A KYC Archival System for a Digital Bank

Building a KYC archival Cloud platform for a digital bank to store customers’ KYC data

Our client is a modern digital bank that provides banking software for its partners. The bank wanted an archival system for storing the Know Your Customer (KYC) data of its customers. They approached us to implement an end-to-end Cloud platform for storing, monitoring and checking the integrity of their KYC data.

The problem

The bank’s main goal is to provide better services for its customers by ensuring that their customers are legitimate, thereby preventing illegal bank transactions such as money laundering, etc. The main task to achieve this was to transition to a data-driven approach and start getting to know customers better in order to serve them more professionally. Hence, the bank wanted an KYC archival system to store customers’ KYC files.

Data security is a huge concern in the banking world. For this reason, the bank wanted a secure file archival system. The KYC data consists of customers’ files, which have had to pass through specific integrity checks before being archived, and an endpoint that determines the status of the integrity check. The bank even needed a mechanism for re-uploading the KYC data, which did not pass the integrity check.

To satisfy the capacity requirements due to the increasing customer base, they wanted the archival system to scale automatically, without manual intervention and according to demand. The solution should be cost-optimized with a very low idle running cost. It was a challenging task to implement the end-to-end Cloud platform and to automate all the processes within a short period of time.

The solution

We proposed Amazon S3 bucket with intelligent tiering as a storage solution for the project. To secure the KYC data, encryption was enabled. Serverless architecture has zero idle running costs, and was therefore chosen for the implementation of the project, making use of the AWS Serverless Application Model (SAM). The AWS Lambda function was used to generate the pre-signed URL for uploading the KYC data. The Amazon API Gateway endpoint protected by API Key was used as a trigger for the AWS Lambda function. The bank partners make a GET call to this endpoint, which generated the pre-signed URL. Using this URL, the partners had to upload the KYC data by providing it as a payload. The main advantage of using the pre-signed URL is that the partners were able to upload the KYC data directly to S3 without installing any AWS libraries. The validity of the pre-signed URL was configured with a short expiration period. This is an add-on advantage.

Structure of the architecture

Building a KYC archival Cloud platform for a digital bank to store customers’ KYC data

Once the data was uploaded, it was stored in the Amazon S3 bucket. The integrity checks were performed with the help of the AWS Step Functions. The results of the integrity check were written to an AWS DynamoDB table. The bank partner was able to re-upload the files which failed the integrity check by again generating the new pre-signed URL.

If the customer discontinued doing business with the bank, the deletion of the customers’ files was performed by another AWS Lambda function. This was enabled by placing the object Lifecycle policy on the required files to be deleted according to GDPR policy.

The result

kreuzwerker implemented the secure Cloud platform, which is scalable based on the needs for the archival of the digital bank’s KYC data. We used our AWS Cloud expertise and our strong knowledge of the financial domain to implement a cost-effective solution. This enabled our client to use the Cloud to fulfil the needs of their ever-growing customer base.