External system integrations
Integrations with systems that exist outside the bank platform itself. These are
delivered as part of implementation and rollout — not part of the platform build.
Each depends on platform modules reaching a minimum build state before the
integration can be wired up.
Scope: identity providers, ERP, regulatory portals, network memberships, and
other enterprise systems that the bank organisation operates alongside the platform.
For vendor runtime integrations within platform modules (card processors, payment rails,
eIDV providers) see Third-party platform integrations.
Delivery phase
| Phase |
Meaning |
| Pre-launch |
Must be in place before the first customer can be onboarded. A missing pre-launch integration is a go/no-go blocker |
| Launch |
Must be operational by public launch date. May be manual or partially automated at pre-launch but fully integrated by launch |
| Post-launch |
Can be phased in after go-live without blocking customer operations. Typically operational efficiency or advanced compliance automation |
| Ongoing |
Recurring regulatory obligation; integration must be maintained and updated as regulations evolve |
Identity and access management
Microsoft Entra ID (Azure AD)
| Attribute |
Detail |
| Purpose |
SSO and identity lifecycle management for bank staff — back-office operators, risk analysts, compliance team, platform engineers. Distinct from customer identity (Cognito — MOD-068) |
| Phase |
Pre-launch |
| Platform dependency |
MOD-068 (staff identity federation via Cognito SAML/OIDC bridge to Entra ID), MOD-075 (API gateway staff routes) |
| Scope |
User provisioning/deprovisioning, group-based RBAC (risk analyst, compliance officer, platform engineer roles), MFA enforcement, conditional access policies, guest access for external auditors |
| Implementation notes |
The back-office shell (MOD-177 and Streamlit apps in SD06) authenticates staff via Cognito custom domain → SAML federation to Entra ID. Cognito is the identity broker; Entra ID is the directory. No Entra ID SDK in application code — all goes through the Cognito JWT issued after federation |
| Owner |
Platform engineering + corporate IT |
Privileged access management (PAM)
| Attribute |
Detail |
| Purpose |
Just-in-time privileged access to production infrastructure (AWS console, Snowflake ACCOUNTADMIN, Neon production, Lambda deployment) |
| Phase |
Pre-launch |
| Platform dependency |
MOD-104 (AWS IAM), MOD-102 (Snowflake RBAC) |
| Scope |
CyberArk, AWS IAM Identity Center, or equivalent. Break-glass access audit trail. Required by DT-001 (Information Security Policy) and DT-002 (Cybersecurity) |
Regulatory reporting portals
RBNZ — Reserve Bank of New Zealand
| Attribute |
Detail |
| Purpose |
Prudential return submission, AML/CFT regulatory reporting, ESAS settlement account management |
| Phase |
Launch |
| Platform dependency |
MOD-036 (prudential return builder), MOD-057 (statistical returns), MOD-026/019 (IFTI/AML/CFT reports) |
| Integration points |
RBNZ ORION (Online Regulatory Information Network) — structured XML/CSV file upload for BS11, BS2A, BS13, and statistical returns. Currently MOD-036 and MOD-057 produce report files; the submission to ORION is manual. Automate via the ORION API when stable |
| NZ-specific |
ESAS account: RBNZ holds the bank's Exchange Settlement Account — requires bilateral agreement, real-time balance access for liquidity (LCR HQLA denominator), and settlement file reconciliation |
APRA Connect — Australian Prudential Regulation Authority
| Attribute |
Detail |
| Purpose |
AU prudential return submission (APS 110 capital, APS 210 liquidity, statistical returns) |
| Phase |
Launch |
| Platform dependency |
MOD-036, MOD-057 |
| Integration points |
APRA Connect API — structured data submission. D2A (Direct to APRA) data standard. MOD-036 produces APRA-formatted capital and liquidity returns; submission automation is post-launch |
AUSTRAC — Australian Transaction Reports and Analysis Centre
| Attribute |
Detail |
| Purpose |
AU AML/CTF regulatory reporting — IFTIs (International Funds Transfer Instructions), SMRs (Suspicious Matter Reports), TTRs (Threshold Transaction Reports) |
| Phase |
Launch |
| Platform dependency |
MOD-019 (IFTI/CMIR reporting trigger), MOD-026 |
| Integration points |
AUSTRAC Online API — structured JSON submission. MOD-019 currently queues reports; AUSTRAC Online API submission is manual in v1. Automate via AUSTRAC Online API with SMLFES (Standard Mule Format) encoding |
Inland Revenue NZ (IRD) and ATO Australia
| Attribute |
Detail |
| Purpose |
FATCA and CRS reporting, withholding tax reconciliation |
| Phase |
Post-launch |
| Platform dependency |
MOD-060 (FATCA/CRS reporting) |
| Integration points |
IRD gateway (NZ) and ATO Online Services (AU) for FATCA XML and CRS XML submission. OECD Common Reporting Standard format |
ERP and financial systems
ERP / General Ledger
| Attribute |
Detail |
| Purpose |
Statutory financial reporting, management accounts, AP/AR, payroll, fixed assets. MOD-080 produces IFRS-standard trial balance and financial statements in Snowflake; the ERP consumes these for statutory filing |
| Phase |
Pre-launch |
| Platform dependency |
MOD-080 (statutory financial reporting), MOD-042 (CDC to Snowflake) |
| Vendor candidates |
Oracle NetSuite, Microsoft Dynamics 365 Finance, Xero (if small enough) |
| Integration points |
MOD-080 produces trial balance files and IFRS statement exports to S3 Iceberg. ERP integration reads from these outputs. API-based GL journal push is the target; CSV/SFTP file drop is the v1 approach |
| Notes |
The bank's chart of accounts must be mapped to MOD-080's ledger account structure before integration can begin. This is a configuration dependency, not a code dependency |
AP / Vendor payments
| Attribute |
Detail |
| Purpose |
Bank's own accounts payable — vendor invoices, staff expenses, regulatory fees |
| Phase |
Launch |
| Platform dependency |
None direct — AP runs on ERP, which may use the bank's own payment rails |
| Notes |
If the bank processes its own vendor payments through its own payment rails (SD04), this creates an interesting self-hosting scenario. Typically handled via ERP native banking connector to the bank's own account |
Banking network memberships
These are contractual memberships, not software integrations per se — but each one
gates specific platform capabilities.
