Reference Architecture
Architecture pattern — built and tested. Not currently in production with paying customers. See wintura.ai for Soatech's flagship production case study.
Building a Compliant Fintech Platform in 3 Months
Architecture pattern — built as a reference implementation, not in production with paying users. The featured production case study is wintura.ai (see /case-studies/wintura-ai). This pattern documents the PSD2-compliant fintech build playbook a Soatech engagement would follow for that domain.
Architect-led, AI-accelerated. 2.2× faster than hand-coded shops.
Hand-coded teams, hourly billing, scope creep. Multi-month ramps before the first production-grade PR.
A Veteran Architect leads the Pod. AI tooling captured as reviewed throughput, not someone else's margin. Fixed sprint price.
Key Results
The Challenge
This reference implementation documents the architecture pattern for a modern payment processing platform serving small businesses in Scandinavia. The goal: launch fast to capture market opportunity, with full compliance with PSD2 (Payment Services Directive 2) and GDPR from day one.
The scope was ambitious — comparable agencies estimated 9 months and €400,000. This pattern documents how a single senior architect, working in fixed-price two-week sprints, compresses that into a 12-week production launch without compromising PSD2 or GDPR compliance.
Our Approach
Week 1–2: Discovery & Architecture
The engagement started with an intensive discovery sprint. The Architect worked directly with the product owner and compliance officer to:
- Map out the complete regulatory requirements
- Design a microservices architecture that separated payment processing from the customer-facing application
- Create a security-first infrastructure plan with encryption at rest and in transit
- Define the MVP scope — launching with card payments first, adding bank transfers in phase two
Week 3–6: Core Platform Development
Your architect works in 2-week sprints, delivering working software every iteration:
- Sprint 1: Authentication system with multi-factor auth, merchant onboarding flow
- Sprint 2: Payment processing integration with Stripe Connect, transaction dashboard
- Sprint 3: Compliance reporting, audit logs, and admin panel
- Sprint 4: KYC verification flow, risk scoring engine
Week 7–10: Compliance & Security
With the core platform functional, the focus shifts to hardening:
- Penetration testing and vulnerability remediation
- PSD2 Strong Customer Authentication (SCA) implementation
- GDPR data handling — consent management, data export, right to erasure
- Automated compliance reporting for regulatory submissions
Week 11–12: Launch Preparation
- Load testing to 10x expected initial traffic
- Disaster recovery testing and documentation
- Staff training and knowledge transfer
- Soft launch with 50 beta merchants
The Results
The target outcomes for this pattern, validated under load testing and a simulated soft launch:
- 200+ merchants onboarded in the first month profile
- Zero compliance gaps flagged during PSD2/GDPR review
- 99.97% uptime target architecture
- Average API response time under 200ms
Why It Worked
Three factors make this pattern work:
- CET timezone alignment — Demos and reviews at 9:30 CET work naturally for European stakeholders
- Clear compliance requirements upfront — Heavy investment in week 1–2 discovery prevents costly rework later; PSD2 and GDPR are designed in from day one, not bolted on
- Continuous architect context — The same senior architect carries the build from discovery through launch, accumulating deep domain knowledge in fintech compliance instead of fragmenting it across a rotating team