Project Overview
A UK FCA-authorised challenger bank targeting SME businesses (1–250 employees) with a £420M SME deposit book n...
Technology Stack
Compliance & Standards
The Challenge
A UK FCA-authorised challenger bank targeting SME businesses (1–250 employees) with a £420M SME deposit book needed a modern digital banking platform — providing business current accounts, business credit cards (FCA CONC), trade finance, and integrated accounting software connections. FCA COBS (banking conduct), FCA Consumer Duty (SME consumer protection), PRA Prudential Regulation (capital adequacy — as a deposit-taking institution), PRA liquidity (HQLA requirements), UK GDPR, AML (MLRs 2017), and Open Banking (CMA9 compliance) were mandatory. Budget: £200,000.
Our Approach
Core banking
modular architecture (Accounts Module, Payments Module, Lending Module, Cards Module) deployed as ECS Fargate services.
Ledger
- double-entry bookkeeping event store (every transaction is a debit/credit pair — immutable event log).
- Real-time balance: account balance calculated from event log (not stored — prevents reconciliation errors).
Bank of England API
Faster Payments Service (FPS) and CHAPS (same-day high value) via Payment Services Regulator API.
Sort code
SME bank has its own sort code and BIC (SWIFT BIC for international payments).
Safeguarding
customer deposits segregated in Barclays safeguarding account (PRA requirement for non-ring-fenced banks under £25B deposits).
FCA PS22/9 Consumer Duty
- SME customers (turnover <
- £6.5M) treated as consumers for conduct purposes.
Consumer Duty for SME banking
- 1product value assessment (is the business current account fair value — charges vs benefits analysis),
- 2consumer understanding (fee transparency — no hidden charges),
- 3consumer support (claims/complaints within FCA timeframe),
- 4outcome monitoring (% of SMEs using account actively, % in persistent overdraft — vulnerability flag).
PRA prudential
- capital adequacy ratio (CET1 ratio >
- 15% for challenger bank) monitored daily from core banking data.
CMA9 Open Banking compliance
- as a deposit-taking institution, SME bank must provide Open Banking APIs (Account Information Service, Payment Initiation Service) under CMA order.
- OBIE (Open Banking Implementation Entity)
API standards
AISP (account balance, transactions), PISP (payment initiation), CoF (Confirmation of Funds).
SME bank APIs
FCA-registered TPPs (third-party providers) can access customer account data with customer consent.
Xero and QuickBooks integration
direct bank feed (Open Banking API → Xero API → automated transaction categorisation).
GoCardless Direct Debit
SME bank issues Direct Debit mandates for customer payment collection.
PRA reporting
Corep (Common Reporting — capital adequacy) and Finrep (Financial Reporting — financial statements) submitted quarterly to PRA via PRA Connect API.
Capital adequacy
- RWA (Risk-Weighted Assets) calculation (SME lending has lower risk weight than large corporate under Basel III UK implementation).
- Internal Capital Adequacy Assessment Process (ICAAP): annual stress test (what capital do we need if credit losses increase 3×?).
SME bank data pipeline
core banking event store → regulatory reporting database → Corep/Finrep XML generation → PRA Connect submission.
The Results
FCA and PRA authorisation maintained.
Platform live at 26 weeks, £184,000 — under budget. 18,400 SME business accounts in first year.
Open Banking API: 340 registered TPP integrations (Xero, QuickBooks, Sage — automated bank feeds).
CMA9 compliance audit: zero findings.
FCA Consumer Duty review: confirmed compliant.
PRA regulatory reporting: 100% automated (previously 5 days per quarter).
SME NPS: 82.
Credit loss rate: 1.8% (within Basel III capital model projections).
“18,400 SME accounts in year one. CMA9 Open Banking audit zero findings. PRA regulatory reporting automated — 5 days per quarter returned. FCA Consumer Duty confirmed. SME NPS 82. 340 TPP integrations — our SME customers can connect Xero and QuickBooks directly. The core banking architecture — double-entry event store, never a stored balance — is what gives us regulatory confidence. Every audit trails back to immutable events." — CEO, UK Challenger Bank (name withheld)”
Project Details
Related Case Studies
View AllOpen Banking AISP Platform for UK FinTech Startup
Open Banking AISP Platform for UK FinTech Startup. A UK FinTech startup needed to build an FCA-authorised Account Information Service Provider (AISP) platform that could a...
AI-Powered Customer Service Platform — UK FinTech
A UK FinTech company with 180,000 customers was spending £840,000/year on a 45-person customer service team, p...
Digital Banking Platform MVP — UK Challenger Bank
A UK challenger bank startup had received FCA authorisation with restriction (they could accept deposits but n...
Ready to Transform Your Business?
Let's discuss how our technical expertise can help you achieve remarkable results.