Due Diligence and Production Approval

Tapico is a regulated payment services entity. We are building an ecosystem that connects financial service technology and we respect that our ecosystem can directly affect people's lives. We hold our ecosystem to a high standard and in order to maintain that standard we conduct due diligence on its participants.

Prior to an Application being approved to access environments in production there are seven points of due diligence we execute:

1. You will need to fill out an Application Questionnaire which helps us execute various due diligence tasks related to:

   • Anti-Money Laundering / Know Your Customer
   • Privacy
   • Security

2. You will need to complete a Security Attestation to confirm that your Application meets our Minimum Security Requirements.

3. You will need to provide a copy of your most recent externally conducted Penetration Test.

4. You will need to provide an Architectural Diagram outlining your hosting location(s) (including the cloud vendors you use), network architecture, and environment separation.

5. You will need to provide an outline of how you meet your local Privacy (e.g. GDPR) obligations including which parties are the Data Subjects, Data Controllers, Data Processors and Sub Processors in the context of your Applications. note this is likely covered by your privacy policy

After we have all of this information, we will perform our assessment and approve your connection to our production environments.

Once your integration is complete you can demo it to us and we will test it prior to going live.

If you are ready to go through our due diligence process, let us know by emailing mailto:[email protected]. We'll get in touch and go through the process.