The operating system of a regulated credit union.

Build an entire regulated financial institution’s technology stack from scratch. The platform is the operating system of the firm — a member portal for savings and loans alongside a staff stack that runs every step of the credit-union lifecycle. End-to-end ownership from architecture through production.

The constraint that shapes everything: the IoMFSA Designated Businesses Act and the FCA’s Consumer Duty don’t scale down. The same audit, retention, and inspection-readiness expectations apply whether you have a thousand members or a hundred thousand.

A working credit union. The full loan lifecycle from application to arrears, a digital onboarding pipeline alongside a walk-in / no-contact financial-inclusion path, real-time treasury and savings operations, and a regulated overlay sitting over all of it.

• Loan lifecycle. Application, automated affordability and risk-tier assessment, credit-bureau pull and archive, interview scheduling, committee decisioning, cashier disbursement, scheduled repayment, and arrears handling.
• Onboarding. Photographic ID and proof-of-address pipelines, plus a walk-in / no-contact financial-inclusion path with proxy contact and four-eyes approval under the IoMFSA Designated Businesses Act.
• Treasury & savings. Accounts, payments, statements, and open-banking integration via Yapily for income verification and affordability inputs.
• Regulated overlay. AML/CFT operations (SAR queue, OFSI sanctions, PEP and adverse-media triage with daily re-screening); KYC and CDD audit trails; vulnerable-customer flagging under CONC 1.2 / FCA Consumer Duty; DSAR bundling; SHA-256 hash chains across audit, training, and credit-bureau records; category-specific retention engine; one-click inspection-pack export.
• Training, in product. Eleven AML training modules, 270 scenario-based questions, version-pinned attestation. Staff are tested on the same surface they operate.
• Real-time member experience. WebSocket / STOMP with backend-driven workspace configuration and an embedded support chatbot.

• Frontend. Angular 19 with RxJS, micro-frontend architecture, custom design system, Jasmine / Karma. The same shared-library pattern adopted across multiple business units when I led it at UBS.
• Backend. Spring Boot 3.2 on Java 21, clean architecture, PostgreSQL / JPA, JUnit / TDD. Async processing for the retention and sanctions queues.
• Auth. Custom Spring Authorization Server for OAuth2 / OIDC, with SMS OTP and device out-of-band patterns ported from the Backbase payments-security work.
• Open banking. Yapily integration for affordability inputs and income verification.
• Realtime. WebSocket / STOMP with backend-driven workspace configuration.
• Audit. Tamper-evident SHA-256 hash chains across audit, training, and credit-bureau records. Category-specific retention engine.

Regulators ask for evidence, not assurances. The platform is built so the answer to every IoMFSA question is one click away: which staff member completed which training module, in which version, at which timestamp; every CDD review and its outcome; every sanctions hit and its disposition; every loan’s entire decision chain.

The same discipline is portable. The audit-chain, retention-engine and inspection-pack patterns travel to fintech, healthcare, and anywhere else the answer to how did this decision happen matters.