Security

Security is the product.

Moving money requires trust, and trust requires more than promises. Here's how we approach security, regulation, and the obligations that come with handling other people's funds and data.

Regulatory

Regulated, end-to-end.

Technest holds approvals from the Central Bank of Nigeria (CBN) and the Central Bank of Kenya (CBK), and partners with regulated institutions in every other market we serve. On the data side we're NDPR-certified, GDPR-aligned, and compliant with the Nigerian Data Protection Act 2023. Money movement and data protection are too important to treat casually, and doing this work properly is the only way to be the kind of company we want to be.

CBN approvedCBK approvedNDPR certifiedGDPR-alignedNDPA 2023 compliant

Security & operational controls

Engineered like a bank, run like one.

We don't oversell the security buzzwords. These are the controls actually in place: the ones our banking partners audit.

Maker-checker on every flow

No single staff member can move money. Every settlement, FX trade, fee change and payout passes through two-person approval with the rationale captured in the audit log.

MFA + device binding

Mandatory MFA on every staff and merchant account. New devices trigger a re-verification step plus an email notification to the account owner.

Reserve-backed ledger

Every wallet balance is matched to funds held at our banking partners. Daily three-way reconciliation: ledger ↔ provider statements ↔ partner-bank balances.

How we protect data

Defence in depth.

Encryption

Sensitive data is encrypted in transit and at rest. The credentials our customers entrust to us (API keys, banking details, identity records) are handled with industry-standard cryptographic primitives.

Access control

Internal access to systems and data follows least-privilege principles. High-impact actions require dual control, and every privileged operation is logged for review.

Monitoring

Our platforms produce continuous telemetry. We watch for anomalies, investigate quickly, and act when something looks wrong, before it becomes something worse.

Audit

Every significant action across our systems leaves an audit trail. That trail serves us internally, our customers when they need to investigate, and regulators when they ask.

Suspicious activity and financial crime

AML and CFT, built in.

We screen the parties to every transaction, we monitor flows for patterns that look like financial crime, and we cooperate with regulators and law enforcement when required. Anti-money-laundering and counter-financing-of-terrorism aren't add-ons in our stack. They're embedded in how Swappr and Pouch operate.

We won't get into specifics here, because publishing the playbook would defeat the point. But the framework is real, it's reviewed regularly, and it underpins everything we ship.

Incident response

When something goes wrong.

Even good systems have bad days. When an incident happens, we have a defined response process: contain it, communicate with affected customers, fix it, and learn from it. Transparency matters more in the hard moments than the easy ones, and we'd rather over-communicate than leave anyone guessing.

See something? Tell us.

If you believe you've found a security issue with any of our products, or have concerns about how we handle data, please write to us at hi@the-technest.com. We take every report seriously and aim to respond within two business days.