Settla

Overview

Trust, Security, and Compliance at Settla

Settla is building cross-border financial infrastructure designed to meet enterprise risk, security, and regulatory expectations — with compliance embedded by design, not added as an afterthought.

This Trust Center outlines how we approach security, compliance, and operational risk across our platform. It exists to reduce enterprise procurement friction, pre-empt security and compliance questionnaires, signal operational maturity, and anchor credibility in structure — not hype.

Security by design

Operational and technical safeguards built into infrastructure, access management, and transaction oversight.

Compliance-native

Regulatory and compliance considerations embedded directly into transaction structuring and execution workflows.

Operational maturity

Audit-ready processes, documented execution, and a procurement-ready posture across complex corridors.

Human oversight

Trained specialists review exceptions and have the authority to escalate or halt execution when warranted.

Security

Security Embedded Across Infrastructure and Operations

Security at Settla is treated as an operational discipline integrated into infrastructure design, access management, transaction oversight, and data protection.

Core Security Principles

End-to-end data protection

Data is protected at every stage of the transaction lifecycle using encryption, segmentation, and industry-standard security controls.

Role-based access controls

Access is granted based on role and responsibility, ensuring least-privilege access and strong separation of duties.

Continuous monitoring

Systems and transactions are continuously monitored to detect anomalies, enforce policies, and ensure operational integrity.

Secure handling of sensitive business and transaction data

Sensitive data is handled with strict controls, secure environments, and defined retention policies.

Operational Security Timeline

  1. 1

    Transaction Intake

    Transaction details are received and validated through secure intake channels.

  2. 2

    Verification

    Counterparties and transaction parameters are verified against internal and external controls.

  3. 3

    Routing

    Transactions are routed through approved corridors based on risk, policy, and operational rules.

  4. 4

    Monitoring

    Real-time monitoring ensures activity remains within policy and risk thresholds.

  5. 5

    Settlement

    Settlement is executed securely with reconciliation and confirmation.

  6. 6

    Audit Logging

    All actions are securely logged to ensure traceability, accountability, and audit readiness.

Compliance

Compliance Designed for Modern Cross-Border Operations

Settla structures its operations to support regulatory compliance across the jurisdictions in which it operates. Compliance considerations are embedded into execution workflows to ensure legitimacy, transparency, and long-term scalability.

Compliance Focus Areas

Transaction monitoring and review

We monitor transactions in real time and conduct periodic reviews to detect anomalies, assess risk, and ensure alignment with applicable requirements.

Know-Your-Business (KYB) processes

We maintain robust KYB procedures to verify business legitimacy, ownership structure, and the ongoing risk profile of counterparties.

Risk-aware corridor structuring

Corridors are evaluated based on regulatory landscape, counterparty risk, and operational complexity to ensure reliable outcomes.

Documented execution and settlement flows

All execution and settlement activities are documented with clear audit trails to support transparency and traceability.

Enterprise Due Diligence Readiness

We support our enterprise partners with the documentation, transparency, and controls needed to meet internal risk and procurement requirements.

Security review readiness

We provide the information and evidence needed to support security and compliance reviews efficiently.

Structured controls

Our policies, controls, and processes are designed to meet enterprise and regulatory expectations.

Documentation workflows

We maintain organized, up-to-date documentation to streamline due diligence and vendor assessments.

Procurement-ready posture

We align with enterprise procurement standards and support questionnaires and assessments.

Framework

The Settla
Trust Framework

Trust at Settla is governed by a clear operating framework — the Settla CREED.

This framework defines how we design systems, structure transactions, and scale responsibly across jurisdictions.

C

Compliance by Design

Settla embeds regulatory and compliance considerations directly into transaction structuring, execution workflows, and operational processes.

Customer Outcomes:

  • Reduced regulatory exposure
  • Clear documentation and traceability
  • Faster vendor and compliance reviews
R

Reliability in Execution

We prioritize execution certainty over theoretical speed.

Customer Outcomes:

  • Predictable settlement outcomes
  • Reduced operational failure risk
  • Confidence in mission-critical payments
E

Economic Alignment

Settla aligns incentives across clients, partners, and liquidity providers.

Customer Outcomes:

  • Transparent pricing structures
  • Lower counterparty risk
  • Long-term service continuity
E

Excellent-Grade Controls

Systems and processes designed for enterprise expectations.

Customer Outcomes:

  • Audit-ready operational processes
  • Mature internal controls
  • Procurement-ready vendor posture
D

Diligent Trust Infrastructure

Human judgment, compliant execution, and secure technology working together.

Customer Outcomes:

  • Long-term infrastructure partner
  • Not a shortcut around regulation
  • Not a fragile point solution

Risk Management

Execution Certainty in Complex Financial Corridors

Settla manages operational and financial risk through structured execution controls and defined decision pathways.

Execution Controls

Corridor-specific risk assessment

Each corridor is evaluated for regulatory, counterparty, liquidity, and operational risk factors before execution.

Defined execution parameters

Execution rules, thresholds, and controls are established in advance to ensure consistency and risk alignment.

Human oversight and escalation mechanisms

Trained professionals review exceptions and have the authority to escalate or halt execution when warranted.

Traceable transaction workflows

All actions, decisions, and system events are recorded to ensure full traceability and audit readiness.

Execution Workflow Timeline

  1. 1

    Transaction Intake

    Transaction details are captured and validated against basic criteria.

  2. 2

    Compliance Review

    Regulatory and policy checks are performed before proceeding.

