We perform complementary compliance reviews for your platform to ensure your integration is up to date on security, legal disclosures, integration best practices, etc. Here's what you need to know:
Step 1: Your platform architect will reach out to schedule your compliance review.
This is a 45-60 minute call via Google Hangouts. We perform these reviews 2-3 times per year.
Step 2: Share your staging domain with us or send us an invite to test your mobile app.
Prior to the call, we’ll need to walk through the user creation process, create test transactions, receive in app/web/email notifications and do some pen testing on the account. If you are using test credentials other than Synapse’s sandbox values (ex: an account aggregator's test values), then share those with us too.
Step 3: Make sure your spec sheet, security features, and legal requirements are up to date.
Your platform architect will include your most recent spec sheet (CIP/Flow of Funds) in the email. Please review it and let us know if anything has changed so that it’s up to date.
In the meantime, we will check for common security vulnerabilities (pen testing, backend, front end) and the legal requirements (also found on the bottom of your spec sheet).
Step 4: Who should be on the call?
A member of our security team and your platform architect will be on the call. It will help to have a member of your business or compliance team and a technical lead on the call as well.
Step 5: Resolve outstanding items
During the call we will go over missing items. Some of the items will need to get resolved within a week due to regulatory requirements and other items may have some extra buffer time. Your platform architect will let you know exactly what needs to be done and the timelines during the call and in a follow up email summarizing the review.
Step 6: Repeat in a few months to make sure that everything is still in a good state.
Hopefully nothing will change so there will not be outstanding items to resolve and go over :)