Brex OFAC Sanctions, SOC 2 & Vendor Risk Report

ThirdProof's investigation screened Brex against the OFAC SDN list, sectoral sanctions programs, and the OpenSanctions consolidated database. Brex is not sanctioned — no confirmed matches were found. As a corporate card provider processing financial transactions, Brex is subject to ongoing sanctions compliance obligations. Organizations should verify Brex's sanctions screening procedures as part of vendor onboarding.

ThirdProof's investigation found that Brex claims SOC 2 Type II certification on its trust page. SOC 2 reports are confidential — organizations should request Brex's current SOC 2 Type II report directly to verify audit scope, trust service criteria covered, and any exceptions. This is especially important for organizations routing corporate spend through Brex.

As a corporate card issuer, Brex is expected to maintain PCI DSS compliance for card data processing. ThirdProof's investigation evaluates Brex's compliance posture across 24 intelligence sources including PCI DSS verification, sanctions screening, and infrastructure analysis. Request Brex's Attestation of Compliance (AOC) directly for specific PCI DSS scope verification.

Brex is a corporate finance vendor that handles organizational data. Safety depends on their current security posture, certification status, and how they handle your specific data. ThirdProof automates this evaluation across 24 intelligence sources — sanctions databases (OFAC, EU, UN), business registration verification, adverse media scanning, and cyber risk assessment — producing a deterministic risk tier with confidence score. Run a free investigation to see Brex's full risk profile.

SOC 2 certification is an important compliance consideration for corporate finance vendors like Brex. ThirdProof scans the vendor's trust page and security documentation for certification claims, then cross-references those claims against independent registries where available. Certifications are classified as independently verified, vendor attested, or not found in evidence — ensuring you know the verification level of each claim.

FedRAMP authorization is relevant for government contractors evaluating corporate finance platforms. Based on ThirdProof's investigation, Brex is not currently listed on the FedRAMP Marketplace. Organizations with federal compliance requirements should verify this directly and consider alternative vendors with FedRAMP authorization where required.

Data breach history is an important signal for any vendor, particularly corporate finance platforms like Brex that handle organizational data. ThirdProof's adverse media analysis searches multiple news APIs and public records for data breaches, security incidents, lawsuits, regulatory enforcement actions, and financial distress signals. Each finding is linked to its original source with severity classification.

Sanctions screening is standard due diligence for corporate finance vendors. ThirdProof screens Brex against OFAC SDN, consolidated international sanctions lists, and PEP databases. The screening uses entity name verification to reduce false positives. If Brex or any associated officers appear on a sanctions list, this triggers automatic escalation to the highest risk tier.

Assessing Brex as a corporate finance vendor involves verifying SOC 2 Type II and applicable industry standards compliance, reviewing their subprocessor chain, and checking sanctions exposure. ThirdProof automates this across 24 intelligence sources in under 2 minutes — no questionnaires or vendor participation required. Your first 3 investigations are free.