Our case study was conducted with few financial institutions, to point one of them, a global bank having a local branch in Tokyo. Our mission in this case is to support the customer onboarding and customer verification process, covering all matters and aspects prior to transaction initiation. In regards to the regulatories established and maintained by the Financial Services Agency of Japan (FSAJ), in discussion with the bank, the following was performed to address the challenges.
One of the key factors contributing to the succession of this project was to host our digital onboarding engine within the premises of the bank branch in Tokyo, connecting directly with their head office based overseas. We enable this through server mirroring, which replicates the specification that is required by our system to operate the digital onboarding capabilities. Through server mirroring, the server placed on the premises of the bank and its affiliates followed the standards of the necessities, and a successful hosting was delivered.
As data exchanges occured across the system was done through API, a dynamic penetration testing for each variables and in each environment was necessary to be conducted. In our case, a reputable third-party penetration tester and the CISO of the global bank was the main figures in conducting the penetration testing. These three environments includes development, UAT, and production environment, which was performed multiple times ensuring the encryption of data at rest and data on move using SHA256 was secure enough. As a result, SHA256 encryption and decryption method successfully passed the required standards of the bank both on their home region and operating region, and a successful penetration testing was completed.
Data exchanges between platform, namely portal and mobile application developed and hosted on the premises of the bank in their home region was conducted through the utilization of API. Another key indicator for successful completion was the data exchanges between these platforms, enabling a seamless, no redirection, and automated data exchanges to be performed. As such, our mobile SDK was integrated to their mobile application, and data exchanges was conducted seamlessly without the need to redirect the users outside of the application. The onboarded user data was then sent back to the administrator portal through a separate API, enabling an intranet connection-based exchanges for these communication of data.
Prior to the initiation of the project, the requirement was to consult with the local authorities, to ensure that the system will abide by the regulations. As such, a direct communication and confirmation was taken to the Financial Services Agency of Japan (FSAJ), and a scheme for the data flow, user flow, and systematic diagram for the hosting was drafted alongside the Tokyo branch of the bank.
The Tokyo branch of the bank confirmed the necessity to implement digitalization, starting from digital onboarding by implementing a seamless electronic know your customer (eKYC) system. As specified by local authorities, eKYC plays a significant role in risk-monitoring, prior to transactions. Thus, a simplified, streamlined, and an automated system will benefit those operating in the back office of the bank, ultimately benefiting the customers.