Digital Customer Onboarding Platform with Automated KYC/KYB and Instant Funding for One of the Top 7 U.S. Credit Unions

The client is one of the Top-7 federally chartered credit unions in the U.S., managing $19B in assets and serving 1.4M members nationwide, including 150K+ small and medium-sized businesses.

It provides retail and business banking through branches and digital channels — checking and savings accounts, debit and credit cards, auto and home loans, personal and business lending (including SBA), merchant services, payroll and treasury management, and online/mobile banking supported by a large ATM network.

With rapid growth, especially within its SME segment, the client faced increasing pressure on its manual paper-based onboarding and compliance processes. It experienced long onboarding times of over five days, frequent data entry errors, inconsistent document handling, and delays in identity verification and OFAC screening.

The client wanted to digitize the SME and retail account opening process to enable fast onboarding and eliminate human-factor errors while maintaining full BSA/AML compliance.

The main challenge was to introduce the new digital process without affecting existing organizational workflows. The system had to integrate seamlessly with the legacy AS400 core banking infrastructure, so that, from day one, users could open accounts in-branch or online with no impact on existing processes.

The engagement began with an audit of an MVP developed by a previous vendor. Itexus identified major security and architectural flaws and proposed a migration to a new microservices-based architecture with a detailed refactoring plan. Based on the audit results, proposed solutions, and Itexus’s experience in enterprise FinTech architecture, the client decided to change the vendor and entrust the project to Itexus entirely.

The platform automates end-to-end onboarding and compliance processes typical of a large credit union. It supports a seamless omnichannel user journey, allowing users to start online, continue in-branch, or complete the process with a sales representative on a tablet — switching channels effortlessly as needed.

The system allows users to perform the following actions based on their role.

The system is designed for flexibility, scalability, and seamless integration with legacy banking infrastructure. It includes a mobile-responsive web application built with React/Next.js, connected via REST APIs to a .NET 7 microservices backend deployed on Azure Kubernetes Service (AKS) with hybrid cloud and on-premises support through Azure Arc.

Frontend

• React/Next.js web applications for both members and internal staff, optimized for mobile, tablet, and in-branch use.

• OAuth 2.0 authentication via Azure AD B2C, supporting MFA and hardware security keys.

Backend & Services

• .NET 7 microservices communicating through REST APIs for scalability and secure integration.

• Docker containers orchestrated by AKS for high availability and portability.

• Middleware enables secure integration with the AS400 core banking system; compatibility

• Q2 Digital Banking Marketplace is being implemented in the next phase.

Data & Storage

• Azure SQL for PII data with per-column encryption.

• PostgreSQL for document storage.

• Azure Blob Storage for immutable (WORM) archival.

Security & Compliance

• Built on zero-trust architecture principles.

• mTLS in transit and AES-256 encryption at rest.

• Compliant with SOC 2 Type II, ISO 27001, and NCUA baselines.

• OpenSCAP vulnerability scanning within CI/CD pipelines and Azure Policy enforcement for system hardening.

• MFA for all access points.

Performance

The platform processes over 5,000 applications monthly with 99.95% uptime, ensuring continuous member onboarding and compliance operations.

The platform integrates with several third-party services to enable core onboarding, compliance, and operational features:

• GBG (Acuant/Idology) – identity verification, biometric selfie match, document authenticity checks, and OFAC/PEP screening.
• Plaid – instant account funding, business bank account verification, risk-based funding limits via Plaid Signal, and Plaid Transfers/Ledger integration.
• OpenCorporates – automated verification of business registration and ownership data.
• USPS API – address validation during KYC/KYB.
• DocuSign – digital signing of IRS, FinCEN, and compliance documents.
• Azure AD B2C – secure identity management with MFA and hardware key support.
• Azure Monitor & Key Vault – observability, centralized logging, and encrypted secret storage.

All integrations follow strict API contracts, use end-to-end encryption, and include automated fallback procedures to ensure high availability and data integrity.

The first version of the platform was completed in nine months by a cross-functional team of about 20 specialists, including solution architects, project managers, business analysts, software engineers, QA, DevOps, and UI/UX designers. The process followed Agile/Scrum principles with two parallel workstreams to ensure fast delivery and continuous improvement.  

Phase 1: Initial Audit and Planning

Itexus began with a comprehensive technical and security audit of the MVP built by the previous vendor.  The audit revealed several critical issues:

• no encryption for sensitive data at rest;
• weak authentication without MFA;
• faulty KYC provider integration;
• lack of audit logging and monitoring;
• reliance on Azure serverless architecture, which blocked required hybrid deployments.

Based on these findings, Itexus  team:

• designed a microservices-based hybrid architecture enabling both cloud scalability and on-prem data processing;
• adopted the Strangler Fig pattern for gradual replacement of legacy components without service interruption;
• rebuilt the security layer to meet SOC 2 Type II, ISO 27001, and NCUA standards.

 Phase 2: Development and Integration Development was structured into two concurrent streams:

• Stream 1 – Legacy Code Refactoring: refactored insecure modules and integrated legacy systems using the Strangler Fig pattern to ensure smooth coexistence and migration.
• Stream 2 – New Feature Development: implemented the digital onboarding flow, automated KYC/KYB verification, instant funding, and compliance portal.

 Phase 3: Testing and Release

Each sprint included QA automation, security validation, and performance testing within CI/CD pipelines, followed by a demo and UAT testing. The release process followed a staged rollout approach, ensuring stability and minimal disruption to ongoing operations.

The first version of the platform was launched in nine months, fully meeting the client’s regulatory and functional requirements. It is now live in production, processing over 5,000 onboarding applications monthly with 99.95% uptime. Onboarding time was reduced from five days to just 15 minutes, and the platform successfully passed SOC 2 Type II, ISO 27001, and NCUA audits with zero findings.

Itexus is now developing the next version of the system with extended digital banking capabilities, business lending modules, and integrations with external accounting systems.