🏦

Financial Services

Financial Services

Banking, insurance, investment, and payments — the technology powering India's ₹300+ trillion financial system and a global fintech revolution. Platforms like Finacle and Temenos serve hundreds of millions of users; UPI now processes 14–21+ billion transactions per month.

₹300T+

India Banking Assets

14–21B+

UPI Transactions/Month

₹53L Cr

MF Industry AUM

160M+

Demat Accounts

What Engineers Miss When They First Enter Financial Services

Financial services engineering is distinct from most software domains because the data that flows through the system is not just information — it is money, and the correctness requirements that follow from this are absolute in ways that most software is not required to be. A bug in an e-commerce recommendation engine shows you the wrong product. A bug in a payment processing system could credit ₹100,000 when ₹1,000 was intended, and reversing it requires both systems to agree on a reversal, both banks to settle, and in some cases, regulatory reporting. The immutability requirement — that completed financial transactions cannot simply be deleted or modified, only corrected with offsetting entries — is a foundational constraint that shapes the data model of every core banking, insurance, and trading system.

The regulatory landscape for financial services in India involves three major regulators with overlapping jurisdiction over different product categories. RBI regulates banking and payments, SEBI regulates capital markets and securities, and IRDAI regulates insurance. A fintech company that offers a savings account (RBI regulated), a mutual fund investment (SEBI regulated), and a term insurance policy (IRDAI regulated) as part of a single app must ensure that its technology complies with three separate regulatory frameworks, each with different data localisation requirements, reporting obligations, and customer disclosure standards. The compliance engineering that supports this multi-regulatory environment is non-trivial and is a significant reason why large financial conglomerates invest heavily in technology compliance teams.

India's financial services ecosystem has been transformed by the digital public infrastructure built over the past decade. UPI for payments, ABHA for health records, Account Aggregator for consented data sharing, and the Loan Origination platform that uses AA-fetched financial data to underwrite loans in minutes rather than weeks — these are not just technology products but architecture decisions about how to structure the digital financial system. Understanding the IndiaStack components and how they interact is essential context for any engineer building financial services in India. The Account Aggregator framework in particular is creating a new paradigm for lending: a borrower who shares 12 months of bank statement data through an AA with a lender can receive a credit decision based on their actual cash flows rather than a credit bureau score, enabling lending to the credit-invisible population.

What Teams Actually Do Day To Day

  • 1Build the core banking integration layer: connecting the bank's CBS (Core Banking System — Finacle, BankMaster, or Oracle FLEXCUBE) to modern API-first channels (mobile app, internet banking, UPI); the transaction processing engine that handles the double-entry accounting correctly for every transaction type; and the end-of-day batch jobs that run interest calculation, minimum balance computation, and statement generation.
  • 2Develop the KYC and onboarding platform: the digital KYC flow using Aadhaar eKYC, PAN API, and video KYC as required by RBI; the de-duplication logic that prevents a customer from opening multiple accounts; the risk categorisation that classifies customers as Low, Medium, or High risk for AML purposes; and the CKYC registry integration that uploads and retrieves verified customer data.
  • 3Implement the payments processing infrastructure: UPI payment initiation and collection flows (P2P and P2M), the NEFT/RTGS remittance integration with RBI's payment systems, the inward remittance processing for international transfers via SWIFT, the transaction monitoring that screens payments for sanctions and suspicious patterns, and the reconciliation that ensures all payment movements match the nostro and vostro account balances.
  • 4Build the lending and credit management platform: the loan origination system (LOS) that processes applications from channel to credit decision, pulling bureau data from CIBIL and Experia, computing EMI affordability, generating the loan agreement, and initiating disbursement; the loan management system (LMS) that maintains the amortisation schedule, processes EMI payments, handles prepayments, and computes the outstanding balance; and the NPA management workflow that escalates overdue loans through the recovery process.
  • 5Develop the investment and wealth management platform: the mutual fund order placement and settlement integration with BSE StAR MF or NSE NMF II, the portfolio valuation using AMFI NAV data, the tax calculation for capital gains on redemptions applying FIFO lot matching and the appropriate short/long-term rate, the account aggregator integration for fetching consented financial data from other institutions, and the goal-based portfolio recommendation engine.

