Neon has been one of the most talked about Brazilian startups and is still, albeit for the wrong reasons.
Offering a suite of 100% digital banking services to individuals and businesses, it raised a Series A funding round of $22 million this month and initially earned the trust of international backers.
The new investment and ambitious future plans were announced and then, a day later, the fintech had to deal with the news that its banking partner Banco Pottencial (later renamed Banco Neon) had been liquidated by the Brazilian central bank due to a breach in regulations.
Neon Pagamentos, the fintech, which used the infrastructure of Banco Neon to process checking accounts was then forbidden from signing up new customers while existing customers faced instability or interruption of various services.
The startup had to find a new partner as many of its 600.000 clients rushed to withdraw their cash and lost confidence in the business. Three days later, Neon announced a new deal with Banco Votorantim, the seventh largest bank in Brazil.
Who said the world of banking is slow moving?
The on-premise issue
According to Neon's chief technology officer (CTO) Julio Dário, despite the fact that the startup developed its own core banking system, its entire set-up was hosted at the datacenters of the banking partner. He says:
The whole platform with the functionality supporting the digital bank account, credit, transfers, payments and so on was developed in house. But when we talk about infrastructure dependencies, the solution was hosted at Banco Neon, we relied on their physical infrastructure to be able to operate as part of our operational agreement.
According to Dário, there were two key reasons why such an agreement was necessary: the banking partner already had an infrastructure that was a good fit for Neon, based on the same technologies that the fintech had used to develop its core system. He adds:
Additionally, there was no clear regulation from the Brazilian central bank that allows the use of any public cloud for core banking systems.
Dário points out that Neon got to the point of evaluating some public cloud options, but the executive argues that since there was no regulation around cloud at the time these decisions were being made, the startup decided to avoid that path.
But the executive argues that cloud hosting wouldn't have avoided the issues the company has faced. That is because Neon needs a banking partner since only institutions authorized by the Brazilian Central Bank can do custody and settlements. He adds:
Regardless of where the platform was hosted, we would have had to make alterations to partner with any other bank.
Once Neon heard of the news that its banking partner had gone bust, priorities needed to be set around which areas to tackle. The first was the definition of all the dependency points. This, says Dário, was key when discussing a deal with a new banking partner:
We needed to update our infrastructure map to get a clear view so as to define the parallel routes for the migration. Thinking of which services needed to be re-established first was key, even if it was in a fragmented fashion. We did that on a functionality basis, much in the same way we started launching that on the market.
Examples of technical aspects that had to be considered as the fintech dealt with the collapse of its operations included the migration of the client base to the new partner, server mapping and the application endpoints required to bring each function back to life. Dário says:
Today our platform is based on micro-services, so the assessment was based on that model, considering things like what we needed to do to bring back the login, balance calculation and statement functionality, for example. We mapped the macro view and broke that down into boxes to get the overall picture.
Neon's new partner had technology implications as a top priority and according to Dário, the conversation about technical aspects with Banco Votorantim prior to signing the operational partnership lasted for hours:
[Votorantim] made an A-Z list of questions, from the technologies we used to develop things to the type of security arrangements we had in place. How was the sign-up process, the integration details on the back-end - this was needed also so they could design the infrastructure required to host our platform.
So far, three weeks after the liquidation of its previous partner, Neon says it has brought back all the personal bank account services apart from its credit card service. The business functionality is still being established, but Dário believes the service will be back in a matter of days.
According to Dário, despite the troubles the fintech has faced, the robustness of Neon's new partner could be seen as part of the argument to convince the current and possible future clients that the company is trustworthy. He points out:
The partnership with Votorantim gives much more computational power to support our operation. Previously, our partner had a relatively robust server, but with a few limitations.
The validity of cloud hosting is also something that appears to have been revisited since Neon was faced with these recent problems. Dário adds:
At Votorantim, we have our own cloud, with much more resources if we need to. This scalability generated a lot more possibilities for us.
According to the CTO, it wasn't possible to anticipate the kind of situation that Neon has gone through happening from a technology standpoint:
It is hard to predict something of this magnitude. From the technology standpoint, we were always focused on technology, not the legal aspects of the operation.
However, there were technology lessons learned from the episode which could have avoided some of the problems and tension that the company had to deal with. Dário says:
We developed our technology in a monolithic fashion and later started to break that down. In retrospect, perhaps I would have developed it all thinking of micro-services, precisely to facilitate that portability.
There are many things that Neon still needs to agree with Votorantim regarding the future technology strategy, Dário says, but the executive is upbeat about the opportunities ahead:
They have a lot of in-house DevOps capabilities that we might be able to take advantage of, for example. There are many other things they have that could be a good fit for what we want to do as a business. But our focus is on getting all operations back up as soon as possible.
Limiting the scope of a fintech with regulations whereby some aspects are performed by an incumbent is something designed by banking authorities in markets like Brazil as a way to protect customers. But Neon's case shows that such rules are meaningless if the financial health of said partner is compromised.
Local reports suggest that Neon's founder was aware of the legal problems that its partner was experiencing, but did not think this would be a reason for concern at the time. I wonder to what extent this could be interpreted as business recklessness or entrepreneurial boldness.
The company now survives on two pillars: its ability to handle the situation fast - in 72 hours it had a new partner, one of Brazil's largest banks - and a communications strategy that appealed to customers' sympathy for its predicament.
Regardless of the share of responsibility that Neon has in relation to its own problems, it shows that regulations can lead to potential disasters and that new fintechs need to be very careful in their due diligence with partners. And have a contingency plan in place for when something goes wrong from an operations and technology standpoint.
When the main objective is growth, contingency planning is often an afterthought. However, the Neon case shows the old adage that a chain is only as strong as its weakest link could apply to anyone in the financial world.
It remains an open question whether the Brazilian banking authorities will choose to revisit their regulatory framework in light of the Neon experience.