Regulatory compliance and security is

important to us.

We place a high priority on regulatory compliance and security, considering them essential and integral aspects of our platform.

License and Regulations

CreditBook Financial Services Ltd. (CBFS), is a wholly owned subsidiary of CreditBook Technologies. CBFS has been incorporated as a Non-Banking Financial Corporation (NBFC), and has been licensed by the Securities & Exchange Commission of Pakistan (SECP) to provide "Investment Finance Services" (IFS), which includes lending and financing services. The primary objective of CBFS is to enable access to finance, and credit for Micro, Small & Medium Enterprises. Being a technology company first, CBFS is also the first NBFC engaged in MSME lending to have been whitelisted by SECP for digital lending. CBFS' Tijara, which is a module within the CreditBook khata app, has been whitelisted by SECP. The whitelist is available here.

The two licenses, viz. IFS and Digital Lending have been acquired after going through a comprehensive process of due diligence, and vetting by the SECP. Through availability of a NBFC and a Digital Lending license, CBFS can enable access to finance for MSMEs, both through conventional, and digital distribution channels — further opening up possibilities of embedded finance across the board.


We recognize the critical need for a secure environment on our platform. Utilizing cutting-edge technologies and strict protocols, we've established extensive security measures to safeguard users and uphold the integrity of our systems.



User data privacy takes center stage at our platform, we work together with our partners to ensure that data is protected and privacy controls are implemented, this achieved through the following:
Secure data storage and masking
Role based access controls
Compliance with security and privacy regulations
Network Security

Network Security

Network security is top priority for Creditbook’s platform, we place great emphasis on protecting our infrastructure and user’s data. We achieve this by:
Implementing network segmentation
Strict authentication control
Enforce multi-factor authentication
Intrusion monitoring
Data encryption


Our services have been designed with high-availability in mind, this is achieved through:
Implementing redundancies within the platform
Regular data backups
Usage monitoring
Alerts that prompt us of any failures.
Disaster recovery plans and service level agreements


We assess the state of our infrastructure by conducting periodic audits, the audits are conducted on the following:
Log trails that are stored for all activity on our platform
Network traffic data
Access control logs
Vulnerability scans and pen-testing

Unlock growth that businesses in emerging markets deserve -