Interviews
Software Development

Migrating regulated financial app to the cloud - navigating challenges with practical solutions

March 4, 2024
by
Monika Sianko

Migration of a system to the cloud poses many challenges, especially if the recipients of the application are entities operating in a highly regulated financial market. At the same time, it is an excellent opportunity to analyse and make technological and functional changes to the system that will subsequently result in improvements for end users.

The peculiarities of the reporting market consist of frequent changes in regulation, as well as the collection and processing of increasingly large data sets. This results in constant system updates and increased computing power to ensure adequate application performance.
FINGO understands this very well, as it has been developing its own reporting products for years. Hence, in 2019, the software house started work on migrating one of its regulatory reporting products to an external cloud infrastructure.

I decided to talk to Adam Maślej, a Product Owner who has been working at FINGO since 2017. He was responsible for the workflow of moving the application from desktop to web version and for its further development in line with the company's strategy.

Please briefly tell us how the aSISt desktop regulatory reporting system came about.

In the past, sending reports in plain text or Excel format to financial market supervisory institutions (in Poland - NBP and KNF, in Europe - EBA) was common practice. From the supervisor's point of view, there are better formats than this due to the limited expressive power of the definitions of the data collected and the limited possibilities to verify the data's consistency, integrity and correctness.

The emergence of new technological possibilities has contributed to creating and establishing the XBRL standard. As a result, supervisors have started to create XBRL taxonomies that are compliant with the standard, which defines the scope and format of the data to be collected. They also started to expect reporting institutions to provide data compliant with this standard and data exchange format. This has provided opportunities to standardise data sets, collection rules, verification, and storage.

There weren't many systems on the market that supported this format at the time. Therefore, aSISt, an application that supports XBRL taxonomies, was developed in response to these changes and a real need by financial institutions. The tool supported the preparation of the report within the scope expected by the supervisor. It streamlined the data processing by the rules, verifying the correctness of the data.

The system is sold as a desktop application that runs on a financial institution's internal IT infrastructure. To date, it is used by more than 500 banks in Poland and other European Union countries.

Why did you decide to move the aSISt system to a cloud infrastructure?

Desktop application technology is now some what of a relic. It is difficult to keep it in line with the changing world of IT. It should be remembered that the application was designed with the requirements of the previous era, both in terms of the number of reports and their volume. Today, supervisors collect much more data than they did many years ago, so the application is struggling to keep up with today's customer needs.

In addition, we received the feedback from customers who pointed out the increasing challenges of system performance and maintenance.

Cloud solutions are becoming increasingly popular in the IT market. They offer much greater opportunities in terms of service availability, scalability of IT resources and cost-optimised use of the latter. We therefore decided to build the application based on an external cloud infrastructure and thus offer the product as a SaaS.

How did you approach the design of the eON SaaS, the cloud-based successor to aSISt?

Over the years, the application has grown significantly. It gained new types of reports and many new features, often implemented following an individual customer request.

When we started designing the new solution, we had no hard analytical data obtained, for example, from ongoing system monitoring. This was not only because the system was installed on the banks' internal servers but also because of the formal restrictions on the collection of such data.

We therefore relied on our domain knowledge, conversations with users (i.e., customers), and analysis of historical service requests. Based on this, we have identified the system's most important features to produce a correct and consistent report.

It was equally important for us to consider the new sales model, as offering SaaS and selling on-premise products are fundamentally different.

An additional, non-negligible aspect of cloud solutions offered to regulated financial institutions is the compliance requirements placed on such systems. These requirements impose a number of constraints on the system and force the design, implementation, and documentation of specific solutions. These are related mainly to the geographical location of data and the separation and security of data and systems used by individual customers.

What has emerged from your analysis regarding the features of the cloud-based system for eON regulatory reporting?

Analysis of the material available revealed various characteristics of the work with the system. Some of the aSISt features were so well received by users and so firmly embedded in their daily habits that we decided to transfer them directly, verbatim. One example is the continuous validation of the accuracy of the data in the report while the data is being edited, known as online validation.

We also redesigned features to make the best use of the new technologies and opportunities offered by the cloud environment. This gave birth to a work session with a report at eON. This is a commonly used feature of online banking, where the application monitors the user's activity and logs the user out of the system if no activity is recorded.

