Skip to main content
Kinyoubi Atelier & Co.

Sectors · Banking and financial services

Software for regulated finance, with the rules built in.

Banking, financial services, and insurance carry obligations that most software is retrofitted to meet after the fact. We work the other way. When the rules include the Reserve Bank of India's oversight of outsourcing and cloud use, a ban on raw personal data leaving the trust boundary, and a requirement that any AI insight runs only on combined, anonymous data, those rules belong in the design from day one, not in a fix after the security review.

This is the finance view of our enterprise and institutional systems work: data protection and Reserve Bank of India alignment designed in, not added on.

What "built in" means in practice

These are the building blocks we used for a management system for a regulated financial institution. They are not goals; they are what the first phase shipped and what the client's security review accepted.

  • Each tenant separated in the database. Every read and write is gated by tenant inside the database itself. The application cannot get around it, so a bug in the middle layer does not become a data breach.
  • Personal data encrypted before it lands. Sensitive personal data is encrypted on the client side before it is stored, so the raw value never sits in a column anyone can query.
  • No raw personal data to outside services. The AI layer only sees combined, anonymous data. There is no path between the model and any column that holds a customer's identity.
  • Audit trails that agree with the rules. A full record of reads and writes, checked against the same access rules that decide who can see each record, so the log and the rules tell one story.

The posture is aligned to the Reserve Bank of India's outsourcing and cloud guidance and to the Digital Personal Data Protection Act, 2023. Storage, computing, and AI processing are kept in India.

The worked example

We treat this build as a template for regulated finance software in India, with the compliance posture engineered from the first commit rather than added before launch. The first phase is complete and the next is in active development. The client and the vendor choices stay private under a non disclosure agreement; the technical files, the schema with its encryption notes, the access rules across the full set of roles, and the map of Reserve Bank of India controls, are available in full to serious buyers under a mutual non disclosure agreement.

Read the architecture and the first phase files: a management system for a regulated financial institution

What we cannot say yet

Outcome numbers come after the system is in production and the client has approved their release. Until then, what we show is the architecture and the first phase files, and that is on purpose: we would rather publish what we can stand behind than claim what we cannot.

Building in regulated finance?

If the isolation and encryption story has to hold up in a security review, that is the work we do. We reply within one working day.

Start a conversation