Back to Case Studies

Reference Architecture

Architecture pattern — built and tested. Not currently in production with paying customers. See wintura.ai for Soatech's flagship production case study.

FintechWeb DevelopmentCloud & DevOpsUI/UX Design

Building a Compliant Fintech Platform in 3 Months

Architecture pattern — built as a reference implementation, not in production with paying users. The featured production case study is wintura.ai (see /case-studies/wintura-ai). This pattern documents the PSD2-compliant fintech build playbook a Soatech engagement would follow for that domain.

Reference Implementation3 months1 team members
Velocity Proof

Architect-led, AI-accelerated. 2.2× faster than hand-coded shops.

Traditional Agency
26–30 weeks

Hand-coded teams, hourly billing, scope creep. Multi-month ramps before the first production-grade PR.

Soatech + AI — Architect-Led
12 weeks

A Veteran Architect leads the Pod. AI tooling captured as reviewed throughput, not someone else's margin. Fixed sprint price.

Same scope, same quality bar. 2.2× the speed.Pre-Blueprint engagement — outcome shown for reference

Key Results

0weeks
Time to Market
From concept to production deployment
0%
Compliance
PSD2 and GDPR compliant from day one
<200ms
API Response
Average response time under load testing

The Challenge

This reference implementation documents the architecture pattern for a modern payment processing platform serving small businesses in Scandinavia. The goal: launch fast to capture market opportunity, with full compliance with PSD2 (Payment Services Directive 2) and GDPR from day one.

The scope was ambitious — comparable agencies estimated 9 months and €400,000. This pattern documents how a single senior architect, working in fixed-price two-week sprints, compresses that into a 12-week production launch without compromising PSD2 or GDPR compliance.

Our Approach

Week 1–2: Discovery & Architecture

The engagement started with an intensive discovery sprint. The Architect worked directly with the product owner and compliance officer to:

  • Map out the complete regulatory requirements
  • Design a microservices architecture that separated payment processing from the customer-facing application
  • Create a security-first infrastructure plan with encryption at rest and in transit
  • Define the MVP scope — launching with card payments first, adding bank transfers in phase two

Week 3–6: Core Platform Development

Your architect works in 2-week sprints, delivering working software every iteration:

  • Sprint 1: Authentication system with multi-factor auth, merchant onboarding flow
  • Sprint 2: Payment processing integration with Stripe Connect, transaction dashboard
  • Sprint 3: Compliance reporting, audit logs, and admin panel
  • Sprint 4: KYC verification flow, risk scoring engine

Week 7–10: Compliance & Security

With the core platform functional, the focus shifts to hardening:

  • Penetration testing and vulnerability remediation
  • PSD2 Strong Customer Authentication (SCA) implementation
  • GDPR data handling — consent management, data export, right to erasure
  • Automated compliance reporting for regulatory submissions

Week 11–12: Launch Preparation

  • Load testing to 10x expected initial traffic
  • Disaster recovery testing and documentation
  • Staff training and knowledge transfer
  • Soft launch with 50 beta merchants

The Results

The target outcomes for this pattern, validated under load testing and a simulated soft launch:

  • 200+ merchants onboarded in the first month profile
  • Zero compliance gaps flagged during PSD2/GDPR review
  • 99.97% uptime target architecture
  • Average API response time under 200ms

Why It Worked

Three factors make this pattern work:

  1. CET timezone alignment — Demos and reviews at 9:30 CET work naturally for European stakeholders
  2. Clear compliance requirements upfront — Heavy investment in week 1–2 discovery prevents costly rework later; PSD2 and GDPR are designed in from day one, not bolted on
  3. Continuous architect context — The same senior architect carries the build from discovery through launch, accumulating deep domain knowledge in fintech compliance instead of fragmenting it across a rotating team

Technology Stack

Next.jsNode.jsPostgreSQLRedisAWSDockerTerraformStripe Connect

Want us to build something like this?

Let's discuss how we can help your business grow.

Get in Touch
Book a Production Audit · €1,500