Question 1

Who is the licensed entity behind your platform?

Accepted Answer

Gemba is the sole licensed and regulated entity. It operates as an Authorised Payment Institution (API), regulated by the Financial Conduct Authority (FCA) in the United Kingdom. All payment services offered through the platform are provided directly under Gemba's license and regulatory permissions. Gemba is not a bank, but a specialized payments company with correspondent banking relationships with major institutions like ClearBank, JPMorgan, DukasCopy Bank, and UBS. This structure is standard in white-label financial services, where a licensed provider supplies the regulated infrastructure, and the partner focuses on marketing and the customer interface.

Question 2

In a white-label setup, who is legally responsible for the banking relationship — you or us?

Accepted Answer

Gemba is 100% legally responsible for the banking relationship. As the licensed provider, Gemba is the entity accountable to the FCA and to its correspondent banking partners for all regulated activities. The white-label agreement is a service contract that clearly stipulates that all regulatory obligations, reporting duties, and legal accountability remain with Gemba. This model is designed to provide partners with a "liability shield," allowing them to offer sophisticated financial products without undertaking the significant cost, complexity, and risk of becoming a regulated entity themselves.

Question 3

If a client’s funds are lost or stolen, who reimburses them?

Accepted Answer

Gemba assumes full financial liability for the reimbursement of client funds. In the highly unlikely event that a client's funds are lost or stolen due to a failure in Gemba's systems, processes, or a security breach of its infrastructure, Gemba is responsible for making the client whole. This responsibility is a fundamental component of the service and is contractually defined in the partnership agreement.

Question 4

Who covers legal costs or penalties if regulators or clients raise claims?

Accepted Answer

Gemba covers all legal costs, regulatory penalties, or fines that arise directly from the provision of the regulated payment services. A core part of Gemba's value proposition is to insulate its partners from the direct regulatory and legal risks inherent in operating a payment service. The partnership agreement includes indemnification clauses that protect the partner from liabilities stemming from a failure of Gemba's compliance or security systems. This contractual protection ensures that partners are not exposed to the financial consequences of regulatory actions or legal claims related to the underlying financial infrastructure.

Question 5

Who carries the financial liability if a breach or fraud happens with client?

Accepted Answer

Financial liability for breaches or fraudulent transactions that originate from failures within Gemba's infrastructure rests entirely with Gemba. This clear division of liability is essential for the white-label model. To further mitigate this risk, Gemba maintains a comprehensive professional indemnity insurance policy specifically designed for financial institutions, providing an additional layer of financial protection against such events. This is complemented by a robust security framework that has resulted in zero inbound or outbound fraud cases over the past 14 months.

Question 6

If someone hacks the system or a client account, what exactly happens next?

Accepted Answer

In the event of a security incident, Gemba activates a predefined and rigorously tested incident response plan. The process is designed for rapid containment, transparent communication, and effective resolution. The key stages are: Detection & Containment: Gemba's 24/7 Security Operations Center (SOC) utilizes advanced monitoring tools to detect anomalous activity in real-time. The immediate priority is to contain the threat by isolating affected systems or accounts to prevent any further unauthorized access or impact. Assessment: A dedicated incident response team immediately begins a forensic assessment to determine the scope, nature, and root cause of the breach. This involves identifying which accounts, transactions, and data may have been affected. Communication: A clear communication protocol is initiated. Gemba will immediately notify the partner, providing them with accurate and timely information. Coordinated communication with the affected end-client(s) will then commence. Remediation & Recovery: The security team works to eradicate the threat, secure the system against recurrence, and restore all services to normal operation. Concurrently, the process for fund recovery or reimbursement is initiated for any confirmed losses.

Question 7

Who contacts the client and handles their complaint?

Accepted Answer

Gemba takes the lead in all direct communication with the end-client regarding the specifics of the security incident and the status of their funds. A dedicated case manager from Gemba's team will be assigned to handle the client's complaint directly, ensuring they receive expert and consistent information. This communication is closely coordinated with the partner to ensure brand consistency and a unified message. The partner remains the owner of the overall relationship, but Gemba handles the specialized, technical aspects of the incident response.

Question 8

Who reports the issue to regulators or authorities?

Accepted Answer

As the regulated entity, Gemba holds the sole legal obligation to report notifiable incidents to the relevant authorities. This includes reporting to the Financial Conduct Authority (FCA) for any significant operational or security incident, and to the Information Commissioner's Office (ICO) in the case of a personal data breach. This responsibility is a non-delegable part of Gemba's license and is not passed on to the partner.

