Digital Onboarding Platform for a Leading U.S. Credit Union – Transforming SME Banking

Solution Overview

Collaborative Solution Delivery

Itexus and the credit union partnered to build a secure, scalable, and intuitive digital onboarding platform that resolved all prior issues. Delivered as modular web and mobile apps for applicants, compliance officers, and admins, the solution runs on a robust, cloud-based backend.

Key Features:

Streamlined SME Onboarding: Business owners complete applications via web or mobile. The system auto-generates required forms (e.g., Form 41, Form 130) and uses DocuSign for e-signatures. Applicants can track progress, and upon approval, instantly access online banking. The entire process is 100% paperless.

Embedded Compliance & Risk Tools: Every action is logged for auditability. Integrated KYC/AML tools (via GBG) check applicant data in real time against watchlists like OFAC. High-risk profiles trigger admin alerts. Compliance metrics and reports are generated on-demand for audits.

Admin Console: A dedicated portal lets staff configure settings, manage roles, and monitor applications. Real-time metrics, incident alerts, and knowledge base tools streamline operations and support.

Third-Party Integrations: Seamlessly links with the core banking system via middleware. Supports Plaid (bank linking), DocuSign, USPS address validation, and identity providers like Azure AD. These behind-the-scenes connections reduce friction while maintaining compliance.

Web & Mobile Access: Fully functional on both desktop and mobile (iOS/Android), allowing users to start on one device and finish on another. Mobile features like ID photo capture enhance convenience and completion rates.

Architecture & Security:

Microservices in Azure: Built with .NET microservices on Azure Kubernetes Service (AKS), the platform scales efficiently and supports hybrid deployments. Sensitive components can run on-premises, connected via secure VPN to the cloud.

Data & Integration Layer: Uses both SQL Server and Oracle databases for smooth migration. All data is encrypted, and APIs follow industry protocols (e.g., OAuth 2.0) for secure external connections.

Security by Design: The platform meets SOC 2 Type II, ISO 27001, and NCUA standards. It includes RBAC, MFA for admins, TLS encryption, and detailed audit logs. Pre-launch penetration testing confirmed all earlier vulnerabilities were resolved.

Summary:
The platform gives the credit union a fully branded, future-ready digital onboarding solution. It simplifies SME account setup, enforces compliance, and integrates with legacy systems — supporting the institution’s digital growth and regulatory confidence.

Project Challenges

Developing a secure and scalable onboarding solution for the credit union came with several critical challenges:
Security & Compliance Risks: The previous MVP had failed a major security audit, highlighting glaring issues in data protection. Achieving compliance with strict standards (SOC 2, ISO 27001, and NCUA regulations) was paramount to avoid regulatory penalties and safeguard sensitive information. The new solution needed a robust security framework from day one.

Inadequate Architecture: The initial serverless design was misaligned with the client’s needs for on-premises deployment and tighter control. It could not reliably support the required features or scale. Transitioning to an enterprise-grade, scalable architecture (while keeping the system running) was a pressing challenge.

Lack of Documentation: The inherited codebase came with little to no technical documentation. This obscured understanding of business logic and system behaviors, making the rescue effort harder. Engineers would need to reverse-engineer the existing system to rebuild it correctly without introducing regressions.

Tight Timeline: With regulatory deadlines looming (including a follow-up security audit to confirm fixes), there was no luxury of a long development cycle. The team was challenged to deliver a fully functional, secure platform in just a few months to meet compliance certification timelines.

Legacy Integration Complexity: The new platform had to seamlessly integrate with the credit union’s core banking system and external services (for identity verification, funds transfer, etc.). Ensuring smooth data exchange with legacy systems and third-party APIs would require careful planning and rigorous testing.

User Experience Gaps: The old solution offered a poor user interface and confusing experience, which could deter busy business owners. A complete UX/UI redesign was needed so that SMEs could easily self-serve their onboarding process without extensive hand-holding.

Overcoming each of these challenges was critical to the project’s success and to the credit union’s broader digital transformation initiative.

Project Approach

The project began with a technical audit of the existing onboarding solution for a major credit union, revealing significant architectural and security compliance issues from the previous vendor. Given the urgency to pass a security audit for compliance certification, we prioritized addressing these vulnerabilities.

Faced with the choice of repairing the existing system, which would take months, or rewriting it from scratch in three months, we opted for the latter, a decision that proved effective.

To ensure a smooth transition, we adopted a phased approach to refactor the serverless architecture into a microservices framework hosted on Kubernetes, utilizing Docker for containerization. We employed the Strangler Fig pattern to migrate serverless functions to microservices without disrupting user experience.

Simultaneously, we reconstructed missing technical documentation through reverse engineering, aligning all requirements with client expectations. Our engineering team worked closely with analysts to identify and resolve gaps in business logic.

We integrated various third-party services for identity verification and compliance checks, including OAuth 2.0 for authentication, Plaid for financial data aggregation, and GBG for KYC processes.

The KYC process involved gathering data from multiple sources, including document verification with OC and Idology.com, and accessing information from Opencorporates and government APIs for sanctions lists, including OFAC. We also developed a feature to generate necessary PDF documents, such as Form 41 and Form 130, which applicants signed electronically via DocuSign, ensuring compliance with regulatory requirements.

Additionally, we implemented Adverse Media checks to provide insights into clients’ backgrounds, reducing false positives and enhancing the financial institution’s understanding of potential risks. We integrated USPS to verify the validity of applicants’ addresses, ensuring that P.O. Boxes were not used as shipment addresses.

Utilizing Microsoft Azure for cloud hosting, .NET for backend development, and React for the front end, we established a VPN tunnel to securely connect the client’s on-premise infrastructure with our cloud services.

We maintained two databases, transitioning from Oracle to MSSQL for flexibility.

By the project’s conclusion, we delivered a robust, microservices-based onboarding platform that met security standards and provided a streamlined experience for both end-users and compliance officers.

Results & future plans

The new onboarding platform delivered major improvements in efficiency, compliance, and user experience.

90% Faster Onboarding:
SME account setup time dropped from days to minutes. Automated validations and seamless integrations enable instant progression from application to active account, vastly improving speed and convenience.

Full Compliance Achieved:
All security and regulatory audits were passed with zero findings. The platform now meets SOC 2 Type II and NCUA standards, resolving prior vulnerabilities and eliminating legal and compliance risks.

Improved User & Staff Experience:
Applicants enjoy a fast, intuitive process, driving higher completion rates. Internally, automation and dashboards help staff manage more accounts with fewer errors and less manual effort, boosting productivity.

Stronger KYC & Risk Management:
Advanced KYC tools enhance fraud detection accuracy, reducing false positives and enabling faster, more confident decision-making. Compliance is continuously enforced in the background.

Future Outlook:
With a solid foundation in place, the credit union plans to expand the platform’s offerings (e.g., credit cards, lending) and integrate with tools like accounting software. UI refinements and advanced analytics are also in development to optimize the user journey and extract insights for growth strategies.

Summary:
What began as a flawed MVP is now a core digital asset — scalable, compliant, and ready to support the credit union’s long-term vision for SME services and innovation in digital banking.