Identity, authorization, and compliance infrastructure for Bangladesh's regulated institutions.
Bangla QR goes live June 2026. The Cyber Security Framework and BB Partner Network both land December 2026. PDPO data protection follows May 2027. Banks and financial institutions that are not ready will fail audit, lose licenses, or face criminal exposure. We build the identity, authorization, and anti-fraud primitives that close those gaps.
- Bangla QRJune 2026
- Cyber Security FrameworkDecember 2026
- BB Partner NetworkDecember 2026
- PDPO Data ProtectionMay 2027
Active commercial engagements with tier-1 commercial banks in Bangladesh, under NDA. Case studies will be published when contractually permitted.
Named customers below are businesses that can be referenced publicly -- not the regulated institutions we work with.
- Tier-3 data centerRedundant power, cooling, network. Bangladesh-sovereign.
- APNIC memberAutonomous system AS 64005. Dedicated IPv4 and IPv6 blocks.
- 26 years of financial infrastructureSame principal engineer throughout the track record.
Three products. Every regulated-institution primitive.
Identity, authorization, and anti-fraud. Each runs in your tenant, each maps to specific Bangladesh Bank clauses, each has been deployed inside a live bank environment.
Wenme
Identity and authentication for regulated institutions.
OAuth 2.1 + PKCE, passkeys and hardware MFA, tamper-evident audit trails. Deploys on-premises or in a dedicated tenant inside your data center. Integrates with existing AD/LDAP and core banking without a rip-and-replace.
Darwan
Authorization, separation of duties, and access review.
ABAC engine with explicit separation-of-duties rules, time-bound role assignments, and full audit of every policy decision. Built to answer the specific evidence requests auditors make under BB's Cyber Security Framework and BB Partner Network.
Aegis
Anti-fraud and transaction protection for financial institutions.
Real-time transaction scoring, rules plus model cascade, and case management for fraud analysts. Designed around the exposure surface Bangladesh Bank defined in the MFS and digital-payments circulars, not a generic global fraud product retrofitted to Bangladesh.
Bangladesh Bank 2026 regulatory readiness, mapped clause by clause.
We map our platform capabilities to specific regulatory clauses, not generic framework readiness. When your auditor asks which control satisfies which paragraph, there is an answer.
Bangla QR -- June 30, 2026
Criminal penalties: BDT 30 lakh + 3 years imprisonment
Cyber Security Framework -- December 31, 2026
7-pillar framework. MFA mandatory. 89% of banks NOT AI-ready.
BB Partner Network -- December 31, 2026
BRPD-2 No-01. 61 banks, 100+ organizations. OAuth 2.1, RBAC.
Mandatory interoperable QR for merchant payments. Criminal penalties for non-compliance.
Seven-pillar framework for banks. MFA, privileged access, and audit-trail mandates across the estate.
BRPD-2 No-01. OAuth 2.1, RBAC, and standardized audit for every third-party banking integration.
Personal Data Protection Ordinance. Consent, residency, breach notification, and data-subject rights.
19 Bangladesh Bank regulatory frameworks.
Clause-level mapping across Wenme, Darwan, and Aegis.
26 years of financial infrastructure. Same principal engineer throughout.
The person who architected the core systems in 2000 is the same person architecting the compliance platform you deploy today. For bank buyers, continuity is a credibility signal -- vendor staff turnover is one of the top recurring audit findings in the region.
KaritKarma is headquartered in Dhaka. Our production workloads run from Tier-3 data center facilities inside Bangladesh. We are an APNIC member with autonomous system number AS 64005 and dedicated IPv4 and IPv6 blocks, so identity, authorization, and fraud-control traffic never requires a foreign cloud hop.
For custom engineering engagements outside our platform products, see our consultancy arm LoneSock.
Book a technical briefing.
A 45-minute session with the engineer who will be responsible for your deployment. We map your audit findings to specific platform controls and agree on a deployment envelope before anyone signs anything.