Digital Customer Onboarding Platform with Automated KYC/KYB and Instant Funding for One of the Top 7 U.S. Credit Unions
An omnichannel digital onboarding platform for one of the Top-7 U.S. credit unions ($19B in assets, 1.4M members, and 150K+ SME members). It automates KYC/KYB checks, document verification, facial recognition, instant funding, and compliance workflows. The system integrates with the legacy AS400 core banking platform to support existing operations and reduces account-opening time from five days to just 15 minutes.

About the Client
The client is one of the Top-7 federally chartered credit unions in the U.S., managing $19B in assets and serving 1.4M members nationwide, including 150K+ small and medium-sized businesses.
It provides retail and business banking through branches and digital channels — checking and savings accounts, debit and credit cards, auto and home loans, personal and business lending (including SBA), merchant services, payroll and treasury management, and online/mobile banking supported by a large ATM network.
Project Background
With rapid growth, especially within its SME segment, the client faced increasing pressure on its manual paper-based onboarding and compliance processes. It experienced long onboarding times of over five days, frequent data entry errors, inconsistent document handling, and delays in identity verification and OFAC screening.
The client wanted to digitize the SME and retail account opening process to enable fast onboarding and eliminate human-factor errors while maintaining full BSA/AML compliance.
The main challenge was to introduce the new digital process without affecting existing organizational workflows. The system had to integrate seamlessly with the legacy AS400 core banking infrastructure, so that, from day one, users could open accounts in-branch or online with no impact on existing processes.
The engagement began with an audit of an MVP developed by a previous vendor. Itexus identified major security and architectural flaws and proposed a migration to a new microservices-based architecture with a detailed refactoring plan. Based on the audit results, proposed solutions, and Itexus’s experience in enterprise FinTech architecture, the client decided to change the vendor and entrust the project to Itexus entirely.
Project Team
Engagement Model
Time & Budget
Tech stack
Functionality Overview
The platform automates end-to-end onboarding and compliance processes typical of a large credit union. It supports a seamless omnichannel user journey, allowing users to start online, continue in-branch, or complete the process with a sales representative on a tablet — switching channels effortlessly as needed.
The system allows users to perform the following actions based on their role.
Individual and Business Applicants
-
initiate an account opening request and provide personal or business details;
-
complete KYC/KYB verification through GBG (Acuant/Idology), including document scanning, biometric selfie match, address verification, and checks against OFAC/PEP lists;
-
verify business ownership and entity data through integrations with OpenCorporates, Plaid, and USPS Address API, with planned expansion to state registries;
-
select the desired account type (savings, checking, or money market);
-
fund the account instantly via Plaid or choose in-branch funding, with Plaid Signal used to calculate risk-based limits and reduce ACH return risks;
-
digitally sign IRS, FinCEN, and other compliance forms through embedded DocuSign workflows;
-
submit a verified application and fund the account in under 15 minutes — without visiting a branch.
Compliance Officers
-
review and manage applications in a centralized compliance console;
-
focus on high-risk applications flagged by configurable KYC rules;
-
monitor onboarding analytics and access full audit trails;
-
assign, escalate, and track reviews within role-based workflows for transparency and regulatory compliance.
Administrators
-
configure onboarding workflows and KYC logic using a visual no-code rule builder;
-
monitor microservice health, system performance, and document flows in real time;
-
manage data residency and processing policies to ensure that PII is stored and processed only within compliant jurisdictions (NCUA, GDPR, and state-specific regulations).
Architecture Overview
The system is designed for flexibility, scalability, and seamless integration with legacy banking infrastructure. It includes a mobile-responsive web application built with React/Next.js, connected via REST APIs to a .NET 7 microservices backend deployed on Azure Kubernetes Service (AKS) with hybrid cloud and on-premises support through Azure Arc.
Frontend
-
React/Next.js web applications for both members and internal staff, optimized for mobile, tablet, and in-branch use.
-
OAuth 2.0 authentication via Azure AD B2C, supporting MFA and hardware security keys.
Backend & Services
-
.NET 7 microservices communicating through REST APIs for scalability and secure integration.
-
Docker containers orchestrated by AKS for high availability and portability.
-
Middleware enables secure integration with the AS400 core banking system; compatibility
-
Q2 Digital Banking Marketplace is being implemented in the next phase.
Data & Storage
-
Azure SQL for PII data with per-column encryption.
-
PostgreSQL for document storage.