Question 9

How do you handle refunds or reimbursements for stolen funds?

Accepted Answer

Following a thorough investigation to confirm the details of the incident, Gemba directly manages the reimbursement process for any funds verified to have been stolen as a result of a breach of its systems. This process is designed to be as swift and transparent as possible for the end-client to minimize disruption and restore trust. The financial liability for such reimbursements rests with Gemba.

Question 10

Do you have insurance coverage for fraud or cyber incidents?

Accepted Answer

Yes. Gemba maintains a comprehensive professional indemnity insurance policy underwritten by specialist insurers. This policy is specifically designed for financial institutions and provides coverage against a range of risks, including acts of negligence, employee dishonesty, and losses arising from cyber incidents and fraudulent activity. Furthermore, it is important to note that for the past 14 months, Gemba has maintained a perfect record with zero fraud cases, both inbound and outbound. This track record is a testament to the effectiveness of the proactive, multi-layered security and transaction monitoring systems in place.

Question 11

What’s your process for investigating and resolving a security incident?

Accepted Answer

Gemba's incident investigation and resolution process follows established industry-standard frameworks (such as NIST). The process includes: Forensic Analysis: A deep-dive investigation to determine the attack vector, the timeline of events, and the full extent of the compromise. Root Cause Analysis: Identifying the underlying vulnerability or control failure that allowed the incident to occur. Impact Assessment: Quantifying the impact on clients, data, and operations. Corrective Action: Implementing technical and procedural changes to remediate the root cause and strengthen defenses against similar future incidents. Post-Incident Reporting: Providing the partner with a detailed post-incident report (under NDA) that outlines the findings of the investigation, the actions taken, and lessons learned.

Question 12

Who provides day-to-day customer support for clients using the banking system?

Accepted Answer

Day-to-day customer support can be a shared responsibility. The white-label partner can manage first-line support for general inquiries. However, for specialized technical, banking, or compliance-related issues, support must be provided by Gemba's expert team. Gemba provides a robust, API-driven framework that allows partners to seamlessly escalate these specific queries, ensuring end-users receive accurate and compliant information directly from the licensed entity when required. If a client calls us about a banking or funding issue, what role do we play vs. what role do you play? The roles are collaborative and clearly delineated to ensure efficiency: Partner's Role: You act as the first point of contact, managing the overall brand relationship and handling general support queries. For any issue that is technical, banking-related, or touches on compliance, your team is responsible for triaging the query and securely escalating it to Gemba. Gemba's Role: Once an issue is escalated, Gemba takes full ownership of the investigation and resolution for all matters falling under its regulatory and technical purview. We provide the complete resolution details back to your team, or in certain compliance-related cases, may communicate directly with the end-client to ensure regulatory obligations are met.

Question 13

How do we protect our brand reputation if something goes wrong on your end?

Accepted Answer

Protecting the partner's brand is a shared and paramount priority. The partnership agreement contractually defines a collaborative communication protocol to manage incidents effectively. In the event of a service disruption, security incident, or other issue originating from Gemba's platform, the following steps are taken: Immediate Partner Notification: The partner will be the first to be formally notified, receiving clear and direct information about the nature and potential impact of the issue. Provision of Pre-Approved Messaging: Gemba will supply the partner with clear, accurate, and transparent communication templates. These can be adapted and used to communicate with end-clients, ensuring the message is consistent, reassuring, and factually correct. Establishment of a Joint Response Team: For significant incidents, a joint response team comprising key personnel from both Gemba and the partner will be established. This team will coordinate all public statements and client communications to manage the situation proactively and protect the partner's hard-earned brand reputation.

Question 14

Which party is responsible for compliance checks like KYC, AML, and fraud monitoring?

Accepted Answer

Gemba is solely and entirely responsible for all regulatory compliance checks. This is a non-delegable responsibility under Gemba's FCA license. The platform includes a built-in, state-of-the-art compliance engine that automates and manages: Know Your Customer (KYC) and Customer Due Diligence (CDD): Verifying the identity of all end-users to the standards required by UK regulations. Anti-Money Laundering (AML) & Counter-Terrorist Financing (CTF): Screening all clients and transactions against international sanctions lists and monitoring for suspicious activity patterns. Continuous Transaction Monitoring: Employing sophisticated algorithms to detect and prevent fraudulent transactions in real-time.
The partner is not required to build, maintain, or operate these complex and costly compliance systems.

