Technical Setup

Platform Architecture

The LYNKS platform has been built using a modern Software-as-a-Service (SaaS) setup hosted on EBRC’s virtualisation environment located in redundant Tier IV-certified Luxembourg data centres. It encompasses segregated environments for the platform’s front-end and back-end and the SWIFT connectivity stack.

This setup provides inherent scalability and best-in-class security guarantees. The hardware, the virtualisation environment management and the network layers are operated by Luxembourg’s prime hosting provider EBRC. Finologee provides the software product operations and service framework with its 

DevSecOps team that also run the other business-critical platforms that Finologee manages: the Payconiq/Digicash issuing platform (mobile payments), Mpulse (high-performance SMS routing/clearing), as well as the regulatory compliance platforms PSD2 for Banks, CEDRS and KYCManager.

Lynks Finologee Technical set up
IT security and risk management

As one of the critical financial industry platforms that Finologee is operating, the LYNKS system has been designed to meet both Finologee’s own security standards and the requirements of its (mostly financial industry-regulated) clients. Therefore, state-of-the-art intrusion prevention and detection mechanisms have been implemented at multiple levels and in all layers of the operational framework on which LYNKS is built.

Both platform components and client environments are adequately segregated, substantially lowering the level of risk-spreading and avoiding the risk of compromising multiple layers/environments or whole systems in case of access to a single context.

The platform’s access, authentication and e-signature management component relies on selected third party providers: According to the LYNKS customer’s choice, user authentication can be performed using a) Luxtrust certificates, b) FinologeeSIGN, the mobile App relying on INCERT-issued certificates or c) the client’s own authentication framework (via OAuth2 or SAMLv2 link). In addition to using third-party certificates for user authentication, all LYNKS transactions are also signed Luxtrust or INCERT certificates with FinologeeSIGN. The validity of the certificate is checked again before the actual transmission of the transaction to the SWIFT network, meeting the requirements of an end-to-end security model in this regard.

As a Luxembourg-regulated ‘Support PFS’ holding article 29-1 (‘Client communications agent’) and 29-3 (‘IT systems and communication networks operators of the financial sector’) licences from the Ministry of Finance, Finologee is subject to the full set of financial industry requirements and regulation, such as CSSF Circulars 2017/656, 20/750 and others, and facilitates the implementation of CSSF Circular 12/552 as amended and the EBA Guidelines on Outsourcing Arrangements applicable to many of Finologee’s clients by complying with all their requirements.

As a regulated financial industry professional, Finologee is also subject to internal and external audit obligations supervised by the financial industry regulator. Besides, the company is ISO/IEC 27001-certified by Bureau VERITAS for its Information Security Management System (ISMS) and is thus subject to regular audit requirements. SWIFT Customer Security Programme (CSP) requirements are also met. In addition to this, Finologee’s IT operations infrastructure is subject to penetration testing by an external provider at regular intervals.

LYNKS endpoints - how to connect

Users: web browser connection

HTTPS connection using standard web browsers (Chrome, Firefox, Edge)

with 2-factor authentication – FinologeeSIGN, Luxtrust or client’s own OAuth2 / SAMLv2 compatible system

User authentication & signature: FinologeeSIGN

To be installed on an iOS or Android smartphone

alternatively: Luxtrust certificate-compatible token/App, or clients’ own OAuth2 / SAMLv2 compatible system (for authentication only)

Systems interconnection: API access

Finologee API portal

As part of Finologee’s API environment – hosted and operated by Finologee

Specifications available on request

Banks: SWIFT Connection

Over Finologee’s BIC Code: FNLGLU22

SWIFT RMA/POA to be established/signed

Hosting with EBRC in Luxembourg

The FinologeeLYNKS platform is hosted with Luxembourg’s leading data centre and hosting operator EBRC, a subsidiary of POST Luxembourg, the incumbent postal operator. EBRC also holds a ‘Support PFS’ licence by the Ministry of Finance and is subject to financial industry-specific operations, security, risk management, AML/CFT and professional secrecy requirements. The company is furthermore certified for ISO 27001, ISO 20000, ISO 22301, ISO 27017 and ISO 9001 compliance.

