“We bought ourselves a public cloud”

BNP Paribas follows the path of IT being under control. The bank chose IBM as a partner to build a dedicated cloud, while processing sensitive data within its own datacenters. Same desire for control in the field of cybersecurity, which remains supported by internal teams. At the same time, DSI has adjusted itself to develop the use of modern technologies, in particular artificial intelligence.

Interview with Bernard GavganiDSI Group of BNP Paribas

How are the activities of BNP Paribas divided? What are the current challenges in the sector and specific to you?

As a leading European bank, BNP Paribas has three operational divisions: Retail Banking, which brings together the group’s retail banking networks and several specialty businesses; Investment and Protection Services, which brings together specialized businesses that offer a wide range of savings, investment and protection solutions; and Corporate & Institutional Banking, which offers specialized financial solutions for corporate and institutional customers.

We are present in 68 countries with 193,000 employees, and in every territory where we are present, we work with local regulators.

What we see in the current context of the health crisis is confirmation of the important role of banks within society. In addition, we are currently witnessing an exponential growth of digital devices. That’s why we are faster in terms of innovation and offer new dematerialized services to our customers.

How is your IS and the IT Department organized around the world? What are the current developments?

Understanding and flexibility are among the watchdogs of our organization. We have at least 20,000 applications in production today! The development of information systems should be done according to the specific needs of our businesses. Each of them has its own CIO and the development teams are always attached to them.

As the IT manager of the BNP Paribas group, my role is specifically to ensure that our teams-which include 18,000 internal IT specialists and approximately 17,000 external-have a common vision and that the overall development of the system information will remain reasonable. .

Among our massive topics is the cloud, which transcends the IT dimension and represents a real business project. Nearly 8,000 employees of the group are already trained there.

You signed in in 2018 with IBM for its Cloud Financial Services offer. Isn’t this a contract that could disrupt the relationship of trust with your customers, especially because of the American Cloud Act?

If we look at the market from the point of view of tools, it is clear that our choice, which favors the private cloud, seems to contradict the positions of other players but, for all that, in accordance with the constraints of sector, controlled by which we operate.
From a technical point of view, BNP Paribas uses market technological standards, which guarantee homogeneity in our IT chains.
From the point of view of uses, it is first and foremost the sensitivity of the data that guides the choice of location of services.
Finally, the technologies implemented by this cloud are open source (Kubernetes, etc.) or market standard (VMware, etc.), giving us the latitude to open up to other suppliers as needed.

Now, BNP Paribas considers that some players, including IBM, are old enough to complete the group’s technological arsenal. While respecting security rules and regulatory aspects of the bank, our partnership with IBM in October 2018 allows us to use technological bricks from the public cloud in our private cloud. Our datacenters now benefit from the same speed of implementation as cloud operators and are potentially open to their services.

This partnership is not a break in the formation of our private cloud, but rather an evolution. Some of our applications are now installed here and we plan to move almost 40% of them to 2025. All new applications are also built directly in this cloud. For others, three criteria remain in the choice to be transferred: the portability, the need for elasticity and the cost.

What is your position on the sovereign cloud in general and on Gaia-X in particular?

BNP Paribas has just joined the board of directors of Gaia-X. This decision is entirely in line with our beliefs in the cloud, especially in terms of data management.
We must – and the details of the partnership with IBM illustrate this very well – maintain control, on the one hand, over the way in which our data is managed and, on the other hand, over the technology associated with it. For us, this is a strong belief and an important lever for controlling costs.

In general, we believe at the same time that the European cloud market should be controlled and moved, in the future, towards a pooling of several resources in the financial sector. Moreover, the BNP Paribas dedicated cloud is from a technological perspective to a public cloud. This means it is possible to share and pool part of the resources with other players, which includes re-invoicing, support for systems required by banking regulators, but also security.

What can you pool in terms of security? In general, what organization did you put in this area?

Some fraud can be carried out through bank transfers through “mule” accounts. Banks talk about this with each other, making it possible to fight these offenses better and do it quickly. We already share information and exchange with many of our peers on this topic, especially through CERTs (Computer emergency response teams). Internally, each CISO is attached to a DSI and we have 2,500 employees who specialize in cybersecurity. This organization and this strike force are part of the key elements that have enabled us to overcome the crisis.

As part of teleworking, we deployed the same workstation for all of our employees. The data is encrypted and the tools allow remote control with the security of our data.
Although we use suppliers, security remains an internal activity. For example, the SOC (Security operations center) is 100% internal and one of our teams specializes in APT (Advanced persistent threat). We are increasingly using modern technologies, including artificial intelligence, for fraud detection. We have an agreement with IBM Watson, IBM’s supercomputer that combines AI and big data. A requirement because of the amount of data to be processed, which is more complex and larger.

How did you organize yourself to improve the use of AI and, in general, to evolve?

We are a member of an expert American foundation, which allows us to work on the subject of AI with many experts. We also work with the world of academia: MIT in the United States, Polytech in France… As far as AI, one of our commitments to our customers is related to transparency and education. A dedicated team reporting to the CDO (Chief Data Officer) is responsible for monitoring the results following the production launch of any new algorithm and guaranteeing its transparency. In this area, we also invest in start-ups. Internally, an “IT marketplace” aggregates and displays the APIs and modules available.

Among the tracks and POCs conducted, the blockchain is of course the subject of particular attention. It should continue to facilitate, for example, the automation of transaction traceability. Also conducts POC on customer onboarding, another on Know Your Customer. To expedite these steps, a space is reserved for change this fall in our cloud. A dynamic change, but remains under control.

Interview with Patrick Brébion / Photos: Mélanie Robin

The journey of Bernard Gavgani

Chez BNP Paribas:
Depuis 2021 : Membre du comité exécutif du groupe BNP Paribas.
Depuis 2018 : directeur des systèmes d’information du groupe 
2009 – 2018 : Responsable informatique et opérations de CIB
2003 – 2009 : Directeur général des Dérivés Actions 
2000 – 2003 : Secrétaire général de BNP Paribas Arbitrage


> HEC - Paris
> Sloan School of Management - MIT (Massachusetts)

Leave a Comment