Question 15

Who holds the licenses and is accountable to the regulator?

Accepted Answer

Gemba holds all necessary licenses from the Financial Conduct Authority as an Authorised Payment Institution. As the license holder, Gemba is the entity that is directly supervised by, and accountable to, the FCA. This accountability includes: Regulatory Reporting: Submitting all required financial, compliance, and safeguarding reports to the FCA. FCA Inquiries: Responding to all formal and informal inquiries from the regulator. Audits and Reviews: Being subject to periodic audits and supervisory reviews conducted by the FCA to ensure ongoing compliance with all applicable regulations.

Question 16

How are compliance violations handled if they occur under our brand?

Accepted Answer

Since Gemba is the regulated entity responsible for all compliance functions, any potential violation would be a matter to be resolved between Gemba and the FCA. Gemba is responsible for investigating the root cause of the violation, reporting it to the FCA as required, and implementing a comprehensive remediation plan. The partnership agreement contractually indemnifies the partner against penalties or legal costs arising from a failure of Gemba's compliance systems. This structure ensures partners are insulated from direct accountability to the regulator for these core financial compliance functions.

Question 17

Where are client funds actually held?

Accepted Answer

All client funds are held in specially designated, segregated "safeguarding" accounts at Gemba's correspondent banking partners. These partners are major, top-tier financial institutions, including ClearBank, JPMorgan, DukasCopy Bank, and UBS. These funds are legally and operationally separated from Gemba's own corporate or operational funds. They are never co-mingled and cannot be used for any purpose other than executing client payment orders. This segregation method is the cornerstone of the FCA's safeguarding requirements.

Question 18

Are client funds protected or insured (for example, FDIC or equivalent)?

Accepted Answer

Client funds are not covered by the Financial Services Compensation Scheme (FSCS), which is the UK's deposit insurance scheme. Instead of insurance, client funds are protected by the FCA's rigorous Safeguarding regime. This is because Gemba, as a payment institution, does not lend or invest client money, thus eliminating credit risk. The Safeguarding regime mandates that 100% of client funds are held in segregated accounts, completely separate from the firm's own money. In the unlikely event of Gemba's insolvency, these funds form a protected asset pool that is ring-fenced and cannot be used to pay Gemba's other creditors. The funds are designated for one purpose only: to be returned to clients.

Question 19

What happens to client money if your company goes out of business or loses a banking partner?

Accepted Answer

Insolvency Scenario: The FCA's safeguarding rules are specifically designed to ensure the orderly and rapid return of client funds. If Gemba were to become insolvent, an insolvency practitioner would be appointed. The segregated safeguarding accounts ensure that client funds are clearly identifiable and immediately available to be returned to clients, separate from any of Gemba's other creditors. Gemba is also proactively implementing the FCA's new requirements for a Resolution Pack, a set of documents designed to speed up this process significantly for an insolvency practitioner. Losing a Banking Partner: Gemba mitigates this risk by maintaining relationships with multiple top-tier institutions (ClearBank, JPMorgan, etc.), avoiding concentration risk. If a banking relationship were to end, Gemba has established procedures to seamlessly transfer safeguarded funds to its other partner banks with no interruption or risk to client funds.

Question 20

How are disputes over missing or delayed funds resolved?

Accepted Answer

Disputes are managed by Gemba's dedicated client support and operations teams. A formal dispute resolution process is in place, which includes a full investigation, tracing funds through the relevant payment networks (e.g., Faster Payments, SWIFT), and providing a clear resolution to the client. As the regulated entity, Gemba is also subject to the jurisdiction of the Financial Ombudsman Service (FOS), which provides an independent adjudication path for eligible complainants, offering an additional layer of consumer protection.

Question 21

Does your agreement clearly state who owns the customer relationship?

Accepted Answer

Yes, the white-label partnership agreement is explicit that the partner owns the primary customer relationship, including all marketing and client acquisition. While day-to-day support can be a shared responsibility, the overall brand and commercial relationship with the end-user belongs to you

Question 22

What information do we need to post in our website mentioning about our connecting with your company?