BRC operates several Tier IV-certified data centres on Luxembourg soil that fully comply with the requirements applying to critical financial industry platform hosting. The company has an outstanding expertise in managing virtualisation environments, which Finologee relies on for the infrastructure operations of its platform, with state-of-the-art service levels and operational guarantees.

The LYNKS platform is hosted in a redundant environment spread across different physical locations and connected via multiple Internet backbone links, maximising uptime and accessibility levels.

Note: Public cloud outsourcing requirements do not apply to the operational setup that the LYNKS platform is running on.

Operational environment specifications

The core components of Finologee’s technical infrastructure and environment:

  • Microservice architecture based on Spring Boot
  • Angular front-end application
  • Alliance Lite 2 SWIFT connector
  • Highly available Kubernetes cluster spread across multiple availability zones
  • Real-time active and passive monitoring, metrics collection, and alerting
  • Product staging environments for development, UAT and production
Operational excellence

A selection of ingredients that contribute to Finologee’s operational excellence commitments:

Service Level Agreements

Multiple levels available, with strong availability commitments

Financial industry outsourcing arrangements compliance, including audit rights

Monitoring and DevOps operations

Experienced in-house team

24/7 service operations and critical incident management

Advanced monitoring & analytics setup and tools

Customer care service & portal

ZenDesk-based customer care portal

Ticket opening, management & follow-up and SLA compliance monitoring

Dedicated in-house customer care/operations team (through portal & phone support)

Reporting & dedicated account management

Availability and other key metrics reports (intervals & content depending on the selected SLA Level)

Account manager at Finologee supervising the relation and in charge of organising account & reporting meetings

Deployment & delivery processes & commitments

Proven customer requirements and existing processes/setup/environment analysis process

Comprehensive deployment process for LYNKS platform implementation and adoption, detailing steps, acceptance in UAT environment, tests on live accounts, reports/sign-off and go live process

Outsourcing by regulated financial industry professionals

The EBA Guidelines on Outsourcing Arrangements and EIOPA’s Solvency II regulation require a thorough setup for the sub-contracting and operating financial industry infrastructures and services, as do the Luxembourg-specific rules and requirements as published by regulators CSSF and CAA in their circulars and regulations.

As a licensed financial industry IT provider focused on serving Luxembourg’s financial industry players, Finologee has created a framework consisting of technical and operational components, processes and policies with the aim of enabling its clients to fully comply with the IT Outsourcing requirements applicable to them. This framework also encompasses service level agreements with different options, commitments and targets, a comprehensive agreement framework including addenda such as an adequate DPA, cascading outsourcing details, a financial services compliance addendum, etc.

Custom reports are also available as an option to facilitate clients’ compliance with outsourcing regulation when monitoring its outsourcing providers.

License, certifications & compliance

‘Support PFS’ license

Finologee holds a double ‘Support PFS’ licence by the Luxembourg Minister of Finance since January 2019, as a ‘Client communications agent’ and ‘IT systems and communication networks operators of the financial sector’. This substantially eases the IT outsourcing process by Luxembourg-regulated financial industry players to Finologee.

Finologee has appointed Deloitte for its internal auditor function and EY as its statutory external auditor.

ISO/IEC 27001:2022 certification

Finologee also chose to undergo an ISO/IEC 27001:2022 certification for its information security management framework (ISMS) that has been carried out and delivered by Bureau VERITAS in 2020, and was renewed in 2021. It was upgraded to the latest version in 2023.

SWIFT CSP Compliance

With its own connector to the SWIFT network, SWIFT CSP compliance is part of the mandatory security and certification framework that Finologee has put in place.

ICT Outsourcing Provider of the Year award

In December 2021, Finologee was awarded the title of ICT Outsourcing Services Provider of the Year by a jury of experts from the Luxembourg IT industry. In November 2022, the company was again awarded this prestigious prize.

Do you want to know what we could build together or get a product demo?

Get in touch and we will evaluate how we may help you.