Project Overview
A Tokyo-based fintech startup was preparing to launch a mobile banking platform targeting underbanked populations across Southeast Asia. The company needed to build a secure, regulatory-compliant application from scratch that could serve users in Vietnam, the Philippines, and Thailand — each with distinct financial regulations and user expectations. BCT Global was selected as the development partner due to our ISO 27001 certification and experience bridging Japanese fintech standards with Southeast Asian markets.
The Challenge
Building a mobile banking platform for three countries simultaneously presented unique technical and regulatory challenges:
- Each country — Vietnam, the Philippines, and Thailand — has different financial regulatory frameworks, KYC (Know Your Customer) requirements, and data residency laws
- The platform needed to support multiple currencies, payment gateways, and local bank integrations across all three markets
- Security requirements were non-negotiable: end-to-end encryption, biometric authentication, and SOC 2 compliance were mandatory for investor and regulatory confidence
- The client's small Tokyo-based team needed engineers who could work on-site for requirements gathering and architecture decisions, while a larger team handled development offshore
- Time-to-market pressure was intense — the client needed to launch an MVP within 8 months to secure Series B funding
Our Solution
BCT Global deployed a hybrid engagement model: 3 on-site engineers embedded in the client's Tokyo office for architecture design, security review, and daily standups with the founding team, while a 9-person offshore lab team in Hanoi handled the core development work.
Our approach:
- Architecture & Security (Months 1-3): Designed a microservices backend on Spring Boot with country-specific service modules for KYC, payments, and compliance. Implemented HashiCorp Vault for secrets management and end-to-end encryption using AES-256.
- Core Development (Months 3-10): Built native iOS (Swift) and Android (Kotlin) applications with shared business logic. Developed a unified API gateway that routes to country-specific services. Integrated with local payment providers: VNPay (Vietnam), GCash (Philippines), and PromptPay (Thailand).
- Testing & Compliance (Months 10-14): Conducted comprehensive security penetration testing, regulatory compliance audits for each market, and load testing simulating 1M concurrent users. Achieved SOC 2 Type II certification.
- Launch & Optimization (Months 14-18): Phased rollout starting with Vietnam, followed by Philippines and Thailand. Post-launch performance optimization and ongoing feature development.
All development adhered to BCT Global's ISO 27001-certified security practices and APPI compliance standards.
System Architecture
Technology Stack
Results & Impact
The platform launched successfully in Vietnam within 8 months, securing the client's Series B funding round. Within the first year across all three markets, the app achieved over 500,000 downloads with a 99.9% uptime record. The platform passed regulatory audits in all three countries with zero findings. The client's CTO credited BCT Global's hybrid model — on-site architects ensuring alignment with Tokyo leadership, while the Hanoi lab delivered rapid development cycles — as the key factor in meeting their aggressive timeline.
"What set BCT Global apart was their ISO 27001 certification and genuine understanding of financial security requirements. Their on-site engineers in Tokyo became extensions of our team, while the Hanoi lab delivered code at a pace we couldn't have achieved alone. We passed every regulatory audit in three countries — that speaks to the quality of their security practices."
Chief Technology Officer Japanese Fintech Startup — Series B, Tokyo