Diligent AI Achieves SOC 2 Type II Compliance

Subscribe for Updates

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

We’re proud to share that Diligent AI has successfully completed a SOC 2 Type II audit.

We partnered with Oneleet to move efficiently through the process while maintaining a high standard of rigor and clarity.

For the fintechs, banks, and compliance teams we work with, trust is foundational.
SOC 2 Type II provides independent assurance that our security and operational controls are not only well designed, but consistently operated over time.

What SOC 2 Type II means

SOC 2 is an independent audit framework focused on how organizations protect customer data and operate critical systems.

A Type II report evaluates how controls perform over an extended period, not just at a single point in time.

In practice, this includes areas such as:

Access control and identity management
Secure software development and change management
Incident monitoring and response
Business continuity and disaster recovery
Vendor and risk management

From ISO 27001 to SOC 2

We achieved SOC 2 Type II shortly after completing ISO/IEC 27001 — within roughly two months.

This was possible because we had already earned ISO 27001 in May 2025 and had since embedded those controls deeply into our engineering and operational workflows.

As a result, completing SOC 2 mainly involved:

Mapping existing practices to SOC 2 criteria
Tightening control narratives
Ensuring evidence was structured and traceable

The incremental work was relatively small — just a few focused days.

Challenges we tackled

Even with strong foundations, moving quickly still required careful execution:

Operationalizing evidence: it’s not enough to do the right thing — controls must be consistently documented.
Maintaining engineering velocity: ensuring strong change management while shipping continuously.
Demonstrating consistency: SOC 2 Type II requires proving controls operate reliably over time.

What we learned

A few lessons stood out:

Security works best when embedded into daily workflows, not treated as a separate project.
Clear ownership and simple processes scale better than complex playbooks.
Good documentation is an operational advantage — it improves reliability, onboarding, and incident response.

What’s next

Compliance is not a milestone — it’s part of how we operate.

We will continue strengthening our security program as we expand our platform and support more regulated financial institutions globally.

If you’d like to learn more about our security posture you can visit https://trust.godiligent.ai/

‍

Keep Reading

Customers

How Scalapay reduced merchant KYC/AML ops time by 65% with AI agents

Scalapay, one of Europe's fastest-growing payment companies, partnered with Diligent to automate merchant due diligence with AI agents. Within the first year, they achieved a 65% reduction in manual reviews and saved over 6,000 operational hours annually.

News

Diligent AI Raises $2.5M to Empower KYC and Anti-Money-Laundering teams with AI Agents

Diligent AI, a Y Combinator-backed startup building autonomous AI agents for financial crime compliance, has raised $2.5 million in Seed funding led by Speedinvest alongside fintech investor Shapers, with participation from the CEOs and founders of N26, Allica Bank, IDnow, Billie, and Cybersource. The platform, already relied upon by global fintechs, banks, and publicly listed payment processors, is automating routine KYC/AML tasks.

News

New Launch: Automate Sanctions, PEP, and Adverse Media alerts with AI Agents

We're excited to announce our AML Screening AI Agent to address the high volume of false positives that burden KYC/AML teams by automatically investigating alerts and providing clear, auditable recommendations—reducing alert-handling time, delivering more consistent decisions and lower operational costs, while improving risk management.