Technical Setup

Core specifications
Operational environment specifications

The core components of the KYC Manager technical infrastructure and environment:

  • Microservice architecture
  • Highly available application cluster spread across multiple availability zones
  • Real-time active and passive monitoring, metrics collection, and alerting
  • Product staging environments for development, UAT and production
KYC Manager endpoints - how to connect

Users: web browser connection

HTTPS connection using standard web browsers (Chrome, Firefox, Edge)

with 2-factor authentication: Credentials + SMS OTP, FinologeeAuthenticator, Luxtrust or client’s own OAuth2 / SAMLv2 compatible system

Systems interconnection: API access

Finologee API portal

As part of Finologee’s API environment – hosted and operated by Finologee

Specifications available on request

Infrastructure & setup
Software-as-a-Service setup

The KYC Manager platform has been built using a modern Software-as-a-Service (SaaS) setup hosted on Luxembourg’s main data centre and managed services operator EBRC’s virtualisation environment located in redundant Tier IV-certified Luxembourg data centres. It encompasses segregated environments for the platform’s front-end and back-end.

This setup provides inherent scalability and best-in-class security guarantees, in a Luxembourg-regulation compliant setup that meets financial industry (outsourcing) requirements. The hardware, the virtualisation environment management and the network layers are operated by Luxembourg’s prime hosting provider EBRC. Finologee provides the software product operations and service framework with its DevSecOps team that also run the other business-critical platforms that Finologee manages: the professional payments and bank account connectivity platform LYNKS, the Payconiq/Digicash issuing platform (mobile payments), Mpulse (high-performance SMS routing/clearing), as well as the regulatory compliance platforms PSD2 for Banks and CEDRS.

Hosting with EBRC in Luxembourg

KYC Manager is hosted with Luxembourg’s leading data centre and hosting operator EBRC, a subsidiary of POST Luxembourg, the incumbent postal operator. EBRC also holds a ‘Support PFS’ licence by the Ministry of Finance and is subject to financial industry-specific operations, security, risk management, AML/CFT and professional secrecy requirements. The company is furthermore certified for ISO 27001, ISO 20000, ISO 22301, ISO 27017 and ISO 9001 compliance.

EBRC operates several Tier IV-certified data centres on Luxembourg soil that fully comply with the requirements applying to critical financial industry platform hosting. The company has an outstanding expertise in managing virtualisation environments, which Finologee relies on for the infrastructure operations of its platform, with state-of-the-art service levels and operational guarantees.

The KYC Manager platform is hosted in a redundant environment spread across different physical locations and connected via multiple Internet backbone links, maximising uptime and accessibility levels.

Note: Public cloud outsourcing requirements do not apply to the operational setup that the KYC Manager platform is running on.

IT security and risk management

As one of the critical financial industry platforms that Finologee is operating, the LYNKS system has been designed to meet both Finologee’s own security standards and the requirements of its (mostly financial industry-regulated) clients. Therefore, state-of-the-art intrusion prevention and detection mechanisms have been implemented at multiple levels and in all layers of the operational framework on which LYNKS is built.

Both platform components and client environments are adequately segregated, substantially lowering the level of risk-spreading and avoiding the risk of compromising multiple layers/environments or whole systems in case of access to a single context.

The platform’s access, authentication and e-signature management component relies on selected third party providers: According to the LYNKS customer’s choice, user authentication can be performed using a) Luxtrust certificates, b) Finologee’s own Authenticator mobile App relying on INCERT-issued certificates or c) the client’s own authentication framework (via OAuth2 or SAMLv2 link). In addition to using third-party certificates for user authentication, all LYNKS transactions are also signed Luxtrust or INCERT certificates with FinologeeAuthenticator. The validity of the certificate is checked again before the actual transmission of the transaction to the SWIFT network, meeting the requirements of an end-to-end security model in this regard.

As a Luxembourg-regulated ‘Support PFS’ holding article 29-1 (‘Client communications agent’) and 29-3 (‘IT systems and communication networks operators of the financial sector’) licences from the Ministry of Finance, Finologee is subject to the full set of financial industry requirements and regulation, such as CSSF Circulars 2017/656, 20/750 and others, and facilitates the implementation of CSSF Circular 12/552 as amended and the EBA Guidelines on Outsourcing Arrangements applicable to many of Finologee’s clients by complying with all their requirements.

As a regulated financial industry professional, Finologee is also subject to internal and external audit obligations supervised by the financial industry regulator. Besides, the company is ISO/IEC 27001-certified by Bureau VERITAS for its Information Security Management System (ISMS) and is thus subject to regular audit requirements. SWIFT Customer Security Programme (CSP) requirements are also met. In addition to this, Finologee’s IT operations infrastructure is subject to penetration testing by an external provider at regular intervals.

Outsourcing by regulated financial industry professionals

The EBA Guidelines on Outsourcing Arrangements and EIOPA’s Solvency II regulation require a thorough setup for the sub-contracting and operating financial industry infrastructures and services, as do the Luxembourg-specific rules and requirements as published by regulators CSSF and CAA in their circulars and regulations.

As a licensed financial industry IT provider focused on serving Luxembourg’s financial industry players, Finologee has created a framework consisting of technical and operational components, processes and policies with the aim of enabling its clients to fully comply with the IT Outsourcing requirements applicable to them. This framework also encompasses service level agreements with different options, commitments and targets, a comprehensive agreement framework including addenda such as an adequate DPA, cascading outsourcing details, a financial services compliance addendum, etc.

Custom reports are also available as an option to facilitate clients’ compliance with outsourcing regulation when monitoring its outsourcing providers.

Operational excellence

A selection of ingredients that contribute to Finologee’s operational excellence commitments:

Service Level Agreements

Multiple levels available, with strong availability commitments

Financial industry outsourcing arrangements compliance, including audit rights

Monitoring and DevOps operations

Experienced in-house team

24/7 service operations and critical incident management

Advanced monitoring & analytics setup and tools

Customer care service & portal

ZenDesk-based customer care portal

Ticket opening, management & follow-up and SLA compliance monitoring

Dedicated in-house customer care/operations team (through portal & phone support)

Reporting & dedicated account management

Availability and other key metrics reports (intervals & content depending on the selected SLA Level)

Account manager at Finologee supervising the relation and in charge of organising account & reporting meetings

Deployment & delivery processes & commitments

Proven customer requirements and existing processes/setup/environment analysis process

Comprehensive deployment process for LYNKS platform implementation and adoption, detailing steps, acceptance in UAT environment, tests on live accounts, reports/sign-off and go live process

License, certifications & compliance

‘Support PFS’ license

Finologee holds a double ‘Support PFS’ licence by the Luxembourg Minister of Finance since January 2019, as a ‘Client communications agent’ and ‘IT systems and communication networks operators of the financial sector’. This substantially eases the IT outsourcing process by Luxembourg-regulated financial industry players to Finologee.

Finologee has appointed Deloitte for its internal auditor function and EY as its statutory external auditor.

ISO/IEC 27001:2013 certification

Finologee also chose to undergo an ISO/IEC 27001:2013 certification for its information security management framework (ISMS) that has been carried out and delivered by Bureau VERITAS in 2020, and was renewed in 2021.

ICT Outsourcing Provider of the Year award

In December 2021, Finologee was awarded the ICT Outsourcing Services Provider of the Year prize by a jury of representatives of the Luxembourg IT industry.

Do you want to know what we could build together or get a product demo?

Get in touch and we will evaluate how we may help you.