08/04/2021 | Written by: Georges Berscheid
Share this post:
Written by IBM based on an interview with Georges Berscheid
“Finologee enables European banks and insurers to quickly comply with current and future legislation and regulations,” explains Finologee’s Co-founder and CTO Georges Berscheid, who is responsible for Finologee’s IT, operations and services. Finologee’s software & APIs are an extension of the customer’s legacy backend.
While Luxembourg-based Finologee solves the regulatory compliance of financial institutions, the API management platform “IBM API Connect” enables Finologee’s market proposition.
The business challenge
Finologee operates in the fields of FinTech and RegTech: financial and regulatory technology. “We mainly solve legal and regulatory issues,” says Georges, who was named Luxembourg’s Tech Talent of the Year in 2019. “With our off-the-shelf technology for payments, open banking, customer onboarding and ‘know your customer’ (KYC) client file update solution, our clients are primarily banks and insurance companies.”
Prior to founding Finologee, Georges and his business partners founded Digicash, for the national scheme for mobile payments in Luxembourg. “We were technically connected to Luxembourg’s five major retail banks, which enabled us to provide payment services through proprietary APIs. In some cases, we were also able to access account information, for example to show account balances to Digicash users before making a payment.”
In 2016, the first draft of the European PSD2 regulation was published, which required all banks to make their data available to third parties via APIs. Based on this, other companies were also able to provide specific services to the customers of these banks.
“At the time, Digicash was in a good position to expand our APIs and make them compatible with the regulator’s standards. In 2017, Digicash was sold to the Belgian-Dutch firm Payconiq. The founders of Digicash then went on to start Finologee.”
Connecting via API’s
The principle of PSD2 and the so-called open banking may seem simple, but according to the Finologee CTO it is not. “The retail banks did have some experience with this. They had given their customers online access to their data and payment accounts for some time. But for most institutions – especially asset managers and private banking providers – data sharing via APIs is completely new. Moreover, these parties are hindered by their legacy infrastructures, which had originally been developed for their traditional administrative tasks.”
The implementation of PSD2 has been delegated to the European Banking Authority (EBA), which drafted a combination of business rules and technical guidelines. The actual communication protocol between stakeholders was left to the market to decide. To prevent each bank from coming up with its own specifications, the sector worked on several European standards within various working groups.
In addition to PSD2 services, Finologee is active in the KYC domain, providing online onboarding, identification, digital signing, and customer interaction services through the company’s KYC Manager platform. KYC Manager also offers lifecycle management for customer-related documents and information. “Banks are obliged to keep KYC files up-to-date and we help them with that. For example, when a customer’s identification card expires, the bank must ensure that the customer sends a new copy for their internal files. Through our KYC Manager platform, the bank can request that the client sends a copy of their new ID document. The client can be notified by SMS or email and they can upload documents onto the platform electronically. In addition to KYC client file updates, the bank’s customer database can be easily kept up to date,” explains Georges.
Like the PSD2 services, Finologee’s KYC service is largely API-based. “When the information has been collected and processed – whether or not through our authorized subcontractors – via IBM API Connect we expose the necessary information for collection and reintegration of the requested data with the existing systems of our customers.”
“When we connect a new customer to our services, all we have to do now is report it”
– Georges Berscheid
Finologee’s team developed the logic behind the solutions themselves. The missing component, however, was an effective and efficient way to expose the APIs to third parties. One of the technical requirements of the EBA was a development portal: a website with various information about the APIs such as login details, version information and other documentation. “Because we did not have the environment, we had to look for existing solutions. Developing and implementing it by ourselves would be too expensive and therefore insufficiently competitive”, says Georges.
“The final choice was determined by a combination of the right price and alignment with our needs, including the option of multi-tenancy. Many of the available solutions focused on using a single API provider: one brand name, one environment, and so on. We wanted to offer the white-label service to all banks, which made multi-tenancy a hard requirement for us. This criterion excluded the majority of providers.”
Another aspect was the fact that many suppliers only offered SaaS solutions that were not in line with the applicable data privacy laws and regulations. In addition, a so-called Professional Financial Services (PFS) authorization was required. Armed with a PFS license , Finologee can act as an outsourcing provider for banks.
“When we connect a new customer to our services, we now only have to report it,” explains Finologee’s CTO. “All the necessary audits, risk assessments and checks that the documentation is in order – a process that can normally take months or years – is already completed. Our suppliers must participate in the entire audit process, because we are ultimately responsible for the service to be provided.”
The cloud supplier that provides Finologee’s services also had to meet the requirements for compliance. “Because our infrastructure runs on Kubernetes, we had a strong preference for a solution that could be deployed in such a cluster.” IBM API Connect met all Finologee’s key requirements: multi-tenancy, support of Kubernetes, security and compliance.
Deployment and configuration
The implementation of IBM API Connect went seamlessly. “In some ways, the very smooth integration is a little surprising because it is a very complex solution, consisting of several components that all had to be deployed on the infrastructure of our cloud provider. When that was done, we could get the configuration process started. First, all the different tenants were created for our customers. They all got a portal environment adapted to their own technology and identity.”
Ultimately, the APIs were deployed within IBM API Connect, based on the correct protocols and specifications, in combination with the appropriate authentication. As part of the process, Georges explains that there were also new discoveries: “We found out about various features that we were not aware were included in the API Connect product, for example a fully-fledged DataPower instance.”
The total implementation was finalised at the end of 2018 and the overall project took around six to eight months. The relatively long lead time was mainly due to changing requirements from the regulator and quickly evolving technical specifications. “The technical integration of the solution on the chosen infrastructure also led to some challenges, mostly because a lot of interactions were required between IBM, us, and our cloud provider to achieve an effective and efficient deployment setup. Fortunately, we received adequate support from IBM in this,” says the CTO.
Learn more about IBM integration solution >
Finologee currently provides API services to 36 banks. “Each bank has their own white labelled portal, complete with their own brand name, URL, colors and logos.”
Georges continues: “We serve our customers with exactly what the regulator requires of them. We do this with both Software as a Service and APIs, where all connections, controls and licenses are included as standard. If desired, we can easily change the underlying third-party suppliers, depending on the wishes and requirements, without requiring technical changes of our customer.”
APIs are becoming increasingly popular, according to the Finologee CTO. “Many new players in the financial sector are fully API-based. This will further boost the advance and integration of services.” IBM API Connect gives Finologee as the underlying platform the flexibility to play a role in the growing API economy by responding quickly to market needs.
“This gives customers an easy to use, quick to implement and flexible solution that allows them to comply with laws and regulations. For many parties in the financial domain, it is not a priority to invest a lot of money and time in the legally required APIs. Using our solution, however, compliance is now a matter of a few simple steps,” concludes Georges.