Accepted Answer

To comply with FCA regulations and ensure full transparency for end-users, partners are required to include specific legal text on their website and within their application. This disclosure is typically placed in the website footer and on relevant payment or account screens. The precise wording will be provided by Gemba's legal team, but it will be similar to the following: "Payment services for are provided by Gemba Finance Ltd. Gemba Finance Ltd is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (FRN: 804853) for the provision of payment services." This disclosure is a mandatory regulatory requirement that reinforces the "liability shield" protecting the partner from direct regulatory accountability.

Question 23

How are responsibilities divided between our brand and your platform in public communication?

Accepted Answer

In all public-facing communication, the partner's brand is the primary and visible entity. All marketing, advertising, and product-related communication is the sole responsibility of the partner. Gemba's name and brand will only appear in the required regulatory disclosures as described above. This ensures the partner maintains complete control over their brand narrative. In the event of a service incident requiring public communication, the collaborative protocol outlined previously is activated to ensure a unified, brand-sensitive, and transparent message is delivered to customers.

Question 24

Who will be our main point of contact for escalations?

Accepted Answer

Upon signing the partnership agreement, each partner is assigned a dedicated Partnership Success Manager. This individual serves as the primary strategic point of contact for all commercial queries, performance reviews, and high-level escalations. For day-to-day technical issues and support escalations, the partner's team will have direct access to Gemba's senior support engineering team through dedicated channels. How do you keep us informed about updates, outages, or compliance changes? Gemba maintains a multi-channel communication strategy: Real-Time Status Page: A publicly accessible status page provides real-time updates on system performance, scheduled maintenance, and any active incidents. Partner Newsletter & Release Notes: Regular email communications provide updates on product enhancements, new features, API changes, and upcoming platform developments. Direct & Proactive Communication: The Partnership Success Manager will communicate directly via email and phone for any significant events, including advance notice for planned maintenance or important regulatory updates.

Question 25

Can we review recent cases where you handled client fraud, security or operational issues?

Accepted Answer

While specific, confidential details of any client cases cannot be shared, Gemba can provide anonymized and aggregated case studies that demonstrate its incident response and resolution processes. However, as previously noted, Gemba's fraud record for the past 14 months is perfect, meaning there are no recent fraud cases to review. During the due diligence process, Gemba is prepared to conduct a detailed walkthrough of its incident response playbooks and share summaries of security audit reports under a Non-Disclosure Agreement (NDA).

Question 26

What level of visibility or reporting will we have into client transactions and security alerts?

Accepted Answer

Partners are granted access to a secure Partner Dashboard that provides aggregated marketing and operational insights only.

Question 27

For further detailed information, you can refer to the official regulations and guidance documents published by the UK government and the Financial Conduct Authority (FCA):

Accepted Answer

The Payment Services Regulations 2017 (PSRs 2017): This is the primary legislation that governs the provision of payment services in the UK. It outlines the requirements for authorisation, safeguarding, and conduct of business for payment institutions. https://www.legislation.gov.uk/uksi/2017/752/contents The Electronic Money Regulations 2011 (EMRs): This legislation governs the issuance of e-money in the UK and sets out the rules for electronic money institutions. https://www.legislation.gov.uk/uksi/2011/99/contents FCA's Approach Document - 'Payment Services and Electronic Money – Our Approach': This document provides detailed guidance on how the FCA interprets and applies the PSRs 2017 and EMRs, including its expectations on safeguarding.https://www.fca.org.uk/publication/finalised-guidance/fca-approach-payment-services-electronic-money-2017.pdf FCA Policy Statement PS25/12 - 'Changes to the safeguarding regime for payments and e-money firms': This policy statement outlines the most recent and upcoming changes to the safeguarding rules, designed to enhance consumer protection.https://www.fca.org.uk/publications/policy-statements/ps25-12-changes-safeguarding-regime-payments-and-e-money-firms

Compliance & Risk Management as a Service

End-to-end regulatory compliance, automated onboarding, and safeguarded operations without licenses.

Use Cases

Gig economy/Global payroll

Aggregation economy

FinTechs

Got 15-30 minutes to talk growth?

Register your account

Setup White label profile

Start onboarding your clients and generate revenue

Total Support Package

Comprehensive Services Include:

1. Compliance

2. Processing

3. Branding

4. IT Support

Who is the licensed entity behind your platform?

In a white-label setup, who is legally responsible for the banking relationship — you or us?

If a client’s funds are lost or stolen, who reimburses them?

Who covers legal costs or penalties if regulators or clients raise claims?

Who carries the financial liability if a breach or fraud happens with client?