Branching out: How data streaming technology can help banks reach an international audience

Fintech startup Orwell Group aims to cut the cost and risk for banks looking to expand into new territories

There are some big changes rolling through the financial sector right now as a result of changes in regulations such as the revised EU Payment Services Directive (PSD2) begin to bite.

PSD2 aims to increase competition in the payments industry, enable the creation of new types of payment services, enhance fraud protection and security, and keep up with technology as it advances. It specifies that banks must open up details of consenting customer accounts so that third parties can use that data to create new services.

Technology-wise the changes are being enabled by the use of APIs to allow controlled access to account data by providers of mobile payment apps, analytics services and even rival banks. Banks will no longer hold a monopoly on current accounts.

But it's not all one-way traffic. Banks are trusted by customers to look after their finances which puts them at an advantage compared with the newcomers, and there are pluses to be had from the API economy for the incumbents too, one of which is the ability to expand their geographical reach in a low-cost, low-risk way. A number of fintech startups have emerged to help them do just that. One of these is London-based Orwell Group, a payment services provider (PSP) that's building a white label service that banks can use to expand internationally, reaching new customers without having to increase their physical footprint.

"The cost of initial setup and the cost of operation are really important if a new solution is to be adopted," chief architect Jose Luis Caldeira (pictured, right) told Computing. "To overcome the initial shock to a bank of introducing a new way of doing things it has to be ten times cheaper. You need a very low cost of setup and a different model of operation."

Inevitably there is a large number of legislative hoops to jump through when introducing new banking services. Orwell Group has achieved certification with Faster Payments and has completed an audit with UK watchdog the FCA. It has also received go-aheads from the Bank of England and from various regulatory authorities in France, Spain and Italy.

The technical requirements are no less stringent. Data transfers must be secure, fast, flexible and compliant. Bespoke services also need to be quick to prototype and deploy so that a bank can try the service and make changes before going ahead. In development terms, this points to Agile and DevOps, and core to operational agility is streaming technology.

"We don't use any databases operationally," said head of engineering Gian Marco Cabiato (pictured, left), of the company's payment service.

"We don't store any account information in a database. It's streamed and we store the ledger itself in Kafka. When we don't have anything more to do with the data we store it in a Hadoop datalake."

The use of data streaming is very important, Caldeira explained, because it allows for extremely rapid processing times.

"If you are holding state in a database you can only change that state maybe 200 times a second. In our case, it's been tested at about 300,000 times a second, which is a corporate scenario. Let's say you're paying thousands of salaries. We can do that in a few seconds whereas a typical bank batch job would be five or six hours or most likely overnight."

Streaming also makes monitoring and interacting with transactions much more proactive he added. "Rather than waiting for a batch to complete we can monitor everything in real-time."

Not everything is done through streaming though. The company also uses MariaDB and Scylla to hold reference data for more traditional transaction types. "We want to keep all our options open," said Cabiato.

Security-wise, Orwell's system relies on the inbuilt capabilities of the Hortonworks HDF and HDW Hadoop ecosystem including Apache Metron. Data is stored on HDFS is encrypted by default, and all traffic between nodes is protected using SSL. Access to data is granted on a fine-grained basis. The core system is fully GDPR compliant, according to the company.

For monitoring the streams Orwell uses Apache Prometheus and particularly Streaming Analytics Manager (SAM). The company is experimenting with introducing machine learning capabilities to automate some operations using Tensorflow deployed in containers.

While it has yet to sign its first customer, Caldeira said the company is in discussions with a number of "tier one and tier two banks" including "the world's local bank" and organisations in France, Italy and Spain. Orwell Group is not the only startup operating in this space. There's also Solarisbank, Atom Bank, Kantox and others. It remains to be seen how many payment service providers the market will ultimately support and how regulations like PDS2, which despite its introduction this year has still not been fully adopted by most banks in Europe, will affect the future of banking.