Compliance

This page is dedicated to our business partners. If you’re a user of our online tools - please visit this site.

Kontomatik delivers services with great care for regulations compliance, mainly in these aspects:

Compliance
Financial supervisory
authorities
PSD 2
Data protection
ISO 27001

Financial supervisory authorities

Depending on our clients, the country they operate in and other factors, one of our entities  is involved - Kontomatik Sp. z o.o. or Kontomatik UAB. Both of them are monitored and required to report their financial services activities to the supervisory authorities.

Kontomatik Sp. z o.o. is supervised by KNF (Komisja Nadzoru Finansowego, en. Polish Financial Supervision Authority) which in 2019 granted us the authorization to perform Open Banking services (as an Account Information Services Provider) - as the first company in Poland to be able to do so.

Kontomatik UAB has also been authorized to act as an Account Information Services Provider even before that, in 2018, by Bank of Lithuania (lt. Lietuvos bankas).

You can find the our official registry entries under these links:

PSD2

PSD2 is a European Union directive being a response to the rapid technological development in the area of finance. Among many regulations concerning payment services, the Open Banking area has been introduced officially creating a new category of payment providers - Third Party Providers.

Under certain conditions with authorization from local authorities, TPPs can offer services related to account information (AIS), payments (PIS) and more.

Complementing the PSD2, another document has been created, called RTS (Regulatory Technical Standards). It goes more into detail about how certain PSD2 regulations should be implemented specifying required security levels, technical methods of accessing account information, performance, data range or how often it can be accessed and much more.

If you’re interested in reading the documents, follow these links:

Data Protection

As we process a lot of personal and financial information, we care deeply about data protection. Here are some of the core data-related activities we engage in:

  • Access control - we minimize the number of people that can actually access the data to those who absolutely need it for our services to work properly.
  • Encryption - not only do we encrypt the data, but we also choose currently recommended algorithms.
  • Anonymization - where possible, we anonymize personal information even the ones we store internally.
  • Vulnerabilities management - we have employed automatic mechanisms informing us about CVEs (Common Vulnerabilities and Exposures) so we can update our systems.
  • Access monitoring - we log and review regularly every activity related to access to any data.
  • Cloud environment - we use services of renowned cloud providers which increases the overall security of our systems.

ISO

ISO/IEC 27001 is an international norm standardizing information security management. We’re proud to be ​​certified since 2018 with yearly certification reviews confirming we still adhere to the highest standards of security.

The norm is defined by 14 different domains, more notable ones include:

  • Information security policies
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • System acquisition, development and maintenance
  • Information security incident management

More about the norm: https://www.iso.org/isoiec-27001-information-security.html

If you are interested in any of the above topics or you want to get detailed information on the security measures applied in Kontomatik, send an inquiry via the contact form or directly to the e-mail address available in the contact section