Digital Customer Onboarding Platform with Automated KYC and KYB Verifications for a $19B Credit Union

The client is a federally chartered credit union with $19B in assets and 1.4M members across the U.S., including 150K+ SMEs. It provides retail and business banking, loans, and financial services through physical branches and digital channels.

With rapid growth, especially in its SME segment, the client wanted to automate their existing manual customer onboarding and compliance workflows.

Previously reliant on a manual paper-based process, the credit union faced 5+ day onboarding times, data security concerns, and operational bottlenecks. The goal was to digitize the SME account opening experience while ensuring compliance with BSA/AML regulations, including OFAC screening, identity verification, and audit readiness.

The main challenge of the project was that in the first stage, the new system shouldn’t have affected any other processes in the organization. To achieve this, it should have been integrated seamlessly with an existing legacy infrastructure as if the old paper-based process still existed.

The project began with an audit of a prototype partially built by a previous vendor. Itexus uncovered major flaws in security and architecture and proposed migration to a new microservices-based architecture and a refactoring plan.

Based on the results of the audit, proposed solutions, and demonstrated experience in building complex enterprise Fintech architectures, the client decided to change the vendor and entrust the project to Itexus completely.

Suggested architecture approach addressing the need to keep legacy code and integration to legacy banking systems.

The platform provides end-to-end automation of the customer onboarding and compliance processes typical of a large Credit Union, allowing users, based on their role, to complete the following actions:

Individual and Business Applicants

• Perform KYC identity verification using Acuant/GBG solutions, including document scanning, biometric selfie match, and address verification

• Complete an online business account application with dynamic forms tailored to entity type (LLC, Corporation, Non-profit). 

• Instantly verify business ownership and identity through integrations with OpenCorporates, Plaid, and USPS Address API.

• Digitally sign IRS, FinCEN, and other compliance forms via embedded DocuSign workflows.

• Submit a fully verified application in under 15 minutes, without visiting a branch.

Compliance Officers

The system performs automatic identity and document authenticity verification, OFAC and other global watchlist scanning, PEP screening to validate the applicant’s suitability for account opening using GBG and Idology

• Compliance officers can review all applications and statuses of verification in the compliance portal

• Review high-risk applications flagged by configurable KYC rules through a centralized compliance dashboard.

• Monitor onboarding analytics and access full audit trails for all application events and decisions.

Administrators

• Configure onboarding workflows and KYC logic via a visual no-code rule builder.

• Monitor microservice health, system performance, and document flows in real time.

Manage data residency and processing policies to ensure that personally identifiable information (PII) is stored and processed only in jurisdictions that comply with applicable regulations (e.g., NCUA, GDPR, state-specific banking laws).

The system consists of a mobile responsive web application built with React connected to a .NET 7 microservices back-end via REST APIs.  The backend server is deployed to Azure Kubernetes (AKS), with hybrid support for on-premises data processing via Azure Arc. It features 

• React/Next.js web applications for both members and internal staff

• OAuth 2.0 authentication with Azure AD B2C

• Azure SQL (PII data, encrypted per column), PostgreSQL (document repository), and Blob Storage (immutable archive)

The system processes 5,000+ applications monthly with 99.95% uptime.

Zero-trust access model: all user access requires MFA and is managed via OAuth 2.0.

End-to-end encryption: mTLS for data in transit, AES-256 for data at rest.

SOC 2 Type II compliance achieved through:

• OpenSCAP-based vulnerability scanning integrated into CI/CD pipeline.

• Azure Policy enforcement to automatically audit and enforce security baselines, ensuring infrastructure hardening and compliance with internal security benchmarks.

• Complete audit logging and traceability for all actions and transactions.

• GBG / Idology – KYC and sanctions screening

• DocuSign – Digital signature of compliance documents

• Plaid – Business bank account verification

• USPS API – Address validation

• Azure AD B2C – Identity management with hardware MFA

• Azure Monitor / Key Vault – Logging, observability, and secure secret storage

All integrations follow strict API contracts, end-to-end encryption, and automated fallback procedures.