Creodata Business Account Opening System: Digital Corporate Onboarding for Banks
Replace paper business and corporate account-opening forms with a guided, compliant, fully tracked digital journey — a 9-step application, KYB and compliance capture, document management, and an SLA-monitored review workflow — for banks, SACCOs, MFIs, and fintechs across East Africa.
The Creodata Business Account Opening System (BAOS) is a multi-tenant, white-label platform that replaces paper and PDF business and corporate account-opening forms with a guided, compliant, fully tracked digital journey. It takes an applicant from the first field of an entity profile through to a clean handoff at account creation, while capturing the compliance evidence and audit trail a regulated institution needs along the way. The reference deployment is a bank in Kenya, and the platform is built to be configured for the next institution without changing code.
The problem
Most business and corporate account opening still runs on paper or on PDF forms that are printed, signed, scanned and re-keyed. The cost of that workflow is rarely a single dramatic failure; it is the accumulation of small frictions. Details are re-entered by hand from a form into a core system, which introduces transcription errors. Documents — the Certificate of Incorporation, the CR12, the KRA PIN certificate — arrive by email or in person, get filed inconsistently, and go missing. There is no single timeline showing where an application sits or who touched it last.
For the applicant, the experience is opaque. A business owner who started an application has no reliable way to see what is outstanding or how long approval will take, and incomplete applications are abandoned because there is no way to pause and resume. For the bank, compliance capture is fragmented across the form, separate declarations and side conversations, which makes it hard to demonstrate that the right checks were performed at the right step. Turnaround time stretches, and when a regulator or an internal auditor asks what happened to a particular application, reconstructing the answer is slow.
BAOS exists to close that gap: to make the journey guided for the applicant, structured for staff, and evidential for compliance and audit. For the wider discipline and a step-by-step view of the workflow, the complete guide to business account opening sets out the full picture.
What the platform does
A guided nine-step application
The core of BAOS is a wizard that maps the bank's business account-opening form into a sequenced digital journey. It auto-saves to draft between steps, so progress is never lost. The nine steps are:
- Business Information — entity and company details, KRA PIN, date of incorporation, registration and business type, nature of industry and key activities, employee range, annual turnover range, purpose of account, mailing and physical addresses, and primary and alternative contacts.
- Account Selection — account product or type, currency (KES or foreign), and customer segment.
- Account Facilities — debit card, cheque book, mobile and internet banking, e-statements, and transaction alerts.
- Compliance — PEP declaration, FATCA declaration, and significant stakeholders (the beneficial owners: directors, shareholders, partners or sole proprietor).
- Authorized Signatories — up to four signatories, each with identification and a passport photo.
- Signing Mandate — operating instructions (singly; jointly all; jointly any two, three or four; either-or-survivor; or special) plus acceptance of terms and conditions.
- Lipa Na M-PESA Short Code — a paybill or till short-code application, shown conditionally based on the facilities selected at step 3.
- Board Resolution — resolution items, authorised officials and daily limits.
- Documents and Review — a checklist-driven document upload and a final review of the whole application.
This structure mirrors the corporate account opening process that operations teams already know, and it captures the authorized signatories and signing mandates and the board resolution as first-class, structured data rather than free text. Designing the journey this way is also the single biggest lever for reducing account opening abandonment.
A customer self-service portal and status tracking
Applicants register, sign in, and start, continue or track their applications from a self-service portal. Save-and-resume drafts mean an applicant can leave an incomplete application and return to it later without re-keying anything. Status is tracked through a non-enumerable reference token, so there are no sequential identifiers for an outsider to guess or enumerate. The result is that the business owner always has a way to see where things stand, and the bank is not fielding "where is my application" calls.
Document management
BAOS replaces the email-and-folder approach with checklist-driven uploads tied to each application — for example the Certificate of Incorporation, CR12, KRA PIN certificate, Memorandum and Articles of Association, board resolution, annual returns, passport photos and financial statements. Documents are verified as part of the workflow and stored in MinIO on-premises or Azure Blob Storage in the cloud. The full business account opening documents checklist for Kenya explains what each institution typically requires and why.
Compliance capture and review
The platform captures the compliance picture at the point of application — the PEP and FATCA declarations and the significant stakeholders — and routes it into a compliance screening service that performs PEP, FATCA and KYC/AML checks alongside a staff compliance-review workflow. This is where the platform operationalises Know Your Business (KYB) and customer due diligence for business accounts. Because corporate structures sit behind the entity, the platform treats beneficial ownership and significant stakeholders as structured data, and the declarations feed PEP and sanctions screening at account opening and the handling of FATCA and CRS for business accounts. Onboarding is the start of compliance, not the end of it — once an account is live, ongoing monitoring is the job of the Creodata AML Compliance Platform.
