Type to search

Fintech News The Fintech Magazine Thought Leadership

EXCLUSIVE: “Journey Through The Clouds” Gary Delooze, Nationwide and Wayne Freeman, Mettle in ‘The Fintech Magazine’

EXCLUSIVE: "Journey Through The Clouds" Gary Delooze, Nationwide and Wayne Freeman, Mettle in 'The Fintech Magazine' | Fintech Finance

UK banks of all shapes and sizes are turning to Cloud environments as they search for scalability, operational efficiency and resilience. We asked Gary Delooze, CIO at high street building society Nationwide, and Wayne Freeman, CTO of NatWest’s neobank for SMEs Mettle to tell us more about their organisations’ experiences Gary Delooze, Nationwide | Fintech Finance

The narrative around digital banking usually focusses on the idea of incumbents with creaking legacy systems and entrenched cultures, versus challengers with a flexible mind-set and even more agile tech. But that polarity is fast becoming old news.

Because, while it’s clear that established financial institutions must indeed change in order to compete, the use of Cloud services – once a critical point of difference – is increasingly common to both , even if how they choose to deploy them often differs. Some established institutions have weighed the cost of migration in terms of both cost and risk and chosen to launch Cloud-based brands, at arm’s length of ‘the mothership’. To name a few, JP Morgan launched its digital banking brand Chase in the UK (following an unhappy experience with its US digital bank Finn), Goldman Sachs similarly sent Marcus speeding into UK waters, while Standard Chartered floated Mox in Hong Kong, and NatWest entered the digital SME banking space with Mettle.

Others, like the UK’s sixth biggest bank Nationwide, have chosen instead to focus internally on transforming both culture and technology. Whether you’re a startup, a digital-only neobank, a long-established institution or one of their speedboats, you can tap into the Cloud to drive growth. Nationwide made a conscious decision to switch to the Cloud around five years ago and its journey is ongoing; NatWest’s digital offshoot Mettle, meanwhile, was born into an on-demand IT world – it knows nothing else.

We were keen to find out from both how their differing experiences shaped their strategic approach to using Cloud services in relation to regulation, data privacy, and the ability to offset build and running costs by integrating third-party services through APIs. As we discovered, while they share some similarities, they’ve each have their own challenges and perspectives.

NATIONWIDE: Rewiring a giant

Nationwide is the largest building society in the world; a mutual owned by its 16 million members. Historically, a very high-touch, branch-heavy business, its digital transformation into a full-service bank began more than a decade ago. But its experience of the Cloud is relatively recent.

“We’ve been progressively adopting Cloud for the last five years or so,” says Gary Delooze, chief information officer, Nationwide. “Today, we probably run about 20 per cent of our IT estate on public Cloud services, and that will increase over time.”

In March 2019, Nationwide took a £15million stake in 10x Future Technologies, the fintech start-up founded by former Barclays boss Antony Jenkins, with the intention of using the 10x Cloud-native platform as a springboard into the business banking market. The idea was to offer an array of modern mobile and online services aligned to Nationwide’s branch-based network. But then COVID-19 hit and the business plan no longer stacked up.

The bank subsequently also invested in Cloud-native payments technology firm Form3, sending a clear signal that it, believes Cloud is the future. And it certainly proved its worth for Nationwide during the pandemic, helping its members to cope with financial distress.

“Our initial response was to use the contact centres, and the branches that were open to help. But, of course, they were inundated very quickly with demand for payment holidays,” recalls Delooze. “So, we instead built a number of digital journeys on our Cloud platform to allow members to access products and services.

It also quickly scaled up its Cloud-hosted Microsoft Office 365 and Microsoft Teams pilot to enable all 15,000 employees to access it, facilitating a smooth technology shift to homeworking.

“The transition was seamless,” says Delooze. “If we’d tried o do that on-premise, we’d have been building infrastructure for months.”

Then, in December 2021, Nationwide announced it had moved its member website to Microsoft’s Azure Cloud to cope with the organisation’s increased size and complexity. As it ventures deeper into the Cloud, the bank has teamed up with Cloud-based service providers like regtech Jumio. It enhance Nationwide’s online onboarding process, using AI and machine learning to check that documents used by customers to open accounts are genuine, integrating with existing workflows via an API.

What have you learned from Cloud migration in relation to compliance?

