Online Services Ecosystem for European Investment Bank
An eBanking software system that covers the needs of bank clients, optimizes the operators’ workflow, and automates core internal business processes
About a Project
Our customer is a Swiss bank that offers online investment, loan lending, and trading services to clients from B2B and B2C sectors. Its banking system didn’t allow business scaling. The bank needed a technical partner to build a new flexible system that could lead to increasing the number of clients.
Goals set to Cleveroad
Create an eBanking software allowing simple investment and opening the account so that clients can easily complete the entire procedure
Maintain existing capabilities of the banking system; improve them by adding modules built from scratch and automating internal business processes
Keep the business logic and technical parameters of the system so that they can meet investment banking legislation under the existing license of our customer
Solutions we've delivered
Development of the custom ecosystem that includes easy sign-up, digital account opening system according to KYC, and web portal for trading and investing
In-depth analysis; creation of new refined architecture covering the needs of all clients within a single system. Bank automation that optimizes operators' team workflow
Applying custom tools and approaches comparing with terms of Swiss banking regulators (namely FINMA), including the need-to-know access control
Results for the Customer
A transparent and intuitive sign-up, identity verification, and account creation process allowed customer to attract new clients and increase the retention rate
A full-fledged ecosystem covers digital account opening and all the needed operations within B2B and B2C business models that allowed the bank to free up staff for other needs
The new software meets the requirements of Financial Market Infrastructure Act (FMIA) and allows the investment bank to freely work under its current license
Our customer, an investment bank located in Switzerland, serves clients in the B2B and B2C sectors. Opening and operating trading accounts were complex, lengthy, and often depended on the user's residence. Due to the time-consuming sign-ups and the system's inflexibility, the bank was losing clients. Our customer could not adjust the system and scale the business quickly and needed a reliable technical partner to:
Replace the outdated MVP software and develop a holistic system that covers the needs of B2B/B2C clients and the operators' teams, automates core internal workflows, and allows the bank to build new capacities for global business.
Improve the user experience (UX) for sign-up, digital account opening, and work in the eBanking portal so that users complete the registration procedure, become and remain bank clients, increasing the retention rate.
Comply with regulatory requirements for investment bank software. Namely: the new system and operational processes must comply with FMIA, and the development team should adhere to working and handling data rules within the need-to-know access control.
Project in Details
- When developing the architecture of the ecosystem, we relied on the key required solutions: user-friendly sign-up, digital account opening system including KYC pass, and online banking portal. According to the business logic, the sign-up redirects new users to Digital Account Opening (DAO) for KYC passing. After DAO with KYC procedure and account verification with its approval, they access the ePortal and available trading accounts.
- We've carried out a deep analysis of the customer's processes, considering the required business logic and security standards. Based on it, we have created an easy account registration. Users can quickly prove their identity, pass an extended verification and KYC (if needed). The solution allows users to understand the sign-up "full picture" and track their status in the banking system.
- User, profile, and account data (including account status) are accessible and updated in the Customer Tool by bank operators. They work in teams within the Role-Based Access Control (RBAC) and need-to-know access control. The system hides certain customer data depending upon the job. I.e., data not needed for operators’ team daily tasks is not visible to it, but visible to another team having the proper access.
Quality and compliance
Software quality control and assurance in investment banking is challenging since there are many heterogeneous (but interrelated) processes there. To cope with it and increase the development transparency, we've created and combined four separate service flows within the most effective model. It included Business Analysis (Planning/Discovery), Engineering, QA Automation, and Project Management. Flows can be used together within the custom built process or apart, when required.
Compliance with FMIA and FINMA circular for outsourcing solutions was ensured by choosing the optimal architecture, engineering tools and organizing the safe work pipeline. Data residency policies required deployment into Hybrid Cloud with sensitive data stored on premises. Team structure was mixed, with agreement and collaboration from the customer side. Every participant, regardless of work scope, was trained on data security, had to sign the NDA, and was obliged to:
- Ensure that all bank data related to code, algorithms, and financial processes will remain non-disclosed
- Work in separate space with authorized access (pass only), and no video surveillance allowed
- Not share any sensitive information they may learn and/or copy (specification, code, regulatory documentation, user data, etc.)
- Ensure turning off or locking PCs, turn down any papers with work-related notes or hide them when leaving their desk
- Destroy any project-related documents and information (printed, written, or saved on digital data storage) when they are no longer needed
Initial registration was organized in a step-by-step format that is understandable and user-friendly. Thanks to the correct design on the steps-tracker, the primary and additional fields are perceived naturally and simplify the process.
Additional fields include options for entering answers and blocks for in-depth verification of users from gray-listed countries (economically or politically unstable areas). So, they provide fields for entering information about income sources for the following verification steps. The parameters for determining whether a person is included in the "gray lists" are configured through the Admin Panel.
Initial customer data is recorded in the system after sign-up. If the person leaves without passing all onboarding steps, the system sends email reminders automatically. If the client's registration data remains blank/unfulfilled, it is deleted from the system database.
