Internet Banking

Client: Afriland First Bank
Services: Fintech, Blockchain, CBS, Whitelabeling, Security, Compliance, Data Analytics, UX

01. Challenge

– The goal for the Discovery Phase is to create a high level view of the Internet banking platform that can be deployed as a White Label Solution in different banks. However, the main client is Afriland First Bank for the first version. 


Business Goals & Needs

PK Fokam Research Center would like to build a new generation of Internet Banking for its clients.

The central objective is to develop a cutting-edge internet banking platform with a keen focus on enhancing the customer experience and expanding the bank’s market reach. Additionally, the platform will place a strong emphasis on fortifying security measures, ensuring data protection, and regulatory compliance.

Furthermore, the solution aims to provide on-premises flexibility, allowing banks to deploy the system in their own secure, private environments when needed. This flexibility is vital for financial institutions looking to maintain control over their data and infrastructure while still benefiting from the advantages of modern, cloud-enabled banking technology.

Main Goals for the Internet Banking Solution Proposal:

Enhanced Customer Experience:

  Develop a user-friendly, responsive web and mobile interface with intuitive navigation
Implement personalized dashboards, offering account summaries, transaction history, and financial insights.
Enhance the design with modern aesthetics and user-centric features.

Seamless CBS Integration:

  Deploy middleware solutions that facilitate real-time data synchronization between the internet banking platform and CBS.
Implement robust APIs and connectors for secure communication and data exchange.
Offer features like balance inquiries, transaction history, and fund transfers within the internet banking interface.

Whitelabeling Options:

  Develop a flexible theming and customization framework, enabling partner banks to rebrand the platform easily.
Offer a white-label development kit or portal where partners can make branding and customization changes.
Create a user-friendly portal for banks and partners to apply custom themes, logos, and branding.
Offer customization options for user interface elements, language, and functionalities.
Ensure that partner branding and customization choices align with the bank’s security and compliance standards.

Regulatory Reporting:

  Implement an automated reporting module that collects, formats, and submits regulatory data.
  Utilize data validation and verification to ensure accuracy and compliance.
  Integrate audit trails and reporting logs for transparency.

Hybrid Cloud Deployment:

  Deploy a hybrid cloud architecture that seamlessly transitions workloads between on-premises and cloud environments.
Implement containerization and orchestration using Docker containers on Linux for efficient workload management, ensuring cost-effective and optimal support for your system.
Integrate multi-cloud management solutions, allowing flexibility in cloud provider choice, particularly for non-sensitive data, to optimize cost and performance while maintaining security for sensitive data.

Security and Compliance:

  Encrypt data at rest and in transit using industry-standard protocols (e.g., TLS/SSL).
  Implement multi-factor authentication (MFA) to enhance user identity verification.
Regularly audit and monitor the platform for compliance with industry regulations and security best practices.

Multi-Platform Support:

  Develop web + native mobile banking apps for iOS and Android platforms.
  Utilize responsive web design to ensure the internet banking platform is accessible on various devices.
  Optimize web/mobile apps for performance, security, and user experience.

Data Analytics and Insights:

  Implement data analytics tools that provide real-time insights into user behavior, transaction patterns, and engagement.
  Utilize machine learning and AI to offer predictive analytics for tailored product recommendations.
  Present actionable insights to inform strategic decisions.

High Availability and Disaster Recovery:

  Set up geographically distributed data centers for redundancy and disaster recovery.
  Implement load balancing and failover mechanisms to ensure 24/7 availability.
  Regularly test and update the disaster recovery plan and conduct drills.

Scalability and Flexibility:

  Utilize cloud-native technologies for elastic scaling to accommodate increased user demand.
Implement microservices architecture, allowing modular updates and expansions.
  Maintain flexible and modular code structures to adapt to evolving business needs.

Partnership Growth:

  Develop a partnership management portal to attract, onboard, and manage partner banks and financial institutions.
Offer marketing and promotional resources to facilitate business growth for partners.
  Establish regular communication channels to foster collaboration and growth.

