~4 years shipping in BaFin-regulated environments. Compliance isn't a checklist — it's architecture.
The fintech engineering bar is higher than almost any other sector. Data residency rules, biometric auth requirements, PSD2 open-banking mandates, and regulator scrutiny of your mobile security posture — these aren't edge cases, they're requirements. I've shipped production iOS for a BaFin-regulated German robo-advisory and wealth-management platform serving tens of thousands of users.
Why it's hard
Most iOS engineers add security and compliance as an afterthought. In regulated fintech, this results in expensive remediation or failed audits. Architecture decisions — storage, networking, auth — need to account for BaFin, PSD2, GDPR, or PDPL from the first sprint.
Face ID and Touch ID are ubiquitous but frequently implemented incorrectly: tokens stored in UserDefaults, Keychain sharing misconfigured, biometric re-enrollment not handled. The regulatory bar for financial app authentication is strict.
Portfolio values, transaction histories, and real-time price feeds create concurrency challenges that junior iOS engineers rarely encounter in other verticals. Swift Concurrency and careful state management are essential.
Analytics SDKs, crash reporters, and A/B testing tools installed in a regulated app create data-sharing obligations that may conflict with your privacy policy or regulatory requirements. Every SDK in a fintech app needs explicit justification.
What I bring
Shipped work
−40%
P95 API latency
Restructured the iOS networking layer on a BaFin-regulated robo-advisory app, eliminating redundant serial requests and introducing async/await concurrency across the portfolio and transaction flows.
Read case studyRelevant services