An interview with Bartlomiej Knapik, Release & Platform Manager of FINGO Systems responsible for developing the SaaS platform for regulatory reporting.

What does a soap and a screw for a space rocket have in common with technological conservatism in the fintech industry? How can cloud computing help those bankers who look less at functionality, performance, or computing power and to a greater extent want "peace of mind"? More on this and other things, in an interview with Bartłomiej Knapik, Product Owner responsible for developing the FINGO Systems SaaS platform.

During one of our first conversations, when I was trying to understand what value we deliver to customers, you compared our software to cleaning products.

Companies use our products because they have to. They are useful, safe, reliable, and indispensable at work. It's a bit like soap: it's basically indispensable for everyone, it's hard to imagine functioning without it, but no one is likely to hang a poster with it on the wall.

Today, our solutions are available in the cloud and customers take advantage of them as part of an SaaS service. What would you call what we offer customers today?

Peace of mind! The idea is that a bank employee who is an expert in accounting should not also have to be an expert in security, IT networks, and systems maintenance. That person should log on and do the work - without constant administrator support, software updates, and purchases of constantly more powerful hardware. So, "peace of mind" is what we are trying to deliver.

We are talking about a few apps used by more than 500 financial institutions. Where did the idea come from to move all of this to the cloud?

The system used by our clients for more than a decade has its roots in the fall of Lehman Brothers. At the beginning of introducing regulations, customers had to submit two XBRL reports with key data. Today it is much more complex and the manner of preparing reports varies depending on the type of financial institution and report. These include both relatively small documents delivered to regulators on a daily basis as well as comprehensive annual reports containing a large amount of data. The larger the bank, the more things regulators want to know about it. Moreover, there are several of these regulators and regulations frequently change and new ones are created. As a result, administering software to keep up with these changes becomes problematic. Installing and handling software at a bank is handled by an administrator who has a ton of responsibilities. An app that requires constant attention, updates, and hardware upgrades takes up valuable time. As a result, there must be hundreds of administrators for clients, of which we also have hundreds. There is also the regular replacement of equipment. After adding it all up, it gets quite expensive.

And you can't invest in equipment forever.

Eventually, there comes a point where the hardware becomes weak, the requirements are increasing, performance issues start to arise, and the employee who is supposed to operate the system waits and waits before things get calculated. This is, of course, an extreme case, because we monitor the times of various operations. However, in order not to lead to such a situation in the case of desktop apps, we need to increase the hardware requirements to keep up with the ever-increasing demands.

With the cloud, we are the ones who take over the issue of performance from the customer. Scaling up and down is relatively straightforward and does not involve an admin in the bank, because the admins are with us. We monitor the performance of the app, verify the parameters, amp up the virtual machine if necessary in terms of minutes or tens of minutes without having to go through the entire purchasing process, installation, hardware configuration, etc. The effect compared to buying new computers or servers is virtually instantaneous. The employee gets the job done faster, can do more of it, or can focus on more complex issues.

But this is also a big challenge on the business side. Moving to the cloud and offering an SaaS service to customers involves taking over responsibility for many of the issues that previously belonged to the bank. Why did you think it was worth it?

In a film that bankers know very well, "Margin call", the bank CEO becomes aware that the situation in the company is so critical that in a moment a loss could exceed the company's value. So, the CEO asks the people responsible for the management: what can we do about it? Because there are no simple solutions - nothing but silence. We then hear that "There are three ways to succeed in this business: be first, be smarter, or cheat. I don't cheat, and although I think we have some very smart people in the company, the easiest way is just to be the first." And this is exactly what happened in our case.

But you still need to take the customer's perspective and needs into consideration.

In Poland, many thought about it, but no one offered such solutions in the public cloud. Therefore, we wanted to take a technological leap, moving from a traditional desktop app that is a dozen years old, into a new one that runs in a web browser. We wanted our customers to be the first to receive such an offer, as we have been providing them not only with software, upgrades, and complete technical support for more than a dozen years, but also with a range of additional services that often go beyond the scope of the standard offer.

We knew that this time we had to offer more than just a newer version of the app. And something more is not to offer an app at all.

What do you mean by not offering an app?

For our clients, we currently offer a service. After logging in, customers conveniently fulfil their business needs. They don't care whether they have the highest version of the app, whether they have a computer that's good enough, or whether they should add more RAM to it because new reports came and they are huge and require much more computing power. To achieve all this, you need to jump from a desktop and web app and offer a cloud service straight away.

...which has its supporters and opponents. Weren't you concerned that the market was not yet ready for this?

The conservative approach of a part of the financial industry results from security concerns. We knew that we were getting into something that worked because there were already companies that offered cloud solutions. We simply wanted to be the first in our segment and this part of the world.

We are talking about a system that has been in development for 16 years and consists of several applications and a dozen functional modules, handling more than a hundred types of reports for different regulators.  

As an organisation, it took us a long time to mature to this decision. We took the first step five years ago when our senior developers divided the code into modules, separating the frontend from the backend so we could think about a web app. New modules have been developed in new technologies ever since, but the old app was still a so-called desktop app. We took the next step by providing one of our biggest customers with a system based on the backend application itself for heavy computing: 7 or 8 components and an engine that could be installed on the server. We knew that if it worked, the next step was the cloud. When we moved our automated tests to it, it was only a matter of time before the app was migrated. Finally, our bosses made the final decision.

