Exploring the Technological Framework for Developing a Digital Bank
As we have seen throughout this series, technology plays an ever-increasing role in building a digital bank, and cloud native architecture is a way of building applications to take full advantage of the capabilities offered by cloud services. Starting with the definition of your technology for the authorisation process that we discussed in part 1. The opportunities within the fintech and regtech ecosystem that we explored in part 2. In this final part of the series on building a digital bank, we look at how changes in technology and the way it’s delivered can enable the success of your business.
As a visionary leader in the challenger banking space, you won't face the burden of maintaining legacy technology, processes, and data. Still, you will have to build your technology solution from the ground up. Starting with a blank page sounds appealing, but has its unique challenges. This paragraph from the book Creativity Inc (the excellent book about Pixar) nicely sums up the problem. Replace Movie for Bank.
“When we are making a movie, the movie doesn’t exist yet. We are not uncovering it or discovering it; it’s not as if it resides somewhere and is just waiting to be found. There is no movie. We are making decisions, one by one, to create it. In a fundamental way the movie is hidden from us. I know this can feel overwhelming. There is a reason that writers talk about the terror of the blank page and painters shudder at the sight of an empty canvas. It’s extremely difficult to create something out of nothing, especially when you consider that much of what you’re trying to realise is hidden, at least at first.” — Amy Wallace and Edwin Catmull.
What is Agile Software Delivery in Digital Banking?
Before we look at cloud native architecture, it’s worth taking a moment to consider a concept in agile software delivery, specifically the whole team approach, is a critical concept to consider when building a digital bank based on microservice architecture. This approach is part of the extreme programming framework, and it’s defined as “All individuals possessing the necessary skills required in working towards achieving a common target need to put in a synchronised effort to ensure the project is a success.” The whole team approach often refers to the technology team, but why not extend this approach across the entire organisation?
There are many examples where risk and compliance checks or testing of complex systems are left until the later stages of a project, causing expensive rework or a missed deadline. While agile goes a long way to resolving these issues, cross-functional teams across the whole organisation can open up alternative ways of working. The whole team approach can avoid tick-box exercises and build stronger relationships across the digital bank where people learn from each other. This level of agility enables firms to reap the benefits of cloud native architecture, allowing for an efficient development process and the facilitation of Innovation in a collaborative and integrated manner.
What is Cloud native architecture?
Cloud native architecture is a way of building applications to take full advantage of the capabilities offered by cloud services. These capabilities include the ability to automatically scale up or down your capacity or the ability to continuously (and rapidly) develop test and release software or the creation of new environments purely via code. To describe this, let’s use the example of sending a payment. As we saw in part 2, we typically build modular applications with microservices architecture. Access to the micro services is via APIs. But how does a microservice form part of the cloud native architecture?
In this example, a customer makes the payment on their mobile application. The customer clicks send, and the app will call a microservice via an API. Through a succession of microservices this will check amongst other things, the balance, maybe the sort code and account number and adjust the balance. Assuming these checks are complete, a microservice sends the ISO20022 message to the payment gateway. That was simple. But what happens within the infrastructure of a cloud native application?
If you drill down into the microservices architecture, you will find these typically run in containers. Containers are packages that comprise the microservice and only the software it needs to function. As containers are lightweight, they start up faster, and there are minimal steps to deploy containers. Containers are independent, and we can replace failed containers without disruption to either the application or the infrastructure. A large firm could have thousands (or more) of containers. Therefore, a managed service is essential to ensure efficient support for innovative design and rapid prototyping and facilitate innovation in the cloud-native ecosystem.
In this example, our containers are part of a managed container service. The managed container service outsources high availability, security best practices and operational tasks such as patching, monitoring and backup and recovery to the cloud provider. The managed service allows a digital bank to focus on developing its core capability and the cloud provider on theirs.
This diagram shows a simple view of how to make a payment with a microservices architecture. For simplicity, I have omitted the data element. However, you should not underestimate the data model, particularly if you are breaking down a monolithic application into microservices. We will touch on microservices and data in the next section.
Finally, to design effective cloud native applications, each cloud provider has published a set of best practices. They typically call these the well-architected framework and include guidance on designing your services for reliability, security, cost-effectiveness and operational efficiency.
How can a cloud-native digital bank secure customer data effectively?
In many established organisations, data wasn’t designed to be collected and used in a way that is today. As a challenger bank, you have the advantage of using organisational agility and cloud native architecture to design products that rapidly move data insights into actions.
When designing your data model for a digital bank, the basic principle is to organise microservices around business capabilities, a concept central to the microservices architecture. Each microservice is responsible for its data, and access is via an API. You now have an address for every part of your data. Your products can access data directly and where applicable third-party products can access data via open banking and PSD2. Getting your data model right opens up opportunities for artificial intelligence and machine learning where models are being used to fight fraud and increasingly sophisticated cyberattacks.