Training and Support:

  Develop comprehensive training materials and resources for bank staff and partners.
Establish a responsive support system, including ticketing, knowledge base, and live chat.
  Provide regular training webinars, workshops, and documentation updates.

Continuous Improvement:

  Maintain an agile development process with regular updates and feature enhancements.
Conduct security audits and penetration testing to identify and mitigate vulnerabilities.
Implement feedback mechanisms for users and partners to inform continuous improvement efforts.

02. Solution Goals & Requirements

We are building a Next Generation Internet Banking together with PKF Research Center. This solution will allow CBS System to get the Internet Banking product and easily integrate with it. There will be an API Layer that can be adapted to any modern CBS System. We will provide a rich functionality for the end users, both consumers and banks.

The achievement of these business goals will be driven by a combination of our seasoned experience and the application of new knowledge.

Architecture & Tech Stack & UX

During the investigation phase, our primary focus was on delivering the optimal solution, combining an on-premises approach with cutting-edge technologies, all while ensuring the ability to transition seamlessly from on-premises to the cloud. The goal was to construct a system that is not only technologically advanced but also easy to maintain.

Based on the main phase, the objective is to develop an easy-to-customize UIKit. This UIKit will streamline the whitelabeling process, making it simple for partners to adapt the user interface of the software or platform to their brand identity while maintaining a professional and consistent look and feel. The emphasis is on providing partners with a toolkit that facilitates customization without the need for advanced design or technical skills.

The UIKit, when combined with frontend development, creates a powerful synergy in the context of software customization and branding. The combination allows for the development of a frontend framework that is not only user-friendly and responsive but also highly adaptable to branding requirements.

Architecture Diagram

Baseline Architecture

The primary objective of this diagram is to identify the various users of the internet banking solution. It includes frontend applications for bank clients and various administrative roles that interact through Agriland’s backend (BE) from frontend entry points. Additionally, it encompasses additional communication channels such as chatbots, emails, and more. The diagram below identifies all actors within the Internet Banking (IB) infrastructure, which can be extended based on requirements or to clarify user stories. The primary aim is to demonstrate the flexibility and independence of each module.

Integration architecture

The presentation layer in internet banking is the outermost layer that customers interact with. It’s responsible for providing a user-friendly interface for accessing various banking services through web browsers, mobile apps, or other digital platforms. This layer plays a crucial role in delivering a seamless and engaging user experience. Ensuring that the internet banking interface is accessible to users of all abilities is essential. This involves features like text-to-speech, keyboard shortcuts, and adaptable font sizes to accommodate users with disabilities. Internet banking interfaces provide integrated customer support features, such as chatbots and live chat options, comprehensive FAQs, and readily available contact information for reaching the bank’s support team. The presentation layer should offer administrative functionalities and options in addition to customer-facing features

Backend For Frontend – is a dedicated backend layer designed to cater to the unique needs of the frontend user interface, ensuring efficient data retrieval and service delivery for a seamless customer experience.

API Gateway acts as a centralized interface that manages, secures, and optimizes communication between various parts of the banking system and external applications. It serves as a crucial control point for handling API requests and responses, ensuring data security, scalability, and streamlined integration within the banking infrastructure.

Data Service – data service is a component responsible for managing and facilitating access to data. It enables the retrieval, storage, processing, and distribution of information within the banking system, supporting customer interactions and various banking operations.

Microservices is a software architecture where the banking system is divided into small, self-contained services, each handling a specific function. These microservices are designed to work independently, communicating through APIs, and enable a modular, flexible, and scalable architecture, which enhances the development and deployment of features and services in internet banking.

Integrations is the connection of diverse systems, services, and applications to enrich the functionality and features of the banking platform. These integrations enable a broader range of services, enhancing the customer experience and supporting various financial operations. Integration protocols are a set of guidelines and standards that define the methods, data formats, security measures, and procedures for seamless interactions between systems and external services. They ensure consistent and secure communication while supporting efficient data exchange and monitoring.
The aim is to construct infrastructure that enables seamless integration through the establishment of well-defined integration protocols.


