Banking

Migrating a banking database is one of the highest-risk operations in financial technology. A failed migration can lock customers out of their accounts, corrupt transaction data, or trigger regulatory violations. The database is the system of record — everything else is derived from it. We have migrated banking databases with over 100 million rows and 99.99% uptime requirements. The key is not the migration tool — it is the migration strategy. Every schema change must be backward-compatible, reversible, and testable in production without impacting customers. ...

The perimeter is dead. Banking networks used to be castle-and-moat: a hardened perimeter with everything inside trusted. Once you were inside the network, you could access anything. This model fails because modern banking infrastructure spans cloud providers, data centres, and SaaS platforms. There is no single perimeter to defend. Zero trust replaces the perimeter with identity. Every request is authenticated, authorised, and encrypted — regardless of where it originates. For banking, zero trust is not just a security improvement. It is a regulatory requirement. The OCC, FFIEC, and European Banking Authority all recommend or mandate zero trust principles for critical banking infrastructure. ...

Banks have more engineers than ever, but those engineers spend more time on infrastructure than on features. A developer at a typical bank waits days for infrastructure provisioning, weeks for security approvals, and months for compliance reviews. Platform engineering is the discipline of converting that wait time into self-service. For banks, platform engineering has an additional constraint: regulatory compliance. Every infrastructure decision must satisfy audit requirements. An internal developer platform that makes engineers productive while maintaining compliance is the difference between scaling engineering velocity and drowning in operational overhead. ...

Banks have been using machine learning models for years — credit scoring, fraud detection, anti-money laundering. But generative AI changed the conversation. Regulators who were comfortable with traditional ML models are not comfortable with large language models that cannot explain their decisions. AI governance is the bridge between innovation and compliance. Without it, banks either ban AI (losing competitive advantage) or deploy AI uncontrolled (risking regulatory action). With it, banks can deploy AI in production while satisfying regulators that the models are fair, explainable, and auditable. ...

ChatGPT launched in November 2022 and reached 100 million users in two months. By January 2023, every bank in the world was asking the same question: “How do we use this?” The question was not whether generative AI would impact financial services — it was how quickly banks could move from experimentation to production while managing the risks. We helped three financial institutions deploy generative AI in production within 12 months of ChatGPT’s launch. The technology was the easy part. The governance, risk management, and regulatory compliance were the hard parts. Here is what we learned. ...

By mid-2022, most banks had completed Kubernetes proof-of-concept deployments. The question was no longer “can we run Kubernetes?” but “how do we run Kubernetes in production while satisfying regulators?” The gap between POC and production is where most Kubernetes deployments fail — not because of technical limitations, but because of operational and compliance gaps. We have deployed production Kubernetes clusters at tier-one banks that satisfy regulatory audit requirements. The architecture is fundamentally different from Kubernetes at a SaaS startup. Here is what production Kubernetes looks like in a regulated environment. ...