How to Build a Neobank From Scratch in 2023

Konstantin Kalinin

Head of Content

August 4, 2023

Neobanks — swift little apps with banking features offered by non-traditional digital-only banks — who doesn’t have one, right? After reviewing the most recent funding series, I can attest that nascent neobanks target the underbanked and focus on niche markets, for example:

• e-commerce
• immigrants,
• African American community
• freelancers, etc.

If you’ve identified the unique banking needs of a sizable cohort and want to learn how to build a neobank to serve them, here’s a thorough run-down from a business owner’s perspective.

Key Takeaways:

• Neobank development entails creating a suite of back-end applications besides mobile apps. One way to address this challenge is partnering with an established bank or using banking-as-a-service providers.
• When developing a neobank from scratch, avoid implementing third-party and open-source code as is because it may be outdated or contain malware.
• Before you set up a neobank, think through its security architecture in terms of multiple defense lines, starting from the development environment all the way to a live neobank app. After all, security is a top notch priority for challenger banks.

1. How to Start a Neobank from Scratch
2. Step #1: Build the Core of a Neobank
3. Step #2: Develop a Customer-Facing Neobank App
4. Step #3: Secure Your Solution
5. Step #4: Test a neo-banking Platform
6. Step #5: Deploy a Neobank
7. Learn from Top Neobanks’ Mistakes
8. Challenges of Creating a Neobanking App
9. Time to Launch a Neobank

How to Start a Neobank from Scratch

One thing to remember when you embark on the journey of building your own neobank platform is that you will need to produce more than a shiny mobile neobank app. In effect, you’ll be working on a set of web applications critical to the functioning of the mobile app.

Challenger bank apps like Revolut look simple and very appealing on the surface, right?

At the same time, though customers experience all this gloss in a deceptively simple mobile app, its back end includes:

• 90 back-end apps to support all the key features of the mobile app
• 10 web apps used by the company’s employees to administer the mobile app

Can you imagine? One hundred applications behind a single nifty app. Of course, Revolut didn’t build all of that in one fell swoop when starting the company in 2015. Still, some of these “invisible” applications had to appear together with the first public version of the mobile app for it to function properly.

You’re in the same boat if you want to develop a neobank app.

“Wait a minute. What about this Chime app? I heard they partnered with a bank and didn’t waste resources on all this back-end stuff, did they?” I can hear you asking. And you’re absolutely right, my fellow app entrepreneur. There are different ways to tackle this challenge; review step 1 below for answers, as you start envisioning your neo bank app.

As a side-note:

“According to industry reports, the global neobanking market, powered by apps like Chime and Varo, was valued at USD 66.82 billion in 2022 and is expected to reach an impressive market size of USD 2048.53 billion by 2030, growing at a compound annual growth rate (CAGR) of 53.4% from 2022 to 2030.”

Step #1: Build the Core of a Neobank

So, we’ve established you’ll have to build at least a couple of back-end applications necessary for your neobank app. What are those? To start a neobank app, at the bare minimum, you will need:

• API
• card processing app
• back-office tools

The API is an invisible layer connecting your app with other services, such as a payment gateway or authentication module. In addition, APIs serve to interconnect various banking services within your own application which is the case when developing fintech apps in general. 

The card processing app handles everything related to transactions (e.g., transaction value) and other operations related to credit/debit cards and account management. That’s where the core business logic of your app will reside.

As for back-office tools, their purpose is to manage your neobank platform as a whole. You can’t be efficient if you have to update the code every time you need to modify an interest rate.

How do you build this core?

Now, the first option is to build these back-end applications (and many others, such as fraud prevention and compliance services) from scratch. Needless to say, there are a lot of caveats with building financial products using this approach.

Pros of developing a neobank from scratch

• you own the entire system: its design, implementation, and future development
• you can later turn the built infrastructure into a SaaS for other neo-banking startups
• you can expand your solution gradually by paying for new features with something that already generates traction

Cons of creating a neobank from scratch

• takes a longer time frame than the other scenarios (which we’ll discuss shortly)
• requires a significant upfront investment

The second option is to follow in the steps of Chime, Dave, and other neo-banking startups that chose to integrate with established banks offering traditional banking services. Mind that a lot will depend on the nature of financial services your app will offer. Still, even if just a few, you still need to build some back-end applications to manage your mobile neobank.

