Software for industries thatcan’t afford to get it wrong.
PentaLab is a software lab building products for regulated industries — finance, compliance, and infrastructure. We design tools auditors trust, regulators understand, and engineers can maintain ten years from now.
Built for
NNSFlow
Negative news & sanctions screening
Evidence-locked screening for compliance teams. On-premise, FINMA-aligned, auditor-ready out of the box.
OnboardingFlow
KYC & client onboarding
A digital onboarding workflow for regulated institutions. Document intake, risk scoring, and reviewer trail — same audit-first foundations as NNSFlow.
What we build
Products that hold up under audit.
We ship our own software for regulated industries. Each product runs on the same foundations: on-premise-ready, evidence-locked, designed alongside the people who will be audited on the output.
NNSFlow
Negative news & sanctions screening
Compliance teams use NNSFlow to screen individuals and companies against sanctions and negative news, with an evidence-locked record of every decision. Available on-premise for Swiss financial institutions.
OnboardingFlow
KYC & client onboarding
A digital onboarding workflow for regulated institutions: document intake, identity verification, risk scoring, and a complete reviewer trail. Same audit-first foundations as NNSFlow.
Built for the audit
The artifacts ship with the install.
A procurement reviewer should not have to ask. Every PentaLab product comes with the documentation, runbooks, and evidence a security and compliance review expects to see — on day one, in the customer tarball.
Auditor Pack
Controls register, key lifecycle, SoD matrix, FINMA / nFADP / GDPR / ISO 27001 / SOC 2 crosswalk.
DR Runbook
Eight disaster-recovery scenarios with an annual drill schedule. Bank captures dry-run records as SOC 2 evidence.
Pen-Test Report
Adversarial threat scenarios run live against the system, with reproducible commands and verdicts.
HSM Simulation Guide
Three-tier rehearsal program before any witnessed change window. Failure modes drilled deliberately.
How we work
Four principles, no exceptions.
The same principles run through every product and every engagement.
On-premise first
Sensitive data stays in the institution. Every product is built to deploy inside the client’s own infrastructure, with cloud as an option — never a requirement.
Compliance by design
Audit trails, retention windows, and immutable evidence are part of the data model from day one — not patched on after the first regulator visit.
Evidence over claims
Every decision the software makes is backed by a real artifact — a hash, a log, a source link. Reviewable years later by someone who wasn’t there.
Built to last ten years
Boring stack. No chasing trends. Code a different engineer can pick up and a regulator can still understand long after the original team has moved on.
Services
Custom work, on the same foundations.
Beyond our products, we partner with institutions that need software they can stake their license on. A small number of engagements per year.
Custom dashboards
Internal tools and analytics dashboards for risk, compliance, and operations teams. Built fast, designed for the people who actually use them.
On-premise deployment
We help institutions deploy and operate compliance software inside their own data center — from hardware sizing to disaster-recovery playbooks.
Custom software
End-to-end builds for regulated workflows that don’t exist off the shelf. Same audit-first standards we hold our products to.
Who’s behind this
Antoine Bedaton, founder
Systems engineer at Eurocontrol, building software for European air-traffic infrastructure. PentaLab is where I build software for industries with the same level of operational seriousness — finance and compliance first.
I started PentaLab because regulated industries deserve tools designed by people who take audit, reliability, and security as seriously as the regulators do.
Building somethingthat has to be right?
We’re selective about the work we take on, and quick to say when we’re not the right fit. Tell us what you’re working on.