Maksis.Rocks - Fintech Core platform in SaaS model

Why Fintech Core is still a real problem in 2026

Across the Baltics and Northern Europe most non-bank lenders, leasing companies, pawnshops and specialist financial service providers still wrestle with the same problem - how to serve customers, comply with MiCA, AMLD6, GDPR and local central-bank requirements at the same time, without burning an entire IT team on in-house platform maintenance. Traditional answers are either too expensive (big-bank core platforms), too narrow (single-purpose KYC or payment utilities) or too rigid (legacy in-house systems built a decade ago).

Maksis.Rocks is the answer from the Latvian engineering team behind Grabbity - a full Fintech Core system delivered as a SaaS. The platform already serves more than 15,000 active customers per month for one anchor client (E-Lats) and is ready to scale to other operators across the Baltics and Northern Europe.

In this review we look in detail at what Maksis.Rocks actually offers, how it compares with the alternatives on the market, and which kinds of company it fits best.

What is Maksis.Rocks

Maksis.Rocks is a modular Fintech Core solution that brings everything a non-bank financial service provider needs into a single integrated system:

• Customer management and onboarding
• Full KYC and AML flow with sanctions-list screening
• Credit scoring and risk model
• Loan, leasing and collateral portfolio management
• Payments processing and accounting interface
• Administrative panel and reporting

The system runs on Java 17 and Spring Boot 3.1, deployed in an AWS Elastic Beanstalk container with a PostgreSQL and MySQL data layer and Liquibase schema migrations. The user interface is built on Thymeleaf and Bootstrap, fully responsive on desktop and mobile.

The key difference from classical Fintech Core systems - Maksis.Rocks is cloud-native from day one. No physical server at the customer's office, no in-house DBA, no separate datacentre licence. The customer receives a continuously updated system as a service and pays only for what they actually use.

Main modules

Customer management (Clients)

The Maksis.Rocks customer module is the central entry point for the whole service flow. It covers:

• Full customer registration with identity verification
• Customer account history and document storage in AWS S3
• Communication history (emails, SMS, notification audit log)
• Internal notes and a team comment system
• Politically Exposed Person (PEP) status checking

Data storage meets GDPR requirements - every action on customer data is audited, and the customer can request a copy of their data or deletion through a single request flow.

KYC, AML and sanctions lists

This is the strongest component of Maksis.Rocks, built for the growing AMLD6 and MiCA demands. The platform automatically screens new customers against the following data sources:

• Republic of Latvia sanctions lists (approved by the Cabinet of Ministers)
• EU consolidated sanctions list
• OFAC SDN (US Treasury Department list)
• UN consolidated list
• PEP databases (politically exposed persons)

Screening happens in real time at customer onboarding and is repeated periodically across the active portfolio. If a new entry appears on a sanctions list and matches a portfolio customer, the system automatically generates an alert for the compliance team.

The AML risk-score module calculates a risk level for each customer based on several factors - country of residence, occupation, transaction volume and structure, source-of-funds documentation. High-risk customers go through enhanced due diligence before their first transaction.

Credit scoring

Maksis.Rocks integrates with the Latvian Credit Information Bureau (KIB) and Population Register (IEM), as well as with VISS infrastructure, which provides access to state data flows. That means:

• Real-time credit history checks
• Personal data validation against official registers
• Income and employment verification
• Discovery of existing liabilities

The internal credit-scoring module combines these external inputs with the customer's internal history in Maksis and produces a creditworthiness score the operator can plug into its decisioning flow. The module is configurable - each operator can tune the weight parameters to its product mix (leasing vs consumer credit vs pawn).

Payments

The payments module manages the full transaction flow - both incoming payments from customers and outgoing payments to partner accounts. It supports:

• SEPA and Instant SEPA transfers
• Multi-currency conversions
• Cash flows (cashbook)
• Collections and debt-recovery workflows
• Partner payment APIs
• Transfer revocation and incorrect-transaction processes
• Statistics and exports to accounting systems

Every payment is tied to a specific customer contract or loan, giving a fully auditable trail - from money received to principal reduction.

Lending and leasing

Maksis.Rocks supports several loan types in a single platform:

• Consumer loans (person credit)
• Auto leasing and auto loans (auto)
• Classical leasing (lease)
• Pawn transactions (overview)
• Julianus integration (a regulated Latvian legal-information service)

Each loan type has its own workflow - from application to signature, from disbursement to repayment. Workflows are configurable and the operator can add new products without changes to the core codebase.

Registers and storage

The system includes built-in administrative registers - a collateral register, document storage (Storage module with AWS S3 back-end), cost and commission catalogues, user-role management and an audit log for every action.

Tech stack

The stack is a deliberate choice - Java and Spring Boot deliver the predictability and longevity financial systems need, while AWS and Cloudflare provide global scalability and security without having to run an in-house datacentre.