One End-to-End Flow: An Account Aggregator-Powered Personal Loan Is Originated and Disbursed

A salaried professional applies for a personal loan on a fintech app. They consent to share bank statements via Account Aggregator, the underwriting engine makes a credit decision in minutes, and the loan is disbursed to their account the same day.

1

Borrower applies and initiates AA consent

The borrower opens the fintech app and applies for a ₹3 lakh personal loan. The app verifies PAN and Aadhaar (eKYC), pulls the CIBIL credit score (720), and asks the borrower to consent to share 12 months of bank statements from their salary account via the Account Aggregator framework. The borrower selects their bank in the AA consent flow and approves the data share.

Systems Involved

Fintech app, PAN API, CIBIL bureau pull, AA consent initiation (AA framework)

Where It Usually Breaks

AA consent flow abandonment — the borrower is redirected to a separate AA app or web interface to approve the consent, but the redirect fails or the consent flow is confusing — is the most significant conversion drop-off in AA-powered lending. Lenders that have integrated AA consent within their app journey see higher completion rates than those that require a separate app.

2

Bank statements are fetched and analysed

The AA fetches the consented bank statement data from the borrower's bank (the FIP — Financial Information Provider) and delivers it to the lender (the FIU — Financial Information User) in an encrypted, standardised JSON format. The lender's underwriting engine processes 12 months of transactions: computing average monthly salary credit, recurring obligations (EMIs, insurance premiums), average balance, and cash flow variability.

Systems Involved

AA framework (FIP-FIU), bank statement data fetch, cash flow analysis engine

Where It Usually Breaks

Bank (FIP) non-participation in the AA framework — major private sector banks are live, but several public sector banks have had delayed integration — means the borrower's salary account may not be available for AA data fetch. The lender must fall back to requesting physical or digitally uploaded bank statements, which adds processing time.

3

Credit decision is made and offer is presented

The underwriting engine combines bureau score, AA cash flow analysis, and the borrower's income verification (salary credit pattern in bank statements) to compute an approved loan amount and interest rate. The offer is presented to the borrower: ₹3 lakh at 13.5% p.a., 36 months EMI of ₹10,129. The borrower accepts and digitally signs the loan agreement using Aadhaar eSign.

Systems Involved

Credit underwriting model, loan offer generation, Aadhaar eSign, loan agreement

Where It Usually Breaks

Loan agreement eSign failures — Aadhaar OTP not received because the borrower's mobile number linked to Aadhaar is different from their current number — require the borrower to use an alternative signing method (wet signature, which adds days to processing). Lenders that offer only Aadhaar eSign as the signing method have drop-offs at this stage.

4

Loan is disbursed via IMPS/NEFT

The lender creates a loan account in its LMS, records the first disbursement event, generates the sanction letter, and initiates the disbursal of ₹3 lakh to the borrower's bank account via IMPS (for same-day instant transfer) or NEFT. The borrower receives the credit in their account and an SMS with the loan account number and EMI date.

Systems Involved

LMS loan account creation, disbursement payment via IMPS, loan welcome SMS

Where It Usually Breaks

IMPS credit failure — the borrower's bank account details (IFSC or account number) are entered incorrectly — causes the payment to fail or credit the wrong account. Lenders that do not verify bank account details with a penny-drop (₹1 verification credit) before disbursement have higher incorrect disbursement rates.

Technology Architecture — How Financial Services Platforms Are Built

The diagram below reflects how production Financial Services systems are structured at scale — nine layers from client channels through edge security, API gateway, domain microservices, polyglot data stores, async event streaming, analytics, external partners, and cloud infrastructure. Solid arrows show synchronous REST/gRPC calls; dashed arrows show async event flows via Kafka or a message queue.