Pros of outsourcing neobank back-end to a traditional bank

• faster time to market
• potentially, access to an existing client base
• requires a smaller budget than creating from scratch

Cons of outsourcing neobank back-end to a bank

Despite the seeming advantages, partnering with traditional banks for your neobank’s back-end can constrain your ability to implement innovative digital banking solutions, as you would need to adhere to their existing technical and regulatory frameworks.

• bank legacy software is usually hard to integrate with and slows down new features like AI customer profiling
• limited portfolio of consumer banking products due to regulation constraints

Finally, you can opt for banking as a service. Companies like Temenos and Synapsefi offer all the required server and software infrastructure on-demand and function as a backend to your neobank app.

Pros of using a banking-as-a-service provider

• faster time to market
• requires a smaller upfront investment than building from scratch

Cons of using a banking-as-a-service provider

• hard to predict support for new exciting features
• locked-in tech stack to integrate with a BaaS

Volt and Judo Capital are two examples of neo banks using an off-the-shelf banking infrastructure (by Temenos and Microsoft Azure) to provide innovative financial solutions.

Related: How to build a winning personal finance app?

The bottom line is when you opt for banking-as-a-service, you delegate your tech stack decisions to a service provider. As for developing from scratch, the tech stack will be your responsibility, just as compliance with regulatory requirements of the finance industry and securing a banking license.

That’s not something entirely dreadful or uncommon among banking apps, though. For example, Revolut started with Java, PostgreSQL, and Angular to build the essential neobank components: API, card processing, and back-office tooling.

Main takeaway: you’ll need experienced back-end or full-stack app developers to create a neobank app for mobile because server-side development is unavoidable.

Step #2: Develop a Customer-Facing Neobank App

Besides the back-end, you also need to create a customer-facing mobile banking app — an indispensable part of a compelling neo-banking platform.

I advise that you use a technique similar to our Rapid Prototyping routine at Topflight Apps. This approach implies designing an immersive user experience for a specific group of customers and then testing it to make sure the UI/UX clicks with the target audience.

A typical neo-banking app would include the following features to help customers manage their money:

• Savings accounts
• Credit/debit cards
• Payments
• Transactions history
• Budgeting
• Investing options
• Real-time fraud detection
• Child accounts
• Notifications
• Real-time chat help desk

Now, I’m a huge proponent of using third-party solutions, whether commercial or open-source, as a shortcut to developing features faster. However, when you build a neobank, you’re better off creating your feature set from scratch because an external library may come with malware.

Even if you choose to expedite neobank development with third-party code, use only verified vendors. Also, ensure developers check every single open-source library for vulnerabilities and malware before applying it. You can find more recommendations on how to create a banking app in a separate blog.

Main takeaway: Focus on creating an engaging banking experience with unique functionality and avoid using third-party components wherever possible. Diligently verify every external piece of code, especially if it’s open-source. Apply rapid prototyping to validate your UX/UI ideas.

Step #3: Secure Your Solution

Obviously, security is crucial when you set up a neobank because the whole business hinges on trust. And even though securing a neobank is a set of practices encompassing the entire process, rather than a single step, let’s see what you can do for your app’s safety.

\

First of all, you should realize that a solid neobank security strategy must rely on multiple defense lines: starting from the development and staging environment all the way to a platform’s live production setup.

Proactive security

The right way to approach this Herculean task is to establish a Security Office Center (SOC) that functions as a command center analyzing every little bit of information produced by your neobank digital infrastructure.

Now, some financial institutions implement enterprise security information and event management (SIEM) software for these purposes. However, it’s better to build your own security toolchain using a combination of custom-built solutions and tools from trusted vendors.

For example, NuBank uses AWS Lambda to create an army of bots capable of protecting against fraud, hacking, and other common threats. With this approach, you, so to speak, break down your neobank’s monolithic security into microservices because every bot has limited access to a specific module and, if compromised, can’t bring down the whole system.