During the development of eON, there were also functionalities available in aSISt that were relevant at the time of their development. Still, as the system was being used in practice, they exceeded the actual needs. An example of such a feature is the simultaneous work of many people on a single report. In aSISt, reports consist of tables that can be edited by more than one user at a time, with all users sharing their work. We already know that the teams drafting the report share content areas without cross-linking their work within a single table.

Therefore, we considered that in the eON system, it would be sufficient if only one user could edit a given table. On the other hand, the data they enter or modify is presented in real time to other users working with the report. Furthermore, there are control rules between the tables to check the correctness and consistency of the data. In the event of conflicts, the data in the contended area must be reconciled.

So, is the eON system an enhanced equivalent of aSISt only because it is based on an external cloud infrastructure?

Some features were available in aSISt, and we ultimately intend to include them in eON, but there are also some that we are fully convinced will never be in eON. Currently, the system's features are sufficient for the institutions to offer the product.

I make no secret of the fact that when implementing the system at our first customer, the Bank Spółdzielczy in Brodnica, several features that had been omitted at that stage were nevertheless important for the customer. We have, therefore, examined the level of customer satisfaction with the offered service once it has been launched. As part of this task, we identified areas that required additional implementation and deployment in the eON.

An example of such an option is to view wapping, or more precisely, table rotation, i.e., switching the contents of columns to rows, due to the table's shape and the system users' working habits. When selecting the functional scope of the system, we have not considered editing at all. However, in the case of some reports, such an option makes it easier to fill in the data in the table. Thanks to the partnership approach and excellent understanding of this customer, we quickly implemented the missing elements.

What else makes eON different from aSISt?

It is impossible not to notice, even at first glance, that the GUI (graphical user interface) has changed. The technology has also changed — we now write the frontend in React. The screen view is more modern, although it is no secret that it is still just a set of tables.

Nonetheless, we have emphasised improving the design of the work in the system, taking advantage of the opportunities offered by modern technology, and shifting the computing burden to the server instead of using local workstation resources. Thus, all required to work in the system is a computer with Internet access and a web browser.

We have implemented optimal use of the server's IT resources and shared the results of operations already performed in the system by another user.
We have also optimised the user experience in the app by improving the UI, i.e., the user interface, and introducing saving of the user's settings. This is all to reduce the time taken to produce reports.

Customers who have switched from aSISt to eON are delighted with the changes. They compare it to changing an old car for a much better model.

What made it difficult for you to move your application to a cloud environment?

From my perspective, the biggest challenge was organizing the work of several specialist development teams. It is quite a challenge to maintain the day-to-day workflow while constantly striving towards the chosen goal.

Another but equally important aspect was the technological leap of turning a desktop application into a web application and simultaneously running it in a cloud environment using native services offered by a public cloud provider.

Such a system should be well-secured. I know you have worked with external specialists. Can you say something about this collaboration?

Of course. In designing and implementing the solutions responsible for the system's security at all its layers, we worked with our partner OChK (Operator Chmury Krajowej, National Cloud Operator), benefiting from its knowledge and experience. Subsequently, the implemented solutions were subjected to an internal audit, which revealed required and potential improvements to enhance system security.

The next step was to adapt the system to the audit indications. These measures ensure that the service we offer is fully compliant with formal requirements and best practices for securing financial institution systems.

Will you reveal what the development plans are for the eON cloud application?

I can't say much because the competition doesn't sleep, and work is in full swing. However, it is no secret that we plan to develop the eON application, particularly in providing data for reports and robotising business processes. We are also adding new reports on an ongoing basis. For example, we recently added interest rate risk management of the banking book, or IRRBB reporting, and Fraudulent Payments are still in the pipeline.

Do you need regulatory compliance software solutions?

Accelerate your digital evolution in compliance with financial market regulations. Minimize risk, increase security, and meet supervisory requirements.

Do you need bespoke software development?

Create innovative software in accordance with the highest security standards and financial market regulations.

Do you need cloud-powered innovations?

Harness the full potential of the cloud, from migration and optimization to scaling and the development of native applications and SaaS platforms.

Do you need data-driven solutions?

Make smarter decisions based on data, solve key challenges, and increase the competitiveness of your business.

Do you need to create high-performance web app?

Accelerate development, reduce costs and reach your goals faster.