Investment services
Incident reporting & compliance platform
The challenge
Operational risk incidents were captured in ad-hoc spreadsheets and mail threads. The company needed structured intake with strict permission boundaries (including confidential incidents), lifecycle workflows, and compliance reports whose format is dictated by group and regulator templates - plus ongoing evolution as requirements change every quarter.
What we did
We built and still operate a platform of more than seventy cooperating .NET services, background jobs and web applications, orchestrated with Hangfire and backed by SQL Server.
A master data subsystem keeps organizational units, roles and reporting lines synchronized from authoritative sources, driving both permissions and report aggregation.
Excel compliance reports are generated from templates the risk team maintains themselves, so a changed regulator format doesn't require a release.
The outcome
- Single auditable pipeline from incident intake to regulator-ready reports
- Confidential incidents isolated by fine-grained, centrally synchronized permissions
- Quarterly regulatory changes absorbed by configuration, not redevelopment
- Platform in continuous production use and active development for years
Facing something similar?
We're happy to share how we approached it - engineer to engineer.