Tech Stack


We use Figma as a main tool for prototyping. All the designs and components are built with White Labeling in mind. We’ll use a neutral design for the base version and will skin it for every bank that will adopt Internet Banking


To form a robust proposal for effectively combining on-premises infrastructure with cutting-edge technologies while achieving significant cost reduction, the following key components must be meticulously addressed in our infrastructure strategy. These include designing a hybrid architecture that seamlessly integrates our existing on-premises infrastructure with modern cloud-based solutions, optimizing resource utilization through virtualization and containerization, implementing automation and orchestration to streamline operations, and embracing cost optimization strategies such as rightsizing and reserved instances. Security and compliance are of paramount importance, and we will establish well-defined data management strategies. Monitoring and analytics tools will be utilized to make data-driven decisions about resource allocation. We will also address legacy modernization, scalability, elasticity, and prioritize investments in skills and training. These elements combined will form a comprehensive and compelling strategy aimed at achieving the dual goals of innovation and efficiency while significantly reducing operational costs.

Hybrid approach

While working on the ideal infrastructure for the Internet Banking we took into account several main points into account

  Available skills on the market

We will use BareMetal for all core components for the Internet Banking platform. We’ll run VMware ESXi as a hypervisor. All the virtual machines will run Linux. This will allow full control on the system, and no man-in-the-middle risks, all components can be customized. Public Cloud services for the chat, video conferencing and other SAS services. We’ll save time and money developing/maintaining our own services but using some robust SAS offerings (e.g. intercom+google meet for support calls)


During the project, we’ll suggest the best options for installing the servers in the bank. Right now we don’t have a full picture of what is available on the market. But we’ll start from options available from Dell or HP 

We need to have support and warranty in the country and a fast swap of components in the case of a failure. It might turn out that other distributors will have better service and available stock, so this list will be refined.

Public Cloud Services

For the nonessential, not business-critical parts, we’ll use available solutions on the market, paid or open-source. As stated above, support tools, video chat, and others will be in the cloud.

e.g. Intercom for support

We can also use specific AWS Services for computation purposes if that will be cheaper and more reasonable from a business perspective.

Hybrid cloud solutions combine the advantages of both public and private cloud deployment models. However, they also come with their own set of pros and cons.

Here’s an overview:

Pros of Hybrid Cloud Solutions:


Hybrid cloud solutions offer the flexibility to choose where to host different workloads, allowing you to optimize infrastructure for various applications or data types


They allow you to scale resources up or down as needed, ensuring cost-efficiency and performance optimization

Cost Efficiency

By leveraging both public and private clouds, you can reduce costs by utilizing the public cloud for non-sensitive workloads and the private cloud for more critical data

Data Security

Sensitive data can be stored on the private cloud, providing better control and security, while non-sensitive data can be stored on the public cloud

Disaster Recovery

Hybrid cloud solutions facilitate robust disaster recovery plans by enabling data replication and backup between on-premises and cloud environments


They allow you to meet regulatory and compliance requirements by segregating sensitive data on the private cloud and adopting specific security measures

In summary, hybrid cloud solutions offer a well-rounded approach to cloud computing, providing a balance between flexibility, cost-efficiency, and security. Their suitability is particularly pronounced in banking systems where the integration of cutting-edge technologies is essential. However, their successful adoption hinges on meticulous planning, adept management, and a comprehensive understanding of the potential challenges. Ultimately, the decision to embrace a hybrid cloud model is most prudent when guided by a proficient IT solutions architect who possesses the expertise to navigate its complexities effectively.

Support of Lift&Shift approach – Migration from on-prem to Cloud

The “lift and shift” approach is a cloud migration strategy designed to move existing on-premises applications and workloads to the cloud with minimal modifications. It involves replicating the current environment, including virtual machines and configurations, and migrating them to a cloud infrastructure, typically without substantial re-architecting. The primary goals of this approach are speed and simplicity, allowing organizations to quickly harness cloud benefits while preserving their existing applications and data.

