Financial institutions are famous for their conservative approach in multiple areas, technology being no exception. Many of them are still running mainframe solutions built a long time ago. But together with times, the banks are changing too: at KubeConEU mBank, a polish bank showed how it managed to marry Cloud Native and Cloud Agnotisc principles to also satisfy the EU regulation in the field.

Even more than other sectors, the European financial sector is a highly regulated field, relying on the strict sayings of various organizations like EBA (The European Banking Authority), EIOPA (The European Insurance and Occupational Pensions Authority) or ESMA (The European Securities and Markets Authority). Extracting the gist of their recommendations, they focus on five key areas:

• Data and systems security
• Location and processing of data
• RIsk assessment 
• Access and audit rights
• Exit strategies from cloud outsourcing arrangement without business operation disruption

While cloud native technologies provide the means through which the organizations could build and run scalable, resilient applications in the cloud, cloud agnostic is focused on independence of the application from the underlying type of cloud or cloud provider allowing it to be moved between clouds or even run on multiple clouds at the same time. So, their intersection point would allow the businesses to deliver robust, scalable systems that also satisfy regulations.

Starting from the cloud native reference architecture, you can see that following the clear guidelines will allow you to also deliver the need of remaining agnostic. So thinking at the microservice level, you must ensure that small teams build autonomous services in the boundaries of the domain context, allowing them to be developed and deployed independently. The composition of multiple microservices allows the formation of a more resilient application. A strong emphasis needs to be made on the self containing the data layer in the microservice as well. 

Infrastructure as Code provides the mechanisms through which you can obtain the abstraction level needed to keep yourself independent from the cloud you will ultimately use for deployment purposes. By using products following the guidelines of the Cloud Native Computing Foundation, you will ensure that your services remain agnostic and could provide the right mechanism to be able to build an appropriate exit strategy. As you can see in the following diagram, there are multiple options in each of the needed categories.

Even though it seems that the financial mammoths are still far away from the benefits of modern cloud native software, they are taking steps towards the cloud while still keeping the regulation in mind. Starting from a cloud center of excellence, mBank created a cross-discipline team that drives cultural change to open source adoption for building cloud native skills. In order to ensure that it is possible to meet the regulations, clear standards are created and promoted, always keeping the "automate first strategy" in mind.