A six-stage, SLA-monitored workflow
Behind the application is a six-stage bank workflow, and each stage carries its own SLA timer with breach monitoring: Submission, Compliance Check, Document Verification, Internal Review, Approval and Account Creation. The workflow is event-driven — RabbitMQ on-premises or Azure Service Bus in the cloud — and operations teams get SLA dashboards and breach lists so a stalled application is visible before it becomes a complaint. This is the operational backbone behind account opening turnaround time and SLAs.
Internal staff review with RBAC and branch scoping
Staff work from a review dashboard with assign and review actions and internal review forms. Access is governed by role-based access control with branch scoping, so a staff member sees only the applications for their own branch and segment. Email notifications keep both applicants and staff informed at each stage of the journey.
Multi-tenant, white-label configuration
BAOS is multi-tenant and white-label by design. Each tenant gets its own branding (logo and colours), and the form fields, document checklists, account products, segments and branches are configurable per tenant — all without code changes. That is what makes the platform deployable to the next institution as a configuration exercise rather than a rebuild; the broader pattern is covered in multi-tenant white-label onboarding.
Built on microservices, deployed your way
BAOS is built on .NET 9 microservices with a Next.js 14 backend-for-frontend, and it runs as a Microsoft Azure Managed Application or on-premises on Kubernetes, with feature parity across both. There are eight microservices — Account Application, Tenant Config, Compliance, Document, SLA Monitoring, Authorization (RBAC), Auditing and Email Notification — and tenant data is isolated schema-per-tenant in PostgreSQL.
| Capability | Microsoft Azure | On-premises (Kubernetes) |
|---|---|---|
| Relational data | PostgreSQL Flexible Server | PostgreSQL |
| Messaging / events | Azure Service Bus | RabbitMQ |
| Document storage | Azure Blob Storage | MinIO |
| Identity | Microsoft Entra ID | Keycloak |
The same application logic runs in both deployments, so an institution can choose the cloud or its own data centre on the basis of its data-residency and operational preferences without giving up capability. At the Account Creation stage the workflow is designed for a clean handoff to the bank's downstream systems; core-banking integration is an architectural pattern at that boundary, discussed further in core-banking integration and the account-creation handoff.
Designed for audit and trust
Regulated onboarding has to be defensible after the fact, so BAOS is built around an append-only audit log that records actions as they happen. Access is enforced through an RBAC permission matrix with branch-level row scoping, and the review workflow is structured to support a four-eyes separation between the person who prepares and the person who approves. Sessions are encrypted, requests are protected against cross-site request forgery with a double-submit cookie, and JWT validation is enforced across services.
This is audit-ready architecture designed for SOC 2 and GDPR-aligned controls — not a certification claim, but the structural foundation an institution needs to demonstrate control over its onboarding process. The discipline of building an audit-ready onboarding trail is what turns "we think the checks were done" into "here is the record".
Who it is for
BAOS is built for regulated institutions onboarding business and corporate customers in East Africa: banks, SACCOs, microfinance institutions and fintechs. It suits an institution that still runs business onboarding on paper or PDF and wants a guided, compliant, trackable journey; one that needs branch-scoped staff review and SLA visibility across its operations; or a group that wants to offer a white-label onboarding experience to several brands or tenants from a single platform. The same platform serves a single bank and a multi-tenant operator, because the difference between them is configuration.
Frequently asked questions
Does the platform integrate with our core banking system?
BAOS is designed for a clean handoff to downstream systems at the Account Creation stage of its six-stage workflow, and core-banking integration is supported as an architectural pattern at that boundary. The platform structures and validates the full application so that the data reaching account creation is complete and consistent. We do not ship a pre-built connector to a specific named core-banking product; the integration is delivered to fit your environment at that handoff point.
Can we run it on-premises instead of in the cloud?
Yes. BAOS runs either as a Microsoft Azure Managed Application or on-premises on Kubernetes, with feature parity between the two. The on-premises stack uses PostgreSQL, RabbitMQ, MinIO and Keycloak in place of the Azure services for relational data, messaging, document storage and identity, while the same .NET 9 microservices and Next.js front-end run in both. This lets you choose a deployment that matches your data-residency and operational requirements.
How is each tenant's data kept separate?
BAOS is multi-tenant with schema-per-tenant isolation in PostgreSQL, so each tenant's data lives in its own schema. Access is further constrained by role-based access control with branch-level row scoping, meaning staff see only the applications for their own branch and segment. Branding, form fields, document checklists, account products, segments and branches are all configured per tenant without code changes.
Ready to see the guided journey, the compliance capture and the SLA-tracked workflow on your own forms and branding? Explore the Business Account Opening System product page and book a demo to walk through a corporate onboarding from first field to account-creation handoff.