Why does the FISPAN Platform hold any Personally Identifiable Information (PII)?

Posted by Clayton Weir on March 19, 2020 9:00 am

At FISPAN, we are building a powerful bridge between a bank and the Enterprise Resource Planning (ERP)/Accounting Systems and Treasury Management Systems (TMS) that their clients use. We hold a limited amount of client data – all of which is compliant to the highest standards of operational and technological security practices. Historically, those practices have been vetted not only by independent auditors (under our SOC II and ISO 27002 programs), but also by a multitude of large global banks through a rigorous due diligence processes.


In order to appreciate how we keep this data secure, it is important to understand why our solution was designed this way, with this type of data traversing our domain. More specifically, we want to explain why this is the best way to create the client outcomes and experiences that we and the banks aim to provide.


Why does FISPAN need to hold client data?

Data is becoming an integral part of all organizations, large and small. At FISPAN, we hold client data for a number of reasons. Our mission is to connect your banking services with the business systems that your clients use in a seamless fashion. This doesn’t just happen through simple data connectivity, but uses powerful functionality that allows users to connect without having to switch context. Because FISPAN was designed with this in mind it’s also important to remind you of two of our fundamental principles.

1) FISPAN asserts no ownership rights over client or bank data.

2) Data shared by clients must be explicitly and discreetly permissioned for use and connected to a meaningful client value proposition.


There is no other scalable design.

We realize this design elicits additional scrutiny from bank security teams. If another method for delivering this service were available (it’s not), we would certainly utilize that in order to more easily contract with our bank partners. The reason for the difficulty involved in bridging the gap between banks and client’s business systems historically, is that these two systems have very different views of how their systems should connect, meaning that a point to point connection would become both shallow and brittle.


Having a platform that sits in the middle is the only way to deeply connect into both domains and provide the ability to direct traffic in both directions. Secondly, each ERP system and bank product will have a different cadence of releases over time and the power of being a centrally cloud-hosted platform allows FISPAN to deploy new releases weekly or more frequently, whereas a private deployment of a FISPAN-type solution would almost certainly trend towards a more legacy release cycle.


Operational Support and Visibility

Recent failed or problematic payments are proactively and securely brought to the attention of our support team in order to provide clients with seamless payment processing and support. Additionally, this failure and error data is anonymized and used on a wider scale to improve our product by informing our Product and Quality Assurance teams of recurring pain points for existing users. While troubleshooting with a client, support teams are also provided with deep context since we have a stateful view of transaction E2E. Without FISPAN in the middle, failed transactions hide in the shadows, whereas FISPAN’s event-based architecture can place human readable error messages where they are most helpful.


Service Load & Lapse Management

FISPAN supports banks by aggregating a variety of connections and standardizing data flows. Banking clients can elect to have payment and informational requests batched to be sent on an intermittent basis to reduce the load on their SFTP or API platforms.


In the event of a system outage, the FISPAN platform will store pending payment and informational requests and forward them when service is restored in order to provide a seamless experience for the bank’s corporate clients, reducing risk of lost or duplicated items.


Idempotency Management on Payment Instructions

Idempotency, in the context of RESTful APIs, is a concept that allows the receiving service engine to treat duplicate requests (whether it be two or five thousand) as a single request. In the context of payment requests, it is essential that FISPAN has an understanding of recent payments and post-payment interactions with ERP and banking objects in order for the system to reject or appropriately handle a duplicate payment.


“Closed Loop” Reconciliation

Reconciliation continues to be the largest pain point we hear from our corporate end users. Today, corporate accounting departments spend countless hours manually entering and tracking invoice payments. With the FISPAN plugin, a corporate accountant can submit a payment and trust that the plugin will not only manage the bill at the point of payment, but also reopen a bill if a payment fails. To enable this functionality, FISPAN brings banking data directly back into the client’s system of record and leverages this data to track and trace domestic payments today. Automating the reconciliation of the payables workflow is simply one step that FISPAN is taking to leverage banking and accounting data to automate accounting workflows.


Data And The Future of Banking

Stitching together contextual data from the ERP and transactional data from the bank, starts to create new perspectives into your clients that a bank has never had before. There are massive opportunities to deploy AI against these data sets to develop brand new offerings (realtime credit provisioning), new insights on cash management but also important triggers for your sales and servicing teams, such as noticing when a clients usage changes, or suggesting client products that peers with similar business models use automatically. If this kind of data is even available within a bank’s own walls today, it is in most cases not being exercised to create value for the clients and the bank. The data platform is a massive opportunity for innovation and allows us to build and maintain the best possible offering for your clients.


All of The Above = Client Satisfaction

The bottom line is that having FISPAN in the middle allows for the creation of a new and superior client experience. Not only are we able to automate the transmission of information, we can also provide a new layer of context, letting clients know exactly what happened to those transactions, and when one goes awry, exactly what they need to do to fix it. We believe that without providing this kind of visibility and two-way connectivity, it’s not automation that is being sold, rather, just a band aid solution for the file-based connectivity that we have used for years. Situated in the middle, FISPAN helps banks create a fundamentally new experience, and if you want to know how that translates into business outcomes, feel free to ask your account executive for a refresher.


One of the most common questions we get asked about our platform is some combination of “why hasn’t this problem been solved before?” or, “why is this solution different from those that have failed or underwhelmed in the past?”. In both cases the answer is simple. Bridging the gap between a bank and a client’s business system requires a powerful and intelligent platform in the middle to create context and manage transactions when they stray from the happy path. While we know this makes us a slightly harder vendor to onboard, it makes us a more powerful partner to you and collectively allows us to make a much larger impact on your clients’ businesses.