Three actions that help gigs and small businesses where it matters most...

As we are slowly putting our heads above ground, we see early effects on spending and the way we spend as people and businesses. Recent research clearly shows that one in five Londoners has cancelled direct debits over the last few weeks for ‘non-essential’ expenditure such as lease cars, leisure memberships, subscriptions, etc. Charities suffer equally from full cancellations that will take a lot of effort to reinstate when the ‘real economy’ veers back.

Time to trust the cloud

All Posts

Time to trust the cloud

Why banks can trust the cloud and how fintechs can be trusted by deploying bank grade security

Although the cloud has certainly been around longer than any of us – and I enjoy a glimpse into infinity every time I fly - when we use the word these days in a business setting, we do refer to a real – yet intangible – environment where we host and share technology and data. As early as 1989 Apple set up a project to look into the next generation of computing whereby consumer electronics companies, computer and telecommunications companies had to collaborate. This resulted in a spin-off in which Andy Hertzfeld played a huge part and a few years later he wrote the now famous words on his invention Telescript:  “The beauty is that now instead of just having a device to program, we now have the entire Cloud out there, where a single program can go and travel to many different sources of information and create sort of a virtual service.”

Fast forward to the early years of 2000 when large enterprises started to explore cloud benefits. Needless to say, banks were not amongst the first movers. Risk averse and tightly regulated by parties, who for many good reasons are not normally known for breaking frontiers either, we cannot blame them. Yet, soon we saw banks starting to move non-customer centric or lower risk functions to various forms of private, hybrid and later public cloud.

In 2013 the Global Lead for APIs, Platforms and Cloud for Payments and Banking at Celent,Gareth Lodge, wrote a paper on Thinking the Unthinkable – banks relinquishing control and some of my BankiFi colleagues, then working at Clear2Pay, contributed their views. It was all about the underlying and core strategic question whether the delivery and distribution model of banking (here payments) services is a key strategic asset that must be harnessed inside the organisation or whether it should be adaptable to changing market situations and customer demands? And thus, he touched on the unthinkable … would using the cloud make the bank more competitive rather than more exposed?

Research today shows that the cloud is here to stay. 2019 surveys from Flexera and Divvycloud clearly indicate strong growth rates across large enterprises and SME in equal progress and interestingly even a clear increase in trust in the public cloud over private or hybrid models. The ‘25 must known cloud computing statistics of Hostingtribunal even speak of 90% of companies being ‘on the cloud’, with AWS, and Azure clearly leading over Google Cloud.

The conditions are now right for banks too

There are many reasons why banks too are now looking to the cloud, but they all circle around two important banking paradigms: trust and regulation.

Cloud security has improved in leaps and bounds over the past three years. Also banks realise that keeping onsite infrastructures safe, not to speak of data that sits on staff devices, is a near impossible task and the investments in research and money that public providers such as Amazon, Microsoft, Google and other bigtechs such as Oracle allocate to the cloud cannot be matched. Furthermore, collective and shared security measures are gaining momentum too: “let’s team up to keep them out.”

This increasing trust in cloud service providers is matched in terms of confidence by the arrival of PSD2 and GDPR, to which the core principle of cloud (instant sharing and access) applies. Banks wanting to be ‘the platform not the pipe’will have to move as fast as their fintech counterparts, when it comes to offering relevant new services. Fast delivery means running projects whereby minimal viable products (MVP) are launched and tested with live customers, often in cooperation with fintech partners such as ourselves.

In fairness, any standalone product that sits outside the core banking legacy can be lifted to the cloud, integration secured via APIs. The key is the understanding that data is the most valuable asset of a bank and that as such, fast and secure access to relevant data is key not only for the banks’ customers, but also for the banks’ and its fintech partners developers’ teams. Orchestrating and management of these extensive and decentral environments is key.

A case study of data privacy and security from the front

When we moved the BankiFi initial business idea into a profound business and technology architecture we realised that when being cloud-native, and targeted at financial institutions, we needed to be trusted. Simply put, security is a design idea at the forefront, rather than an afterthought. To do this we have to embrace the aspects of typical bank-grade security tech and apply them in practice, and in the cloud.

One of the key goals of the new open financial data regulations has been that the control over data storage and use stays firmly in the consumer's hands. With this in mind, the BankiFi platform does not access, store, aggregate or modify any part of customer data without their explicit consent. Gathering, storing, validating and auditing consent for data access are some of the key pillars of the platform. The challenge with consent data for a cloud-based SaaS platform has been how to ensure security, privacy and control for all data coming through the system.Specific microservices do just that: managing consent of customer owned data on two levels. And because this is such a vital, and often misunderstood element of open banking, a little deep dive:

  • Consent to access customer data held by data custodians or to send data to data custodians on customer behalf (bank APIs, accounting package APIs, government APIs, and APIs from other information providers). This master record for this type of consent is actually stored with the institution that holds the customer data. BankiFi platform will hold an immutable copy of the customer consent, which can be used to verify the consent information or to request additional consent near expiry if required.
  • Extended consent to combine customer data from different data custodians and store it within BankiFi for further processing (data analytics, machine learning, including identifiable and anonymized data) - with Bankifi you’re getting enterprise ready consent enabled platform which you can tailor to your own customers, or regulatory requirements

This fine-grained consent is the key differentiator for us, going beyond current regulatory framework of taking care of privacy and control of individual pieces of customer data. This is another design purpose as we feel that in the view of today’s increased public unease around privacy and data use, the European GDPR is merely a first beginning of a host of global regulation to come.

