Banks, Ecosystems & Service Innovation - Aligning the Crypto Architecture around MS Azure and Dynamics

by Ulrich Scholten (guest) & Stefan Hansen on 09. July 2020

This article explores the concept of financial service platforms and aligns resulting business (process) goals with the necessary crypto architecture. We have a particular look at the integration of MS Dynamics and MS Azure, as it is a rapidly growing service extension platform for many banks.

Banks are opening for an ecosystem strategy

The traditional banking sector has become more hostile in recent years. Challengers like Visa, Mastercard, American Express, PayPal, FIS, Fiserv, Discover, First Data, Global Payments, FLEETCOR are attacking the banks in the payments segment and rival them in market capitalization [1]. Banks are, therefore, in the process of redefining themselves as platforms for innovative financial services through ecosystem strategies. 

The business concept of an ecosystem is characterized by a process of collaborative value generation and innovation. An ecosystem is not a mechanical system of delegating and receiving suppliers, but rather an organic process, where value optimization is driven by a continuous and emergent process of self-organization of the participants (ecosystem players). Looking at the banking world in a macroscopic view, we can consider all the Fintechs as the financial ecosystem. Banks can build platforms and compose composite services through a concatenation of microservices. Standards on APIs or mutual data models facilitate such processes.

Stronger banks can actively influence the Fintech ecosystem, e.g. through sharing API protocols  and SDKs. Strong software providers with a presence (of critical mass) in banks can also serve as a harmonizer through the provision of Infrastructure Services, Execution Environments or Programming Environments. Taking it to the extreme, a banking platform can become a two-sided market with Fintechs on the one side, and the banking customers on the other side. The bank is the orchestrator of values (including its own homegrown value proposition, also referred to as base value). The emergence of the value creating process is stimulated by cross-sided network effects between Fintechs and Consumers

The majority of the respondents in a 2020 McKinsey study among financial institutions are targeting platform innovation to secure their competitiveness and revenues. Firstly, there are the ecosystems of FinTechs that provide additional services and sources of income. There are also the services that support banking automation and data analysis. Thirdly, there are infrastructure services in the cloud, allowing the use of computing or storage infrastructure in an elastic way, with costs directly proportional to the services used. Altogether, they provide the building blocks allowing to offer additional individual or composite services and to accelerate the bank’s speed of innovation.

Acquisition costs

The inclusion of Fintechs through a connected ecosystem allows banks to reduce customer acquisition costs as distribution channels are made available instantly in a digital way; with new customers provided by the Fintechs and new services, which can be offered to existing banking customers as well.

McKinsey sees a potential of 10%-20% reduction of customer-acquisition costs through an ecosystem strategy.

Data Access

Many analysts say that banks are in fact in the data business - data is crucial. The better the data on the customer’s risk portfolio and preferences, the better, more suitable and protected the service design can be. 

Data is a source of income  when providing data related services like portfolio-management or saving plans.

Customer relationship and engagement

New services allow for more touch-points with the customer, a more customer-centric service offering and simply a better presence in the customer’s day-to-day life. If designed properly, this will improve the customer relationship and customer retention.

Improved competitiveness and market value

The traditional banking sector is under threat. Customers are in search of customer experience and value propositions with the best fit (including terms and conditions). Switching costs from one bank to the other are low. Consequently, an agile bank that can respond faster to customer demand will lead the race. A new, future-oriented setup will be rewarded by the stock markets, and thus support the bank’s capitalization.

The role of (crypto-) security

CSG Achieving Real-World Crypto-AgilitySecurity is key to the design of an open, dynamic and growth-oriented ecosystem.

Security is the underlying precondition of all banking operations. We speak of protecting funds from theft and misrouting, but also of privacy protection. Both are under increased risk of fraud. A banking-grade crypto design is fundamental and prerequisite to all other steps.

In other words, if the bank invests into an inadequate cryptographic infrastructure that doesn’t allow for agility, the whole ecosystem strategy is deemed to fail.

3 complementary axes of ecosystem-enabling (crypto-) architecture

PSD2 - enabled innovation through opening the banking-APIs

Download white paperThe European Union forces banks within the Single European Market to open their APIs to third party service providers.

The transactions require strong authentication and compliance to the Payment Service Directive PSD2 as well as the eIDAS regulation. A modern and eIDAS compliant architecture is required for this. If properly chosen, it opens the doors for more automation and process streamlining (like remote onboarding and creation of accounts as well as digital signing of contracts with an eIDAS and KYC compliant digital identity profile). 

PSD2 opens standardized access for financial service providers to the banking infrastructure. A proper orchestration of external services with home grown value propositions allows the banks to continuously innovate and expand the offerings.

Open Innovation around the Microsoft Dynamics Platform

Traditionally, in legacy banking architecture, mainframe architectures played (and still plays) an important role handling the transactions with ATM machines. The growing versatility of the banking and payment services is leading to an ongoing replacement of this legacy IT.

More service oriented providers are entering the market, headed by Microsoft, with 16% market share in license, maintenance and subscription based revenues (followed by FIS Global, Fiserv, SAP and Oracle). Microsoft also has been showing strong growth over the last years (>14% annually) with its banking oriented MS Dynamics Suite.

Microsoft imposed minimal switching costs, being already present in many banks with Office 365 applications. So instead of requiring disruptive procedural change, Microsoft had the possibility to gradually increase its presence with more apps, deployed with released standard policies and as a registered vendor in the legal and purchasing departments.


Also being one of the top 3 cloud service providers (see next section) supported Microsoft’s success story.

Read White Paper

Using the MS Dynamics platform allows a bank to make use of many external applications (analyzing latent potential, seizing opportunities, predicting future behavior or proactively recommending services on user profiles), integrated in the MS Dynamics Ecosystem.

For vendor independence and highest data security, a Bring Your Own Key and Manage Your Own Key strategy is vital, managed from the secure location of the bank’s inhouse data center with banking-grade key life cycle management systems and Hardware Security Modules.

Read more on “Manage Your Own Key strategies (MYOK). All applications are deployed on Microsoft’s Azure. Encryption in management in the MS Azure Key Vault. 

Cloud-based Innovation using Microsoft Azure

We already addressed the gradual entrance of MS Azure into the banking world. With only little legal, purchase or structural barriers, banks can spread to the MS Azure Cloud to deploy services there (either independently or jointly with service providers or other banks in a coopetitive scenario).

Specific green-field services can be deployed and offered here. 

Also in this context, MYOK is a key liberty that should not be traded off.

Connecting them all 

The services on the MS Azure Cloud can be interwoven with services and data of in-house provenance, from external sources through the PSD2 API or from MS Dynamics and the integrated ecosystem partners.

Services and data can be integrated into composite new competitive value propositions, services and evolve gradually, guided by customer requirements and market demand.

HubSpot Video

Innovation means freedom and straight-through processing, without any lock-ins and limits

Of overall importance is the flexibility and agility of the crypto architecture. Key lifecycle management needs to be automated and central, to be auditable and to keep banks in control. 

Data and applications might need to change the hosting location, e.g., move from Cloud to local data-center or across different cloud platform providers. It would be undesirable with a cloud service vendor having a stake in the bank's service strategy.

Read more about this in our series about integration points to the various applications and about key management related to MS Azure.

Download white paper

References and Further Reading

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.