The challenge in a public Cloud environment is that you’re taking on much more risk. You’re hosting your technology in someone else’s data centre, you’re running it on their services, so that risk requires a set of solid controls to be built around it. The focus of our journey has therefore been on differentiating the risks from our on-premise capabilities. This includes making sure we don’t lose data, and we don’t get hacked. The kind of controls that we look at are everything from encryption, typically, of data in transit and data at rest, to make sure that, if there is a breach, and someone accesses that information, it can’t be read, to tokenising, to make sure that we don’t connect personally identifiable information to transactional information.

When you’re building more complex controls – around things like encryption and key management – on-premise, it becomes hard to wrap legacy technology up in some of the newer technologies to protect it. What Cloud gives us, in many respects, is the ability to access some of those technologies as a service.

How can Cloud technology improve operational efficiency, whilst also boosting your ability to fight off threats going forward?

The big focus in banking technology, for the last five or six years, has been around operational resilience, and making sure that institutions can provide services to customers 24/7. It’s, of course, been a big shift for us from a 9-to-5 banking model to a 24/7 banking model, but our members assume we’ll be there whenever they need us. They expect their payments to be made and to see balances updated instantly.

So, as we’ve rolled out more banking apps, and more capabilities, operational resilience is, therefore, crucial. It’s the ability to make sure we’re providing those services, and, where we see issues and challenges in our technology, overcome them to continue processing. What Cloud gives us, in this context, is the ability to engineer solutions for fault tolerance, so if one part fails the rest can deliver, but if more faults occur then we can degrade gracefully.

Technology breaks can happen over time. We therefore need to build in a way that makes sure we have stand-in processing capabilities available, or that there’s sufficient resilience in the design so that when one part fails, the rest can deliver. When we start to deploy containers of code into the Cloud, we can build clusters to allow for the loss of any one of them to be tolerated. Cloud providers have put a lot of investment into creating really resilient environments, with multiple zones and multiple regions.

Deploying containers into multiple availability zones means that, if the Cloud provider loses a single zone, then that service can be delivered from the second. Beyond that, we can build a multi-region solution. So, we now have the ability to tolerate failures from the lowest component level, all the way up to the loss of multiple data centres, across multiple zones – and globally, if we go multi-Cloud. The key thing is that just lifting and shifting existing capabilities into a Cloud doesn’t solve anything. To get to that level of capability, you really have to re-engineer and re-architect what you have, and build it Cloud native, to get access to those benefits.

How has Cloud-based infrastructure enabled Nationwide to accelerate innovation?

It gives us tremendous agility. The speed at which we can mobilise Cloud environments and build new services on top of them, is far greater [than on-premise]. The simple fact is that a lot of the latest innovation is occurring in the Cloud. This is providing us with access to new data services, everything from cutting-edge AI algorithms through to alternative ways to manage our code. It provides a wealth of opportunities.

METTLE: FORGING A NEW PATH

Wayne Freeman, Mettle | Fintech FinanceMettle is a standalone app-only business bank, focussed on freelancers, sole traders and small businesses – what it refers to as ‘the passion economy‘ – that was soft-launched by NatWest in 2018.

Through its link to the bigger bank, Mettle is able to offer customers access to Free Agents accounting software free of charge, and this ability to leverage such assets while remaining independent helps set the brand apart.

“Mettle is in a unique space, as part of NatWest,” says Mettle’s chief technology officer Wayne Freeman. “This gives us the best of both worlds: not only can we draw on the vast experience of the bank, but we have the agility to innovate rapidly, building compelling products for our customers. We’re passionate about protecting our customers’ data and their privacy, which is, of course, fundamental to the fintech industry’s credibility and survival.”

Cloud-native Mettle hasn’t had the smoothest start to life, having to more or less immediately deal with the pandemic’s impact on business customers and the wind-down of NatWest’s challenge-to-the-challengers, Bó, whose accounts were merged with Mettle. That said, it appears to now be flying, having announced a 500 per cent growth in its customer base since the start of 2021.

