Quality and Security at the Core

About DKB

The Deutsche Kreditbank AG (DKB) with its headquarters in Berlin is part of the BayernLB Group and caters to business and private clients with its approximately 5,000 employees. With a balance sheet total of 118 billion euros, it is among the top 20 banks in Germany. DKB has focused its lending on sustainable future sectors, including renewable energies, municipalities, housing, health, education, and agriculture. In many of these sectors, DKB is a leader.

‍

Project goals and content

The "PIA" project (Process, Information Cluster, and Application Management) of DKB is a self-developed GRC (Governance, Risk & Compliance) tool. In addition to internal requirements, PIA maps regulations and directives of BaFin and ECB for banks and their assets (Assets). These are regularly checked through audits. PIA allows the bank to keep track of all its assets and their relationships to the process.

PIA is a very comprehensive system, encompassing thousands of processes and assets. The application has high requirements for audit-proofing, particularly the availability of history over all changes. Security is also a key issue. A fine-grained rights and roles concept was implemented to provide users with exactly the data they are responsible for maintaining.

PIA 2.0, which is being implemented by a mixed team of developers from Comsysto Reply and DKB, will replace the current application. Our development focus, while adhering to high customer standards regarding code quality and strict development guidelines in the banking context (such as the four-eyes principle), was on the following points, for example:

• Implementation of interfaces to establish connections to the master data systems of the respective assets.
• Analysis of performance bottlenecks and implementation of a solution. For example, a performance-optimized access to specific asset versions was implemented.

In addition to pure development, we brought our expertise in both procedural and technical areas. We brought our outside perspective and experience from other projects to the team and provided new impulses for existing processes and Scrum events. We advised on architectural decisions and made our own suggestions for the technical implementation of challenging topics. Concrete examples:

• Mocking with Wiremock for development-related test environments to resolve dependencies on external test systems.
• Support in selecting suitable frameworks for the implementation of the DKB-desired standard 'JSON:API' for REST interfaces and for the Open API-compliant documentation of this interface.
• Introduction of the language ‘Kotlin’ to support the team's decision for or against its use in the project.
• Presentations of technologies used in the project for knowledge transfer to other teams, e.g., reactive web interfaces with Project Reactor.

‍