3rd Party Trading Exchange KYC Notification Process

In the fast-paced world of trading, Know Your Customer (KYC) compliance is crucial—but managing notifications from multiple exchanges can be complex. Our team delivered a secure, scalable solution to streamline this process, leveraging Google Cloud technologies for authentication, message management, and security.

By implementing a Cloud Run Function for authentication, Pub/Sub for message handling, and robust security measures with Secret Manager, ACM, and IAM, we ensured reliable message delivery, data integrity, and secure access control. This solution not only simplifies KYC processing today but also provides a strong foundation for future enhancements.

In this blog, we’ll break down how we built it, the challenges we solved, and the impact it delivers. Let’s dive in!

The Challenge

Handling Know Your Customer (KYC) notifications from a 3rd party trading exchange presented a unique challenge. The exchange’s KYC process operates asynchronously—after submitting customer verification data, a webhook notification is sent hours or even days later. These notifications needed to be:

  • Reliably received
  • Properly validated
  • Securely stored for processing

While Pub/Sub was the ideal choice for managing messages, there was a problem: the exchange’s shared key signature authentication wasn’t compatible with Pub/Sub’s built-in security. This created a gap that needed a secure and scalable solution.

 

The Solution

To bridge this authentication gap, we deployed a Cloud Run Function as an intermediary. Here’s how it works:

  • The function receives incoming KYC notifications.
  • It validates the shared key signature stored in Secret Manager.
  • Only verified messages are published to a Pub/Sub topic.
  • Downstream applications subscribe to this topic for asynchronous processing.

To ensure security, the Cloud Run Function was added to a VPC-SC perimeter on a private network and access to it was only allowed using VPC-SC ingress controls and a VPC Connector. All services, like Pub/Sub and Secret Manager were also tightly controlled with IAM policies that only allowed specific actions by the Function’s service account.

The Result

The final solution delivers a secure, reliable, and scalable pipeline for handling KYC notifications.

  • Authentication & Access Control – The Cloud Run Function ensures only valid requests are processed, preventing unauthorised access.
  • Reliable Message Delivery – Pub/Sub guarantees that notifications are received and processed efficiently.
  • Scalability & Resilience – The solution is designed to handle increasing volumes of KYC messages while supporting failover and recovery.
  • Enhanced Security – IAM policies enforce fine-grained access control, and conditional access further strengthens data security.

By leveraging Google Cloud’s robust security and event-driven architecture, we have built a foundation that not only simplifies KYC processing today but also scales for future compliance needs.

 


Ready to Build a Secure KYC Solution?

If you're looking to streamline and secure your KYC process with a scalable cloud-based architecture, our team can help. Get in touch today to discuss how we can design a solution tailored to your business needs.

 

 

About Mesoform

For more than two decades we have been implementing solutions to wasteful processes and inefficient systems in large organisations like TiscaliHSBC and HMRC, and impressing our cloud based IT Operations on well known brands, such as RIMSonySamsung and SiriusXM... Read more

Mesoform is proud to be a