The KYC procedure
The Know-Your-Customer (KYC) procedure is carried out right after signing up and online banking account creation. The Digital Account Opening (DAO) application is made for it through clients' identity verification. It consists of 2 components: for the end-users (bank customers) and the bank's operators responsible for identity verification.
We have developed three ways of KYC within the system:
Online registration, for confident users of banking software that don't need specific explanation and can get by with UI notes and tooltips. The process includes e-signing the contract with the Investment Bank and requires protection with an identification code to enable the e-signing. When users e-sign a document, they are obligated to go through the MFA procedure to secure operations and prevent access to an account for criminal purposes.
An online video conference call to provide necessary documents and make a verification photo with real-time support. The bank operator guides the customer through all steps, can ask to remake an ID scan or photo, and ensures the successful KYC passing for some clients. These can be persons subject to verification by the bank's decision or users who prefer to be assisted in KYC procedure for more confidence in doing all right.
Offline by mail and/or phone call to provide customers with detailed information about documents they must prepare and send to the bank. The user account status changes when documents are uploaded and commented by bank operators. When the account opening is approved, the system automatically sends emails to the customers and notifies that account is active. The bespoke verification pipeline ensures that a customer and bank operator won't miss any detail and improves the user experience.
Corporate accounts are also maintained by the bank. An opening is performed from the customer tool by special bank operators. Users need to send required documents to the corporate email address for requesting this type of account.
An online banking portal becomes available in "demo mode" when KYC is passed, and documents are waiting for verification. After approval, the client can use all the features in standard mode (for trading and other investment activities).
The bank's Customer Tool was improved to be fully compatible with the need-to-know principles. The exact fields with customer data are shown to bank operators based on the RBAC approach and depending upon their team, job responsibilities, and needs in certain client's data.
Integration of the new software with an existing Customer Tool was performed as well. A systematic approach to the development, integration, and automation of the online banking portal allowed us to obtain a drastically new level of workflow optimization and UX:
- Any user, regardless of digital awareness level, can easily open and access an eBanking account
- All accounts are kept in one place and instantly available to owners (bank clients)
- Clients can transparently review their documents uploaded during KYC and open messages
- Payments option and account-to-account transfers bring added value to bank services and enhance customer satisfaction rate
Development in Detail
- As part of our quality and security approach, we have created 3 sub-projects (Sign-Up, Digital Account Opening, and Online Banking Portal). Every sub-project had 2 stakeholders from the customer side: Product Owner and Tech Lead. Teams and customer-side stakeholders work in the Scrum framework, including planning, sprint reviews, daily scrum meetings, user acceptance testing, and feedback.
- From the Cleveroad side, 3 development teams were involved. Each of them consisted of Solution Architect (SA), Tech Lead, project manager (PM), business analyst (BA), DevOPS, a UI/UX designer, backend and frontend developers, manual and automation QA engineers. BA Team Coordinator (person who worked part-time with 3 teams) ensured the correct implementation of the whole "project picture." Cleveroad teams performed all research and solutions-making.
- Discovery stage Team composition included SA, BA, PM, and QA automation senior engineer. They worked with 3 customer-side Tech Leads and POs. The deliverables included software architecture document, FBL, business activity and sequence diagrams, architecture and infrastructure diagrams, rough estimation, project strategies' description regarding testing automation, nonfunctional requirements, and change requests implementation.
- The stakeholders of sub-project teams validated the solutions as subject-matter experts: goals decomposition, roadmaps, prioritization, budget, etc. The stakeholders also conducted focus groups and business tests (when needed) and controlled the infrastructure setting-up. Our BAs provided them with scenarios for focus groups and business tests for new features delivered. The private data remains entirely on the bank side and Cleveroad can perform development, release, and guarantee that the system is fully operational in a production environment
- Compliance with technical security and data protection standards and FINMA circular for outsourcing solutions has been ensured by our teams and included (but is not limited to):
- Data encryption in transit and at rest
- Secure storage of bank customers' documents
- Role-based access control
- Principle of the least privilege
- OWASP secure design principles
- Secure standardized logging
- GDPR Compliance
- Security in the cloud (followed by the AWS Shared Responsibility model)
- Data residency
- Data Recovery options
Tech stack was chosen and used considering customer needs, solution's business logic, and the US healthcare requirements
3d party services
Clients attraction/retention rate growth by 20-30%
Creating a new eBanking system with improved UX allowed our customer to simplify account opening. Due to it, the number of clients finishing onboarding has grown, and the user retention rate increased by 20-30%.
Compliance with Financial Market Infrastructure Act
A full-fledged eBanking ecosystem meets regulations and requirements stated in the FMIA. The bank can now freely work under its license and provide clients with secure banking at the level of Swiss standards, known for their rigor.
Continuous Improvement enlarging business value
Collaboration with Cleveroad led to business processes improvement, acceleration of operators' work, and tech staff free up. We still maintain improvements for a customer, namely by developing a robo advisory and mobile app.