Built for Trust

Trust is our license to operate

Jan StecheleMay 06, 2025

This article is part of our “Built for Trust” series, where leaders from Moss share how we approach security, reliability, and compliance across the platform—from card payments to data protection.

As Chief Risk Officer at Moss, my role sits at the intersection of financial regulation, platform design, and customer trust. I am responsible for all regulated parts of our business and lead our experienced risk, compliance and security teams to ensure Moss isn’t just a powerful spend management platform—but a secure and compliant one, too.

In this opening post, I want to share how we think about trust at Moss: why it matters, how we’ve earned it, and what we do every day to protect it. There will be more content coming from experts within Moss, including deep-dives into data security, credit risk management, and how we onboard our customers securely and compliantly.

Trust isn’t something we claim. It’s something we earn—day by day, decision by decision.

At Moss, we handle sensitive financial and personal data for thousands of businesses. We enable payments, issue cards, and process invoices. Our platform sits at the heart of our customers’ operations for accounting and finance. And with that comes a responsibility that goes far beyond uptime or UI.

I often say: we treat everything a customer shares with us as if it were our own treasure. That’s not just a nice phrase—it’s the core of our approach to risk and security. It shapes how we build, how we hire, and how we operate.

We’re a young company, but we’re held to the highest standards

Moss is just over five years old. That’s young—especially in the world of finance, where many of our customers have worked in the industry for decades. When they evaluate us, they’re not just comparing us to other SaaS platforms.

They’re benchmarking us against institutions from traditional banking or software institutions with +100 years of history. And frankly, I think that’s a good thing. It’s a challenge we welcome.

Because even as a young company, we’ve made deliberate choices to meet and exceed those expectations. We knew from the beginning that if we wanted to handle funds and financial data, we needed to earn our customers’ trust in ways that are tangible, verifiable, and ongoing.

We’re not just a SaaS company—we’re a regulated financial entity

Moss operates under a German e-money license, regulated by BaFin (the Federal Financial Supervisory Authority). That’s not a vanity label—it’s a legal commitment to the highest standards in Europe. In the UK we partner with trusted and regulated partners, and for specific components we partner with best-in-class partners like Mastercard or Deutsche Bank.

What does that mean:

  • We follow the highest standards when it comes to handling customer funds.
  • We regularly report to financial supervisors and partners.
  • We are a proud partner of institutions like Deutsche Bank, Mastercard and Airwallex, which follow the highest standards around financial trust.

Being regulated at this level takes effort, investment, and discipline. But it’s also the reason our customers—especially finance leaders—feel confident putting their money, data and employees on our platform.

We back it up with global certifications

In addition to our regulatory obligations, we’ve also achieved ISO/IEC 27001 certification. That’s the international gold standard for information security management, and one we’re proud to hold.

But again, it’s not about the logo—it’s about what it means. ISO certification:

  • Validates our security controls through independent audits
  • Forces us to maintain—not just reach—high standards over time
  • Speeds up due diligence for new customers, who often ask: “Is this platform secure enough for our business?”

The answer is yes. And we can prove it.

Security is in the culture, not just the code

What I value most at Moss is that security isn’t a side project. It’s built into every layer of the company. Our product team designs features with role-based access and approval flows that give customers control. Our engineering team enforces modern encryption, secure development pipelines, and regular penetration testing. And our operations team is trained to recognize risk, not just react to it.

We also work closely with top-tier partners across Europe, who bring their own layers of resilience and compliance. That matters—because trust isn’t just about what we do. It’s also about who we build with.

Security isn’t the end goal—trust is

For me, all of this boils down to a simple idea: security is the mechanism, but trust is the outcome.

And trust, in our world, isn’t just about protecting data. It’s about how we treat every interaction, every customer question, every line of code. It’s why we over-communicate. It’s why we welcome scrutiny. And it’s why we operate under the toughest rules available.

Because at Moss, trust isn’t something we ask for. It’s something we prove.

Coming next in this series:

“Security by design: How Moss embeds safety into every click”
We’ll walk you through how we build secure access, give finance teams control, and protect data—without compromising speed or usability.