Core specifications
Operational environment specifications
The core components of the KYC Manager technical infrastructure and environment:
- Microservice architecture
- Highly available application cluster spread across multiple availability zones
- Real-time active and passive monitoring, metrics collection, and alerting
- Product staging environments for development, UAT and production
KYC Manager endpoints - how to connect
Users: web browser connection
HTTPS connection using standard web browsers (Chrome, Firefox, Edge) Basic Auth with 2FA (credentials + SMS/Email OTP) OR SSO (OAuth2/SAML)
Systems interconnection: API access
Finologee API portal
As part of Finologee’s API environment – hosted and operated by Finologee
Specifications available on request
Infrastructure & setup
Platform architecture
It encompasses segregated environments for the platform’s front-end and back-end and the SWIFT connectivity stack. This setup provides inherent scalability and best-in-class security guarantees. The hardware, the virtualisation environment management and the network layers are operated by Luxembourg’s prime hosting provider Post Telecom. Finologee provides the software product operations and service framework with its DevSecOps team that also run the other business-critical platforms that Finologee manages: the Payconiq/Digicash issuing platform (mobile payments), as well as the regulatory compliance platforms PSD2 for Banks, CEDRS and KYC Manager.
IT security and risk management
Security by design
As one of the critical financial-industry platforms operated by Finologee, KYC Manager, is built to meet Finologee’s own security standards as well as the requirements of regulated institutions.
State-of-the-art intrusion-prevention and detection mechanisms are implemented across all layers of the operational framework to ensure a robust and resilient security posture.
Audit, certification and testing
As a regulated financial-sector professional, Finologee is subject to internal and external audits under supervisory oversight. The company is ISO/IEC 27001-certified (Bureau Veritas) for its Information Security Management System.
Segregation and containment
Platform components and client environments are strictly segregated, significantly reducing the risk of propagation and preventing multi-environment compromise in the event of a targeted incident.
Regulatory compliance
Finologee is a Luxembourg-regulated Support PFS, holding the 29-1 (Client-communications agent) and 29-3 (IT-systems and communication-networks operator) licences delivered by the Ministry of Finance. KYC Manager is hosted and operated on this regulated infrastructure.
Finologee’s organisational, security and operational framework is aligned with the Digital Operational Resilience Act (DORA – Regulation (EU) 2022/2554) and supports customers in fulfilling their obligations for both regular outsourcing and the outsourcing of critical or important functions.
Access control and authentication
KYC Manager’s access and authentication mechanisms rely on trusted components and strong multi-factor authentication.
Depending on the customer’s setup, user authentication may be performed using:
- credentials combined with SMS one-time passwords
- the customer’s own authentication framework via OAuth2 or SAMLv2 integration
All access to web portals and APIs is protected using TLS-encrypted connections, and granular, role-based access control supports separation of duties between business, operational and compliance teams.
Outsourcing by regulated financial industry professionals
Finologee has aligned its organisational, operational and contractual setup with the Digital Operational Resilience Act (DORA – Regulation (EU) 2022/2554).
Our framework is designed to support financial institutions in meeting DORA’s requirements for the management, oversight and control of ICT third-party providers, covering both regular outsourcing and the outsourcing of critical or important functions.
DORA-aligned outsourcing framework
- Technical and operational controls mapped to DORA’s ICT-risk and resilience obligations
- Documented processes and policies enabling client oversight, monitoring and audit rights
-
Modular contractual structure, including:
- A financial-services compliance addendum (FSA)
- Service level agreements with selectable service levels and commitments
- A dedicated data-processing addendum (DPA)
- Cascading outsourcing disclosures
- Reporting artefacts supporting client governance and continuous monitoring
Enhanced client support
- Clear visibility on service performance and operational risk
- Documentation designed to integrate seamlessly into client outsourcing registers and due-diligence processes
- Optional custom reporting packages to simplify regulatory monitoring
Operational excellence
A selection of Assets and capabilities that contribute to Finologee’s operational excellence commitments:
01 Service level agreements
- Multiple levels available, with strong availability commitments
- Financial industry outsourcing arrangements compliance, including audit rights
02 Monitoring and DevOps operations
- Experienced in-house team
- 24/7 service operations and critical incident management
- Advanced monitoring & analytics setup and tools
03 Customer care service & portal
- ZenDesk-based customer care portal
- Ticket opening, management & follow-up and SLA compliance monitoring
- Dedicated in-house customer care/operations team (through portal & phone support)
04 Reporting & dedicated account management
- Availability and other key metrics reports (intervals & content depending on the selected SLA Level)
- Account manager at Finologee supervising the relation and in charge of organising account & reporting meetings
05 Customer care service & portal
- Proven customer requirements and existing processes/setup/environment analysis process
- Comprehensive deployment process for Banking Orchestrator platform implementation and adoption, detailing steps, acceptance in UAT environment, tests on live accounts, reports/sign-off and go live process
Licence, certifications & compliance
‘Support PFS’ licence
Finologee holds a double ‘Support PFS’ licence by the Luxembourg Minister of Finance since January 2019, as a ‘Client communications agent’ and ‘IT systems and communication networks operators of the financial sector’. This substantially eases the IT outsourcing process by Luxembourg-regulated financial industry players to Finologee.
Finologee has appointed Deloitte for its internal auditor function and EY as its statutory external auditor.
‘Support PFS’ licence
Finologee also chose to undergo an ISO/IEC 27001:2022 certification for its information security management framework (ISMS) that has been carried out and delivered by Bureau VERITAS in 2020, and was renewed in 2021. It was upgraded to the latest version in 2023.
‘Support PFS’ licence
Finologee’s setup and operations are aligned with DORA requirements, covering both regular outsourcing (art. 30 2) and critical or important functions (art. 30 3). Our operational processes, technical controls and contractual frameworks including SLAs are designed to ensure the resilience, transparency and oversight expected from regulated financial institutions.
‘Support PFS’ licence
Finologee holds a double ‘Support PFS’ licence by the Luxembourg Minister of Finance since January 2019, as a ‘Client communications agent’ and ‘IT systems and communication networks operators of the financial sector’. This substantially eases the IT outsourcing process by Luxembourg-regulated financial industry players to Finologee.
Finologee has appointed Deloitte for its internal auditor function and EY as its statutory external auditor.
‘Support PFS’ licence
Finologee also chose to undergo an ISO/IEC 27001:2022 certification for its information security management framework (ISMS) that has been carried out and delivered by Bureau VERITAS in 2020, and was renewed in 2021. It was upgraded to the latest version in 2023.
‘Support PFS’ licence
Finologee’s setup and operations are aligned with DORA requirements, covering both regular outsourcing (art. 30 2) and critical or important functions (art. 30 3). Our operational processes, technical controls and contractual frameworks including SLAs are designed to ensure the resilience, transparency and oversight expected from regulated financial institutions.
Ready to innovate and tailor solutions to fit your needs?
Let’s connect and explore what we can create together.