Bots excel at securing neobanks because they are way faster than humans at detecting anomalies, run 24/7, and can go through the same routine virtually forever without making mistakes. This approach also simplifies the software development process.

Some other AWS tools you can use to protect your customers include:

• Guard Duty (registers accidents on the network level)
• AWS Shield (prevents DDoS attacks)
• AWS config firewall rules (safeguards against accidental coding mistakes)

Passive security

You should log absolutely everything happening in your neo-banking platform and run machine learning algorithms on these terabytes of data to look for patterns that may pique your security team’s interest.

Other lines of passive defense include setting up security groups (what server can access what data, on which ports, etc.) and volumetric control, which usually helps to catch issues at the protocol level where you can’t immediately identify what’s happening.

Customer-friendly privacy

Despite a wide range of security tools and mechanisms available (I barely scratch the surface here), you should remember that they can’t stand in the way of customers using your app. Ideally, neobank security remains invisible to users or takes the most consumer-friendly form, e.g., video calls to verify identity.

Main takeaway: A sound security strategy for a neobank must include a set of practices that span the development and deployment of both the backend and frontend applications.

Step #4: Test a Neo-banking Platform

From what I’ve observed with some top-rating neobanks like NuBank and Revolut, you want to have as many automated tests as possible. Test-driven development is one way to achieve that.

Think about all the possible use cases that your customers may run into when using the app. It’s close to impossible to identify and eliminate all issues with manual testing. For example, Revolut had around 100 automated tests at one point just to test all possible cases for currency exchange.

That’s not to say that QA engineers are not necessary, but they should be able to write code and automate the testing process. Without going into much detail, here are a few tests you should expect your team to run on your platform:

• unit-testing
• integration testing
• security testing (including penetration tests)
• user acceptance testing
• regression testing
• load testing (user base spikes)

Main takeaway: get yourself a team of coding QA engineers comfortable with using automation testing tools and capable of implementing a custom testing infrastructure for unit, integration, and end-to-end tests without the need for rendering to the screen.

Related: The Complete Guide to QA Testing 

Step #5: Deploy a Neobank

As you can imagine, a successful neobank undergoes changes non-stop. For example, Chime updates its iPhone banking app around five times every month. Can you imagine how many updates are happening in the background on the server-side to accompany these mobile app changes? I bet at least dozens, if not hundreds.

Because of that, an established DevOps process and toolchain is an absolute must when deploying a neobank online. In short, DevOps includes best practices and tools that result in quicker deployment of new versions of your software to the public.

What happens in practice is you spin up an entire version of your neobank with new features that have been rigorously tested, reroute DNS servers to this new instance, and once traffic starts coming to the latest version, kill the previous bank instance.

Main takeaway: DevOps plays a huge role in running a successful neobank. So if you’re wondering how to open a neobank in the most scalable manner, DevOps is undoubtedly part of the answer. Continue monitoring customer engagement post-launch.

Learn from Top Neobanks’ Mistakes

When you launch your own neobank, don’t be discouraged if you run into some issues. Even top players are prone to mistakes. Hopefully, with the benefit of hindsight, you can avoid some of these shortcomings.

Machine learning on an anti-hacking spree

In June of 2021, Chime (the most downloaded US neobank) rubbed quite a few of its customers the wrong way by closing their bank accounts all of a sudden.

Apparently, the neobank was trying to fight a surge of fraudulent deposits. However, the automatic manner in which they closed accounts and weren’t able to quickly restore access suggests that a development company employed insufficiently trained ML algorithms for the task.

Advice: Always have a fallback security mechanism to quickly mitigate any issues and continue serving legit customers that fall prey to false-positive alerts — an unbeatable business model.

Think through your neobank’s architecture from start to finish

Revolut started as a monolithic neobank and had to rewrite all its code from scratch when they realized there was too much spaghetti code.

Advice: Don’t build a monolithic app from the start. I recommend implementing a microservices architecture from the get-go. In addition, every service should be open for integration with other services, so have APIs ready.

