Approval Pathway Successfully Completes SOC 2 Type II Audit

By Dennis Newel, CTO & Co-founder of Approval Pathway

Approval Pathway Successfully Completes SOC 2 Type II Audit

At Approval Pathway, our mission has always been to transform commercial lending from "document-heavy" to "decision-ready." However, we know that speed and efficiency are meaningless without an ironclad foundation of security and trust.

Today, we are proud to announce that Approval Pathway has successfully completed its SOC 2 Type II attestation, reinforcing our commitment to the highest standards of data security for our partners across North America.

What This Means for Our Partners

For the banks, credit unions, and commercial lenders we serve throughout Canada and the United States, this achievement is a significant milestone. While a Type I audit looks at a "point in time," the Type II attestation is a rigorous evaluation of our operational excellence and control effectiveness over a six-month observation period.

It serves as independent verification that our internal controls—spanning security, availability, and processing integrity—meet the highest global standards for service organizations handling sensitive financial information consistently over time.

Why Security is the Core of "Decision-Ready"

Commercial lending involves the exchange of highly sensitive data: tax returns, balance sheets, bank statements, and personal financial statements. As we modernize the intake and pre-underwriting process through automation and AI, we are committed to ensuring that every piece of data submitted through our platform is encrypted at every stage and never leaves a secure, audited environment.

This milestone reinforces our commitment to several key pillars:

  • Elimination of "Inbox Sprawl": By centralizing document collection within a secure, authenticated portal, we remove sensitive financial data from fragmented personal email inboxes, closing one of the most significant security gaps in traditional lending.
  • North American Data Sovereignty: We provide secure data residency by hosting exclusively within the North America (Montreal) region, ensuring strict compliance with local mandates for our partners across the United States and Canada.
  • Regulatory Alignment: Our platform is engineered to align with both Canadian standards (PIPEDA, OSFI) and US regulations (GLBA, CCPA), ensuring a seamless compliance experience for cross-border and regional institutions.
  • Institutional-Grade Encryption: Every document and data point—from the moment it is uploaded to its final analysis—is protected by AES-256 encryption at rest and TLS 1.2+ in transit.
  • Operational Resilience: Our cloud-native, serverless architecture is built for 99.9% availability, ensuring your team can move deals forward without interruption.

A Message from Our Leadership

"Completing our SOC 2 Type II audit is a significant milestone that reflects our team's 'Security-First' mindset," says Dennis Newel, CTO. "For our partners at financial institutions across the US and Canada, this attestation provides the peace of mind that their clients' data is managed with the same rigor they apply to their own internal operations."

What’s Next?

Security is not a destination; it is a continuous journey. While we celebrate this achievement, our team continues to monitor, audit, and improve our systems daily to stay ahead of the evolving global threat landscape.

Transparency is key to trust. To facilitate this, we have launched a dedicated Trust Center at Trust.approvalpathway.com. Current and prospective partners can visit the portal to review our real-time security posture and request our SOC 2 Type II report under a standard non-disclosure agreement (NDA).

If you are a Risk or IT officer looking to review our security posture, please visit our Trust Center to request a copy of our latest report.

About Approval Pathway Approval Pathway is a leading North American commercial loan origination and pre-underwriting hub. By automating document intake and financial spreading, we help lenders reduce manual "touch-time" by up to 80%, enabling them to fund more deals with greater precision and security across Canada and the United States.