And one more FAQ – what about data storage?

 Banks’ reputations come by foot and go on horseback. And customer trust equals privacy of customer data and as such is often the lever on which this happens. Platforms like ours, that power vital business micro services – read functions - must be designed to be able to store sensitive data within a highly regulated environment. All data stored on our database servers in the cloud and processed by BankiFi platform is encrypted both in flight(using TLS storing encryption) andat rest(using strong disk encryption features provided by the cloud providers). In addition, every piece of sensitive data (consents, tokens, customer bank and accounting data) is encrypted with a private key on the application level - where each BankiFi bank customer has its own encryption key per deployment, not shared with anyone else.

 Most importantly, core BankiFi APIs do not actually require many of the customer-identifiable sensitive information, so names, addresses, dates of birth can all be owned by the bank.  and stored with their own on-premise environment. Access to such data is designed in a restricted manner in those use cases that would require it.

Private – hybrid – public – cloud is bank friendly today

Having worked at a bank, in bigtech and now in a fintech environment, one thing is clear, the cloud is ready for banks, banks are getting ready for the cloud. At no time did we have this serendipity that what the market requires banks to do: be more open, transparent, nimble and market facing, can be delivered today. The technology and processes we have now, do not compare to ten years ago. Banks now create very viable hybrid structures whereby they meet both the regulatory models and central banks and other parties’ oversight plus the market’s call.

Reduce the cost of operations, free up scarce IT resources and deploy them where you need them the most. Unlock that data so you can bite back and create a winning cockpit proposition for your banking customers– and let those fintechs invest on your behalf.

Aleksa Vukotic

Aleksa Vukotic

Aleksa Vukotic heads up the BankiFi technology team and is responsible for the overall technology vision and design of the core platform and value add solutions. With a very relevant background in designing and building micro services over the past ten years, most recently at a large UK bank, where he helped deliver Open Banking APIs. He is a published author (Neo 4j) in Action, Manning; Pro Spring 2.5 and Apache Tomcat 7, in addition to regularly speaking at technology meetups.

Fintech Cappuccino

A podcast on fintech and more!
Brewed on Saturdays and bringing you fintech with a twist.



The Fintech Power 50 VIRTUAL Networking Event

Missing real life events too? We do and would love to reconnect with you by voice, face and lots of new content around Request to Pay for micro and small businesses, monitising OpenBanking and more!

September 22,  12:00pm - CEST, Virtual event

Impact ’20

Digital and business model innovation in a digital age – Conny will speak about Banking in a New World Order – with Purpose

June 3-4, Krakow, Poland

De toekomst van het betalingsverkeer

THE national conference on the Future of payments and transaction banking is being chaired by Conny connecting banks, PSPs, merchants and corporate customers. 

April 7, Amsterdam, Netherlands

Money2020 Asia

With Asia and in particular Singapore, Australia and New Zealand moving swiftly on Open Banking Conny will be at Money2020 to meet with the banks’that get it’. Please connect for a meeting: 

March 23-25, Singapore

UK – NL Cyber & Fintech Summit

As an Anglo Dutch company BankiFi is very fit to present at this bridge building event. Topics around PSD2, Fintechs and more – free registration

February 20, The Hague, The Netherlands

Open Banking Excellence

A discussion on Banking as a Platform with Mark Hartley, Founding Partner BankiFi

February 20, London, UK

The SME Open Banking Revolution

An Experian / Finextra webinar – BankiFi outlines why SME need and deserve it the most and why banks can make this happen.

February 13, Finextra webinar – free registration

NFI Nordic Finance Innovation – Doing Digital

Event launching Chris Skinner’s latest book. Conny will present on Doing Digital with Purpose – in a new world order.

February 12, Oslo, Norway

Open Banking and SCA Forum

Conny moderated and chaired this two-day event in Amsterdam,  4/5 February 2020 with an international host of banks presenting.


Recent Posts

Three actions that help gigs and small businesses where it matters most...

As we are slowly putting our heads above ground, we see early effects on spending and the way we spend as people and businesses. Recent research clear...

Read more

When (feeling) out of control – choice empowers!

How banks and PSPs can turn a ‘Request to Pay’ into a full – liquidity and time saving - business service Last year at Money2020 Europe (“when will I ...

Read more

2020's Essential Reading:  'Zeitgeist'

What it takes to move the needle on Open Banking from 1.0 – 3.0 and beyond.  Will 2020 become the year of truth for Open Banking? Will it take more re...

Read more

As covered by Forbes: BankiFi Offers Banks Services They Can Bundle For Their SME Customers

This article, written by Tom Groenfeldt first appeared on Forbes. BankiFi is a European fintech startup that offers modern tech services, such as invo...

Read more