Building a Fintech Platform


Building a technology for a fintech startup can be a complex and overwhelming task, as defining the full scope in the beginning can be challenging. This article explores the process of creating a fintech startup technology, covering the basic and optional components, implementation options, risk mitigation strategies, expected expenses, timelines, the outsourcing versus in-house considerations, and the minimum team requirements.

The Key Components of a Fintech Platform

When building a fintech platform, there are several key components that must be considered. These include:

  • Front-office operations sub-system, including client’s portal and a landing-page.
  • Back-office operations sub-system.
  • Risk-management.
  • Business Intelligence / Client scoring.
  • Accounting / General ledger.
  • Crucial service components: Self-diagnosis and Notifications.
  • In case you use crypto, you will need a crypto-custodian sub-system.

You will also need some integrations:

  • Compliance system (Know Your Customer / Know Your Business / Anti-Money Laundering).
  • Exchanges: stock exchanges, FX (foreign exchange), crypto-exchanges, to receive exchange rates for FX and asset exposure calculation in risk-management.
  • Brokerage (being a startup you will not be able to connect directly to exchanges, except crypto exchanges like Binace or Kraken) for FX.
  • Payment processing: banks, online payment processing (like Stripe/Payrexx or PayPal), or regional processing that implements regional specific (Singapore Aerapass, or Africa focused pawaPay, M-Pesa from Vodafone or DPO). Payment processors often provide FX functionality which is a good option when exchange fees aren’t a core of your revenue.

In addition, We will shed some light on specific solutions such as automated order-matching platforms, terminals, custom blockchains, and highlight essential procedures like independent security audits.

Let's delve into each component in more detail:

Front-office Operations

The front office plays a crucial role in the success of a fintech startup as it is the face of the business, attracting and retaining customers. The front office typically includes a visually appealing landing page with clear service descriptions, guidelines, and promotional materials, as well as a secure client portal where clients can register, complete KYC/AML checks, apply for services, track service lifecycle and view service details. It is vital to have a well-designed and accessible front-office that is user-friendly and delivers a positive user experience for clients.

Our recommendation for the front office is to build it from scratch. While pre-made front office solutions may seem convenient, they often lack customization options, and the front office is a critical component that should reflect the unique identity and provide user experience that is supposed to make a difference. By creating a custom front office, you can ensure that your business stands out from the competition.

The majority of well-known fintech companies have taken this approach. Examples include Citi, UBS, Deutsche Bank, Goldman Sachs, Emirates NBD, Abu-Dhabi Islamic Bank, and fintech startups such as Wise, Resolute, PayPal, and many others.

Back-office Operations

The back office is responsible for managing operations, including the processing of deal documents, client accounts, client balances, internal compliance and audit, integrated helpdesks, or call center software.

The back-office software typically covers the following:

  • Multicurrency user accounts, with balances stored separately.
  • Balance management including deposit, withdrawal, exchange, and transfer.
  • User/account management with integration endpoints for third-party KYC/AML providers.
  • A permission-based role system.
  • Fees calculation, or interest earned by the platform.
  • Interfaces for integration with KYC/AML, crypto exchanges, core banking systems, and payment gateways.
  • Deal business processes that can be automatic or semi-manual.
  • Endpoints for third-party services such as payment processing, exchanges, and brokerage.

A fintech startup has two options for creating a back-office subsystem: integrating with a third-party solution or developing one in-house.

At SpellSystems, we have experience in evaluating and choosing professional, ready-to-go back-office solutions for our previous fintech projects. However, established back-office products like Avaloq, Temenos, SAP, Oracle, Calypso, Murex, and ION Group typically cater to big companies with millions in turnover and may be difficult for smaller startups to contract. These solutions are usually very stable and have a wide range of functionality, but they can also be slow and expensive. Moreover, even if you purchase one, you may not use most of its functionality, making it overkill for single-product projects, which is typical for early-stage fintech startups. In one of our projects, an institutional supplier demanded around 7 months from the initial request to sign a contract, with a budget of around 1.5 million USD. The work to integrate and set up the solution was planned to take another 8+ months.

Still, the choice of whether to develop your own back-office system or purchase a big-name can be challenging. If you offer a limited number of well-defined services, you may consider developing your own system or using an open-source solution. However, it is important to be aware of the rules set by your regulatory body. You should determine whether they approve custom or open-source back-office systems for certification during your licensing application, or if an institutional solution is required.

