Security & Compliance

IFPE authorisation process underway. NetworkCore is operating today through a licensed BaaS partner structure while the application progresses through CNBV with PCGA as legal counsel.

Every transaction processed through our infrastructure already moves on regulated rails. The licensing transition will bring the financial logic, custody relationships, and settlement orchestration under NetworkCore's direct regulatory permission, without changing the underlying architecture partners are integrating with today.

NetworkCore's stack is structured in four distinct layers. Each has a defined role, and each is operated by a party with the appropriate regulatory permission for its function.

Banking Layer. Partner banks hold safeguarded funds and settlement balances. They provide custody, bankruptcy-remote treatment of client funds, and access to domestic and cross-border payment rails.

Regulatory Layer. The regulated operating entity provides the legal permission to operate wallets, safeguard funds, and execute regulated payment flows. The first regulated node is in Mexico. Additional regulated entities will be added as transaction volume and corridor density justify them.

NetworkCore System. NetworkCore operates the proprietary financial logic of the network: clearing ledger, reconciliation engine, pricing logic, revenue allocation, settlement orchestration, FX logic, invoicing, and audit reporting.

Payment Access Layer. Payment service providers and acquiring partners handle payment acceptance, including card acquiring and local payment methods. These providers capture the driver payment and interface with the NetworkCore settlement stack.

This separation ensures that legal custody of funds, regulatory permission, banking infrastructure, and financial logic are each clearly defined while remaining operationally integrated.

All client funds are held in safeguarded accounts at partner banks under the applicable regulated entity. They are legally ring-fenced from NetworkCore's operating capital, bankruptcy-remote, and not available for investment or lending.

Safeguarded balances typically remain in the clearing system for one to two business days before settlement execution. Total safeguarded funds are reconciled continuously against participant wallet balances. The two figures must match at all times, by construction.

PCI-DSS compliance via gateway tokenisation. NetworkCore does not store cardholder data. Payment Account Numbers are tokenised at the payment service provider layer using network vaults. The NetworkCore platform handles transaction references, not card data.

Encryption at rest and in transit. All sensitive data is encrypted with industry-standard algorithms across the full stack.

HSM-backed key management. Cryptographic keys are managed in hardware security modules with strict least-privilege access controls.

Immutable audit trails. Every ledger entry is append-only and cryptographically secured. Retroactive modification of settled records is not possible by design.

GDPR-compliant data architecture. Personal data is processed under the General Data Protection Regulation across the platform, regardless of participant jurisdiction.

ISO 27001 and SOC 2. Both certifications are on the active compliance roadmap and will be pursued as the platform scales.

NetworkCore's compliance framework is calibrated for B2B2C settlement integrity rather than direct consumer onboarding.

• Risk-based onboarding of all counterparties, including Charge Point Operators, Private Hosts, and Distribution Partners.
• KYC documentation and Ultimate Beneficial Owner verification, with enhanced due diligence where required.
• Sanctions and Politically Exposed Person screening at onboarding and continuously thereafter.
• Transaction monitoring for velocity anomalies, geographic irregularities, refund patterns, and unusual settlement behaviour.
• Four-eyes approval for key operational actions, including settlement parameter changes, counterparty status updates, and dispute decisions.
• Full audit-ready access logging and immutable ledger evidence on every session.

As additional regulated nodes come online, these controls extend across jurisdictions under the same underlying NetworkCore engine.

Settlement corridors. SPEI for domestic Mexico, SEPA for euro-denominated settlement, and SWIFT for cross-border corridors. Additional rails are added as markets are onboarded.

T+2 settlement. CPOs and Private Hosts settle in T+2 in their preferred currency. Distribution Partners settle on daily bundled or weekly cycles as configured.

Three-layer chargeback defence. Prevention at the session layer using metadata invisible to the card network. Influence at the payment service provider layer through risk-scored 3D Secure and network token enforcement. Absorption through rolling reserves and a first-loss absorption envelope that protects CPOs from baseline dispute rates.

Pre-funded clearing model. All session revenue allocations occur only after confirmed payment capture from the payment service provider. NetworkCore carries no unsecured credit exposure to participants.

NetworkCore AG, headquartered in Zug, Switzerland, is the parent company and strategic control centre of the group. Swiss governance provides legal certainty, neutrality, and robust standards across the corporate structure.

The first regulated operating node is a wholly-owned subsidiary in Mexico, which will hold the IFPE authorisation once issued by CNBV. Additional regulated subsidiaries will be established in each market we enter, each authorised under its local regulatory framework while operating on shared NetworkCore architecture.

This structure preserves the advantages of Swiss domicile at group level while allowing regulation to develop where it is commercially most useful.

For partners, legal counsel, or regulators seeking further detail on NetworkCore's compliance architecture or due diligence materials, contact compliance [at] networkcore [dot] org. A dedicated dataroom is available for serious commercial counterparties under non-disclosure.