Financial Services — Enterprise Architecture ReferenceSolid arrows: synchronous calls (REST / gRPC) · Dashed arrows: async event flows (Kafka / Message Queue)CLIENTS & CHANNELSWeb SPAiOS / AndroidAdmin PortalPartner API3rd-Party WebhooksBatch / CronEDGE SECURITY & DELIVERYCDN (CloudFront / Akamai) · DDoS Shield · WAF (OWASP rules) · SSL/TLS Termination · Global Load Balancer (ALB / NLB)API GATEWAYKong / AWS API Gateway / NGINX / ApigeeRate Limiting · Routing · Versioning · Throttling · BFF PatternIDENTITY & ACCESSOAuth 2.0 · OpenID Connect · SAML 2.0JWT · RBAC · MFA · SSOCORE DOMAIN MICROSERVICES · REST / gRPC🏦 Core Banking System (CBS)Account management (savings, curr…Transaction processing (debit, cr…GET /api/v1/accounts/{id}/balanceInfosys Finacle💳 Payments PlatformUPI payment initiation and settle…NEFT/RTGS batch and real-time tra…POST /api/v1/upi/payNPCI UPI Switch📊 Policy Administration Sy…Policy quoting and ratingUnderwriting rules and risk asses…POST /api/v1/policiesMajesco💻 Digital / Online Banking…Account balance and statement vie…Fund transfers (UPI, NEFT, RTGS, …GET /api/v1/accountsSBI YONO🛡️ Risk, Compliance & Fraud…Real-time transaction fraud scori…AML transaction monitoring and wa…POST /api/v1/fraud/scoreOracle Financial Services A…Service Mesh: mTLS · Circuit Breaker (Resilience4j / Hystrix) · Service Discovery (Consul / Eureka) · Distributed Tracing (Jaeger)DATA PERSISTENCE · PolyglotOracle / DB2OLTPPostgreSQL / SQ…PrimaryRedis CacheCacheElasticsearchSearchS3 / BlobObjectASYNC MESSAGING & EVENTSApache Kafka / SQSPub/Sub · TopicsDead Letter QueueError HandlingStream ProcessorFlink / SparkANALYTICS & DATA PLATFORMData Warehouse (BigQuery / Snowflake / Redshift) · ETL/ELT (dbt / Airflow) · BI Tools (Tableau / Metabase) · ML Feature StoreEXTERNAL INTEGRATIONS & PARTNERSUPI/NPCISWIFTRBI ReportingCredit BureauKYC RegistryNPCIPLATFORM: AWS / Azure · Kubernetes (EKS/AKS/GKE) · Docker · Helm · ArgoCD · CI/CD (GitHub Actions) · IaC (Terraform)OBSERVABILITY: ELK / Datadog · Prometheus / Grafana · Jaeger · PagerDutySECURITY: TLS 1.3 · Vault / KMS · SAST/DAST · SOC2 / ISO 27001Sync (REST / gRPC)Async (Kafka / Events)Each service owns its bounded context · CQRS & Event Sourcing where applicable · Polyglot persistence per domain

Industry Players & Real Applications

🇮🇳 Indian Companies

SBI

Public Sector Bank

India's largest bank — SBI YONO, core banking on Finacle

HDFC Bank

Private Bank

Largest private bank — NetBanking, SmartHub, API banking

Zerodha

Discount Broker

India's largest broker — built on Go, Kite platform

PhonePe

Payments Fintech

India's largest UPI app — 500M+ registered users

Groww

WealthTech

India's largest investment app — 10M+ active investors

Razorpay

Payment Gateway

Leading payment gateway — $7.5B+ valuation

LIC

Insurance

World's largest life insurer by policies — legacy + digital

NPCI

Payment Infrastructure

UPI, RuPay, IMPS, NACH — India's payment infrastructure

🌍 Global Companies

JPMorgan Chase

Investment Bank

World's largest bank by market cap — $14B+ tech spend

Visa / Mastercard

Card Network

Global payment network processing trillions annually

BlackRock (Aladdin)

Asset Manager

$21T+ AUM managed via Aladdin risk platform

Bloomberg

Financial Data

Financial data and terminal — 325,000 subscribers

SWIFT

Payment Network

Global interbank messaging — 11,000+ institutions

Stripe

Payment Gateway

Global payment infrastructure — 100+ countries

🛠️ Enterprise Platform Vendors

Infosys Finacle

Core Banking

Core banking used by 1 billion+ bank customers globally

Temenos

Core Banking

Core banking for 3,000+ financial institutions

FIS / Finastra

Banking Platform

Banking and capital markets software suite

Salesforce Financial Services Cloud

CRM

CRM for banks and wealth management

Core Systems

These are the foundational systems that power Financial Services operations. Understanding these systems — what they do, how they integrate, and their APIs — is essential for anyone working in this domain.