Avoid integrations with nascent service providers

The Dave neobank exposed 7M users’ data due to a security breach when hackers took over Waydev — an analytics platform for developers that Dave integrated with.

Advice: Vet all third-party code that integrates with your neobank or work with established vendors like Amazon, Microsoft, or Google.

Decide on your mobile tech stack early on

NuBank faced the challenge of hiring native mobile developers and had to switch first to React Native, then to Flutter. The company still has to manage three separate codebases, gradually rewriting their mobile and web apps in Flutter.

Related: Choosing a Tech Steck for your app: Do’s and Dont’s 

Advice: Choose the appropriate mobile stack for your mobile neo-banking app right from the MVP phase. This way, you won’t need to spend resources on redoing the stuff that already works.

Challenges of Creating a Neobanking App

Neobanking app development is like venturing into uncharted waters, where even the most prepared teams encounter unexpected obstacles. Take, for example, Monzo’s initial launch phase – they faced major challenges, including regulatory complexities and technological setbacks, despite having a solid plan and a capable team.

Before you start a neo bank, there are several crucial factors to take into account. Let’s review a few key considerations.

Navigating the Regulatory Maze

Complying with regulatory requirements is no small feat but is absolutely critical for the success of your neobank. Here’s how to go about it:

• Understand the regulatory landscape: Each country has its own set of banking regulations. Familiarize yourself with these guidelines and ensure your neobank complies with them.
• Consult with experienced legal counsel: They will help to understand the implications of these regulations for your neobank and how to navigate them effectively.
• Implement compliance features in your app: Neobank apps should include features that help adhere to regulatory requirements, such as identity verification and fraud detection mechanisms.

US-Specific Regulations for Neobanks

As you venture into the world of neobank app development in the United States, here are several crucial regulations that your neobank needs to comply with:

• Bank Secrecy Act (BSA): This law requires all banks, including neobanks, to assist the government in detecting and preventing money laundering. Your neobanking app needs to have robust anti-money laundering (AML) features in place.
• USA PATRIOT Act: The Patriot Act expands upon the BSA and specifically includes measures to prevent terrorism financing. It mandates thorough customer identification programs (CIP) which should be part of your app’s onboarding process.
• Truth in Lending Act (TILA): TILA aims to promote the informed use of consumer credit by requiring disclosures about its terms and cost. If your neobank plans to offer loans, your app should provide clear and comprehensive information about the terms of these loans.
• Electronic Fund Transfer Act (EFTA): This regulation establishes the rights, liabilities, and responsibilities of consumers in electronic fund transactions. Your neobank app should have measures in place to adhere to these guidelines.
• Fair Credit Reporting Act (FCRA): If your neobank will be involved in the decision-making process of consumer credit, it must comply with the FCRA, which has been designed to protect information collected by credit reporting agencies.

Remember, this is not an exhaustive list, and regulatory requirements can change. Always consult with a trusted legal counsel to ensure your neo banking is fully compliant.

Embrace Technology Standards: PCI DSS and Beyond

In addition to regulations, neobanks mobile app development must also adhere to certain technology standards to ensure secure and efficient operations. One such important standard is the Payment Card Industry Data Security Standard (PCI DSS). This is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

• PCI DSS Compliance: Compliance with PCI DSS is vital for neobanks, as it assures customers that their card data will remain safe and secure. Your neobank app should have robust security measures in place, such as encryption, firewalls, and regular vulnerability assessments, to meet these standards.

Beyond PCI DSS, similar standards applicable to neobank solutions development include:

• ISO 27001: This international standard provides a framework for information security management systems (ISMS) to provide continued confidentiality, integrity, and availability of information as well as legal compliance.
• GDPR: If you’re planning to operate in Europe, your neobank app must comply with the General Data Protection Regulation (GDPR), which mandates strict guidelines for data protection and privacy.
• PSD2: Also for European operations, the Revised Payment Service Directive (PSD2) offers rules for payment services and payment service providers throughout the EU and EEA.

Remember, achieving and maintaining compliance with these standards is not a one-time task, but an ongoing process requiring regular audits and updates. By embracing these standards, you can assure your customers that your neobank is committed to maintaining the highest levels of security and efficiency.

