How DLM Finance demonstrates the reliability, security and integrity with Mendix ATS.
DLM Finance built their proprietary system, Trade Manager, in Mendix, serving fund managers working in valuation, risk management and social impact reporting.
The Mendix Application Test Suite (ATS) enables DLM to prove compliancy with the International Standard on Assurance Engagements (ISAE 3402 Type II), Using ATS, DLM’s effort to adhere to these standards has been cut in half.
DLM specializes in portfolio and treasury services for fund managers. Treasury management is considered a high-risk process, and is regulated and under review of many internal and external auditors, requiring fund managers to maintain the highest level of control over their processes. By outsourcing these services to DLM, customers can rest assured that these high-risk processes are well-managed. DLM’s Trade Manager is a best-in-class, web-based portfolio and treasury management system designed to help customers meet their regulatory and compliance requirements. The system connects to a European Trade repository for regulatory reporting and is ISAE 3402 Type II certified.
The DLM DevOps team built Trade Manager, implementing modules such as deal capture, cash and liquidity forecasts, valuation calculations, portfolio and risk management, a (hedge) accounting and flexible reporting possibilities.
The deal types range from different asset and liabilities classes to complex derivatives.
Proven quality and security is essential for implementing multiple enhancements per year, compounded by the difficulty of managing these updates across a ISAE 3402 Type II certified multi-tenant application.
Before implementing Mendix ATS, DLM tested their app manually. This was a time-consuming and mistake-prone process, leading DLM to choose ATS as their standard approach to automated testing for Mendix applications.
"We run a test suite every night that covers our auditing process. An extra benefit of ATS is that it has reduced our workload by half compared to manual testing. Using automated test scripts, we are able to release quicker. We can tackle the challenging requirements of the certification."
To develop, maintain, and enhance Trade Manager, DLM relies on its DevOps team, managing 10-12 releases per year. One DevOps developer has been assigned ownership of the quality and security of the software, an important responsibility that enables DLM to adopt a ‘best practice’ approach to automated testing. All DLM DevOps team members, when creating a user story, ensure that they include completion criteria. When doing so, they follow one fundamental rule: Create a test script in ATS for any functionality that impacts the audit to achieve the security certification. Running in a test environment, these tests must guarantee that users are neither able to view information nor use functionality they are not authorized for.
When successful, these test scripts provide the proper evidence to align with compliance and regulatory rules, and allow DLM to promote the app to production. With high confidence in their process and Mendix ATS, DLM has implemented one stringent rule: “We cannot deploy unless the app is 100 percent stable. All tests must be successful,” says CEO Diederik de Leur.
With testing successes on security requirements, DLM considers ATS an essential part of their development process, and is extending the use of ATS toward the functionality in Trade Manager toward functions that customers say are a high priority. DLM’s new testing process will increase its scope, lending its time-to-market acceleration to more mission-critical functions.