Despite these advances, customers remain concerned about the security and use of their data. Data protection regulation like General Data Protection Regulation (GDPR) creates a level of trust. However, it still leaves the possibility of the misuse of data which has become increasingly relevant in AI. Poorly trained machine learning and deep learning models can, for example, lead to bias in credit scoring. The field of explainable AI aims to counteract this by describing how an algorithm arrived at a specific prediction. Our blog post on enhancing the machine learning pipeline with design thinking has some further insights.
Next, we will look at how you can secure a cloud-native bank.
What are the key measures for ensuring security in a cloud-native bank?
There is a division of security responsibilities between you and the cloud provider. Each cloud provider documents this, and it’s called the shared responsibility model. This model forms a crucial part of your security strategy and a layered approach, often called defence in depth. This approach places complementary measures at each layer. For example, in one layer, the cloud provider has physical security, another layer network security, another layer cloud operational security. You secure your data in one layer and access to them in another. If one layer fails, the rest will continue to protect your bank.
Ultimately, your bank remains responsible for security in the cloud. Using multi-factor authentication, virtual private networks, encrypting data at rest and data in transit are all essential in a cloud native digital bank. Cloud providers offer solutions for intrusion detection systems and threat intelligence, identity and access management to name a few.
You should adopt cybersecurity standards like ISO27001 or The National Institute of Standards and Technology (NIST). These standards prove that you take cybersecurity seriously, protecting and enhancing your reputation. Finally, develop a security culture in your organisation, train the team, build awareness, advise the board, create a safe environment to report issues, rinse and repeat.
How can lean governance benefit an organisation and its partner ecosystem?
IT Governance should be regarded as a strategic tool. Effective governance will promote confidence amongst investors, employees, customers and partners. However, it’s important not to overburden your team with bureaucracy and governance for governance’s sake, instead aspire to lean governance. Peter Drucker, known as the father of management, once said, “There is nothing quite so useless, as doing with great efficiency, something that should not be done at all”.
Lean governance aims for the appropriate level of oversight, but without the bottlenecks that can delay the delivery of value to the customer. When defining your lean governance framework, work with your C-suite and the board to make them aware and involved. Lean governance is not a loss of control but one that empowers teams to make their own decisions and inspires a change in behaviour.
Lean governance equally applies to the governance of your partner ecosystem. Where trust and transparency that can open up industry-wide innovation and evolution, enhancing your credibility and reputation. Lean governance helps create a culture of continuous improvement where responses from everyone are treated positively, and input is valued.
Conclusion
The purpose of these blogs was to give you a sense of what it takes to build a digital bank. The topics we discussed in these blogs are also relevant to incumbent firms. Incumbent firms can gain a competitive advantage by migrating from legacy architectures, replacing outdated systems with fintech or regtech solutions, and achieving better product offerings, streamlined operations, and reduced maintenance costs. Non-financial services firms may want to leverage the services offered by fintech and regtech to build a payment or debit card capability. Embedded Finance is enabling Non-financial services firms to use their brands and distribution to create value propositions and bespoke financial services for their employees or customers.
Going through the authorisation process and bringing together components from the cloud, fintech and regtech may seem relatively straightforward. Successfully navigating the barriers to entry in financial services, particularly raising capital for start-ups, is hard, and the risk of failure is high. Despite that, it is ultimately the customers and the employees that will enjoy the increased opportunities possible in this new era of financial technology.
Thank you for completing this series and all your feedback. Please enjoy a chocolate sponge and a hot cup of tea.
Ready to build a successful digital bank or incorporate digital transformation in your organisation?
Apply Our Innovative, Human-Centric Approach. Bring your business vision to life with David Kolb Consultancy. Our human-centric approach and growth mindset uncover opportunities in your digital strategy tailored to your needs. Schedule a transformative leadership session to ignite innovation across your organisation.
Further reading (All sources checked July 2020)
AWS & Azure The well-architected framework
Google Cloud’s Architecture Framework
AWS & Azure Shared responsibility model
Google 5 principles for cloud-native architecture
Agile Alliance Extreme Programming (XP)
PMI Lean IT Governance
UK open banking
Looking for more insightful content?
Check out these related blog posts on business innovation, design thinking, AI and technology written by David Kolb.
Merging Human Centered Design with Business Strategy (Video)
From Innovation to Advantage: Harnessing the Power of Generative AI
Implementing Problem Solving: Strategic Approaches and Techniques for Organisational Growth
The Power of Creative Problem Solving in Business Leadership
Ethical Considerations for Boards in the Age of AI: Merging Technology and Values
Demystifying Artificial Intelligence for Boards: Uncovering the Power and Practicality
Navigating AI Adoption: The Essential Perspectives for Board Members
Or check out our weekly concise and valuable quick tips for visionary leaders and entrepreneurs.
Comments