Security that enables growth, not just ticks boxes

The message could not be clearer: we are at a tipping point in the software industry, and SaaS providers must lead with resilience, positioning security as a strategic advantage.

Security must be visible, demonstrable and deeply embedded into every process, system, and interaction. At Encompass, we recognize this as a business-critical obligation. It is what our customers demand, and rightly so. If we fail to meet this challenge head-on, we risk not just the trust of our customers but our very license to operate in a SaaS-driven economy.

A measurable commitment to security

Over the past 18 months, Encompass has taken decisive steps to ensure security is in its rightful place within our value proposition. In both dollar terms and headcount, security has seen a significant increase in investment across our business. This is not about reacting to industry headlines. It is about getting ahead of the challenge and embedding a long-term strategy that puts security on par with innovation.

We are:

• Expanding our dedicated security team
• Increasing our investment in tooling to expand our capabilities
• Embedding security into product design and engineering workflows
• Pursuing key third-party assurances, building on ISO 27001 and AICPA SOC 2

These investments send a clear message: security is not a checkbox; it is how we do business.

Meeting the needs of corporate banking clients

We are acutely aware of the security challenges faced by our customers. Particularly corporate and commercial banks who must navigate a fast-evolving regulatory landscape while managing complex onboarding and client lifecycle processes across multiple jurisdictions.

We understand this complexity, knowing that Banks must comply with regulations such as:

• The Digital Operational Resilience Act (DORA) in the EU
• FFIEC and GLBA in the United States
• APRA CPS 234 in Australia
• The UK’s PRA and FCA operational resilience frameworks

In parallel, data privacy regimes like GDPR and CCPA demand that sensitive client data is managed with the highest level of protection. As a vendor, we are expected to not only comply with these standards but enable our customers to meet their own obligations through our platform, from onboarding through to perpetual KYC.

What security as a product feature means at Encompass

We believe security is not just about compliance; it is about enabling confident action. When our customers use our platform to automate and streamline KYC onboarding, they need to know that:

• Their data is secure
• Their compliance needs are being met
• Their risk teams have full visibility and assurance

By integrating robust security controls into the product development process, conducting regular third-party penetration testing, and continually investing in cyber maturity, we empower our customers to make decisions at speed, without compromising safety.

Looking ahead: security as a strategic advantage

Security will remain a top priority at Encompass. As we grow our platform capabilities and expand our partnerships, we will continue to enhance our security program with modern technologies, frameworks, and certifications.

We are committed to:

• Achieving and maintaining the standards of industry-recognised frameworks (e.g. ISO 27001, SOC 2 Type 2 and beyond)
• Advancing zero-trust architecture principles
• Strengthening our incident response and business continuity capabilities
• Collaborating closely with our customers to understand our shared risks and the security challenge

In short, we are building a future where security is a source of competitive advantage, for Encompass and for the banks we serve.