Keystone Labs · Product briefing

Wahd
One platform for every
banking operation.

A configurable, auditable back office for regulated banks - case management, workflow, decisioning and core integrations, in one platform that runs on your infrastructure.

ON-PREMISE TAMPER-EVIDENT CONFIGURABLE
KEYSTONE LABSWAHID · FOR BANKS
The back office, today

Every operation, a different system.
Every audit, a scramble.

Queues live in email and spreadsheets

Complaints, disputes and KYC reviews are tracked by hand and handed off across departments. Nobody can say, at a glance, where a case stands or who owns it.

Every change is a vendor ticket

A new product, a new circular, a new checklist - each one becomes a change request on a legacy system, priced in months and six figures.

Evidence is assembled, not produced

When the regulator asks, teams reconstruct history from screenshots and exports spread over half a dozen systems - and hope the story holds together.

The core was never meant for this

Core banking runs the ledger, and does it well. It was not built to run queues, approvals, SLAs and investigations - so the back office grew around it, ad hoc.

KEYSTONE LABS02
The platform

One configurable back office,
on top of your core.

Where work arrives
Branch & call center
Mobile & web banking
Internal referrals
System webhooks
WahdOperations layer
  • Case management & team queues
  • Workflow engine, maker-checker
  • Decision tables & routing rules
  • SLA timers & business calendars
  • Tamper-evident audit log
  • Default-deny RBAC & SSO
Your systems, connected
Core bankingREST · mTLS
Payment hubREST
Card managementSOAP · mTLS
Screening & KYCREST

Not a core replacement - Wahid is the operations layer above it. Modules like Case Management, Customer 360 and Compliance share the same foundation.

KEYSTONE LABS03
Configure

Draw the operation. Wahid runs it.

A case type binds five governed building blocks. Each is versioned - draft, activate, archive - with history and restore. Activating a new version is a click, not a release.

Workflow

Stages, transitions, role gates, approval gates, decision gateways and integration calls - designed on a visual canvas.

Forms

The case data your teams capture - built in a form builder with sections, field types and validation rules.

Decision tables

Scoring, routing and eligibility as versioned rules your risk team can read - with a simulator to test before activating.

Approval policies

Sequential and parallel approvals with segregation of duties - maker-checker as a reusable policy, not a habit.

SLA policies

Timers on the whole case or a single stage, aware of weekends, holidays and the Hijri calendar.

Case type

Binds them together per operation - complaint, dispute, KYC review - and resolves to the active version at runtime.

KEYSTONE LABS04
Follow a case

Intake to sealed, in one flow.

01

A case arrives

Intake from any channel lands in the right team’s queue, SLA armed.

Intake
02

The workflow takes over

Role gates, maker-checker, timers - the state machine you drew.

In workflow
03

Routed by rule

Decision tables score and route - every rule versioned and explainable.

Routed
04

Sealed for good

Every action seals into a hash-chained audit log, verifiable on demand.

Sealed ✓

One timeline holds it all: transitions, approvals, comments, documents, integration calls - who, what, when, in order.

KEYSTONE LABS05
Where banks start

Start with one operation.
Extend to all of them.

Complaints & service requests

Regulator-clocked intake with first-response and resolution timers, escalation queues and a full record of every touch - built for SAMA-style scrutiny.

Disputes & chargebacks

Network deadlines as SLA timers, maker-checker on every decision, evidence attached to the case record - not to an inbox.

KYC & AML review

Screening-hit triage, enhanced-due-diligence approval chains and periodic re-KYC campaigns, with every decision explainable after the fact.

Exceptions & manual review

Payment repairs, limit overrides, dormancy reactivations - the long tail of operations that today lives in email.

If you can draw it as stages and rules, Wahid can run it - without waiting on a vendor.

KEYSTONE LABS06
Governance

Four-eyes is a platform rule,
not a habit.