Risk Management

Managing risk can be challenging. Firstly, not everyone understands what risk management truly entails and it's often confused with compliance. Secondly, risk management is only necessary when your project involves positions, where you may owe or be owed something during business operations.

The main goal of risk management is to continually recalculate your positions, especially when dealing with cryptocurrency in real-time. For instance, if you have loaned USD backed by stocks of QQQ, and QQQ drops 3% during the day, your collateral is now underpriced, putting you at risk. In the event of a client default, you may not fully recover your money. Risk management involves strategies such as using hedge tools, calculating safe but competitive debt-collateral ratios, and setting limits on asset exposures.

A professional risk manager is crucial in defining the rules for your risk mitigation strategy. They will formalize these rules in writing, taking into consideration the expected client base and whether it is more practical to purchase a solution from the market or to implement these rules using a custom software tool.

It's essential to have an in-house risk manager as there is no software or external consultant that can replace their role. The first step is to hire a risk manager and have them put the rules in writing.

Business-intelligence and Client Scoring

You will require numerous reports for various purposes such as client activities, operations, transaction history, investigations, and system maintenance. Initially, based on our experience, Excel and PowerPivot are the best solutions for report generation.It's a good practice to wait until the data structure stabilizes and sufficient historical data is gathered to determine the most valuable and demanding reports before automating the process. You can always dump on Qlik or Microsoft PowerBI when time comes.

In the beginning, be cautious with the structure of log files or NoSQL databases such as Elasticsearch, Yandex ClickHouse, or Cassandra as they can greatly impact the accuracy of your reports. You will use this data not only for reporting, but for self-monitoring and self-diagnosis as well.

Self-diagnosis

Self-diagnosis is an essential component of any fintech system, as it helps to ensure its stability and availability. The self-diagnosis module includes several basic functions that are critical to monitoring and maintaining the system.

  • Monitoring of the load and availability of the infrastructure. This is important because it helps to identify any potential issues with the system's performance and reliability. The system should be designed to monitor the load on the servers, databases, and other critical components of the infrastructure, and to alert the maintenance engineers if any problems are detected.
  • Error reporting. This is critical for identifying any issues with the system's performance and stability. The system should be designed to log any errors that occur, and to send notifications to the maintenance engineers so that they can quickly address any issues that arise.
  • Event handling and incident identification. This is important for identifying and responding to any incidents that may occur. The system should be designed to log any events that occur, and to send notifications to the maintenance engineers so that they can quickly respond to any incidents that arise.

One of the fastest and most effective ways to implement a self-diagnosis module is to integrate an open-source Zabbix system. Zabbix is a key tool for maintenance engineers and often for compliance and risk managers, as it provides a wealth of features and functionality for monitoring and maintaining the system.

Accounting / General Ledger

It's important to have a robust accounting and finance system in place, especially for reporting to regulators. Some popular options to consider include Quicken, QuickBooks, or Xero. When choosing a solution, there are two main factors to consider: bank integration support and which one your accounting team prefers.

Crypto-Custodian

The goal is to ensure secure storage for clients' cryptocurrency assets. To achieve this, we propose using a reputable third-party service that meets the criteria of insurance coverage and regulatory compliance in your jurisdiction. Our previous experience with Koine was just great from a technological perspective, but unfortunately, the company no longer exists.

Building our own custody solution is not feasible, as it would require significant resources and expertise to ensure that it is thoroughly tested, regulated, and insured. As a result, it would be too risky to consider.

A couple of options to consider are Bakkt and Ledger Vault.

Compliance (KYC/KYB/AML, anti-fraud)

You should consider using a KYC/AML provider to carry out automatic or semi-automatic (manual) checks. In the past, we had a positive experience integrating with SUMSUB and Au10tix. While Refinitv World-Check is highly effective, integrating it will likely require significant time and resources.

At the same time, a compliance officer is a must, especially when your clients are legal entities with multiple beneficiaries. Someone must shape KYC and AML policies. KYC/AML operators just give you data, but it’s up to your company to decide if a particular customer meets your KYC/AML requirements or not. Moreover, it’s a licensed activity in certain jurisdictions.

