
A disciplined focus
on compliance,
risk management
and controls is
essential to our
shared success
Trusted Framework for
Regulatory Compliance
Our compliance management program ensures adherence to fair lending and consumer protection laws, including ECOA (Reg B), FCRA, UDAAP, and key legal, ethical, and regulatory standards like permissible purpose, true lender, and true sale. The program includes strong governance, clear policies and procedures, regular employee training, monitoring, and testing, all while fostering a culture of compliance across the organization. We operate with banks regulated by the Federal Reserve Board, OCC, and FDIC.
¹ The logos above are owned by the U.S. government and the respective agencies. Their use is not intended as an endorsement by any of these agencies.
Compliance, Safety and Soundness

Fair Lending
Pagaya maintains a robust Fair Lending program to ensure compliance with consumer protection laws like ECOA (Regulation B) and the Fair Housing Act. The program includes policies, employee training, internal monitoring and independent testing.

Enterprise Risk Management
Pagaya's risk & control standards are designed for effective management of various categories of risk and with prudent focus on safety, soundness, and reputation.

Data Security
Pagaya's data security program includes a comprehensive set of security controls covering data collection, processing, and retention. Data is encrypted at-rest and in-transit, access control privileges are strictly enforced, and compliance and retention practices are continuously reviewed and audited by a third party.

Cyber Security
Pagaya has a comprehensive cybersecurity program that follows Zero Trust and Defense-in-Depth principles. It features 24/7 monitoring, cross-technology security controls, and adherence to compliance and regulatory standards. Pagaya is certified for SOC 2 Type II, ISO/IEC 27001:2022, ISO/IEC 27017:2015 (Cloud Security), and ISO/IEC 27018:2019 (Privacy in Cloud).