Information

Our infrastructure providers maintain industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC, 2 SOC, 3 and PCI DSS Level 1.
Compliance standards are in place in accordance with the Protection of Personal Information Act (POPIA)
 

 

Process Flow

​

1. Procedural description

2. User Sign-up - Email and Password creation

3. Disclaimer Notice

4. The user then engages in the xvault.org system registration - by submitting the registration, the user accepts the noted disclaimer notice

5. The user then fills in the system registration form. Once all parameters are met within the system registration, the team at xvault.org stores the custom user ID and password for future reference of uploaded documentation.

6. Within the transmission page, all data input and validation requests are to be met for the transmission to be sent to the user on both ends (sender and or receiver)

7. Once the sender and/or receiver completes the transmission of the transaction form from the xvault.org vault portal, Team@xvault.org will send the logged data as a CSV file via Team@xvault.org.

8. xvault.org issues the balance after reconciliations are completed by the sender's or receiver's bank and sends it via secure email to the sender and receiver's specified Email address.

9. Commission Payment is to be completed for the transaction transmission. 

10. A balance of the account is to be uploaded to the Vault. This is then sent to the Receiver
    and Sender specified Email address from xvault.org.

User Compliance Example 

 Strong Customer Compliance Documentation

This refers to documentation related to ensuring that customers and their activities comply with laws and internal policies—especially around anti-money laundering (AML), know your customer (KYC), and fraud prevention.

1. Know Your Customer (KYC) Documentation

Customer Identification Program (CIP): Legal name, date of birth, address, ID verification.

Customer Due Diligence (CDD): Risk profile of the customer, source of funds, expected transaction types.

Enhanced Due Diligence (EDD): For high-risk customers (e.g., PEPs, offshore entities), with deeper documentation such as:

Source of wealth

Business ownership details

Justification for complex structures

2. Anti-Money Laundering (AML) Documentation

Transaction Monitoring Records: Logs and alerts from automated monitoring systems.

Suspicious Activity Reports (SARs): Filed with regulators when suspicious behavior is identified.

AML Risk Assessments: Internal assessments of exposure to money laundering.

AML Program Documents: Policies, procedures, training materials, and system documentation.

3. Customer Consent and Communication Records

Consent for data sharing (e.g., GDPR compliance).

Records of disclosures and agreements signed (e.g., terms of service, privacy policy).

Audit trail of customer communications (calls, emails, chat logs).

4. Sanctions and Watchlist Screening

 

OFAC, EU, UN Sanctions List Screening Logs.

False positive handling documentation.

Name screening and resolution records.

 General Compliance Documentation

This is broader and touches on how the bank ensures it operates within legal, regulatory, and ethical boundaries across all departments.

1. Regulatory Compliance Programs

Compliance Policies and Procedures Manual: Covers all areas—lending, deposits, investments, and marketing.

Compliance Monitoring & Testing Reports.

Internal Compliance Audits.

Regulatory Examination Files: Responses and remediation plans following inspections by authorities (e.g., OCC, FDIC, FCA).

2. Governance and Risk Oversight

Board and Committee Meeting Minutes: Especially from risk and compliance committees.

Compliance Risk Assessments.

Compliance Training Records: Proof that employees have received required training.

Whistleblower Program Documentation.

3. Privacy and Data Protection

Data Protection Impact Assessments (DPIA).

Records of Processing Activities (ROPA).

Incident and Breach Logs.

Third-Party Risk Assessments (for vendors handling customer data).

4. Product Compliance

Product Approval and Review Documentation.

Marketing Compliance Reviews (including disclaimers and disclosures).

Customer Outcome Testing (for consumer protection rules).

Characteristics of Strong Compliance Documentation

Consistency: Formats and naming conventions are standardized.

Traceability: Audit trails and version control are in place.

Accessibility: Documents are securely stored and retrievable by relevant teams.

Up-to-date: Regular reviews ensure policies align with current laws and risks.

Approval Hierarchy: Evidence of proper sign-offs and ownership.

​

Security ​

​​​

Internet Security Protocols HTTPS TLS 1.2

Automatic SSL Certification

Data at rest AES-256 Encryption

Anti-DDoS Protection

SOC & SIEM

PCI DSS Level 1

Soc 2 Type 2

Several ISOs

GDPR, CCPA, and LGPD compliant

Physical Data Security: Google Cloud, AWS, and EQUINIX

User registration log

Web Interface is a non-invasive online application

 ​Our data in transit uses HTTPS, TLS 1.2 + Automatic SSL, while data at rest uses AES-256, the strongest encryption standard commercially available.

Team@xvault.org falls under the above-hosted security provider measures.

​