SECURITY · COMPLIANCE
Maviv is being built carefully, in private, with the discipline that handling other people's money requires. Here's exactly how we think about security and compliance — for our customers and for the partners who help us serve them.
01 · BANKING PARTNER
Maviv is a financial technology company, not a bank. The accounts our customers will hold, the deposits they make, and the FDIC insurance they'll rely on all sit at our partner bank — a chartered, regulated, FDIC-member depository institution operating under direct federal supervision.
This isn't a workaround or a creative interpretation of the rules. It's the standard architecture for modern US digital banking, and it's the architecture that gives our customers exactly the same FDIC protection they'd get at a traditional bank. The partner bank handles deposit operations, holds the funds, sets the program parameters, and supervises every aspect of how Maviv handles customer money.
Maviv is currently in the process of finalizing this banking relationship. The disclosures on every customer-facing surface will identify our partner bank by name from the day we open accounts.
02 · IDENTITY & ONBOARDING
Every Maviv account opens with full Customer Identification Program verification — government-issued ID, name, date of birth, address, and Social Security number — checked against the data sources our partner bank's CIP relies on. Identity documents are validated, not just collected. We use device intelligence and behavioral signals to catch synthetic identities and account takeover attempts at the door.
Customer due diligence doesn't stop at onboarding. We re-verify when the customer's profile changes meaningfully, when their behavior diverges from their stated profile, and on a periodic schedule aligned with our partner bank's customer due diligence program.
OFAC screening runs at onboarding and on every transaction. Sanctions hits are blocked, not flagged for later review. Maviv operates exclusively in the United States and serves only US-based customers — there is no international onboarding path and no plan to add one.
03 · MONEY IN MOTION
Maviv runs real-time transaction monitoring on every authorization, transfer, and ACH movement on the platform. Suspicious activity gets flagged automatically and reviewed by a trained operations team aligned with our partner bank's BSA and AML program. SARs are filed when the rules require it.
Card fraud is its own discipline. Every card authorization runs through a fraud scoring engine that looks at device, velocity, geography, MCC, amount, and customer history. High-risk transactions are blocked or step-up-authenticated in real time. Customers can freeze their cards instantly from the app — and have always been able to.
When something does go wrong — and it will, eventually, in any banking program — Maviv handles disputes under Regulation E timelines. Provisional credit, investigation, and resolution within the windows the rule requires. Customers know what to expect because we put it in writing, in the account agreement, in plain English.
04 · INFRASTRUCTURE
Maviv is being built on cloud infrastructure that holds the same certifications our partner bank requires. Encryption at rest with AES-256, encryption in transit with TLS 1.3, key management through hardware security modules, secrets segregated from application code, audit logs on every access. None of this is innovative — it's table stakes, and that's the point.
Access to production systems is strictly controlled, logged, and reviewed. Customer PII access is a managed privilege, not a default. We're building toward SOC 2 Type II from the start because that's the standard the institutions we serve will expect, and because it's the right discipline to build into the company before scale makes it harder.
And because some of us came from Cado Security, we know what real incident response looks like. Maviv has documented playbooks for security incidents from day one — not because we expect to need them often, but because the time to write them is before you need them.
FOR PARTNERS
This page is a summary. Sponsor banks, BaaS providers, and security-conscious partners can request our full compliance and security memo by email.