-
Azure Blob Storage for immutable (WORM) archival.
Security & Compliance
-
Built on zero-trust architecture principles.
-
mTLS in transit and AES-256 encryption at rest.
-
Compliant with SOC 2 Type II, ISO 27001, and NCUA baselines.
-
OpenSCAP vulnerability scanning within CI/CD pipelines and Azure Policy enforcement for system hardening.
-
MFA for all access points.
Performance
The platform processes over 5,000 applications monthly with 99.95% uptime, ensuring continuous member onboarding and compliance operations.
Third-Party Integrations
The platform integrates with several third-party services to enable core onboarding, compliance, and operational features:
- GBG (Acuant/Idology) – identity verification, biometric selfie match, document authenticity checks, and OFAC/PEP screening.
- Plaid – instant account funding, business bank account verification, risk-based funding limits via Plaid Signal, and Plaid Transfers/Ledger integration.
- OpenCorporates – automated verification of business registration and ownership data.
- USPS API – address validation during KYC/KYB.
- DocuSign – digital signing of IRS, FinCEN, and compliance documents.
- Azure AD B2C – secure identity management with MFA and hardware key support.
- Azure Monitor & Key Vault – observability, centralized logging, and encrypted secret storage.
All integrations follow strict API contracts, use end-to-end encryption, and include automated fallback procedures to ensure high availability and data integrity.
Project Approach
The first version of the platform was completed in nine months by a cross-functional team of about 20 specialists, including solution architects, project managers, business analysts, software engineers, QA, DevOps, and UI/UX designers. The process followed Agile/Scrum principles with two parallel workstreams to ensure fast delivery and continuous improvement.
Phase 1: Initial Audit and Planning
Itexus began with a comprehensive technical and security audit of the MVP built by the previous vendor. The audit revealed several critical issues:
- no encryption for sensitive data at rest;
- weak authentication without MFA;
- faulty KYC provider integration;
- lack of audit logging and monitoring;
- reliance on Azure serverless architecture, which blocked required hybrid deployments.
Based on these findings, Itexus team:
- designed a microservices-based hybrid architecture enabling both cloud scalability and on-prem data processing;
- adopted the Strangler Fig pattern for gradual replacement of legacy components without service interruption;
- rebuilt the security layer to meet SOC 2 Type II, ISO 27001, and NCUA standards.
Phase 2: Development and Integration Development was structured into two concurrent streams:
- Stream 1 – Legacy Code Refactoring: refactored insecure modules and integrated legacy systems using the Strangler Fig pattern to ensure smooth coexistence and migration.
- Stream 2 – New Feature Development: implemented the digital onboarding flow, automated KYC/KYB verification, instant funding, and compliance portal.
Phase 3: Testing and Release
Each sprint included QA automation, security validation, and performance testing within CI/CD pipelines, followed by a demo and UAT testing. The release process followed a staged rollout approach, ensuring stability and minimal disruption to ongoing operations.
Project Challenges
After the initial audit revealed major flaws in authentication, encryption, and MFA, the team rebuilt the entire security layer within eight weeks without breaking existing functionality. Itexus team redesigned authentication and authorization flows, implemented per-column encryption, and enforced MFA through Azure AD B2C to achieve full SOC 2 Type II compliance.
The client’s AS400 core banking system required secure, real-time connectivity with the new digital platform. Itexus developed custom middleware bridging modern REST APIs with the legacy environment via file-based and SOAP interfaces.
The system had to go live within nine months from the project start. Itexus had to assemble a team of 20 engineers quickly and ran the work in a few parallel workstreams for refactoring, new functionality, integrations, and automated testing — meeting the deadline while maintaining quality and compliance with SOC 2, ISO 27001, BSA/AML, and NCUA standards.
Results & Future Plans
The first version of the platform was launched in nine months, fully meeting the client’s regulatory and functional requirements. It is now live in production, processing over 5,000 onboarding applications monthly with 99.95% uptime. Onboarding time was reduced from five days to just 15 minutes, and the platform successfully passed SOC 2 Type II, ISO 27001, and NCUA audits with zero findings.
Itexus is now developing the next version of the system with extended digital banking capabilities, business lending modules, and integrations with external accounting systems.
Need to develop a similar project?
Mobile e-wallet application that lets users link their debit and credit cards to their accounts through banking partners, create e-wallets and virtual cards, and use them for money transfers, cash withdrawals, bills and online payments, etc.