Business Flows

Key Business Flows Every Developer Should Know.Business flows are where domain knowledge directly impacts code quality. Each flow represents a real business process that your code must correctly implement — including all the edge cases, failure modes, and regulatory requirements that aren't obvious from the happy path.

The detailed step-by-step breakdown of each flow — including the exact API calls, data entities, system handoffs, and failure handling — is covered below. Study these carefully. The difference between a developer who “knows the code” and one who “knows the domain” is exactly this: the domain-knowledgeable developer reads a flow and immediately spots the missing error handling, the missing audit log, the missing regulatory check.

Technology Stack

Real Industry Technology Stack — What Financial Services Teams Actually Use. Every technology choice in Financial Servicesis driven by specific requirements — reliability, compliance, performance, or integration capabilities. Here's what you'll encounter on real projects and, more importantly, why these technologies were chosen.

The pattern across Financial Services is consistent: battle-tested backend frameworks for business logic, relational databases for transactional correctness, message brokers for event-driven workflows, and cloud platforms for infrastructure. Modern Financial Servicesplatforms increasingly adopt containerisation (Docker, Kubernetes), CI/CD pipelines, and observability tools — the same DevOps practices you'd find at any modern tech company, just with stricter compliance requirements.

⚙️ backend

Java / Spring Boot

Core banking, payment systems — industry standard for reliability and transaction management

Go

High-throughput fintech APIs — Zerodha, PhonePe; low latency, high concurrency

Python

Risk models, fraud detection, analytics, credit scoring ML models

C++

HFT (High-Frequency Trading), exchange matching engines, ultra-low latency systems

C# / .NET

Investment banking, trading platforms, Microsoft-stack banks

COBOL / Java EE

Legacy core banking mainframes — still widely running in large banks

🖥️ frontend

React / Next.js

Internet banking portals, broker platforms, dashboards

Angular

Enterprise banking UIs, admin and operations dashboards

React Native / Flutter

Mobile banking apps, UPI apps (PhonePe, Groww, Zerodha Kite)

🗄️ database

Oracle / DB2

Core banking — proven transactional reliability, ACID guarantees, widely used by large banks

PostgreSQL / SQL Server

Modern fintech applications, payment platforms

Redis

Real-time balances, session management, rate limiting, OTP caching

Apache Kafka

Payment event streaming, audit logs, real-time fraud detection pipelines

Cassandra / MongoDB

High-throughput transaction stores, user session data

Snowflake / BigQuery / Hadoop

Data warehouse for analytics, regulatory reporting, credit risk models

Hazelcast / Memcached

In-memory data grids for distributed caching and fast lookups

🔗 integration

Apache Kafka / Kafka Streams

Event streaming for real-time payment processing and analytics

RabbitMQ / IBM MQ / ActiveMQ

Reliable messaging between core banking and billing systems

Apache Flink

Stream processing for live fraud detection and risk analytics

REST / gRPC

Internal microservice communication; gRPC for high-performance service calls

SOAP / XML (ISO 20022 / MT/MX)

Legacy integrations, SWIFT messaging standards, regulatory interfaces

Kong / Tyk / AWS API Gateway

API gateway for routing, auth, throttling external requests

☁️ cloud

AWS

Most Indian fintechs — Razorpay, Groww, Upstox; EKS, RDS, Lambda

Azure

Large banks with Microsoft enterprise relationships; Azure AD, AKS

GCP

Analytics-heavy fintechs; BigQuery, Dataflow, Pub/Sub

On-premise / Private Cloud

RBI mandates critical banking data to stay within India; many banks run hybrid

Docker / Kubernetes

Containerized microservices deployment; scaling payment services independently

Terraform / CloudFormation

Infrastructure-as-code for consistent, auditable cloud resource management

Interview Questions

Q1.Explain the difference between NEFT, RTGS, and IMPS.

