97. The Challenges of Bespoke Solutions in a Regulated World

Greg Nokes, a Master Technical Architect with Heroku, interviews two members of Yobota, a banking systems provider: Ammar Akhtar, its CEO and co-founder, and James Maidment, the head of Technical Operations. The financial industry is heavily regulated. As it stands, it was only until about 2016 that the UK (where Yobota is based) gave favorable guidance for vendors to operate in the cloud. As a service provider, the banks that use Yobota are audited by the Financial Conduct Authority. As part of that audit, every single deployment performed over a year is examined. Regulators select a random set of them, and Yobota has to demonstrate that they know who was involved in the release, and precisely which services were affected. Thus, their entire shipping process is revolved around meeting this regulation goals. They're an integral part of the company, just as data security and uptime availability are. The platform is designed in such a way to both evolve quickly and quickly perform safe deployments that are observable. Unlike other startups, Yobota has decided to invest in a sysadmin team, in order to split the organization between people who develop features and people who manage their compliance. For example, as the company grows, they've found that active hands-on management of permissions has been a valuable investment. Different groups need access to staging environments versus production environments; and, with over 300 apps on multiple dynos, access to resources needs to be carefully configured. This is seemingly slow shipping process is advantageous for two reasons. First, meeting compliance is the law, and flirting around that has tremendous consequences. But second, and more importantly, Yobota also provides fake environments for their engineers to develop around. They're able to give developers the ability to experiment with their platform in a safe way; should they choose to advance a feature into a production environment, a different team is able to address what needs to be done to meet the needs of that regulated environment. James suggests to other companies working in these sorts of industries to consider compliance integral to the way their systems operates, and to think about concerns upfront, in advance of working on any feature. Links from this episode Yobota is a core banking platform that allows financial institutions to launch innovative products in a fast and reliable way