1. 1

2. XINJABANKLTD2019
2
Xinja Bank:
AWS Journey
Greg Steel - CIO
AWS Taiwan October 2019

3. XINJABANKLTD2019
3
Xinja is an independent,
100% digital ‘neobank’.
Designed for mobile.
Made for people.

4. XINJABANKLTD2019
4
1. No dickheads… However good they may be. No dress code, but sometimes you need
to look smart :-). No power trips because of a hierarchy. Intellect, customer
experience and implementation is all that matters.
2. Everything is in the cloud.
3. We use real-time data to evaluate our business and we reward staff on a quarterly
basis with an entirely discretionary profit share. No one gets a share of the profit if
our investors aren’t making money and our customers aren’t happy.
4. We are here to make money, that’s why we exist, and we don’t screw people over to
do it. We don’t lie to our clients in person or in marketing. We don’t engage in
immoral lending; if our grandmother would think it was wrong, then it is. We aim to
make lots of money ethically and we are proud of it.
5. No one is entitled to work at Xinja. It is a huge honour to represent people’s hopes of
a new bank and we earn that honour every day.
Xinja’s 10 Golden Rules

5. XINJABANKLTD2019
5
6. We look after our people bloody well. We stand by them if they are in genuine need.
7. We are truthful and direct with each other. Everyone says what they think in a
robust, challenging, edgy environment. That means we won’t be the right place for
everyone to work, and that’s ok.
8. We only hire people better than us. We never, ever settle because we need a body.
We do psychometric testing to get the best people, every time.
9. About half our team, executive and board will be female, if they aren’t we aren’t
recruiting the best people. We actively seek all types of diversity combined with
brilliance.
10. If you discriminate against someone because of who they love/sleep with, you’re a
dickhead… Please see rule 1.
Xinja’s 10 Golden Rules

6. XINJABANKLTD2019
6
Xinja approach

7. XINJABANKLTD2019
7
Principle: Xinja is building a new bank to help
customers do better
Fact: Cloud is the answer for modernisation,
security, agility & cost
Xinja unleashes the power of our technology
suppliers like AWS

8. XINJABANKLTD2019
8
Xinja Overview
● Composed from many
world-class, modern, cloud-
based services
● Xinja Services layer is an
event-based microservices
architecture that provides
integration between all
services, and is where we
innovate
● Xinja Data layer is where we
aggregate all data and
deploy a range of data
pipelines
8

9. XINJABANKLTD2019
9
Why Cloud?
● Cost! Try building a new Bank in a Datacentre! The people-costs alone would be
devastating. Time factors would be unworkable.
● Skillsets. Traditional build requires Infrastructure Architects, Network Architects, Security
Architects, engineers, contracts, many suppliers, etc. At Xinja this was all done by one
architect, 2 devops staff, and help from key suppliers
● Agility. We did not know what the end-state would look like, we built our infrastructure,
networks and security through trial and error (and loads of testing). You simply cannot
do this with traditional infrastructure
● Automation. On the Cloud everything can be automated. Automation collateral is
managed like source code, it captures design, configuration and knowledge. We
automate everything!

10. XINJABANKLTD2019
10
Why AWS?
At Xinja we prioritised Speed-to-market, Security and Quality. We chose to embrace AWS,
taking full advantage of sophisticated services that provide:
● Great outcomes
especially when services are used the way they are designed to be used - AWS Best
Practices are Gold
● Strong Information Security
Xinja has been able to satisfy the Australian Regulator’s latest Cyber Security standard
CPS-234
We have also deployed a fully PCI-compliant solution using low-cost serverless
infrastructure
● Agility, Scalability and Robustness
Allowed us to meet unknown challenges

11. XINJABANKLTD2019
11
AWS Services that Xinja uses

12. XINJABANKLTD2019
12
AWS Services Used
● VPCs, Subnets, Security Groups, NACLs, Peering. We also overlay our AWS network
with Aviatrix Gateways for VPN and enhanced Peering
● EC2 and DynamoDB to build Kubernetes and Kafka clusters plus utility services.
Moving to Confluent (hosted Kafka) and EKS.
● Data Pipelines used to provide backup/recovery for Kafka and DynamoDB
● S3 and EC2 for SFTP Gateway, moving to Transfer
● Direct Connect to a Virtual Router service in Equinix to give us connectivity to the world
● Workspaces for our Virtual Desktop Infrastructure
● S3, Glue, Athena, QuickSight for Datalake, ETL, Data warehouse and BI. Experimenting
with Machine Learning
● Trusted Adviser, Config, CloudWatch, etc to provide monitoring information

13. XINJABANKLTD2019
13
Xinja’s innovation and business
differentiation supported by AWS

14. XINJABANKLTD2019
14
Innovation Goals
● Event-driven microservices banking architecture
○ Kafka clusters built scalable on EC2 supporting Event Sourcing pattern
○ EKS providing simple, robust, scalable container deployment
○ DynamoDB, a NoSQL DBaaS providing resilience, backup/recovery
● Artificial Intelligence to help customers
○ Data services built with EKS and DynamoDB provide highly available data to
support AI platforms
○ Machine Learning used to understand customers and support insights
○ Support Gamification of customer engagement to help customers do better
○ Support chat-based interaction using bots and humans

15. XINJABANKLTD2019
15
Innovation Goals
● Agile Data Pipelines
○ Xinja logs every raw Event to S3 Datalake. AWS Glue is used to transform data into
consumable form for reporting and analytics
○ Athena and Redshift used for Data Warehouse
○ Automated deployment tools (Cloud Formations and Terraform) used to rapidly
modify and evolve Data Pipelines
○ Glacier used to offload Datalake for long-term storage of events
○ Rapid deployment of Dashboards and Analytics via QuickSight

16. XINJABANKLTD2019
16
Information Security, Assurance
and Compliance

17. XINJABANKLTD2019
17
Banking Regulation is a large,
demanding landscape of
Standards, Guidance and
Legislation
Xinja develops comprehensive
Policies, Procedures and
Guidelines, overseen by strong
Governance
Cyber-Security Controls are
implemented to protect
Customers and Xinja
BankingStandardsandGuidance
Legislation
Xinja Policies,
Procedures and
Guidelines
Controls

18. XINJABANKLTD2019
18
Security and Assurance
● Standards
○ The Australian Prudential Regulation Authority (APRA) is an independent statutory
authority that supervises institutions across banking, insurance and
superannuation. APRA have established standards for Risk, Outsourcing, Business
Continuity and Information Security, along with detailed guidance
○ Australian Privacy Act 1988
○ Payment Card Industry Data Security Standard
● Cyber Security Strategy
○ Xinja uses a NIST-based framework to define target maturity across a wide range of
Information Security control domains
○ Key control domains for which Xinja relies on AWS service support and integration
include Network Security, Host Protection, Data Loss Protection, IAM, Operations
and Security Monitoring

19. XINJABANKLTD2019
19
How AWS supports Xinja’s Security Strategy
● AWS Shared Responsibility Model provides comprehensive Assurance for all relevant
security standards across AWS Services
● AWS Assurance program provides evidence of the design and effectiveness of controls
baked in to AWS services
● AWS Best Practices and SOC Reports on AWS Artifact provide guidance for customer
usage of services to provide optimum outcomes
● AWS Trusted Adviser continually monitors best practice alignment
● AWS Config custom rules validate services are used properly
● Xinja conduct regular reviews against the AWS Well-Architected Framework, engages
AWS partners such as Itoc

20. XINJABANKLTD2019
20
Questions