  • Role gates on every transition. A case moves only when someone with the right role moves it.
  • Approval policies, sequential or parallel - with segregation of duties enforced: a maker can never check their own work.
  • Default-deny RBAC down to module, tab and widget. Permissions are granted, never assumed.
  • Closed means closed. Terminal cases are immutable - no retroactive edits, ever.
KEYSTONE LABS07
The proof

A record you can hand a regulator.

Every action chains to the last with sealed hashes. Verify integrity on demand and hand over evidence - not exports.

  • Hash-chained sealing - each event references the seal before it; tampering breaks the chain.
  • On-demand verification - re-compute the chain any time and prove nothing was altered.
  • Customer-access auditing - who viewed customer data is itself part of the record.
KEYSTONE LABS08
Integration

Speaks your core’s language.

REST or SOAP, mTLS everywhere it matters - one integration layer connects Wahid to the systems you already run. No rip-and-replace.

Bank systems
Core bankingREST · mTLS
Payment hubREST
Card managementSOAP · mTLS
ScreeningREST
Integration layerWahid core
  • Routing & orchestration
  • mTLS + HMAC-verified webhooks
  • Outbox: retries & dead-letter
  • Idempotency keys on every call
  • Circuit breakers & timeouts
  • Permission-gated invocation
Inside Wahid
Workflow API callsgate / notify
Customer 360 widgetslive reads
Case actionswrite-back

Blocking calls gate the workflow and roll back cleanly on failure; fire-and-forget notifies. Timeouts are explicit, retries are receiver-dedupable.

KEYSTONE LABS09
Accountability

Every case has an owner.
Every stage has a clock.

  • Team queues from your IdP. Groups in your identity provider become teams; each workflow stage routes to the right queue.
  • SLA on the case or the stage - first response, resolution, or time-in-stage, with pause-aware timers.
  • GCC-ready calendars. Weekends, public holidays and the Hijri calendar are first-class in every deadline.
  • Queues you can see. Live dashboards of what’s to review, open, pending and breaching - per team, per case type.
KEYSTONE LABS10
Your bank, your platform

Configuration first. Modules where
it matters. Forks never.

Change without a release

Workflows, forms, rules and SLAs are configuration. New use cases go live by activating a version - not by scheduling a deployment.

Per-bank modules

When your bank needs its own screens or integrations, they ship as modules on a versioned platform contract - the platform is never forked.

On your infrastructure

Single-tenant, on-premise or in your cloud. Your data never leaves your estate - a clean answer for data-residency review.

Your identity provider

OIDC-native with Keycloak: SSO against your IdP, just-in-time provisioning, roles and teams synced from groups.

Arabic & RTL ready

Right-to-left interfaces and Hijri-aware calendars are built in, not a localization project bolted on later.

One yearly license

A single-tenant platform license per institution - predictable cost, no per-seat surprises as operations grow.

KEYSTONE LABS11
Why Keystone exists

Banking still runs on software written decades ago and patched ever since. We build the frontier alternative: platforms that are configurable, auditable and AI-ready from day one - built in the GCC, for the institutions the region’s standards are written for.

Configurable per bank, per module Tamper-evident by design Built for GCC regulation

We don’t ship alone

Our engineers work alongside yours - from the first workshop through production. Expert consulting on architecture, implementation and regulatory fit.

Two products, one foundation

Wahid, the back office - available today. SafeConnect, open-banking consent management - in active development on the same platform.

KEYSTONE LABS12
Next step

See Wahid in action.

A guided walkthrough with your use case in mind. Bring one operation you run today - we’ll show it configured and running in Wahid.

01

Discovery workshop

Half a day with your operations and compliance leads - we map one real process end to end.

02

Configured pilot

Your case types, forms, rules and SLAs configured in Wahid - reviewed with the people who’ll use it.

03

Deployment plan

On-premise or your cloud: infrastructure, identity integration and go-live sequencing.

[email protected]keystonelbs.com
KEYSTONE LABSWAHID · FOR BANKS · 13
01 / 13 ← → navigate · F fullscreen