Cloud computing is key to successful participation in the global payments ecosystem.

By Daniel Pujazon, Policy Lead at PagoNxt

Life has evolved a lot over the last years. Digital transformation has been a major disruptor all across the board but is especially true in the case of financial services.

This has made new players to appear and created new models that have brought great benefits to the consumers and the ecosystem as a whole.

Big technological platforms, leveraging on their massive capabilities on access and management of huge amounts of data, have been very relevant actors in different contexts. And they have started to move into the financial services space with a clear playbook: starting with payments and then moving to lending and the provision of other services. Many other actors have also bloomed and thrive in this digital, data-driven environment.

But if you look at this you will advert certain commonalities in those players being relevant in the digital space. And out of the commonalities probably the main one, considered a key enabler for this successful approach, whether in the case of incumbents or newcomers, has been the access to massive computing power to store and manage huge data sets. This, together with a different architecture, has been fundamental in the (r)evolution we are living. And cloud computing has revealed as critical in this space as the key enabler in order to provide players with the capabilities to serve products and services to customers in a hyper-personalized, fast and efficient fashion.

The upsides of cloud computing are very clear now. Not only for the private sector as also regulators and supervisors are starting to realize not only the benefits, but also the necessity to deploy your activity in a cloud environment to be relevant. Where in the past supervisors saw fundamentally risks, now they are also starting to see the benefits (e.g., security, resilience, etc). Cloud is also a key enabler to adopt other technologies such as big data, artificial intelligence or distributed ledger technologies (DLT). And last but not least, many software providers that traditionally offered on-premises solutions have also switched their services to cloud due to the flexibility of these environments and their higher efficiency from the carbon footprint perspective, so in many cases cloud has become the only way to access these services.

And the way how different companies have approached cloud has created two types of players with different implementation speed: the cloud-native companies in the one hand (created on the cloud logics) and the incumbents that have understood their need to transform and have started to embrace cloud (again here with a disparity among different players). Let alone the incumbents which are still conceptually relying on legacy architectures that makes very difficult their competitive capacity in this new context.

Because probably, the differential element on the use of cloud is “culture”. If you are a cloud-native company everything tends to flow smoothly. But if you are not, you need to start your journey with a fundamental mindset shift. That´s why there´s a wide difference between those companies that needed to evolve their mindset before transforming their underlying architecture from those that have born as cloud native. They have that mindset in their DNA.

That’s why PagoNxt´s position is so relevant and is so unique. We are an autonomous company born and raised in the intersection of cutting-edge technology with the best of Banco Santander´s assets: (i) huge customer base providing massive commercial opportunity and (ii) a solid/sound approach to regulatory framework providing comfort to consumers and supervisors alike. This puts us in a unique position to provide policy makers / regulators / supervisors with views and insights that combines the best of the two worlds. It´s a future-looking approach in every sense.

As a fintech company we are proud to count on our foundations with the attributes of the new models:

1. PagoNxt is cloud native. We are and we mean it, ranking high in the Microsoft Cloud Native Readiness Assessment global benchmark vis-à-vis our peers

2. We have the right talent onboard with the correct mix of people and skills. 70% is tech profiles used to work on cloud environments and 30% are profiles of people that know how to implement services to customers.

3. We are agile, developing common ways of working across DevOps teams (structure, processes, culture, tools, technology) allowing increased efficiency and flexibility to allocate capacity where needed (e.g., common set of tools used by 100% of development engineers)

4. We are data-driven, meaning that we have a 360-customer view provided by a global single customer engagement layer for all services.

PagoNxt, as a one-stop-shop for payments, is developing its activity in different verticals (merchant, trade and consumer) in order to provide customers, whether individuals or companies, with the best of breed in payment solutions in a seamless and convenient fashion. And we do this leveraging on our cloud based back-end architecture, which is common for all the different services we provide. This, together with the common elements API-first designed irrespective of the vertical and across platforms, gives a sneak peak of what we mean when we say that we are cloud native. If you want to learn more about this, please read the article from my colleague Ventura Miquel (PagoNxt CTO).

In the current context the thing is that cloud computing is a core enabler for those companies that want to thrive in the market and be relevant for consumers based on the capacity to meet their expectations in a fast, efficient and secure manner. And it shouldn’t be neither for regulators nor supervisors. Even acknowledging that there are many that truly understands the benefits of cloud and consider that the potential risks are currently identified and can be controlled, we also see that there are others that tend to see cloud as an external challenge. We would like to make a call for the public sector in different ways:

- To encourage them to embrace cloud (understanding the benefits and risks) to be able to do their duty. And above it all to acknowledge that this is a journey of no return for their supervised entities, and it changes fundamentally (for the best) the way they operate.

- This process should be done having a harmonized approach. For every entity (to reap the full benefits of cloud) but especially for those multinational companies with presence in different jurisdictions this is a core topic. A common approach to cloud from the supervisory perspective with clear rules on the dos and don’ts across geographies would represent a major step forward. Cloud is global in nature and that global approach is what makes it more efficient, resilient, and secure.

- In this global context, data localization requirements represent a particular challenge in this regard. These restrictions increase operating costs and hinder the scalability of global services. and may even increase the exposure to cyber and operational risks. It is therefore essential to avoid any data localization requirements allowing companies to store and process data wherever they choose.

- Finally, with regards to supervision, we welcome the approach taken in some jurisdictions (e.g., in the EU) to establish a dedicated cloud service providers (CSPs) supervision by authorities. Currently the focus has been on each financial institutions, through an adequate risk assessment, sound governance and risk management of all aspects of CSP relationships. This has led to monitoring and audit requirements for outsourcing financial institutions which are difficult to impose and enforce on global providers. Authorities are better positioned to monitor risks at system level and to take action if necessary. Any supervision of CSPs should be undertaken at the CSP level, once for the entire industry, rather than requiring each individual financial services organization to perform such checks, reports and controls.

The promotion of certification schemes for CSPs — that would avoid each financial institution to repeat the assessment of the same provider- or the definition of standard contractual clauses for cloud arrangements -ensuring a minimum standard for CSPs- would support firms to comply with third party risk management requirements.