Back to Case Studies
FintechWeb DevelopmentCloud & DevOpsUI/UX Design

Building a Compliant Fintech Platform in 3 Months

How we helped a Nordic fintech startup launch their payment processing platform with full PSD2 compliance, going from concept to production in just 12 weeks.

Nordic Fintech Startup3 months5 team members

Key Results

0weeks
Time to Market
From concept to production deployment
0%
Compliance
PSD2 and GDPR compliant from day one
0%
Cost Savings
Compared to local Nordic development rates

The Challenge

Our client, a Nordic fintech startup, had a bold vision: a modern payment processing platform for small businesses in Scandinavia. They needed to launch fast to capture market opportunity, but the platform had to be fully compliant with PSD2 (Payment Services Directive 2) and GDPR from day one.

Their previous agency quoted 9 months and €400,000. They came to Soatech looking for a faster, more cost-effective path to market.

Our Approach

Week 1–2: Discovery & Architecture

We started with an intensive discovery sprint. Our team worked directly with the client's product owner and compliance officer to:

  • Map out the complete regulatory requirements
  • Design a microservices architecture that separated payment processing from the customer-facing application
  • Create a security-first infrastructure plan with encryption at rest and in transit
  • Define the MVP scope — launching with card payments first, adding bank transfers in phase two

Week 3–6: Core Platform Development

Our 5-person team worked in 2-week sprints, delivering working software every iteration:

  • Sprint 1: Authentication system with multi-factor auth, merchant onboarding flow
  • Sprint 2: Payment processing integration with Stripe Connect, transaction dashboard
  • Sprint 3: Compliance reporting, audit logs, and admin panel
  • Sprint 4: KYC verification flow, risk scoring engine

Week 7–10: Compliance & Security

With the core platform functional, we focused on hardening:

  • Penetration testing and vulnerability remediation
  • PSD2 Strong Customer Authentication (SCA) implementation
  • GDPR data handling — consent management, data export, right to erasure
  • Automated compliance reporting for regulatory submissions

Week 11–12: Launch Preparation

  • Load testing to 10x expected initial traffic
  • Disaster recovery testing and documentation
  • Staff training and knowledge transfer
  • Soft launch with 50 beta merchants

The Results

The platform launched on time and within budget. Within the first month of operation:

  • 200+ merchants onboarded
  • Zero compliance issues flagged during initial regulatory review
  • 99.97% uptime since launch
  • Average API response time under 200ms

Why It Worked

Three factors made this project successful:

  1. CET timezone alignment — Daily standups at 9:30 CET worked perfectly for both our Tirana team and the Oslo-based client
  2. Clear compliance requirements upfront — We invested heavily in week 1–2 discovery, which prevented costly rework later
  3. Dedicated team model — The same 5 engineers worked on the project from start to finish, building deep domain knowledge in fintech compliance

Technology Stack

Next.jsNode.jsPostgreSQLRedisAWSDockerTerraformStripe Connect
Soatech delivered what our previous agency said would take 9 months — in 3. The team felt like they were sitting in our office in Oslo, not 2,000km away.
EL
Erik Lindberg
CTO, Nordic Fintech Startup

Want similar results?

Let's discuss how we can help your business grow.

Get in Touch