EP970: Why Banks Are Rethinking Tech, Trust and Partnerships

Show Notes

Raj Jathar, SVP Sales Engineering, Azentio 

In an era of geopolitical volatility, cyber risk, and regulatory pressure, Puja Sharma speaks with Raj Jathar, SVP Sales Engineering at Azentio, on redefining tech resilience through strategic partnerships, domain expertise, and modernisation that balances compliance, continuity, and customer trust.

Transcript

SPEAKER_01 0:02

I'm the gentleman of IVS Intelligence, and you're listening to the IVS IV Us podcast. With me is Raj Akar, SVP Sales Engineering Essential. Welcome to the podcast, Raj.

SPEAKER_00 0:14

Thank you for having me.

SPEAKER_01 0:16

In today's environment of geopolitical volatility, cyber risk, and rising regulatory pressure, what does tech resilience really mean for financial institutions?

SPEAKER_00 0:26

I come from a world of observability and cybersecurity, where it was all about performance and uptime. You know, you're talking about latencies and things like that. It was also about identifying and preventing intrusions. But all none of that matters if the system is down. Business continuity practices have existed for eons, but every once in a while there's a precipitating event that serves as a wake-up call to countries and to companies to re-examine and rethink resilience. At its core, and I know core is an overloaded term, especially in the financial sector. So maybe at its heart, it's about the ability to continue serving customers, right? But not just serving customers, all the while meeting regulatory obligations and protecting trust during disruption, right? And that, you know, kind of the it's almost like a trinity of continuity, of compliance, and of trust, right? These are the three very important pillars, I think, that are really the underpinning of the industry. So, you know, there's been a little bit of a shift. So, for example, the Hong Kong Monetary Authority, they expect banks to no longer be in the build phase of resilience. They're pushing banks and financial institutions, resilience as BAU, business as usual, right? So governance is not something that's a one-off, it's it's a continuous process. So, how do you know if you're resilient? There are a couple of things that are involved. One of them is mapping, um, right? Mapping all of your interconnects and your dependencies for your critical operations. Because, and especially in a microservices world, in a distributed world, um, there are a lot of services that you get from third parties. So, understanding all of those interconnects, understanding your dependencies is very critical for your operations and for that continuity. Um, the other one is testing scenarios, uh, right. I mentioned BCP business continuity practices. So conducting rigorous testing or severe but yet plausible scenarios to identify and remediate vulnerabilities. Now, one might argue um how plausible was the scenario that we find ourselves in currently. Um, I'm not sure anybody would have dreamt of something like this in their BCP, but but regardless, here we are, right? Even if we may not have have dreamt of this exact scenario, dreaming up something like this or something close to it would really help you in how you react to it, right? And um, speaking of reacting to it, um tolerance levels, right? How much can you tolerate disruptions? So banks and financial institutions must demonstrate that they can deliver critical operations within their defined disruption tolerance units and tolerance limits, right? So all of these things are important to resilience, and countries are are rolling out more and more governance that is more resilience aware and more resilience mandating. Uh, I mentioned the HKMA uh in Singapore, the monetary uh authority there, they have mandated that um they've opened up a consultation to look at all third-party dependencies. So companies need to understand what those dependencies are in order to attain operational resilience. All that said, you know, I think that that in general the sector still looks pretty good. Um, you know, the uh CDUAE, uh the board, um, central board, they confirm the sector's strength. Um, in fact, they they have a pretty healthy trillion plus um AED in foreign exchange. And um, you know, they've got about over 5 trillion. Um, is this comprehensive financial institution resilience package? So it's about reinforcing the governance and regulations and and standards for all activities outsourced or or or otherwise. So so yeah, it's it's it's becoming more and more important, and and the situation we find ourselves in is definitely going to test folks' resilience. And the ones who have already thought of these things are the ones who are either going to survive or thrive.

SPEAKER_01 4:57

Raj, what role do long-term technology partnerships play in institutions, building operational resilience? And how does domain expertise help them to achieve sustainable growth?

SPEAKER_00 5:09

What would we be looking for in these solutions and these companies, uh, right, that you want to, the solutions that you buy, the vendors who provide those solutions. What you're looking for uh really is behavior under pressure, understanding not just how a solution but a company reacts to abnormal traffic uh volumes, abnormal traffic patterns. And you can only do that if you have the BCP that I alluded to earlier, right? If if resilience is not an afterthought, if you're building a solution, if you're building a company with resilience in in mind, um then you're constantly testing for how your solutions react and behave under abnormal traffic patterns and volumes, right? Um I'm I alluded to dependencies, understanding those dependencies and what third-party solutions and what providers you have and you depend on. And this can be as low-level and as basic as your infrastructure as a service uh provider, right? Like AWS. So not only will these companies um continuously stress test the technology and understand how far it can be pushed, but they will plan for eventualities and have very robust fallback processes. If this happens, then what do I do? If this doesn't happen, then what do I do? What's plan B? If plan B is not feasible, what's plan C all the way through to plan Z, Z, whatever you want to call it, right? Um so to some extent, you almost need to have a partner, a vendor who knows your business better than you do, uh, you know, to some extent, to have sustainable growth. Um, and again, you know, their countries are are mandating this more and more, what they expect from the solutions, what they expect from the providers.

SPEAKER_01 7:00

With disruption moving quickly across markets, infrastructure, and financial system, what separates a strategic relationship from transactional one?