NEFT (National Electronic Funds Transfer): Batch-based, settled in hourly batches, available 24x7 since 2019, any amount. RTGS (Real Time Gross Settlement): Real-time, individual transaction settlement, minimum ₹2 lakh, used for high-value payments. IMPS (Immediate Payment Service): Real-time like RTGS but for any amount (up to ₹5 lakh), 24x7, widely used for retail. UPI is built on IMPS rails. Key difference: RTGS is gross settlement (each transaction settled individually), NEFT is net settlement (batched). RTGS has higher finality guarantee.

Q2.What is the Account Aggregator framework?

Account Aggregator (AA) is RBI's consent-based financial data sharing framework. It allows customers to share their financial data (bank statements, insurance policies, investments) with Financial Information Users (FIUs — like loan providers) via Financial Information Providers (FIPs — like banks) through a secure, consent-managed flow. Key players: Finvu, OneMoney, PhonePe AA, CAMS Finserv. Use case: Instead of uploading bank statements for a loan, share 12 months of data digitally in seconds. Built on DEPA (Data Empowerment and Protection Architecture) principles.

Q3.How would you design a payment processing system like UPI?

A UPI-style payment system requires several key components: (1) API Gateway for authentication and routing of payment requests. (2) Payment Service — a microservice that validates balances, debits the sender via Core Banking System, and orchestrates the transfer. (3) Routing Layer (like NPCI's UPI Switch) that identifies the destination bank from the VPA handle and forwards the request. (4) Receiving Bank CBS that validates the recipient and credits the account. (5) Settlement Engine for reconciliation — real-time or batch depending on the rail. (6) Notification Service for push/SMS confirmations. Key design considerations: idempotency (prevent double payments), eventual consistency across distributed ledgers, timeout/retry handling for network failures, and audit logging for every transaction step.

Q4.What is the difference between clearing and settlement in banking?

Clearing is the process of aggregating, reconciling, and preparing payment instructions before the actual transfer of funds. It involves netting multiple transactions (e.g. Bank A owes Bank B ₹100, Bank B owes Bank A ₹60 — net: Bank A pays Bank B ₹40). Settlement is the final, irrevocable transfer of funds between institutions to complete the transaction. In NEFT, clearing happens in batches (every 30 min) and settlement follows. In RTGS, each high-value transaction is settled immediately (gross settlement). In UPI, settlement is effectively real-time — both debit and credit happen within seconds, with end-of-day reconciliation.

Q5.How does a Policy Administration System (PAS) work in insurance?

A Policy Administration System (PAS) is the central system of record for all insurance policies. It manages the complete policy lifecycle: (1) Quoting — calculating premiums based on risk parameters. (2) Underwriting — applying business rules to decide coverage terms. (3) Policy Issuance — creating the formal policy with coverage, beneficiaries, and premium schedule. (4) Mid-term changes — endorsements, coverage modifications. (5) Renewals — auto-renewal or lapsed policy handling. (6) Cancellations. The PAS integrates with Claim Management Systems (for adjudication), Billing Systems (for premium collection), and Regulatory Reporting systems (for IRDAI filings). Examples: Majesco, LifePRO, Guidewire PolicyCenter.

Q6.Why do financial systems use event-driven architecture and what are its benefits?

Financial systems use event-driven architecture (EDA) because transactions are naturally event-based — a payment debit, a trade execution, a policy renewal are all discrete events that multiple downstream systems need to react to. Benefits: (1) Loose coupling — the Payment Service doesn't need to know about the Fraud Service or Reporting Service; it just publishes an event. (2) Real-time processing — the Fraud Service can analyze a transaction event instantly. (3) Resilience — if the Reporting Service is down, it processes events when it recovers (using Kafka's durable log). (4) Scalability — each consumer scales independently. (5) Audit trail — event logs provide an immutable history. Common tools: Apache Kafka for high-throughput streaming, RabbitMQ/IBM MQ for reliable queuing.

Q7.Explain KYC and AML — what do they mean technically for a banking application?

