Skip to content
SprintPay
Compliance

Regulated, audited, accountable.

SprintPay is operated by Finstack LLC, a US-registered Money Services Business under the supervision of FinCEN, with a documented compliance program designed around the Bank Secrecy Act.

Licensing

Our regulatory standing.

FinCEN Registration
Legal entity
Finstack LLC
Operating brand
SprintPay
Registration #
31000323879688
Authorized signature
2026-03-04
Activities
Money Transmitter, Dealer in Foreign Exchange
State of domicile
Montana, USA
Cross-border
Authorized
Verify on FinCEN.gov →
Registered Address
Finstack LLC
operating as SprintPay
1001 S Main St, Ste 600
Kalispell, MT 59901-1498
United States
Compliance Contact
compliance@sprintpay.io
Program

The pillars of our compliance program.

Each pillar is documented in policy, tested annually, and overseen by a designated Compliance Officer who reports to the Finstack LLC Board.

BSA / AML / CFT Program

A documented AML/CFT program reviewed annually, with a designated Compliance Officer, board-approved policies, independent testing, and ongoing employee training.

KYC & KYB

Risk-based onboarding for individuals and businesses. ID&V, beneficial-ownership identification, sanctions screening, adverse-media checks, and ongoing periodic review.

Transaction Monitoring

Every transaction screened against rules and behavioral models. Investigations are reviewed by trained analysts and escalated when warranted.

OFAC & Sanctions

Real-time screening against OFAC SDN, consolidated EU/UK lists and high-risk jurisdiction filters. Sanctions controls are tested and updated continuously.

Security & Data

TLS 1.3 in transit, AES-256 at rest, hardened cloud infrastructure, principle of least-privilege access, periodic third-party penetration tests.

Reporting & SARs

Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs) filed in accordance with 31 CFR Chapter X.

Security

Designed for money — defended like a bank.

SprintPay's infrastructure follows defense-in-depth principles. Finstack LLC is working toward SOC 2 Type II and ISO 27001 attestation in the coming year.

Encryption

TLS 1.3 in transit, AES-256 at rest, HSM-backed key management for sensitive material.

Access Control

RBAC with least-privilege defaults, hardware MFA required for all admin access, just-in-time approvals.

Monitoring

Continuous logging, anomaly detection, and real-time alerting on suspicious access patterns.

Resiliency

Multi-region active-active infrastructure with automated failover and continuous chaos testing.

Penetration Testing

Independent third-party assessments annually plus continuous bug bounty.

Vulnerability Management

Daily dependency scanning, weekly infrastructure scanning, monthly patch cadence.

Ready When You Are

Move money like it's 2026.

Tell us about your corridor, volume and timeline. The SprintPay team — payments engineers and compliance specialists — will scope an integration plan within 24 hours.

Talk to Sales Read the Docs