Integrating stock trading directly inside a mobile banking app is not a UI challenge. It is a systems integration challenge with a compliance wrapper around it. When VIB, one of Vietnam's top 3 commercial banks, wanted to let MyVIB customers open securities accounts and trade stocks without leaving the banking app, the technical architecture had to bridge two tightly regulated worlds: core banking and capital markets. The result was MyVIB Stock Trading, an in-app brokerage feature built by 724SOFTWARE over 24 months that delivered 100% online account onboarding via eKYC, real-time market data, and a unified portfolio view covering savings, payments, and investments in one place. The project reflects 724SOFTWARE's 200+ professionals and 58% senior-level engineering team working across capital markets integrations.
TL;DR
- Embedded finance inside mobile banking requires real-time, low-latency core banking API connections, not batch-sync workarounds.
- eKYC is the compliance gateway: getting it right at onboarding prevents downstream AML and data-sovereignty failures.
- The securities trading engine and core banking system have incompatible data models; the integration layer between them is where most build failures occur.
- A unified portfolio view across savings and investments is the user experience goal, but it requires deep, bidirectional data contracts with both systems.
- Security architecture must satisfy both banking-grade and capital-markets-grade standards simultaneously.
About the Author: 724SOFTWARE has spent over two years building and operating the MyVIB Stock Trading product inside VIB's mobile banking platform, with a dedicated team of 16 engineers working across core banking integration, securities engine connectivity, eKYC compliance, and real-time market data pipelines.
What Is Embedded Finance in the Context of Mobile Banking?
Embedded finance is the practice of integrating financial services directly into a digital product where the user already operates, removing the need to switch to a separate application or provider. In mobile banking, this typically means adding capabilities such as insurance, lending, or brokerage services inside an existing banking app rather than routing the customer to a standalone fintech.
The distinction matters because the integration is not cosmetic. Embedding a brokerage inside a banking app means:
A customer's banking identity (KYC, AML screening, account data) must be portable to the new service.
Money movement between a bank account and a brokerage account must happen in near real-time.
The regulatory obligations of both a bank and a securities firm apply simultaneously to the same user session.
This is structurally different from a bank offering a hyperlink to a partner's trading app. Genuine embedded finance binds the two systems at the data and workflow layer.
What Makes Core Banking Integration the Hardest Part of This Build?
Building on that definition, the hardest technical constraint is not the trading UI or market data feeds. It is the core banking API layer connecting the bank's ledger to the new embedded service.
Core banking systems at commercial banks were typically not designed for real-time, event-driven consumption by third-party engines. They were built for batch processing, end-of-day reconciliation, and tightly controlled internal APIs. When a user initiates a stock purchase inside MyVIB, the following must happen in milliseconds:
Verify available balance in the bank account via core banking API.
Reserve the funds (soft debit) before the order is sent to the exchange.
Confirm or release the reservation after order execution.
Post the final debit to the banking ledger once settlement is confirmed.
Each step requires a different API contract with the core banking system. In the MyVIB build, connecting VIB's core banking layer to the KAFI securities trading engine meant designing an integration layer that translated between two incompatible data models, handled partial failures gracefully, and maintained transactional consistency without two-phase commit across heterogeneous systems.
The practical lessons from this build:
Challenge | Naive Approach | What Actually Works
|
|---|---|---|
Balance verification | Poll core banking on each user action | Event-driven reservation with timeout logic |
Fund settlement | Match on transaction ID alone | Canonical reference ID shared across both ledgers from initiation |
Error recovery | Rollback on failure | Idempotent retry with explicit state machine per order lifecycle |
Latency budget | Accept whatever the core system returns | Pre-negotiate SLAs per API call type with the bank's IT team |
How Does eKYC Compliance Work When Onboarding for Both Banking and Securities?
Stepping back from the technical detail, a separate and equally important concern is compliance at the onboarding layer. In Vietnam, opening a securities account requires a separate KYC process governed by the State Securities Commission, even when the customer is already KYC-verified by the bank.
