Digital Transformation

Fintech app development considerations in Hong Kong and Singapore

November 30, 2017

Looking to launch a fintech app in hong Kong or Singapore for your banking department or new venture? This article covers things you should consider.

Looking to launch a fintech app in Hong Kong or Singapore for your banking department or new venture?

At Altitude Labs, we're a team of designers, engineers and ex-bankers. We have had the pleasure of developing and launching several fintech applications. Projects we've worked on includes a VR-powered mortgage app for DBS Bank, a Bitcoin remittance platform for , a sentiment index for a credit card linked expense monitoring app, a blockchain-enabled private market for alternative investments, a social lending platform and a digital bank.

In this article, we'll cover key considerations for fintech startups when launching their app.

1. Security

The number one question that comes up about fintech startups is security. How can I stay lean and develop rapidly with the cloud while keeping my data safe?

From our conversations with the solution architects at Amazon Web Services (AWS), your fintech startup can achieve bank level security on the cloud.

In a nutshell, it involves hosting your application in a virtual private cloud, where you keep application code and data in private subnets and only expose your app to the world through a single public subnet.

There are several components to a secure infrastructure:

1. Routing: Configure your instances and subnets such that traffic flows only in restricted ports and channels

2. Network ACL (Firewall layer 1): Configure access between subnets

3. Security groups (Firewall layer 2): Configure access between instances

4. Bastion host: Only allow access to your private subnets through a VPN or a limited physical location and SSH key

5. VPC flow logs: Allows you to monitor the traffic within your virtual private cloud for anomalies

6. User access management: Separating roles for different levels of web console and API access to your cloud account

7. Encryption: The best practice is to encrypt all data transfers within your virtual private cloud

8. CDN: Use CDNs to not just serve your assets faster but also as a first layer of prevention for DDOS attacks, web application firewalls and IP blacklists

9. Physical: Physical data centers should have bank-level security certifications and your people and locations that have SSH access to data on your virtual private cloud need to be secure.

Needless to say, setting all this up is complex. In fact, most fintech startups will not have all this in place from the start. Startups have to exercise judgment in balancing between level of security, nimbleness and business scale.

Note: In spite of the above, banks in Hong Kong and Singapore still rely on their own IT infrastructure for security. As such, the apps they develop are often deployed on-premise.


  1. Introduction to AWS Security
  2. AWS Security Best Practices

2. Blockchain

Word has it that some companies can multiply their valuations by inserting buzzwords into their business, and blockchain is one of those buzzwords.

However, many startups do genuinely want to leverage a distributed ledger to achieve transparency and trust in transactions that take place on their platform.

When implementing blockchain technology, it is a good idea to leverage a blockchain as a service (BAAS) solutions. This allows you to keep your investors happy while not having to invest heavily in implementing blockchain technology from scratch.

3. Know your client (KYC)

The last big hurdle for many fintech companies is around compliance and knowing your customers.

In terms of KYC requirements, it is a good idea to speak with the regulators to understand what's going on.

Fintech in Hong Kong is regulated by the Hong Kong Monetary Authority (HKMA), SFC (Security & Futures Commission). In Hong Kong, fintech startups can talk to regulators through the Fintech Facilitation Office.

In Singapore, fintech is regulated by the Monetary Authority of Singapore (MAS).

The other way to understand KYC requirements is to compare what other apps out there have done.

There are several digital bank and wallet apps out there released by banks and fintech startups in Hong Kong, Singapore and internationally.

Comparing their onboarding flow to your understanding of regulatory requirements is a way to sense check that your app is meeting regulatory requrements while providing the best possible user experience.


Hope you've found this article useful. If you'd like us to cover other aspects of developing fintech applications or have questions, feel free to leave a comment below. If you have a fintech app you'd like to build, feel free to reach out to us at

You May Also Like