Integrations

Outside its own ecosystem, Maksis.Rocks integrates with the following services:

• VISS - Latvia's state information system connector (government data flows)
• KIB - Credit Information Bureau (credit history)
• IEM - Population Register (personal data validation)
• IMEI - mobile device validation (for pawn transactions)
• Sanctions lists (LV, EU consolidated, OFAC SDN, UN)
• AWS S3 - document storage and backup
• SMTP service - customer notifications and transaction confirmations
• Partner APIs - REST interfaces for external partners (e.g. insurance services, shipment tracking)

All integrations are built around REST with documented API contracts, and the system exposes APIs to the customer's development team if they want to plug Maksis into existing CRM or ERP systems.

The SaaS model - why it pays off

Maksis.Rocks is delivered as a SaaS, not as an on-premise install. That means:

1. No upfront IT investment. No servers to buy, no database licences, no datacentre to build. The system is ready for use within weeks of contract signature.
2. Updates are included. Security patches, new regulatory requirements and functional improvements ship automatically, with no separate project budget.
3. 99.95% uptime. AWS multi-AZ deployment and Cloudflare protection deliver enterprise-grade availability.
4. Scale on demand. The system elastically follows customer growth - from a few hundred customers a month to tens of thousands.
5. Security compliance is a shared responsibility. The Maksis.Rocks team handles infrastructure security (penetration tests, vulnerability scanning, AWS Well-Architected Framework), while the customer focuses on business processes.
6. Compliance updates. When new AMLD6 or MiCA requirements arrive, they are built in centrally for all customers, instead of each operator re-implementing them.

Who it is for

Maksis.Rocks fits the following kinds of company:

• Non-bank lenders (consumer loans, short-term lending)
• Leasing companies (auto, machinery, office equipment)
• Pawnshops and collateral houses
• Specialist financial service providers (factoring, debt recovery)
• MiCA-regulated crypto service providers that need serious KYC and AML infrastructure
• Cross-border lenders in the Baltics and Northern Europe who need a single platform across multiple markets

The real-world reference customer is E-Lats - one of the largest non-bank financial service providers in Latvia, whose entire operation has been running on the Maksis platform for years. Active customers are 15,000+ per month and the system steadily processes tens of thousands of transactions every day.

Security and compliance

The Maksis.Rocks security model follows defense in depth:

• TLS 1.3 across the entire network layer
• Cloudflare WAF and DDoS protection
• User authentication with multi-factor (MFA)
• Role-based access control (RBAC)
• Full audit log for every critical action
• Data encryption at database and S3 levels (encryption at rest)
• Regular penetration tests and security audits
• AWS GuardDuty and CloudTrail for internal monitoring
• Releases delivered via blue/green deployment with zero downtime

Compliance:

• GDPR - full personal data processing with audit log, data-subject request flow and retention policies
• AMLD6 - automated customer risk classification, sanctions-list screening, suspicious transaction (STR) reporting support
• MiCA support - customer KYC aligned with CASP requirements, transaction traceability across crypto-fiat flows
• PSD2 interface - open-banking integration options when the customer wants them
• Latvian central-bank and Consumer Rights Protection Centre requirements - regular reporting, customer-complaint processing

Compared with alternatives

How to get started

The Maksis.Rocks team offers a structured onboarding flow for new customers:

1. First call - business-requirements scoping and fit assessment
2. Requirements specification - which modules are needed, what integrations and what customer volume
3. Quote - SaaS subscription with a transparent volume-based pricing model
4. Sandbox access - a test environment to try the product before signing
5. Configuration phase - delivery in a single 4-8 week window (depending on module count)
6. Data migration - if the customer is migrating from an existing system, the team supports the import flow
7. Training and documentation - operator-team enablement
8. Production go-live - with monitoring and support on standby for the first days

To start the conversation, reach out through maksis.rocks or via the Grabbity contact details at grabbity.eu.

Our take

Maksis.Rocks is a real, in-production Fintech Core system that has lived in serious production with a real customer base. It is not a slideware platform - it is code that processes 15,000+ customers and tens of thousands of transactions every month.

This is a rare combination in the Baltic and Nordic market - a locally built product that knows the local regulatory requirements (LV, LT, EE, FI, SE, NO, DK), while offering a modern cloud architecture and a SaaS business model.

For companies currently struggling under legacy-system weight, with a big-bank platform quote that does not pencil, or with an overloaded IT team, Maksis.Rocks is worth a serious look as an alternative. Getting started begins with a first call and a sandbox demo - a real product assessment takes a couple of hours, not a couple of months.

Related

• Grabbity - Java and Fintech development for the Baltics and Northern Europe
• MiCA explainer for the Baltics
• Stablecoin guide for 2026

Sources

• Maksis.Rocks official website
• Grabbity (Grab Solutions) official website
• E-Lats - Maksis.Rocks real-world customer

---

This is an advertorial prepared in collaboration with the Maksis.Rocks team. Technical platform details are based on publicly available information and information provided by the developer. June 2026.