Our client is the biggest card scheme in the world, servicing 15,900 financial institutions, over 46 million merchants and $11 trillion total volume. Innovation in such an organisation needs to have incredibly low risk.
Our client had a need to safely innovate and test new solutions to better service a growing and moving market. Even though they are clear leaders in their field, they recognised the need to keep innovation top of mind in order to stay relevant.
Innovation within a financial services company is difficult due to regulations, security, legal, compliance and technical constraints. This difficulty is increased when the company is a multi-hundred billion dollar company in an industry where reputation is everything. The innovation centre was new and the client was in the process of migrating to a new system of processes.
With these considerations in mind, we were tasked with the delivery of an innovation pipeline enabling safe and secure piloting capability and delivery. Our client wanted the capability to safely test new products and ideas from incubation all the way through to production. The final goal was to have a delivery mechanism that brought the innovation time down to under three months, and have a pilot being used in production.
Our client initially had no piloting capability, infrastructure or known processes for delivering pilots into any production environment. We initially established what a good development and deployment would look like and had these approved by security.
During the roll-out of our solution, which was based on a public cloud, the directive came down to not use any public tools. As we had used codified infrastructure, we used the same code and tooling to deploy to the private cloud. We moved all tools and resources into the client environment in accordance with the new directive.
For ease of testing, development and deployment we used Docker and started moving towards Kubernetes/OpenShift. We used Ansible for server provisioning, maintenance and auditing. We implemented various tools in to the CI/CD process to assist with required controls, such as BlackDuck and SonarQube.
We worked across the organisation in four different time zones, established key contact points, documented procedures, and kept a record of all knowledge accumulated along the way. In addition, we detailed estimated timelines for each phase of a pilot, what could be done in parallel and what actions were dependant on previous items being completed.
Security considerations were detailed for every aspect of the project: design, architecture, development, testing, infrastructure, delivery, operation and decommission.
Once the process had been established and relevant tooling put in place, the pilot pipeline was operational. Through this we successfully delivered three pilots in to production. Two of the three pilots had external partners who we engaged with, and both of those had strong commercial possibilities which are currently actively being explored. These were the first pilots ever to be delivered from the innovation operational centres.
Additionally, and perhaps more valuably, the client now had a known process for delivery of pilots in the future. The timeline was reduced to between two and three months per pilot - unheard of in the tightly regulated environment the client faced. The process itself covered all aspects, including technical, legal, governance and security.
The client was left with three pilots in production and a known process for delivering pilots. The innovation ambitions of the client could now be fulfilled, ensuring they would be able to meet their mandate of continual growth and testing, ensuring their place as market leaders moving forward. The ability to safely innovate for an organisation of the size and importance of our client is a key competitive advantage.
Note: technically, two pilots were delivered. The third was ready to be put into production but legal issues with the partner stopped us from flipping the switch. This is a bit nuanced to add here, but open to how to word this.