It’s important to keep in mind that while the lift and shift approach allows for a quick migration to the cloud, it may not fully leverage the benefits of cloud-native technologies

Development process

Branching Strategy

Branches should adhere to the same prefixes as stipulated in the commit message standard, with the only difference being that they should be separated by a forward slash / instead of a colon : For instance, an acceptable branch name would be feat/bnk-15-login.

In addition to this, the repository must maintain several key branches, each serving a specific purpose. The main branch should house the production-ready codebase designated for production releases. The pre-release branch should contain code that is prepared for potential release at any moment, ensuring it is always in a production-ready state. Lastly, the daily branch may contain work-in-progress features, fixes, or completed changes awaiting verification before progressing to the next stage.

Semantic Release

Thanks to the adherence to commit message standards and the established branching strategy, we can employ semantic release tools to automate the creation of artifacts and the generation of changelogs for both production and pre-release releases. Here’s how it works:

Semantic release examines the commits included in a merge request to determine the appropriate version for the next release. Subsequently, it generates a new tag with the calculated version. For instance, when a merge occurs into the main branch, semantic release might produce a tag like v1.2.0 signifying a production release. On the other hand, when merging into the pre-release branch, it may generate a tag like v1.2.0-pre-release.1 indicating a pre-release version.


Commit Message Standards Enforcement:

When using the Danger tool in your continuous integration (CI) pipeline, you can ensure that commit messages adhere to your established standards. Danger can help automate the process of reviewing pull requests, including checking if commit messages follow the predefined format.

Security Scanning with Snyk:

In the realm of software development, security is paramount. To bolster the security of your codebase, you should consider incorporating Snyk into your development workflow. Snyk specializes in scanning code for vulnerabilities, identifying potential security weaknesses, and offering guidance on how to mitigate these risks.

Code Quality Assurance with Linters and Analyzers:

Maintaining code quality is vital. Depending on your tech stack, you can employ various tools to scan your code for adherence to best practices:

ESLint: For JavaScript and TypeScript projects, ESLint can be used to enforce coding standards, detect code issues, and ensure code consistency.

Prettier: Prettier is a code formatter that helps maintain a consistent code style throughout your project, enhancing readability and reducing code-related conflicts.

SonarQube: SonarQube is a powerful code quality and security analysis tool that can be utilized across different tech stacks to identify code smells, bugs, and security vulnerabilities.

Release Cycle, Upgrades, Hot Fixes

Proposing to use best practices from the SAFe methodology to manage:

  Upgrades for existing clients;
  Special features for new clients;

While there are not so many teams we’ll use a needed minimum from SAFe, not the entire framework

We’ll go with a 3-month cycle, so-called PI (Product Increment). The goal is to get predictable delivery and synchronization between Teams.

Releases will be planned as a Release Train. The release train will include a planned release of new features or modules, but also should be flexible enough for urgent requests and fixes.

A separate accent will be made for Automated Upgrades for existing clients. As it’s not just the Internet Banking Software Update but might also contain OS Level Updates and Security fixes. This process will require a Support team to be involved to handle the process.

03. Impact

Enabled 7 banks that are under one Group umbrella to get a modern Internet Banking solution

Flexible While the Labeling approach was used to customize and skin each bank for branding guidelines

We introduced API adapters as a part of the solution and each bank with their custom CBS got their data flowing into the Internet Banking

6 months from the idea and scope document to the MVP solution in production

~400 000 B2C clients got their banking experience updated overnight 

The hybrid Deployment approach allows upgrades, how fixes, and new versions of the platform at 0 cost

Flexible licensing and switch on/off features suitable for banks of different sizes and budgets

04. Want to know more?

Your roadmap to build fintech excellence begins here.
Have a question or want to discuss a potential collaboration?
Contact us!

Contact Us
Client: Afriland First Bank
Services: Fintech, Blockchain, CBS, Whitelabeling, Security, Compliance, Data Analytics, UX