And what did you think then?

We had six months to do it, so I will say diplomatically: it was a challenge. We've decided that in that time we could transfer the app and then, during the next stage, secure it. We had the technical knowledge, but this is not the same as maintaining a system on a public cloud in a rigour that often leaves a lot of room for interpretation. Therefore, we had to find a partner to audit it for us and then it would become clear how much time we needed.

And how much time did it take?

The audit lasted almost three weeks and the recommendations included 176 items that had to be changed, made up or, at worst, added. Securing it took six more months.

We have migrated our first client after nine months, three of which were devoted to the most difficult issues, namely our mythical Compliance.

And what was the biggest challenge?

Security of course. It went pretty well. It was a question of how to improve it, change it, or scale it down, because when it comes to maintenance it will turn out that our level of security is too high in relation to the needs we have to meet. For security reasons, I cannot talk about specifics as the details are a secret.

Another challenge consisted in the level of entry into the procedures and instructions to be followed.

Our work can be compared to producing screws for a space rocket. They are seemingly made in the same way as the ordinary ones, but you need to know if it is exactly the screw you wanted, made of the required material, made according to the correct technological rigour. Moreover, everything is checked at every stage of production and the right people are responsible for the quality of these verifications. Moreover, the entire process can be audited.

In the past, we were secure thanks to our final product. Today, we make a commitment to the client with whom we sign a contract and part of the risk is on us.

What do you mean?

If a customer asks what it was like to implement a particular version of the software, we need to be able to demonstrate every change in the production environment. Each and every alert that has occurred is described. It is known what was done, when, and why. An auditor sent by the customer will receive a set of information about who, what, when, and why was analysed, what the options were for solving a particular problem and why we chose the one that was implemented.

From cleaning products to manufacturing space screws. At this point you can probably already see how customer value is created.

Let's imagine that it costs 50 cents to produce a screw and NASA buys it for $50 because it has all the necessary certifications to make sure that the entire production process from material extraction to product manufacture has been properly protected. All steps are monitored, because a broken screw in space ends in disaster.

And that is exactly the case with this mythical Compliance in the financial industry. It is precisely the process of making sure that the software development process is properly secured and tested at every stage.

Is adjusting the security level a big challenge?

We live in a time when most people have an app on their phone, do online bank transfers, and don't even know where the nearest bank branch is. With the increasing significance of online banking, cyber security requirements are also increasing.

However, it is important to remember that there are various levels of security depending on the sensitivity of the data. On the one hand, the security features should be good enough to meet the relevant regulations, but on the other hand, it is important to remember that the regulated market is also a business and if we offer a cloud solution to a customer, it cannot be more expensive than if they had to buy new laptops once a month. This balance must be maintained.

So what do customers think about this eponymous peace of mind?

There is a group of cloud enthusiasts among bank CEOs and IT people who are happy that we are finally offering such solutions. And for the time being, it is mainly them we are in contact with. My guess is that there is also a more conservative part, which we can call the sceptics, and the so-called silent majority, which will want to act in the old way for as long as possible. From a purely human point of view, I understand this, because if you don't have to do something today, you'll probably put it off until later. But eventually there comes a point when there is an analysis and it has to be addressed. And when you look at all the issues: security, the need for updates, performance, scalability, and cost-effectiveness, the choice is obvious.

And no one has to be convinced?

Of course, there are also the security and compliance departments, CEOs, accountants, and purchasing departments, who carefully review our offer. We have to show that we have a better offer and are better prepared than the competition. We are delivering the same product as before, only with new technology, in good quality, and in addition we are taking responsibility for many things. That is why it seems to me that it is no longer a question of whether to opt for this solution, but when.

What opportunities do you see for further growth in this product segment? Will it be more of an evolution or the next technological revolution?

Our fintech customers and partners are often very conservative in their approach to technology. Those who look less at functionality, performance, or computing power are the ones who want "peace of mind". This "peace of mind" is very fond of evolution, and at the word revolution - it leaves the room. A revolution every now and then does in fact have a positive effect, but in the case of an industry where you have to entrust your life savings and tie yourself down to someone for 30 years to take out a home loan, for example, you are aiming rather for stability, certainty, and security. So, I don't expect the changes to be revolutionary in any way. For some of our customers, what we are doing at the moment in the context of cloudisation is so close to revolutionising their daily work that they are very cautious and analyse every step.

Now everyone is trying to involve AI in their solutions. Do you see any use for it in reporting?

Of course, we are striving for automation and robotisation, but it is important to remember that our law requires a specific person to sign off on a report. It's a bit like an unmanned aircraft. The autopilot is already responsible for most of the flight in a passenger aircraft, but we would probably prefer an experienced crew to still be there and control it. And it is analogous in our case. We will not replace an accountant, but we need to provide that person with a more comfortable and reliable working tool.

And how will you improve it?

We will be listening to what our customers are doing, and actually look at it. With a cloud, we have analytical capabilities allowing to see which functionalities are used more often, and which ones less. So, we will see which ones need to be improved.

But there is also a second part. How to make not only the person who uses the tools happy, but also the one who looks at the bills. Ultimately, it is a question of choosing those possibilities, from the many options offered by claudisation, that are on point - that is, good enough and at the same time cost-optimal.