We are pleased to announce that Innovasjon Norge has awarded Kosli an innovation grant of 3.4 million NOK to pursue a R&D project with DNB and Firi. In this blog we’ll give you an overview of the problems we’ll be working on and the solutions we intend to build together. First, a word on our innovation partners, who we are delighted to be working with on this project.
DNB is Norway’s largest financial group. They are also our earliest supporters and we’re pleased to enter into a new innovation partnership with them. Kosli’s initial proof of concept (POC) was completed in DNB’s Nxt accelerator program in collaboration with DNB Technology and Service Engineering Performance.
Together, we were able to demonstrate that Kosli could help DNB achieve full observability across their software development and production environments while streamlining conventional change management processes. We were also able to show that this could be done through a developer first approach to recording and connecting data in a searchable way. We hope our next phase of R&D produces more exciting breakthroughs.
Firi was founded in 2017 and is the Nordic region’s largest cryptocurrency exchange. Its aim is to make it easier for people living in the Nordics to buy and sell cryptocurrencies like Bitcoin and Ethereum. In 2019 Firi was registered with Finanstilsynet as a service provider for exchanging and storing virtual currency in Norway. They have over 130,000 Norwegian users and a team of 60 people.
Firi has been a Kosli customer since 2020 and over the last 2 years we have worked together to implement Kosli in Firi’s day to day operations. Using Kosli enables Firi’s DevOps teams to work quickly and securely with compliance automation. We have also worked closely with Firi’s technical leadership to identify high value features that we will develop in our upcoming innovation partnership.
Delivering software under regulation
Why do organizations like DNB and Firi need a software tool like Kosli? What problem does it solve for them? Why does our collaboration deserve funding from Innovasjon Norge? To answer those questions it’s useful to understand the extra demands that are placed on business in regulated industries.
Regulated organizations, like fintechs, get their license to operate from the government. To protect consumers, and the wider economy, it’s really important that these types or organizations manage risk appropriately. Governments use regulatory bodies, like IKT Forskrift here in Norway, to ensure that they do. IT security is one of the areas where fintechs are expected to manage risk responsibly.
The problem Kosli is solving with DNB and Firi
Financial organizations like DNB and Firi are legally obliged to keep comprehensive records of the changes made to their IT systems. Fintechs must be able to prove that they have a process for developing software with adequate risk controls and that these processes are being followed.
This used to be relatively simple. Not so long ago a bank might make a handful of software changes once every six months, maybe even once a year. But today’s software teams are capable of making hundreds of changes every day. And that’s a problem when you need to keep track of every single change. Pen and paper record keeping and meetings to approve changes doesn’t work when changes are happening every few minutes.
So, regulated organizations need a new way of managing change in the way they deliver their software. And that’s where Kosli comes in.
How the Kosli platform solves the problem
To be compliant with regulation, fintechs need to be able to answer three big questions. They need to know what software they have running in production, how it was made, and if it was made in compliance with their defined process.
Kosli gives them the ability to answer these questions based on the following
Record - A provable record of how operations environments actually change is stored in Kosli. Even manual changes and unauthorized workloads are detected immediately.
Connect - What’s happening in the environments is connected with the world of development. Software artifacts are fingerprinted and evidence is attached to them as they are tested, scanned, and deployed to production.
Search - Thanks to Record and Connect users now have a provable record of what software is running and how it was made. Specific changes can be pinpointed quickly and audits can be generated automatically from the evidence already gathered.
With Kosli all of the manual change processes and guesswork is removed from change management. The software delivery process is made compliant by design without any increase in lead times.
That’s the high level view of compliance in finance. Let’s look at the broad objectives we’ve set out together with our partners.
The innovation objectives we want to achieve
What will our collaboration look like? We have set out several key areas where we will look to deliver innovation and value for our customers.
First of all, we want to create better developer tooling. We will work to give developers at Firi and DNB new client tools to help them understand the increasingly complex nature of their systems from the command line.
We also want to facilitate highly secure processes and audits. We’ll develop an append only system of record that will be the basis for provable audit trails. And we’ll work to make the data easily searchable and exportable.
Developer velocity is an increasingly important measure of success, so we’ll also look to build performance insights into our technology. We’ll seek to make the 4 key DORA metrics accessible to all stakeholders via Kosli.
We’re incredibly excited about working with DNB and Firi to achieve these outcomes over the next two years. Our innovation partners in this space represent both tradition and modernity in Norwegian finance. We look forward to finding the common use cases that will deliver value to fintechs of all types and sizes. Watch this space for updates!