Another aspect of compliance involves a set of rules that determine which actions the system should consider as suspicious and how it should respond. There is a vast market of anti-fraud solutions that offer a plethora of pre-set rules, but if you delay implementing one of these solutions until after your launch, you may miss the business opportunity for your project. It is the responsibility of the compliance officer and risk manager to define these rules, which are guided by the regulatory body.

The technical implementation of the anti-fraud rules can either be incorporated into the self-diagnosis module or designed as a standalone service.

Connecting to Data-Feeds and Exchanges

To get the best data feeds, it's best to go through exchanges. However, institutional exchanges only provide feeds to institutional players, not directly to individuals. In this case, you can subscribe to pricing and market data distributors such as Bloomberg, Refinitiv, or more affordable options like Yahoo Finance API or MarketWatch API.

To make trades, you need to engage with a broker. There are plenty of options available, and the integration process is not challenging. Most brokers use the same set of protocols, such as FIX/ITCH and RDM (Reference Data Management), with only minor variations from vendor to vendor. The RDM, however, is always a case-by-case scenario.

On the other hand, crypto-exchanges provide their own protocols for trading and receiving market data directly. Engaging with them is straightforward, but the technical implementation can vary from case to case. At SpellSystems, we have had the pleasure of creating arbitrage bots using Binance and Kraken, which both proved to be well-documented and clear.

Order Matching or Terminals

When clients manually select their desired products, there is rarely any issue. The real challenge arises with high-frequency trading and automated order matching. It is our belief that it is not feasible for startups to develop a custom order matching engine or terminal, except for technological startups specializing in such systems.

This world is highly standardized, and names hold significant weight. How can you be sure that the system will not insert an order between your SELL and BUY market to make extra profits behind the scenes? With established players like Nasdaq UMS and Market Grid, MetaQuotes, and CQG, there is limited room for experimentation.

Blockchain

A custom blockchain can be a great solution for managing client accounts and a perfect source of data for operational reporting. You can also use open-source codebase from popular platforms to implement the internal accounting, transfers, conversions, and statement generation. At SpellSystems, we prefer Stellar. However, there is a performance limit of approximately 4,000 transactions per second, which can be a limitation for high-frequency trading.

Notifications

Every fintech project generates numerous events that require user action. These events can be communicated through multiple channels such as SMS, email, push notifications (from a website or mobile app), and in-app notifications. Email notifications can be handled through either your own mail server or a third-party web server integrated with queue management software like RabbitMQ. The same applies to push notifications, which can be sent directly to end-users' browsers or through your mobile app if you have one, utilizing the functionality of App Store and Google Play. With regards to SMS, Twilio is a reliable option for international short messaging, but there are many other providers to choose from.

It is important to keep in mind that to send messages, you must comply with certain regulations similar in most jurisdictions, which basically require you to include a statement about using the customer's phone number/email in your Privacy Policy, seek the client's permission to send messages, and provide an option for opting out of optional notifications.

Independent Audit

Your users must be confident that your startup does not have any critical vulnerabilities, and you must be confident as well. Information security is crucial when it comes to money. As a non-IS company, we engage professionals, and we believe that everyone should. Ideally, information security audit should be integrated into the development process, just like Quality Assurance, but this may significantly slow down the process in the beginning. Hence, the first releases should be audited upon delivery, and the development process can be improved later on.

Cost and Timeline of Software Solution for a Fintech Startup

As a startup, it's important to be strategic, efficient, and cost-effective. This article aims to provide a balanced approach to budgeting for a fintech startup software solution, ensuring that the timeline is short enough to capitalize on opportunities, but comprehensive enough to avoid potential problems.

Based on this approach, We estimate that the cost of launching an MVP for a fintech startup software solution to be in the range of £150,000 to £200,000. This includes expenses for auditing, renting infrastructure, and subscribing to essential third-party services.

Please note that this cost does not take into account the cost of matching engines or branded terminals, which should be evaluated separately.

Also, the cost of filling crucial team roles such as compliance, risk management, maintenance, analyst, operations, and customer service can vary significantly depending on the country.

After delving into our extensive experience in the fintech industry over the past few years, We have decided to condense it into actionable insights to help founders understand the process of building a fintech startup from a software perspective. My objective is to present a well-structured overview of the crucial elements, their purpose, and the available solutions in the market, along with an estimation of costs and time-to-market. With a focus on early-stage startups, We hope to provide clarity on the key components and highlight solutions that can expedite the time-to-market for these startups.