Digital Customer Onboarding Platform with Automated KYC and KYB Verifications for a $19B Credit Union
A digital customer onboarding platform for one of the top 10 U.S. credit unions featuring automated KYC and KYB verifications, document authenticity checks, facial recognition, full compliance process automation, seamless integration with the existing corebanking infrastructure, reducing the account opening time from 5 days to 15 minutes.
About the Client
The client is a federally chartered credit union with $19B in assets and 1.4M members across the U.S., including 150K+ SMEs. It provides retail and business banking, loans, and financial services through physical branches and digital channels.
Project Background
With rapid growth, especially in its SME segment, the client wanted to automate their existing manual customer onboarding and compliance workflows.
Previously reliant on a manual paper-based process, the credit union faced 5+ day onboarding times, data security concerns, and operational bottlenecks. The goal was to digitize the SME account opening experience while ensuring compliance with BSA/AML regulations, including OFAC screening, identity verification, and audit readiness.
The main challenge of the project was that in the first stage, the new system shouldn’t have affected any other processes in the organization. To achieve this, it should have been integrated seamlessly with an existing legacy infrastructure as if the old paper-based process still existed.
The project began with an audit of a prototype partially built by a previous vendor. Itexus uncovered major flaws in security and architecture and proposed migration to a new microservices-based architecture and a refactoring plan.
Based on the results of the audit, proposed solutions, and demonstrated experience in building complex enterprise Fintech architectures, the client decided to change the vendor and entrust the project to Itexus completely.
Suggested architecture approach addressing the need to keep legacy code and integration to legacy banking systems.
Project Team
Engagement Model
Time & Budget
Tech stack
Functionality Overview
The platform provides end-to-end automation of the customer onboarding and compliance processes typical of a large Credit Union, allowing users, based on their role, to complete the following actions:
Individual and Business Applicants
-
Perform KYC identity verification using Acuant/GBG solutions, including document scanning, biometric selfie match, and address verification
-
Complete an online business account application with dynamic forms tailored to entity type (LLC, Corporation, Non-profit).
-
Instantly verify business ownership and identity through integrations with OpenCorporates, Plaid, and USPS Address API.
-
Digitally sign IRS, FinCEN, and other compliance forms via embedded DocuSign workflows.
-
Submit a fully verified application in under 15 minutes, without visiting a branch.
Compliance Officers
The system performs automatic identity and document authenticity verification, OFAC and other global watchlist scanning, PEP screening to validate the applicant’s suitability for account opening using GBG and Idology
-
Compliance officers can review all applications and statuses of verification in the compliance portal
-
Review high-risk applications flagged by configurable KYC rules through a centralized compliance dashboard.
-
Monitor onboarding analytics and access full audit trails for all application events and decisions.
Administrators
-
Configure onboarding workflows and KYC logic via a visual no-code rule builder.
-
Monitor microservice health, system performance, and document flows in real time.
Manage data residency and processing policies to ensure that personally identifiable information (PII) is stored and processed only in jurisdictions that comply with applicable regulations (e.g., NCUA, GDPR, state-specific banking laws).
Architecture Overview
The system consists of a mobile responsive web application built with React connected to a .NET 7 microservices back-end via REST APIs. The backend server is deployed to Azure Kubernetes (AKS), with hybrid support for on-premises data processing via Azure Arc. It features
-
React/Next.js web applications for both members and internal staff
-
OAuth 2.0 authentication with Azure AD B2C
-
Azure SQL (PII data, encrypted per column), PostgreSQL (document repository), and Blob Storage (immutable archive)
The system processes 5,000+ applications monthly with 99.95% uptime.
Development Process (or Project Approach)
The project lasted about 12 months with a cross-functional team of nearly 20 specialists, including PMs, BAs, architects, engineers, QA, DevOps, and designers. The first production release went live after 9 months, followed by staged feature rollouts.
Itexus began with a deep technical and security audit of the existing MVP bult by the previous vendor legacy MVP. During the audit the following problems were uncovered:
-
No encryption of sensitive data at rest.
-
Weak authentication flows without MFA.
-
Incorrectly implemented KYC provider integration
-
Lack of audit logging and infrastructure monitoring.
-
Reliance on Azure serverless architecture prevents required on-premises and other cloud providers’ deployments
Based on the audit results, Itexus:
-
Completely rebuilt the security layer to meet SOC 2 Type II, ISO 27001, and NCUA standards.
-
Designed a microservices-based hybrid architecture, enabling both cloud scalability and secure on-prem data processing.
-
Used the Strangler Fig pattern to gradually replace legacy components while maintaining a live version of the system for demonstration purposes
-
Ran parallel streams: refactoring insecure modules and delivering new onboarding features simultaneously.
Third-Party Integrations
-
GBG / Idology – KYC and sanctions screening
-
DocuSign – Digital signature of compliance documents
-
Plaid – Business bank account verification
-
USPS API – Address validation
-
Azure AD B2C – Identity management with hardware MFA
-
Azure Monitor / Key Vault – Logging, observability, and secure secret storage
All integrations follow strict API contracts, end-to-end encryption, and automated fallback procedures.
Security & Compliance
Zero-trust access model: all user access requires MFA and is managed via OAuth 2.0.
End-to-end encryption: mTLS for data in transit, AES-256 for data at rest.
SOC 2 Type II compliance achieved through:
-
OpenSCAP-based vulnerability scanning integrated into CI/CD pipeline.
-
Azure Policy enforcement to automatically audit and enforce security baselines, ensuring infrastructure hardening and compliance with internal security benchmarks.
-
Complete audit logging and traceability for all actions and transactions.
Project Challenges
fully rebuilt the application’s authentication, authorization, and encryption layers in 8 weeks after the previous vendor’s SOC 2 audit failure.
developed secure middleware to connect modern APIs with the AS400 core banking system.
delivered a compliant MVP in 9 months to align with upcoming audits, followed by phased releases to complete the full feature set.
Results & Future Plans
The platform reduced onboarding time by 90% (from 5 days to 15 minutes), and passed all security and compliance audits with zero findings. With thousands of
SME accounts onboarded, the credit union is now expanding the platform to support business lending and accounting integrations expanding the platform to modernize and automate other digital banking and lending processes in the Credit Union business.
Need to develop a similar project?
Mobile e-wallet application that lets users link their debit and credit cards to their accounts through banking partners, create e-wallets and virtual cards, and use them for money transfers, cash withdrawals, bills and online payments, etc.