SPEAKER_00 7:08

It's important to look for a vendor who you have a strategic relationship with. And so is really a partner more than just a vendor who sells you something and then walks away, right? I talked about all of the things to look for in a vendor from a product, from a solution, from a domain expertise, from a relationship standpoint, it needs to be a partnership. Um, right. So at all times, under all circumstances, you know, again, uh catastrophic circumstances to some extent, a strategic partner works with you, um, you know, and not just for you. They're with you um along the journey every step of the way. Um, they're managing and helping you manage today's pressure, tomorrow's direction. So understanding the futures, understanding where things are headed, as well as how do you deal with things right now, both seen, uh foreseen, and unforeseen. Um, right. So I talked about picking a solution from a vendor who's been in the business for some time. Um, that's important because a vendor who's been in the business for some time, who has experience, um, right, whether it's several years, several decades of experience, whether it's across several versions of the solution, um, you're right, you want somebody who's who's seen something, so who has experience, uh, right, who's been through some of these things. And so, you know, it's not just about having influence over the shape of the solution to come, but also bringing some of that domain expertise to the table. You mentioned infrastructure, I mentioned something as basic as IAS, right? And AWS. You look at, and it's not just AWS, right? You look at it's multiple hyperscalers. Oracle has been affected in the region, right? You had drone strikes where they are damaging AWS data centers in the region, um, right? They it caused power loss and fire damage and service outages. So, you know, people look at it and say that, oh, the service is down. Meanwhile, it's really the infrastructure itself is down. So, what hope does the service have of running if it doesn't have any infrastructure to run on? Right, you know, experts have been highlighting um cloud infrastructure is still physically vulnerable in conflict zones. Now, we may not have necessarily looked at the region as a conflict zone or something even adjacent to a conflict zone. But again, here we are, right? And if I might give just a small example, um, you know, I'm gonna talk in in generalities, but but if you indulge me in just this one specific example, a Zensho, um, in the current um in the current crisis, they immediately, we immediately swung into action uh and migrated the requisite workloads to more suitable regions to mitigate the effect on customers. So it helps to have a solution that isn't crippled by small changes in operating parameters and that has been built with resilience in in mind.

SPEAKER_01 10:09

Last but not the least, how technology modernization supports compliance, continuity, and customer trust without adding new complexity.

SPEAKER_00 10:18

Okay. So this is finally uh we're gonna talk about things that aren't necessarily um something that regulators are pounding down your doors for, um, right? So we talked about how regulators want resilience and and they want operators to be more tolerant to uh contingencies and things like that and be more prepared for volatility. Modernization has nothing to do with that, uh, right? It's not directly related to that, it's indirectly related to that. Modernization is a buzzword, it means a lot of different things to a lot of different people. But I think one thing that um we should understand about modernization is that it's not necessarily about complexity. Um, right, and and and in fact, it's it's the opposite. It's about reducing complexity. Um, it's about creating and and giving control back to our customers, right? When our customers have any needs, and we talked about having a partner whom you could influence their roadmap, influence the direction of their solution based on your needs and your requirements and where your business is growing. Um, right. So modernization is creating and giving more control back to your customers. Um, right. And it's not just about delivering transformation and being microservices and a fully meshed, distributed environment that's containerized, you know, et cetera, et cetera, and all of the wonderful things that people um like to talk about. It's about giving control back to your customers. And it's about simplifying operations, um, right? Empowering your clients to make informed decisions, providing them with more data, with more metadata, taking processes that were um inordinately long, inordinately repetitive, very manual, very error-prone, taking those lengthy processes and reducing them, building connected systems, right? Having integrations with other systems to enrich the data that you worked on, to make more informed decisions, to be able to do your own analysis, to be able to create your own reports and dashboards and being able to visualize your data in a way that you want them to, right? Uh, we've come a long way from the systems of your, the systems of all, right, in BFSI. Um so technology modernization, if I could talk about it in technology terms for just a moment, it's a strategic shift from your mainframe legacy, COBOL-based systems, right, to very agile cloud-native architectures. But it's not modernization for the sake of modernization. If you cannot deliver on those things that I talked about, then it's almost not worth doing it anyway. Um, I mentioned the Trinity in my first point. I'm gonna I'm gonna come back to it again. Um, that evolution furthers the trinity of compliance, continuity, and trust because you're replacing outdated manual processes with automated, secure, resilient digital foundation. Talking about, I said, you know, we're not gonna talk about the regulators, but um I I'm I'm I'm gonna backtrack on that a little bit. Um, it's not really necessarily a mandate, but it's more kind of the direction that we're headed in, where people are some folks are calling it reg tech or reg tech for technology that has regulation and compliance um that is built in and not as an afterthought. So modernization allows BFSI firms to move from uh reacting to compliance and reacting to governance to have it be continuous, something also alluded to uh earlier, right? So compliance through that embedded governance is important. Continuity is important through talked about containerized, fully meshed, distributed, highly redundant, highly available, cloud native resilience. Um, and then the last point about trust through um transparency, through security, data protection, a seamless user experience, avoiding complexity, making anything and everything and all the data that a user has easily available and accessible to them. Or doing all of this without creating a labyrinth of new systems. Um, you know, if you follow these principles, then you modernize in a meaningful way that will deliver impactful results to your end customers.

SPEAKER_01 14:56

Thank you so much, Raj, for that insight.

SPEAKER_00 14:59

My pleasure.

SPEAKER_01 15:01

Raj Athar, SVP Sales Engineering is Venture.