I just love hearing about the secrets of a trade, things that you can only learn from someone who has been perfecting their craft for decades.
However, as part of a software engineering team, I am trained to get up and running with a new domain as quickly as I can. Understanding client requirements as fast as humanly possible is part of our everyday life and there seems to be no time to search for hidden treasures. Still, there is just something magical when you talk to true artisans like a woodworker or luthier who just ooze confidence and knowledge about their craft and can continuously teach you new secrets about even the most fundamental things like how to use sandpaper.
Fintech has been a hot topic for Canecom for quite some time but about a year or so ago we decided that we really wanted to go all in, talk to as many experts as possible and learn as many “secrets” from the greats of the industry as we can so we started signing up to every fintech event we could from the smallest cafe meetups in Budapest to the largest fintech events around the world including Money 20/20 in Las Vegas and everything in between. Here is what we have found:
1. Frauds, frauds and AI frauds
Fintech just loves its 3 letter acronyms, KYC, AML, CIP, PCI DSS are all part of our everyday lingo by now but this is for a good reason, not only the growing number of financial frauds but also the ever-renewing types of financial frauds seem to create a never-ending game to protect our customers’ money from malicious attempts. There is a baseline, the legal requirements that you need to fulfill as a minimum if you want to enter the market and be in the game but I feel that the strongest worldwide trend right now is that the more proactive you can be with your tools and the more advanced your AML and fraud prevention tech stack is, the better chances you will have to find bank partners or even investors. Whenever we were talking to compliance specialists, they told us that the bar was raised and warned us about a more cautious general mood on the banking side. You need to prepare for more deep and nitpicky questions about security, transaction monitoring, and fraud prevention measures in your fintech offering and have to understand that this is what sponsor banks will check first. This is especially true when you are introducing a new feature for your customers that is just not yet an industry standard. A new method of identification or registration that is not a tried and true method is a big no no in the eyes of the compliance teams and you will need to have a really strong argument to push your idea through.
That is why modern tools like Sardine.ai or Unit21 offer an ultra-high level of customization and granularity, so depending on your (and your sponsor bank’s) risk appetite, you can dynamically change fraud triggers in your system or even monitor user behavior through mobile app SDKs. This can go from frequency, radius and location of transaction events to measuring the time spent on a login screen or how long it takes to enter a validation code sent via text message.
Also, the guys at ARGUS pointed out that screening and monitoring transactions within a single bank is usually the easier part, tracking money laundering or terrorist financing becomes much more tricky when you need to look into the relations of multiple accounts in multiple banks (that don’t really like to openly share their data) in multiple countries.
2. Legacy systems and legal mazes
Core banking systems are the dinosaurs of IT, there are still mission-critical functions like account opening or transaction processing that run on some old mainframe-based platform. These systems were written in COBOL, a programming language that was popular in the 1960s but it is still so embedded in banking systems that even in 2023 it is a struggle to leave it behind and Luxoft estimates that over 40% of banks still use it today. It is already a struggle to attract new talent for banking teams, being a developer in a traditional bank is probably not the hottest career path a committed tech guy dreams of but convincing a talented developer to learn a 60-year-old programming language just so he can rewrite the code in something more modern seems nearly impossible. In addition to that, such a migration not only needs a high level of proficiency in both tech stacks, it also means that code that has been running in production for decades and is being tested by millions of customers every single day since its original release needs to be hot-swapped live as the business can’t stop, services need to be live 0-24h and 7 days a week.
In the eyes of the banking IT leads, it is for example relatively easy to switch from separate native app developer teams to a unified team that uses the latest Flutter version when thinking about a new banking app but changing anything on the back office side potentially brings such high risks in downtime, non-compliance fines, or customer complaints that there is just not enough financial incentive to willingly roll the dice.
I thought that cloud had its hot moment like 8 years ago and my guess would have been that anything that could benefit from it is already migrated and hosted there for a long while by now. Well, after talking to the CTO at one of the largest Central European banks we had to realize that a more conservative bank is somewhere in the range of 8% in terms of the completeness of the planned migration of their services to the cloud. Naturally, a startup can save itself all this struggle and build everything on the latest and most trendy stack as they start from scratch and don’t need to deal with legacy code but there is one thing that even they can’t escape and that is legal requirements. As we learned, after cloud became widely available it took regulators quite a number of years to catch up and adapt and this still holds true. For example, using blockchain to create token-based investment platforms is technically possible but the regulators are 2 steps behind which just prevents such solutions from entering the market. This is even more true for the real king of hype, AI which immediately leads us to our next chapter.
3. Where is the place of AI?
Customer support is a must for any fintech company but it can be a wildly expensive hobby. With the overnight worldwide success of Chat GPT, it is almost self-evident to immediately start building AI-powered LLM-based chat services and make them do the heavy lifting in your customer service channels. This is such a true statement that every single company we talked to is experimenting with just that in one way or another and heck even we are working on our own (albeit slightly tweaked) implementation of the core idea. It is not fresh news however that fintech heavily utilizes ML and AI technologies, as I wrote in one of my earlier articles, credit scoring was probably one of the firsts using ML in public production and it was back in 1990 but it is one thing to run AI on a set of data and a completely different thing to be brave enough to let it speak to your customers without any human supervision. Hallucinations however are seemingly not the main concern of the industry as when you talk to Chat GPT you are basically interacting with the data that was used to train the model but you can actually separate that and have a dedicated database of information (like a library of your contracts, term..etc.) and use the AI engine to “read from that”. You can also specify the level of context match you require and essentially only allow 99%+ replies to go out with the added benefit of being able to provide replies on multiple languages.
I am definitely not trying to imply that LLM is the only path AI is finding its new ways in fintech, we just published an article about AI being used in fraud prevention tools for example but it was certainly the hottest topic during almost all of the events we attended recently. However, the question of build or buy is still open here, some players happily shelled out quite a significant sum of money on special hardware to train their own models to gain some advantage in their specific use case and some teams are more comfortable using existing building blocks. Generally speaking, Product owner, Architect and Data Scientist are the key roles that teams are not comfortable sourcing out but for example, testing is something that is somewhat of an industry standard to happily hand out to external partners.
I think there is no real overarching answer and certainly no good answer to what your company’s AI strategy should be just yet. There is one thing however that is for sure, building an environment that encourages experimentation is absolutely the way forward if you would like to stay in the game. Funnily enough, we heard from many people that technology is not a bottleneck, usually, the answers are already available in one form or another but having a company culture and mindset that can match the agility that is required on the software development side is where things fall short usually.
My personal note is that MLops, so scaling models into production and testing them back to back will be one of the most in-demand tech positions soon and as such, fintech teams should also start preparing for that. Whether you disagree with me or if you fully agree with me, please drop me a line and let me know as I am always curious to hear from you.
