Tech Stack Criteria
Build > Measure > Learn + Pivot
What does the client do? What industry?
Kerberos Compliance is one of the leading providers of digital solutions for money laundering prevention in Germany. It provides simple, affordable, actionable products to help businesses comply with EU and national Anti-Money Laundering (AML) regulations.
What was the situation like at the beginning?
- Kerberos had a stand-alone Know Your Customer (KYC) native app.
- The Kerberos customer journey was only partly digitized.
What needs or problems did you want to solve?
Kerberos’ goal was to create one digital customer platform, the AML Desk, where customers can take care of all their anti-money laundering obligations.
For example, when Kerberos customers (which come from different industries, such as real estate, goods trade, sports-betting, financial services, etc.) want to close deals above a certain amount of money, they need to conduct the so-called “Know Your Customer” (KYC) check. The check includes verifying the identity of the business partner and its beneficial owner(s) and checking whether the partner is on sanction lists, a politically exposed person, or residing in a so-called high-risk country. KYCs were already digitized via a stand-alone mobile app.
Another product that wasn’t digitized was the Risk Analysis each customer needs to conduct. The customers needed to identify, categorize and weigh the money-laundering risks associated with their business model and operations. Based on this Risk Analysis, suitable money laundering prevention measures needed to be developed and implemented. The Risk Analysis and the documents describing the prevention measures are core documents that need to be regularly updated. Typically, these are the first documents supervisory authorities request to see when conducting AML audits. Thus, the documents need to be up-to-date and easily accessible by customers so that they can fulfill their compliance obligations and avoid high fines.
The mentioned issues led to two main product opportunities ProductDock could help with:
- The current version of the KYC app needed reengineering to integrate that part of the process into an overarching AML Desk.
- The customer journey needed to be digitized. We decided not to start at the beginning of the customer’s journey but with the steps a user needs to take after the contract has been signed – the customers need a central portal – the AMLdesk, where they can start creating and, later, finding all their compliance documents.
Who did it?
Kerberos needed additional tech expertise to develop a new product. Since it is often a case that project developers are hired as extended workbenches for developments, where the teams get a fixed requirements list and are not requested to understand the product itself and its purpose, it was important for Kerebros to start not only another development project but also have a partner who understands the difference between product and project development. Anti-Money Laundering (AML) compliance is a complex topic, and Kerberos, as much as ProductDock, was eager to install teams who identify themselves with the product, know how it works, and why it is needed.
ProductDock provided eight developers, one solution architect, one product manager, and an Agile coach. The team members from ProductDock joined the team members from Kerberos: three full-stack developers, two product managers, and a UX/UI designer.
Having a huge group of experts ready, we divided ourselves into two teams, one to work on the KYC app and another to realize the AML Desk, including the Risk Analysis. Both teams, consisting of a mix of Kerberos and ProductDock employees, embraced their different backgrounds and helped speed up the development.
What did you do? Which technologies did you use?
The KYC team
The first plan of the KYC team was refactoring the existing app. The framework for the KYC APP was Ionic, an open-source web framework for building hybrid apps coupled with a BFF layer. It turned out that the KYC team got into the conflict of a focus switch – on the one hand, refactoring was necessary to make the application more stable, especially regarding scaling. On the other hand, many customers were already using the application, so KYC team members could not often focus on refactoring but needed to maintain and expand the current application.
Right at the beginning of the collaboration, we did a quick experiment to determine if there was a new market opportunity. The KYC team built a white-label solution for the KYC app that was then branded for a specific industry to reach the target group. The experiment revealed that there is not yet to be a bigger need for the given target group. Since the team was able to deliver the white-label version in only one month, we didn’t lose too much time – on the contrary, we saved a lot of time not focusing on the wrong market.
Having an application in production, the Kerberos Sales team was able to gather more and more customer feedback, which finally led to a decision to pivot the approach:
We learned that not all customers need a dedicated app to fulfill their KYC checks but want to use the functionality inside their own portals. Therefore the team started to build an API that will be integrated with customer portals and consumed by the AML Desk.
The AML Desk team
The AML Desk team started from scratch and was faced with the difficulties of making all the technical decisions and choosing from a huge variety of technical options. Kerberos used many Microsoft 365 and Azure products. On the other hand, the KYC application already used services, like Keycloak, as the authentication service that could have been reused. After a research period, the team used different criteria to pick their tech stack:
- Which technology is well-documented and understandable
- What fits the price range
- And – remember, it is all about compliance – which services fulfill the security and data privacy standards of a company that is not only obliged to take care of such matters but also should act as a role model for compliance.
The team chose MS Azure for user management, authentication, and authorization; Google Cloud Provider for the infrastructure; and CenterDevice as a SaaS for Document Management.
It was clear from the beginning that the team didn’t want to build everything from scratch, so they decided to use a mash-up strategy. They used existing services to shorten the time to market and quickly deliver solutions to customers. They integrated, for example, Survey Monkey to gather customer data, a crucial step of the Risk Analysis process. And even if the goal was to digitize all the steps of the process for all customer segments, they incorporated some of the existing manual processes to save development time and learn faster – while the user had a seamless digital experience in the portal.
The process for the user looked as follows:
The actual steps were:
What was the outcome/ What did you learn?
One could use many potential solutions and tools to solve a problem, especially when starting from scratch, which can be overwhelming.
We’ve learned that we can either be very cautious and diligent and do as much research as possible or start with one solution that fulfills the main business criteria and make sure we can replace it later.
We went for the first approach, which cost us some time, and learned that the second approach is the one to choose next time. For example, we started with Cloud Functions but realized there was no permanent availability/ up-time of the service given. Therefore, we decided to switch to a Cloud Run solution via a NestJS application.
We realized that working in small iterations with quick feedback loops is most critical. This approach helps the team to re-evaluate the plan step by step. If the plan doesn’t work, you can adjust it when necessary and avoid following the wrong plan for too long.
This step-by-step approach was only possible since the different teams and departments inside Kerberos started to break up the silos and work together as real interdisciplinary teams: Development, UX/UI, Product Management, Sales, and Risk Analysis Experts.
Working in interdisciplinary teams helped us focus on one common goal and have a shared mission – to bring more and more users to the portal, deliver digital solutions for clients, and automate the processes.
What are you proud of?
We are proud of the openness and the will of all team members and the management to learn from failures. Let’s take the KYC app example:
The idea to build a native app so that customers could simply do their own checks easily and conveniently seemed the right one at the given time. However, during our journey, and by analyzing customer usage data, we learned that special target groups don’t have a need for a stand-alone application but only functionality. Once we’d discovered this, we knew it was time to pivot and start building an API instead of an application.
Digitization brought value to two user groups:
Digitizing more and more steps of the whole process and streamlining the document management process with software improved and accelerated work processes of the internal users. They don’t struggle anymore with emails-inbox mess and excel file-folder chaos.
The external users – business customers – received a portal that helped them become compliant easily—having all the relevant compliance documents in one central place massively reduced the time they had previously spent searching for documents, enabling them to quickly and successfully pass authority audits.
“They understand the difference between product and project developers, helping us a lot right from the start.”
Managing Director for IT & Product