HDFC Bank

Developer Portal

Project Manager20239 months

HDFC Bank, one of India's largest private sector banks, needed a secure developer portal to centralise API documentation, sandbox environments, and partner onboarding workflows. The project required coordinating across five separate vendor organisations while meeting strict RBI regulatory and data security standards — all on a fixed delivery timeline.

Quick facts

Client: HDFC Bank
Role: Project Manager
Category: Enterprise Banking
Year: 2023
Duration: 9 months

25+

Team members

4M+

Records migrated

Production defects

100%

RBI compliance

AWSPostgreSQLSalesforceCI/CDMulti-vendorSonarQubeRBI Compliance

Background & context

The banking sector in India operates under rigorous RBI (Reserve Bank of India) guidelines for data handling, security architecture, and audit trails. Any platform touching customer data must undergo independent security audits, maintain end-to-end encryption, and produce compliance documentation that stands up to regulatory review. This was not a typical web application project — it was an enterprise-grade regulated delivery.

The challenge

What made this hard.

Multi-vendor coordination at scale

Five separate organisations — client IT, a UI/UX agency, a UAT vendor, a Salesforce integration partner, and our own delivery team — needed to work in lockstep. Each had its own priorities, timelines, and communication styles. Misalignment between any two workstreams would cascade into delays across the entire programme.

Regulatory compliance by design

RBI security requirements could not be retrofitted at the end of delivery — they had to be embedded into the architecture, the development process, and the documentation from day one. This meant every technical decision, from database schema choices to API authentication patterns, needed to be made with compliance in mind.

Zero-tolerance data migration

Migrating 4 million+ banking records with zero data loss is not a task that tolerates trial and error. We needed a migration strategy with comprehensive validation checkpoints, rollback plans, and an audit trail that the compliance team could independently verify.

The approach

How we solved it.

Established a single-threaded coordination model

Rather than letting five vendors communicate bilaterally — which would have created an unmanageable web of dependencies — I positioned myself as the single coordination point for all inter-vendor communication. Weekly structured alignment calls, a shared RAID log, and a centralised decision register meant that nothing fell through the gaps between organisations.

Built compliance into the SDLC, not onto it

I worked with the solution architect to embed compliance checkpoints directly into our sprint ceremonies. Every sprint included a "compliance gate" review where we verified that the work delivered met RBI requirements before moving forward. This prevented the common anti-pattern of discovering compliance gaps late in delivery.

Three-phase migration with independent validation

The 4M+ record migration was executed in three phases — shadow migration, parallel validation, and cutover — with independent validation by the bank's UAT team at each stage. We used PostgreSQL row-level checksums and a custom reconciliation tool to verify 100% data integrity before any phase was signed off.

AWS-native, SonarQube-enforced quality

The platform was built cloud-native on AWS (EC2, S3, RDS) with CI/CD pipelines that included automated SonarQube quality gates. No code reached the staging environment without passing quality checks. This investment in automation paid dividends: the final production deployment was zero-defect.

Impact & outcomes

What we delivered.

4M+ banking records migrated with zero data loss

Three-phase migration strategy with independent validation at each stage ensured 100% data integrity across all migrated records.

Zero production defects at go-live

Automated CI/CD quality gates and SonarQube enforcement throughout development resulted in a clean production release — rare for a project of this complexity.

Full RBI regulatory compliance achieved

All compliance documentation — architecture review, security posture assessment, data handling procedures, and deployment runbooks — was accepted by the bank's compliance team on first submission.

Delivery on schedule across five vendor organisations

Single-threaded coordination model prevented inter-vendor dependencies from causing cascading delays. All critical path milestones were met.

Tools & technologies

AWS (EC2, S3, RDS)PostgreSQLSalesforce CRMCI/CD PipelinesSonarQubeJiraConfluenceDocker

Lessons learned

What this taught me.

In multi-vendor enterprise programmes, the programme manager's primary job is information architecture — ensuring the right people have the right information at the right time. Process discipline does this better than heroics.

Compliance in regulated industries is a design constraint, not a delivery phase. Treating it as an afterthought is the single most common cause of banking-domain project failures.

Automated quality gates are insurance, not overhead. The time invested in SonarQube integration in sprint 1 saved multiple remediation cycles later.

Next case study

Filmykaant Chatbot →

All projects Work with me →