| Network |
Jurisdiction |
Platform dependency |
Phase |
Notes |
| Payments NZ |
NZ |
MOD-119, MOD-122 |
Pre-launch |
Membership required for NZ interbank settlement, direct credit, direct debit. Requires RBNZ ADI status or licensed deposit-taker status |
| NPP Australia (NPP Ltd) |
AU |
MOD-120 |
Launch |
Participant or access seeker membership. Access seeker uses a sponsor (e.g., Cuscal, Monoova) rather than direct connection |
| Australian Banking Association (ABA) / BECS |
AU |
MOD-122 |
Launch |
Required for AU bulk electronic clearing (direct credit, direct debit). Via a clearing agent if not a direct BECS participant |
| SWIFT |
NZ + AU |
MOD-119 |
Post-launch |
BIC code, SWIFT Alliance or SWIFT Cloud (SWIFTNet) for correspondent banking and cross-border payments |
| Visa International |
NZ + AU |
MOD-124 |
Pre-launch (for card) |
Card scheme membership + BIN allocation. Issuing license, not acquiring. Certification process before card issuance can go live |
| Mastercard International |
NZ + AU |
MOD-124 |
Pre-launch (for card) |
As above for Mastercard |
| EFTPOS NZ |
NZ |
Future |
Post-launch |
NZ domestic card network. Required for POS acceptance. Lower priority than Visa/Mastercard |
| BPay Group |
AU |
MOD-138 |
Launch |
BPay biller registration and payment switching |
| CUFSS (Credit Union Financial Services) |
NZ |
— |
Post-launch |
Optional — shared services network for credit union members |
Correspondent banking
| Integration |
Phase |
Notes |
| Sponsor bank — NZ |
Pre-launch |
Required for NZ Licensed Deposit-Taker (LDT) status under the Deposit Takers Act 2023. The sponsor holds the settlement account at RBNZ and provides initial liquidity backstop. Ongoing ESAS access depends on maintaining this relationship |
| Sponsor bank — AU |
Pre-launch |
Required for AU ADI (Authorised Deposit-taking Institution) status under the Banking Act 1959. APRA requires an established ADI sponsor during the restricted ADI licence period |
| FX prime broker |
Launch |
The bank needs a prime brokerage relationship for FX hedging (IRRBB management — MOD-035) and customer FX conversion (MOD-025). Relationship bank provides pre-approved FX dealing lines |
Operational and corporate systems
| System |
Phase |
Platform dependency |
Notes |
| External audit (Big 4 firm) |
Pre-launch |
MOD-056 (compliance visibility), MOD-022 (payment audit trail) |
Auditors need read-only access to financial statements and compliance evidence. Delivered via dedicated Snowflake role + Streamlit view, not via the bank's customer portal |
| GRC platform |
Post-launch |
MOD-056 |
Governance, Risk, and Compliance tool (e.g., ServiceNow GRC, Archer, LogicGate). Consumes wiki compliance data and evidence. May replace manual compliance tracking |
| Legal document management |
Launch |
MOD-073 (document vault) |
Contract lifecycle management for regulatory agreements, vendor contracts, ISDA/CSA agreements |
Business intelligence and reporting
| System |
Phase |
Platform dependency |
Notes |
| BI tool (management reporting) |
Post-launch |
MOD-176, Snowflake |
Management dashboards beyond what the Streamlit apps provide. Tableau, Power BI, or Sigma connected to Snowflake via a read-only analytics role. The back-office Recharts dashboards (MOD-177) cover regulatory/risk reporting; a separate BI layer serves finance and executive reporting |
| Data catalogue |
Post-launch |
SD06 data models |
Collibra, Alation, or similar — catalogues the Snowflake schema as a governed data product. Complements the wiki's data model documentation |
Integration dependency map
The following platform modules must reach Deployed status before the corresponding
external integration can be wired:
| External integration |
Minimum platform state |
| Entra ID SSO |
MOD-068 (auth) Deployed |
| RBNZ ORION (automated) |
MOD-036, MOD-057 Deployed |
| APRA Connect (automated) |
MOD-036, MOD-057 Deployed |
| AUSTRAC Online API |
MOD-019, MOD-026 Deployed |
| ERP / GL integration |
MOD-080 Deployed |
| NPP participation |
MOD-120 Deployed |
| BECS AU/NZ |
MOD-122 Deployed |
| Visa / Mastercard card issuance |
MOD-124 Deployed + BIN sponsor contracted |
| SWIFT |
MOD-119 Deployed + SWIFT membership |
| FX prime brokerage |
MOD-025 (FX rate lock) Deployed |
| External audit Snowflake access |
MOD-056, MOD-176 Deployed |