For MyVIB Stock Trading, 724SOFTWARE engineered a 100% online onboarding flow that satisfied both sets of regulatory requirements in a single user journey. The key design decisions were:
Identity reuse with incremental verification: The banking eKYC data (national ID, liveness check, facial match) was reused as the foundation. The securities-specific data points (investor classification, risk tolerance declaration, securities account consent) were collected as an incremental layer on top.
Regulatory data segregation: Banking identity data and securities account data are stored in separate schemas with separate access controls, even though they share a common user identifier. This satisfies data-sovereignty requirements for each regulated entity.
Audit trail by jurisdiction: Every onboarding step is logged with timestamps and operator identifiers in a format auditable by both the State Bank of Vietnam and the State Securities Commission.
Getting this wrong at onboarding is expensive. An eKYC design that conflates the two regulatory domains means either re-collecting data from customers later or failing a compliance audit. The embedded finance model only works if the compliance architecture is designed for the composite regulatory environment from day one.
What Security Architecture Does Embedded Brokerage Inside a Banking App Require?
A related but distinct question is what security model applies when a single mobile session touches both a banking core and a securities trading engine. The attack surface is larger than either system alone.
In the MyVIB build, the security architecture addressed three specific risks:
Session token scope: A single authenticated session should not grant equal access to all embedded services. Trading actions required step-up authentication (PIN or biometric re-confirmation) separate from the banking session token.
API gateway isolation: The core banking API and the KAFI trading API were accessed through isolated gateway paths with separate rate limits, IP allowlisting, and payload inspection rules.
Runtime integrity: Mobile app binary protection and certificate pinning were applied to prevent man-in-the-middle interception of the real-time market data feed and order submission channel.
724SOFTWARE operates under ISO 27001:2022 and SOC 2 Type II, which required formal threat modelling for the brokerage integration before any code reached the staging environment. In a regulated fintech context, the security review is not a post-build gate; it runs concurrently with architecture design.
Frequently Asked Questions
What is core banking API integration in the context of embedded finance?
Core banking API integration means connecting a bank's central ledger system to an external service (such as a brokerage engine) so that balance checks, fund reservations, and transaction postings happen programmatically in real time rather than through manual reconciliation.
Can a bank reuse its existing customer KYC data for a securities account onboarding?
Partially. Banking KYC data can serve as a foundation, but securities regulators typically require additional declarations (risk profile, investor classification) and maintain separate audit requirements. The two data sets must be logically separated even when collected in the same onboarding flow.
What is the biggest technical risk in building in-app stock trading for a bank?
Transactional consistency across two heterogeneous systems. When a stock purchase is initiated, funds must be reserved in the bank's ledger and an order placed on the exchange. Handling partial failures without double-charging or leaving funds in a suspended state requires a carefully designed state machine, not simple rollback logic.
How long does it typically take to build an embedded brokerage feature inside a mobile banking app?
The MyVIB Stock Trading feature required 24 months with a team of 16 engineers. The timeline reflects the compliance, integration, and testing complexity, not just feature development.
Does embedded finance in banking require additional regulatory approval?
Yes. In Vietnam, the bank and the securities firm both hold separate licenses. The embedded product must satisfy the compliance obligations of both regulated entities simultaneously.
About 724SOFTWARE
724SOFTWARE is a Vietnam-based software engineering company with 200+ professionals, 58% of whom are senior-level engineers, delivering technology products for Fintech, Digital Healthcare, Edtech, and Enterprise clients across 10+ countries. The company operates as a long-term technology partner, building and running digital products through dedicated teams and ODC engagements. 724SOFTWARE holds ISO 9001, ISO 27001:2022, and SOC 2 Type II certifications, and is an official partner with Claude (Anthropic) and Cursor. The MyVIB Stock Trading project is one of several capital markets engagements in the company's portfolio, alongside derivatives trading platforms, crypto investment products, and trust-linked card systems.
If your team is navigating the architecture, compliance, or integration complexity of an embedded finance build inside a regulated banking environment, 724SOFTWARE's capital markets team is available to work through the specifics with you. Visit https://724software.com.vn to start the conversation.
