5 min read

FS Innovation: Aligning Crypto Architecture Around MS Azure & Dynamics

Picture of Ulrich Scholten (guest) & Stefan Hansen Ulrich Scholten (guest) & Stefan Hansen : 09. July 2022

BYOK MYOK Key Management in the Cloud Data-Center & Cloud MS-Azure
FS Innovation: Aligning Crypto Architecture Around MS Azure & Dynamics

This article explores the concept of financial service platforms and aligns resulting business (process) goals with the necessary crypto architecture. We have a particular look at the integration of MS Dynamics and MS Azure, as it is a rapidly growing service extension platform for many banks.

Banks are opening for an ecosystem strategy

The traditional banking sector has become more hostile in recent years. Challengers like Visa, Mastercard, American Express, PayPal, FIS, Fiserv, Discover, First Data, Global Payments, and FLEETCOR are attacking the banks in the payments segment and rivaling them in market capitalization [1]. Banks are, therefore, in the process of redefining themselves as platforms for innovative financial services through ecosystem strategies. 

The business concept of an ecosystem is characterized by a process of collaborative value generation and innovation. An ecosystem is not a mechanical system of delegating and receiving suppliers, but rather an organic process, where value optimization is driven by a continuous and emergent process of self-organization of the participants (ecosystem players). Looking at the banking world from a macroscopic view, we can consider all the Fintechs as the financial ecosystem. Banks can construct platforms and develop composite services by stringing together microservices. Standards on APIs or mutual data models assist such activities.

Stronger banks can actively influence the Fintech ecosystem, e.g. through sharing API protocols and SDKs. Strong software providers with a presence (of critical mass) in banks can also serve as a harmonizers through the provision of Infrastructure Services, Execution Environments or Programming Environments. Taking it to the extreme, a banking platform can become a two-sided market with Fintechs on the one side, and the banking customers on the other side. The bank is the orchestrator of values (including its own homegrown value proposition, also referred to as base value). The emergence of the value-creating process is stimulated by cross-sided network effects between Fintechs and Consumers.

The majority of the respondents in a 2020 McKinsey study among financial institutions are targeting platform innovation to secure their competitiveness and revenues. Firstly, there are the ecosystems of FinTech companies that offer additional services and revenue streams. There are also services that support banking automation and data analysis. Thirdly, there are infrastructure services in the cloud, allowing the use of computing or storage infrastructure in an elastic way, with costs directly proportional to the services used. Altogether, they provide the building blocks to offer additional individual or composite services and enhance the bank's innovation speed.

Acquisition costs

CSG Achieving Real-World Crypto-Agility

The inclusion of Fintechs through a connected ecosystem allows banks to reduce customer acquisition costs as distribution channels are made available instantly in a digital way, with new customers provided by the Fintechs and new services, which can be offered to existing banking customers as well.

McKinsey sees a potential 10%-20% reduction in customer-acquisition costs through an ecosystem strategy.

Data Access

Many analysts say that banks are, in fact, in the data business - data is crucial. The better the data on the customer’s risk portfolio and preferences, the better, more suitable, and more protected the service design can be. 

Data is a source of income when providing data-related services like portfolio management or saving plans.

Customer relationship and engagement

New services allow for more touch-points with the customer, a more customer-centric service offering, and a better presence in the customer’s day-to-day life. If designed properly, this will improve customer relationships and customer retention.

Improved competitiveness and market value

The traditional banking sector is under threat. Customers are in search of customer experience and value propositions with the best fit (including terms and conditions). Switching costs from one bank to the other are low. Consequently, an agile bank that can respond faster to customer demand will lead the race. A new, future-oriented setup will be rewarded by the stock markets, and thus support the bank’s capitalization.

 

The role of (crypto-) security

Download white paper

Security is key to the design of an open, dynamic, and growth-oriented ecosystem.

Security is the underlying precondition of all banking operations. We speak of protecting funds from theft and misrouting and privacy protection. Both are at increased risk of fraud. A banking-grade crypto design is fundamental and a prerequisite to all other steps.

In other words, the whole ecosystem strategy is deemed to fail if the bank invests in an inadequate cryptographic infrastructure that doesn’t allow for agility.

 

3 complementary axes of ecosystem-enabling (crypto-) architecture

PSD2 - enabled innovation through opening the banking-APIs

The European Union forces banks within the Single European Market to open their APIs to third-party service providers.

The transactions require strong authentication and compliance with the Payment Service Directive PSD2 as well as the eIDAS regulation. A modern and eIDAS-compliant architecture is required for this. If properly chosen, it opens the doors for more automation and process streamlining (like remote onboarding and creation of accounts as well as the digital signing of contracts with an eIDAS and KYC-compliant digital identity profile). 

PSD2 opens standardized access for financial service providers to the banking infrastructure. Proper orchestration of external services with homegrown value propositions allows the banks to continuously innovate and expand their offerings.

Open Innovation around the Microsoft Dynamics Platform

Traditionally, in legacy banking architecture, mainframe architectures played (and still play) an important role in handling transactions with ATM machines. The growing versatility of banking and payment services is leading to an ongoing replacement of this legacy IT.

More service-oriented providers are entering the market, headed by Microsoft, with a 16% market share in license, maintenance, and subscription-based revenues (followed by FIS Global, Fiserv, SAP, and Oracle). Microsoft also has been showing strong growth over the last years (>14% annually) with its banking-oriented MS Dynamics Suite.

Microsoft imposed little switching fees, as Office 365 applications were already available in several banks. So instead of requiring disruptive procedural change, Microsoft had the possibility to gradually increase its presence with more apps, deployed with released standard policies, and as a registered vendor in the legal and purchasing departments.

 

 

Schema-of-Encrypted-Data-in-MS-Dynamics-365

Also, being one of the top 3 cloud service providers (see next section) supported Microsoft’s success story.

Read White Paper

Using the MS Dynamics platform allows a bank to make use of many external applications (analyzing latent potential, seizing opportunities, predicting future behavior, or proactively recommending services on user profiles), integrated into the MS Dynamics Ecosystem.

For vendor independence and the highest data security, a Bring Your Own Key and Manage Your Own Key strategy is vital, managed from the secure location of the bank’s in-house data center with banking-grade key life cycle management systems and Hardware Security Modules.

Read more on “Manage Your Own Key strategies (MYOK). All applications are deployed on Microsoft Azure. Encryption in management in the MS Azure Key Vault. 

Cloud-based Innovation using Microsoft Azure

We already addressed the gradual entrance of MS Azure into the banking world. With only a few legal, purchase, or structural barriers, banks can spread to the MS Azure Cloud to deploy services there (either independently or jointly with service providers or other banks in a competitive scenario).

Specific green-field services can be deployed and offered here. 

Also, MYOK is a key liberty that should not be traded off in this context.

Connecting them all 

The services on the MS Azure Cloud can be interwoven with services and data of in-house provenance, from external sources through the PSD2 API or from MS Dynamics and the integrated ecosystem partners. 

Services and data can be integrated into composite new competitive value propositions, and services and evolve gradually, guided by customer requirements and market demand.

 

 

 

 

Innovation means freedom and straight-through processing, without any lock-ins, and limits of overall importance are the flexibility and agility of the crypto architecture. Key lifecycle management must be automated and centralized, auditable, and to keep banks in control. 

Data and applications might need to change the hosting location, e.g., move from Cloud to a local data center or across different cloud platform providers. It would be undesirable for a cloud service vendor to have a stake in the bank's service strategy.

Read more about this in our series about integration points to the various applications and about key management related to MS Azure.

 

Download white paper

 

 

References and Further Reading