Overview
The idea of a finance app offering rewards through a lottery-style system can seem like it’s too good to be true. But for Spendi, the goal is not just to challenge this perception but to make finance more fun, secure, and accessible. Spendi aims to redefine how consumers interact with banking and financial services by letting users automatically enter their expenses into a prize draw whenever they make purchases. They aim to take the traditional banking experience, make it more engaging, and introduce an element of excitement through rewards.
Services Provided
- ASAE 3150 Controls
- CDR Compliance
Challenge
Spendi is committed to providing customers with a secure and compliant platform that adheres to strict regulations and positions itself for rapid growth. Exploring open banking requirements like ASAE 3150 and Consumer Data Right (CDR) compliance led Spendi to Sensiba, who became a trusted partner on their compliance journey. Recognizing a need for specialized expertise, Spendi sought assistance from DNX Solutions and Sensiba for its regulatory challenges and to establish a secure, compliant environment on AWS. Beyond compliance, Spendi was concerned with security, scalability, agility, and cost optimization.
“I’ve been in business for 25 years, and nothing ever goes to plan. There are two types of people when it comes to dealing with that: the ones who kick and scream, and the ones who adapt. DNX and Sensiba are definitely the latter. Changing regulations can be frustrating, but with DNX and Sensiba, it’s all about ‘let’s get it done.’ That mindset was really important for Spendi, and it made working with DNX and Sensiba so much easier.”
Jacob CosentinoCEO and Co-Founder, Spendi
Solution
When pursuing ASAE 3150 controls and CDR compliance, most companies already have one or two other compliance frameworks in place. But for Spendi, DNX Solutions had to build a secure, scalable AWS foundation from the ground up. This involved designing and implementing a solution that followed AWS Well- Architected best practices, with a focus on achieving compliance, enhancing security, and ensuring operational efficiency—key components to support Spendi’s rapid growth and regulatory needs.
Sensiba worked closely with DNX and Spendi during the auditing phase, ensuring a smooth process that led to Spendi achieving compliance and demonstrating their commitment to providing a secure, trustworthy platform.
Result
DNX Solutions delivered a secure, scalable AWS foundation that overcame Spendi’s challenges, meeting current compliance needs while supporting growth and operational efficiency.
Rapid Delivery Despite Challenges: Despite navigating changes in regulations mid-compliance, DNX delivered what would typically be a 12 to 15-month project in just five months.
Audit-Readiness: In partnership with Sensiba, DNX ensured Spendi was audit-ready. Sensiba managed the auditing of Spendi’s compliance with ASAE 3150 and CDR requirements, positioning them for future regulatory success.
Secure and Compliant Foundation: The DNX foundation adheres to AWS Well-Architected pillars and meets Australian regulatory standards, preparing Spendi for frameworks like SOC 2 and ISO/IEC 27001, significantly boosting security and customer trust. Scalability and Cost Efficiency: The Well-Architected framework ensures Spendi’s environment is scalable and cost-effective, allowing them to control costs while supporting growth.
Operational Agility: With improved access control, streamlined deployment pipelines, and comprehensive documentation, Spendi is well-positioned to quickly adapt to market demands, deploy new features, and ensure continuous compliance.
Achieving ASAE 3150 and CDR compliance has provided Spendi with a competitive edge by building trust and establishing their authority as a secure, government-regulated fintech. This accreditation not only challenges the narrative of distrust in finance apps but also reinforces Spendi’s commitment to providing a transparent and reliable platform.
With their secure, compliant AWS foundation in place, Spendi is now positioned to pursue further certifications such as SOC 2 and ISO/IEC 27001, showing its ongoing commitment to security, and moving toward becoming a trusted neobank. As they prepare to launch, Spendi is well-equipped to deliver an engaging, secure, and compliant user experience that redefines traditional banking, thanks to the ongoing partnership with DNX and Sensiba.
Ready to get started?
Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.
Case Studies
Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.