  3. 3

    Corridor Validation

    Corridor risk, counterparty, and liquidity are validated for suitability.

  4. 4

    Routing & Liquidity

    Optimal route is selected and liquidity is confirmed for execution.

  5. 5

    Settlement Coordination

    Settlement instructions are issued and counterparties are aligned.

  6. 6

    Monitoring & Reporting

    Transactions are monitored in real time and reported for transparency.

Assurance

Building Toward Internationally Recognized Assurance Standards

Settla is committed to achieving and maintaining internationally recognized certifications that reflect our dedication to security, privacy, and operational excellence. Our assurance roadmap reflects our transparency and long-term commitment to enterprise-grade standards.

SOC 2 Type II

In Progress

We are working toward SOC 2 Type II certification to validate the effectiveness of our controls across security, availability, processing integrity, confidentiality, and privacy.

Progress

65%

Focus Areas

  • Control design and evaluation
  • Evidence collection
  • Independent audit preparation

ISO 27001

In Progress

We are pursuing ISO 27001 certification to strengthen our information security management system (ISMS) and align with global best practices.

Progress

55%

Focus Areas

  • ISMS framework implementation
  • Risk management alignment
  • Documentation and audits

GDPR Alignment

In Progress

We are aligning with GDPR principles to ensure appropriate data protection, privacy rights, and responsible data handling across our operations.

Progress

60%

Focus Areas

  • Data protection governance
  • Privacy by design
  • Rights management and processes

Transparency over premature claims.

Settla does not claim certifications before completion or formal audit validation. We believe in earning trust through verifiable outcomes, independent assessments, and continued accountability.

Responsible Disclosure

Security Research and Responsible Reporting

Settla is committed to maintaining the security, integrity, and reliability of our platform. We welcome security researchers and responsible disclosure of potential vulnerabilities.

Scope

This policy applies to all Settla systems, services, applications, and infrastructure, including associated environments and subdomains. We appreciate researchers who help us improve by reporting potential security vulnerabilities.

Reporting Process

Please submit all security findings to our security team using the secure email listed below. Provide as much detail as possible to help us reproduce and assess the issue. Do not access, modify, or delete data that does not belong to you.

Expected Response Times

We acknowledge all valid reports within 48 hours. Initial triage is typically completed within 5 business days. We will keep you informed throughout the process and provide updates at key milestones.

Safe Harbor Principles

We follow industry-standard safe harbor principles. Good faith research conducted in accordance with this policy will not result in legal action. We ask that you do not publicly disclose the vulnerability until we have had a reasonable time to address it.

Communication Standards

We value clear, professional, and respectful communication. Researchers will be treated as partners in helping us strengthen our security posture.

Disclosure Workflow

  1. 1

    Submit Report

    Share details of the potential vulnerability via our secure reporting channel.

  2. 2

    Review & Validation

    We validate and assess the report and determine impact and priority.

  3. 3

    Remediation

    We address the issue and implement fixes with rigorous testing.

  4. 4

    Resolution & Communication

    We confirm resolution and communicate outcomes with the researcher.

Contact & Escalation

Security Contact
security@settla.ca

Use this email for all security reports and related inquiries.

Enterprise Escalation

For time-sensitive or high-impact matters, please include [ESCALATION] in the subject line. We will prioritize accordingly.

Response Expectations

We acknowledge all reports within 48 hours and aim to provide an initial response within 5 business days.

FAQs

Frequently Asked Questions

Find answers to common questions about Settla's security, compliance, and operational assurance practices.

What is the Settla Trust Framework?

The Settla Trust Framework is our commitment to secure operations, regulatory alignment, and enterprise-grade controls. It spans security, risk management, compliance, and transparency across our platform and partner network.

Is Settla SOC 2 or ISO 27001 certified?

Settla is actively progressing toward SOC 2 Type II and ISO 27001 as part of our security and compliance roadmap. We do not claim certifications before they are formally completed.

How does Settla manage cross-border risk?

Risk is managed through corridor-specific assessments, structured execution workflows, defined parameters, and human oversight with the authority to escalate or halt execution when warranted.

Does Settla support enterprise security reviews?

Yes. Settla supports enterprise due diligence, including procurement reviews, security questionnaires, and compliance discussions through our Security & Compliance team.

How does Settla approach compliance?

We embed compliance directly into transaction structuring and execution workflows — not as an afterthought. We treat compliance as an ongoing operational requirement.

What controls exist around settlement execution?

Settlement is executed with predefined parameters, real-time monitoring, reconciliation, confirmation, and full audit logging for traceability and accountability.

Contact

Talk to a Specialist

Whether you're exploring a corridor, evaluating a partnership, or running a security or compliance review — send us a message and the right specialist will be in touch.

Sales & Corridors

Questions about FX execution, supported corridors, settlement, or pricing for your business.

Partnerships

Banks, liquidity providers, infrastructure platforms, and ecosystem partners — we'd love to hear from you.

Security & Compliance

Enterprise security reviews, vendor due diligence, or responsible disclosure of a vulnerability.

All communications are handled securely and confidentially.

Send us a message

Use the form below and we'll route your message to the right specialist.

Secure and confidential

Response Timelines

We aim to acknowledge all inquiries within 48 hours.

  • Initial response: within 48 hours
  • Follow-up: within 5 business days
Review Workflows

Structured processes ensure efficient and secure handling of requests.

  • Intake & validation
  • Information exchange
  • Review & response
Escalation Process

For urgent or sensitive matters, we provide a direct escalation pathway.

  • Dedicated escalation channel
  • Timely management engagement