Security @ TrueLayer

TrueLayer leads the way in Enterprise security.

We adhere to and comply with privacy, security and regulatory requirements.  

We are registered with the ICO, the FCA and the CBI.

TrueLayer is regulated by the UK Financial Conduct Authority (FCA) under the Payment Services Regulations 2017 as an Authorised Payment Institution to provide account information services and payment initiation services, we also acquired our EMI licence which allows us to hold and settle funds. (Reference number: 901096)

TrueLayer (Ireland) Ltd is authorised and regulated by the Central Bank of Ireland under the European Union (Payment Services) Regulations 2018 for the provision of Payment Services (Firm Reference Number: C433487). Registered Office: 25-28 North Wall Quay, Dublin 1, D01 H104. Company number 671615

Security by Design

We have an in-house Security team covering Cloud Security and Application Security, GRC function as well as our own dedicated Security Operations Centre.

Our Security team work closely with the engineering teams to advise on best practice and how to securely build scalable systems.

Cloud Security 

Implementation and building of security systems working with engineering to integrate security tooling into build pipelines.  Securing existing infrastructure and tooling with guidance for new infrastructure and tooling.

Application Security 

Working with engineers and developers to ensure we identify any threats early on.  Providing guidance and testing for security vulnerabilities.

Security Operations 

Focused on the monitoring of our systems for security events, incident investigation and response.

GRC (Governance Risk and Compliance) 

Creating policies and standards to meet security best practice, maintain our certifications and meet our clients needs.  Identify and address key security risks and maintain security awareness and training for all at TrueLayer.