Part of its success has been due to the ability to seamlessly integrate value-adding third-party services. This includes using Slack to ensure its internal and external communications are on point. Initially, Mettle used Slack for collaboration across its teams, but as  the business has grown, it’s efficiently integrated the majority of its business-critical tools into Slack and created hundreds of custom apps of its own. Without leaving Slack, Mettle’s employees can now monitor customer satisfaction in real time, quickly resolve incidents and manage the software production cycle. Mettle highlights Slack as a ‘springboard to productivity’, and claims that resolution times are now ‘a matter of minutes, rather than hours’.

Wayne Freeman, Chief Technology Officer, Mettle

Q How has Cloud helped you deliver customer value through partnership?
We use a wide range of partners to serve different needs for our customers, and for the organisation. One of the real benefits of agility is that if we’re not happy with a particular partner, we can swap them quickly. We leverage multiple Cloud providers to host our platforms, but we also partner with a number of software-as-a-service (SaaS) providers, who are all Cloud-based. Without the Cloud, such interactions simply aren’t possible.

Q Would you describe Mettle as being a technology-first organisation and how does that affect the structure?

Technology has long since stopped being just a cost. It is central to building digital products and, because of that, the CTO role, I think is now a pivotal one in enabling organisations to delight their customers. So, the technology strategy must be aligned with the product strategy, and the commercial strategy, as well. For customers to get a really great experience, the CTO needs to work very closely with the other execs. Product and engineering, in most of these organisations, are very much intertwined, and we must jointly own the customer experience, as well as looking after the privacy, the security, and other non-functional requirements.

Q Given the strict regulations around upholding data privacy and minimising data breaches, is it getting tougher for newer fintechs to get on the scene and are we going to start seeing a reduction in fintech ingenuity?

New entrants obviously have to take into account all the appropriate regulations, which means it might get tougher, over time. But they also have the advantage of starting from scratch, and building their products and their organisations with agility in mind.

They should consider building security and privacy by design. Many fintech organisations, and Mettle is one, are built for constant change. Our agile customer-centric product development processes, our modular componentised architectures, and our continuous integration and deployment of code all come together to enable rapid change. Interestingly, as part of the NatWest Group, we’ve had to find new ways of meeting regulatory and the Group’s own policy requirements, in a different way to possibly how it has, in the past. This has involved highly collaborative, multidisciplinary teams, new processes, new technology, and new partners – just because we’re organised differently and operate in a different way.

Regarding ingenuity, in financial services, there are a growing host of partnerships available. You no longer need to build everything in-house. New tools are being brought online every day to solve specific regulatory challenges, and I think being able to integrate quickly with the right partners is actually the advantage. Given our link with NatWest, we’re able to rely on that organisation’s historic experience in customer onboarding, risk and cybersecurity.

We also have a very rigorous process we go through during the engagement of any potential new suppliers, and their cybersecurity capabilities, and the way that they look after their customers’, or our customers’ data, is absolutely at the top of this.

Q As customers become more aware of the value of their data, is a strong data security offering actually a customer demand, almost like a customer experience?

Certainly customers are now rightly questioning big tech and data collection. We should expect this trend to grow, as mass awareness of the power of data will only increase.

I therefore think that strong data security should be a top priority for any business working with customers’ data. That’s why we’re seeing growing regulation, when it comes to data and security, to prevent fraud and criminal activity, particularly. With the increased reliance on mobile applications, fintech users are potentially at a higher risk of cyberattacks, which we’ve seen during the COVID-19 lockdowns.

As a result, we’re seeing more and more regtech companies, which are essential in the digitally-led financial space. Regtech organisations improve other organisations’ ability to comply with the most important rules, such as KYC and suspicious activity reporting.

I read recently that regtech companies raised US$8.3billion in 2020, up from US$7.2billion the previous year. So there is obviously a growing market to serve others seeking to protect their customers.

Does automation actually allow organisations to action their customers’ data? Can we get to a point where an organisation can have access to all this data, but not actually need to see it? That surely has to be the goal. No one inside any organisation should have access to sensitive customer data, unless there’s a very good reason to do so.

Automation through technology can enable us to collect, process and eventually dispose of data, without unnecessary human access. But, practically, there are times when staff may need to see customer details and transaction details, for example when a customer is requesting to change their personal details. Or potentially during an investigation into some suspicious activity and financial transactions. But I think, as an industry, we’ll continue to strive to reduce the need to have access to sensitive data.


 

This article was published in The Fintech Magazine #24, Page 53-54

Tags:

Next Up