and industries, in accordance with agreements between the parties.

Licensing and regulatory compliance:

  • Oversight by State regulatory entities that issue Escrow Company licenses. Requirements include but are not limited to:
    • filing of Escrow Call Reports
    • filing of Trust Fund Audit
    • Continuing Education
  • Annual GAAP corporate financial audit.
  • Surety Bonds at required minimums in accordance with each regulatory jurisdiction.
  • Liability Insurance at required minimums in accordance with each regulatory jurisdiction.

Anti-Money Laundering (AML) Compliance:

PayKeeper maintains a written Anti-Money Laundering (AML) compliance program in accordance with the Bank Secrecy Act (BSA), FinCEN regulations, and applicable international AML standards. Our program includes:

  • Know Your Business (KYB) and Know Your Customer (KYC) identity verification for all clients prior to onboarding
  • Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) for higher-risk clients, including Politically Exposed Persons (PEPs)
  • Ongoing transaction monitoring for unusual or suspicious activity
  • Sanctions screening against OFAC, UN Security Council, EU, and applicable international sanctions lists for all transactions and counterparties
  • On-chain blockchain analytics for stablecoin and virtual asset transactions
  • Suspicious Activity Report (SAR) filing with FinCEN as required
  • Currency Transaction Report (CTR) filing as required
  • AML records retained for a minimum of five (5) years

Our AML program is overseen by a designated Compliance Officer and subject to periodic independent review. Compliance inquiries: [email protected]

Identity Theft Prevention Program (ITPP):

PayKeeper maintains a written Identity Theft Prevention Program (ITPP) in compliance with the FTC Red Flags Rule (16 CFR Part 681) and CFPB Regulation V. The program is reviewed annually by senior management and addresses the detection, prevention, and mitigation of identity theft across all covered accounts.

The ITPP covers the five federal categories of identity theft red flags, including:

  • Alerts, notifications, or warnings from consumer reporting agencies or fraud detection services
  • Suspicious documents presented during account opening or access
  • Suspicious personal identifying information, including address discrepancies
  • Unusual use of, or suspicious activity related to, a covered account
  • Notices from customers, victims of identity theft, law enforcement, or other persons regarding possible identity theft

Annual board-level review of the ITPP is conducted in accordance with regulatory requirements.

Security of Escrow Funds:

  • Escrow trust account held at one of our banking partners. Current banking partners are JP Morgan Chase Bank, N.A., Continental Bank and Zions Bank.
  • Foreign exchange settlements are processed by JPMorgan Chase Bank, N.A, 383 Madison Avenue, New York, NY, 10179, United States.

How PayKeeper Secures Your Data:

  • We are SOC 2 Type II compliant and can provide our report upon request. 
  • We use automated security and compliance tools to stay compliant by continuously monitoring our applications, employees, systems, and data to improve our security posture and to respond potential threats quickly and effectively
  • Our Application hosting and Data Center partners are ISO 27001 and SOC 2 Type 2 certified
  • Sensitive customer data is managed in controlled and audited environments that meet the rigorous standards of the American Institute of CPAs (AICPA)
  • Secure Financial Transactions:
    • We are SOC 2 Type II compliant and can provide our report upon request. 
    • We use automated security and compliance tools to stay compliant by continuously monitoring our applications, employees, systems, and data to improve our security posture and to respond potential threats quickly and effectively
    • All financial transactions are securely processed through SOC II TYPE II partners
    • We are PCI compliant and can provide our attestation upon request. PayKeeper systems never have access to or store credit card details. Cards are processed through a premium partner with PCI DSS certifications
    • Bank accounts require dual signing authority on approving and processing transactions with a full audit log of requests
  • Data is secured in transit (≥TLS 1.2) and at rest (≥256-bit AES-GCM)

Privacy:

  • Client data is never sold and is only shared when required to perform our services
  • We have Data Processing Addendums in place with our partners to comply with CCPA, CPRA and other data privacy laws and regulations
  • Employees are required to pass background checks
  • Employees receive security and privacy training
  • Employees are required to sign non-disclosure agreements
  • Strict access controls within PayKeeper applications