KYC (Know Your Customer) is the process of verifying a customer's identity before allowing them to use financial services. Technically it involves: document collection (Aadhaar, PAN, passport), OCR/AI-based document verification, biometric matching, and integration with government identity registries (e.g. UIDAI for Aadhaar). The KYC status is stored in the CRM and checked before account activation. AML (Anti-Money Laundering) involves detecting suspicious transaction patterns. Technically: (1) Transaction monitoring rules engine (e.g. flagging cash deposits above thresholds). (2) Watchlist screening against sanctions lists (OFAC, UN). (3) Machine learning models for anomaly detection (unusual transaction frequency, amounts, geographies). (4) Suspicious Activity Reports (SARs) filed with FIU-India. Both are regulatory requirements under RBI/PMLA guidelines.

Glossary & Key Terms

Transaction

Any completed unit of work in the system (e.g. a bank transfer, policy issuance, trade execution). In databases, a transaction is an atomic update ensuring all-or-nothing consistency.

Ledger

The record of all account balances and changes. In banking, the general ledger tracks every debit/credit to each account.

Clearing

The process of aggregating and preparing payment instructions (e.g. checks or transfers) for settlement. Clearing involves netting multiple transactions and reconciling them before final transfer.

Settlement

The final transfer of value (money or securities) to complete a transaction. For payments, settlement means moving funds between banks — instantly in real-time systems like UPI, or in batches for NEFT.

Reconciliation

Matching two sets of records to ensure they agree. Banks reconcile their books after clearing/settlement, ensuring all debits and credits align with statements from other banks or regulators.

CBS

Core Banking System — the central platform managing all bank accounts and transactions. Examples: Infosys Finacle, Temenos T24, Oracle FLEXCUBE.

UPI

Unified Payments Interface — NPCI's real-time interbank payment system. Now processes 14–21+ billion transactions per month across India.

KYC

Know Your Customer — the process of verifying a customer's identity (using documents, Aadhaar, etc.). Required by law to prevent fraud and money laundering.

AML

Anti-Money Laundering — systems and rules designed to detect and prevent illicit transaction patterns. Software screens transactions against watchlists and analyzes them for suspicious behavior.

SWIFT

Society for Worldwide Interbank Financial Telecommunication — the global messaging backbone for cross-border payments, linking over 11,000 institutions in 200+ countries.

NACH

National Automated Clearing House — mandate-based bulk payment system used for SIP debits, salary credits, and utility payments.

PSP

Payment Service Provider — entities handling UPI apps (e.g. Google Pay, PhonePe, Paytm).

VPA

Virtual Payment Address — UPI identifier (e.g. name@okicici) that maps to a bank account.

PAS

Policy Administration System — in insurance, the core system for managing policies throughout their lifecycle (quoting, issuance, renewals, cancellations). The definitive record of all policy terms.

Payment Gateway

A service that authorizes and processes online payment transactions. It securely captures payment details and routes them to the banking/payment network.

Microservices

A software architecture style where functionality is split into small, independent services, each handling a single business capability. Services communicate via APIs or messages, enabling independent scaling.

Event-Driven Architecture

A pattern where components emit events (like 'payment debited') and other components react to them. Enables real-time processing — e.g. fraud detection triggers on a transaction event.

High Availability

System design that ensures continuous operation through redundancy (multiple servers, failover clusters) and instant scaling. Critical in financial services to avoid downtime.

Open Banking

Regulatory framework where banks share data (with customer consent) with third-party providers via APIs. Enables fintech apps for account aggregation, budgeting, and lending.

CBDC

Central Bank Digital Currency — a digital form of a country's fiat currency issued by the central bank. India is piloting a digital rupee for instant settlement and reduced cash use.

RTGS

Real Time Gross Settlement — real-time, individual transaction settlement for high-value payments (minimum ₹2 lakh in India). Each transaction is settled immediately and irrevocably.

NEFT

National Electronic Funds Transfer — batch-based fund transfer system settled in hourly batches. Available 24x7 since 2019; suitable for any amount.

IMPS

Immediate Payment Service — real-time payment system available 24x7 for retail amounts. UPI is built on IMPS rails.