ComplyAdvantage Payment Screening
Securely-hosted service screens incoming and outgoing transactions against sanctions intelligence and alerts you if it detects anything suspicious. With an intuitive interface, powerful APIs, sophisticated rules and customisable alert configuration options, Payment Screening offers you more flexibility than ever before, so you can facilitate instant payments without compromising on compliance.
Features
- Payments sanctions screening intelligence
- Case management & workflows
- API integrations
- Real-time screening for ISO 20022
Benefits
- Highly secure environment with optional 4-eyes alert workflow
- Intuitive user interface
- Flexible API connectivity
- Real-time screening of all your transactions
- Supports ISO 20022 messaging standards
- Reduce false positives and improve alert quality
- Fully hosted and managed screening service
Pricing
£0.05 a transaction
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 4 1 1 9 7 9 6 8 8 2 4 6 0 3
Contact
IVXS UK LIMITED
Callum McIntosh
Telephone: 07478961494
Email: contact@complyadvantage.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- None
- System requirements
-
- Access to the internet
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Depends on the severity of the support issue.
Priority 1, 1 Hour, 24x7
Priority 2, 1 Hour, 24x7
Priority 3, 3 Business Hours
Priority 4, 5 Business Hours - User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- Customer Success Manager is assigned to clients to support with training, troubleshooting and being the point of contact for queries.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onsite training, online training, and user documentation.
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Can be provided in an agreed format.
- End-of-contract process
- Data export subject to contract cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- ComplyAdvantage can be used by either the API or interface or a blend of both.
- Accessibility standards
- None or don’t know
- Description of accessibility
- ComplyAdvantage is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone and applying the relevant accessibility standards.
- Accessibility testing
-
We’re working towards the level A and AA digital accessibility standards laid out in the Web Content Accessibility Guidelines (WCAG). The WCAG defines requirements for designers and developers to improve accessibility for people with disabilities. Our digital products are partially conformant with WCAG 2.1 level AA.
We’re also investing in automated testing tools to further refine our approach. . - API
- Yes
- What users can and can't do using the API
- Full functionality is via the API
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Various degrees of customisation including roles and permissions and other configurations.
Scaling
- Independence of resources
- Cloud-designed to ensure scalability of resources in line with demand of service to prevent no neighbourhood effect.
Analytics
- Service usage metrics
- Yes
- Metrics types
- SLAs and metrics as required.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- API or CSV export.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
99.9% uptime availability
1% per 0.1% failure to a cap of 5% of monthly spend for P1 and P2s. - Approach to resilience
- Cloud-architecture designed to work across multi-regions/zones to ensure SLAs targets are exceeded.
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is restricted by user level roles and permissions.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 18/09/2021
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- SOC 2 Type 2
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- SOC 2 Type 2
- Information security policies and processes
-
ISO27001
SOC 2 Type 2
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Configuration and change management outline in our SOC 2 Type 2 controls and processes available on request.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Outlined in our Information Security and SOC 2 Type 2 controls and process documents available on request.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Outlined in our Information Security and SOC 2 Type 2 controls and process documents available on request.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Outlined in our Information Security and SOC 2 Type 2 controls and process documents available on request.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Tackling economic inequalityTackling economic inequality
We help to provide a secure and robust financial services industry to ensure that businesses and customers are protected from financial crimes including fraud.
Pricing
- Price
- £0.05 a transaction
- Discount for educational organisations
- No
- Free trial available
- No