Assembling Your Dream Team

For established banks looking to venture into the neobanking sphere, leveraging their existing in-house development teams can seem like the most straightforward path. These teams are already familiar with the bank’s systems, culture, and goals, which can speed up the development process.

However, for startups, this may not be a feasible option. Startups often operate on tight budgets and might not have sufficient funds to maintain a high payroll for a full-fledged development team.

In such scenarios, hiring a dedicated team like Topflight becomes an attractive and cost-effective alternative. Topflight brings a wealth of diverse talent to the table, with a deep understanding of neobanking development, regulatory compliance, and the latest fintech trends. Our team acts as an extension of your own, working closely with you to understand your vision and translate it into a cutting-edge neobanking app that stands out in the competitive fintech landscape.

• Seek out fintech experts: Hire an app development company with experience and expertise in the fintech industry, from software developers to finance professionals.
• Cultivate a culture of innovation: Your team should be eager to embrace cutting-edge technology and innovative approaches to banking.
• Encourage constant learning: The world of fintech is ever-evolving. Encourage your team to keep up-to-date with the latest trends and developments.

However, this doesn’t mean that established banks can’t benefit from hiring a dedicated team. They can opt for starting a neobank with an outsourced development services team like Topflight, and then gradually transition to in-house as their neobanking operations expand and mature.
This approach allows them to de-risk the initial stages of the project while ensuring that they have the necessary in-house capabilities for the long-term success of their neobank.

Fueling Growth with Strategic Funding

Funding your neobank is a significant challenge, but it’s not an insurmountable one. Here’s what to keep in mind:

• Explore multiple funding options: From venture capital to crowdfunding, there are many ways to finance your neobank. Explore all options and choose the one that best aligns with your business goals.
• Be transparent with potential investors: Clearly communicate your business plan and how you intend to generate revenue. Transparency builds trust and can help secure funding.
• Demonstrate value: Show potential investors what sets your neobank apart from the competition. The more value you can demonstrate, the more likely you are to attract funding.

If your long-term goal relies on being acquired by a specific bank, it’s wise to start conversations with them as soon as you have a solid prototype. This applies regardless of whether your prototype uses the bank’s APIs or not. Early engagement can lead to a smoother transition, fostering mutual understanding and alignment of visions.

Cultivating Partnerships and Collaborations

Partnerships and collaborations can significantly enhance your neobank’s offerings:

• Seek strategic partnerships: Collaborate with other fintech companies to enhance your services. This could range from integrating with payment gateways to offering insurance products.
• Leverage existing banking infrastructure: Partner with conventional banks to use their banking licenses and regulatory experience.
• Join fintech ecosystems: Become part of fintech ecosystems to gain access to resources, expertise, and potential customers.

Customer Support & Experience: The Heart & Soul of a Successful Neobank

Your neobank’s success hinges on providing better customer support and experience. Here are some strategies to make a neobank extra customer-friendly:

• Be available: Your customers should be able to reach you easily. Provide multiple channels for customer support, such as email, chat, and phone.
• Personalize the experience: Use AI and machine learning to personalize the customer experience, from product recommendations to personalized financial advice.
• Listen to your customers: Regularly ask for feedback and act on it. Your customers are your best source of information on how to improve your neobank.

Time to Launch a Neobank

Hopefully, this blog gives you a better understanding of how to start a neobank. I’m pretty sure you now have even more questions before you started reading it, and that’s fine. Setting up a successful fintech business is all about uncovering new questions and finding answers to them.

Here’s a nice case study of how we helped to build a neobanking app.

Feel free to schedule a call with our experts to discuss how we can help you build a neobank with unique functionality. I’m pretty sure your digital bank will deliver.

Related Articles:

1. Gamification in Banking Guide
2. Build Fintech App 
3. How to Build a P2P payment app
4. How to Develop a Trading and Investing App
5. How to Build a Mobile Wallet for Digital Payments
6. How to Create a Loan App

[This blog was originally published on 7/21/2021, and has been updated for more recent content]