Raghunath Seshadri

The New Product Architecture Order in Financial Services

Thesis

Financial Services is entering a new architectural order. The winners of the next decade will not be defined simply by being cloud-native, API-led, or AI-enabled. They will be defined by something more demanding: the ability to be modular, interoperable, portable, governed, and regionally adaptable in a world shaped simultaneously by AI intensity, regulatory scrutiny, geopolitical fragmentation, and sovereign ambition.

McKinsey’s recent work on sovereign AI makes the broader point clearly: control is shifting from a narrow infrastructure issue to a full-stack strategic concern spanning compute, data, models, platforms, and applications. That shift has direct consequences for how financial products must be designed, deployed, and governed.

For more than a decade, the architecture narrative in financial services sounded almost settled. Legacy monoliths were too slow, too expensive to change, and too tightly coupled to support modern digital ambition. Cloud-native design promised speed, elasticity, composability, and easier integration. Hyperscaler-backed ecosystems became the logical destination for institutions modernising platforms, data estates, and digital channels. That phase was real. It created value. It moved the industry forward. But it is no longer enough.

Strong digital foundations still matter. Cloud, data, and cybersecurity remain essential. The market is not moving beyond foundations. It is moving beyond the assumption that foundations alone are sufficient, even as leaders continue to confront technical debt, talent gaps, and scaling challenges.

A harder reality is now asserting itself. AI is increasing the strategic importance of compute, data quality, and model governance. Regulators and boards are asking tougher questions about accountability, operational dependence, resilience, and control. Growth markets across the GCC, Southeast Asia, and smaller non-EU European and adjacent regional markets, including the Balkans, are no longer willing to import architecture assumptions built for larger, more homogeneous markets. They want modern capability, yes โ€” but also greater locality, reversibility, and strategic fit. Deloitte argues that the shift toward technology sovereignty will likely accelerate in 2026, while PwC’s GCC outlook places resilience at the centre of the regional agenda and highlights AI deployment and strategic control as defining themes.

That is why the old debate โ€” on-premises versus cloud โ€” is losing explanatory power. The real question is no longer where a platform runs. The real question is whether it can operate credibly across different regulatory environments, risk postures, infrastructure realities, and institutional expectations without losing coherence, control, or speed.

The End of the Old Binary

The first era of financial technology architecture was defined by vertically integrated, on-premise systems. They often offered control and stability, but they were rigid. Change was slow. Releases were heavy. Integration was painful. Product evolution was constrained by tightly coupled design and long dependency chains.

The second era brought cloud-native thinking into the mainstream. Microservices, APIs, distributed infrastructure, event-driven patterns, and continuous delivery changed the design vocabulary of financial platforms. For good reason. These patterns made it possible to build faster, integrate more easily, and scale with far greater flexibility than legacy estates allowed. Across the market, firms are still relying on foundational modernisation even as they push into AI and other emerging technologies.

But the cloud-native era also introduced its own simplifications. In too many institutions, cloud-native gradually became shorthand for architectural maturity, and hyperscaler alignment began to look less like a choice and more like an assumed destination. That brought speed and scale, but it also introduced new forms of dependence: opaque cost curves, concentrated operating models, and control assumptions that do not always travel well across jurisdictions. Deloitte’s sovereignty outlook is explicit on this point: sovereignty is no longer peripheral. It is becoming a mainstream design condition across cloud, AI, and digital infrastructure. This is the inflection point. The cloud-native era solved many of yesterday’s problems. It did not solve for everything that matters now.

Why the Architecture Model Is Shifting: Five Forces

Five forces are driving the shift. They are not equal in weight. The first two โ€” AI intensity and governance โ€” are reshaping the others.

1. AI Intensity

AI is not just another workload. It amplifies the importance of data quality, compute access, infrastructure economics, security posture, and model governance in ways that break assumptions built into most existing financial platform architectures.

Consider what AI-at-scale actually requires. Large language model inference workloads are difficult to shard cleanly across jurisdictions โ€” yet many financial institutions face regulatory requirements that mandate exactly that kind of data residency and processing locality. Model governance for AI decisioning in credit, fraud, or trading requires lineage tooling โ€” the ability to trace why a model produced a specific output โ€” that most current financial platforms simply do not have. Real-time AI decisioning introduces hard latency-versus-compliance trade-offs that cannot be resolved by conventional distributed systems design. And energy and compute economics, often taken as given, become strategic variables once AI workloads run continuously at scale.

McKinsey’s framing is especially useful here because it refuses to treat AI as a narrow application layer. It describes sovereign AI as an ecosystem challenge spanning energy, compute, data, models, platforms, and applications. Once that is true, architecture stops being a hosting conversation and becomes a control conversation.

2. Sovereignty and Control

Sovereignty is often reduced to a simplistic discussion about local hosting. That is too shallow. The real issue is who controls the environment โ€” under what legal and operational conditions, with what degree of dependency, transparency, and recourse. The question is not merely whether data sits within a border. It is whether the institution retains meaningful agency over the platform processing that data, the models producing outputs from it, and the infrastructure supporting both.

When consultants and platform providers alike begin using the same language โ€” sovereignty, locality, governance, deployment choice โ€” it is usually a sign that the market has already moved ahead of the debate.

3. Resilience and Concentration Risk

Where sovereignty is about who controls an environment, concentration risk is about what happens when a single node fails. These are related but distinct concerns. Standardisation created efficiency, but it also created common points of dependency. Boards are more alert now to the possibility that legal, geopolitical, or supply-side changes can quickly turn architectural convenience into strategic vulnerability. A platform built on a single hyperscaler’s infrastructure, optimised for normal operating conditions, may discover that its resilience assumptions were built for a world that no longer exists. Recent sovereignty guidance is pushing organisations toward greater visibility across cloud, software, and managed-services dependencies for exactly this reason.

4. Regional Divergence

Architecture decisions can no longer be made as if all markets are marching toward the same endpoint. They are not. The GCC is moving toward stronger localisation logic, sovereign capacity, and resilience-led digital investment. Southeast Asia is expanding rapidly through a more federated model shaped by interoperability, digital trade, and cross-border integration. Europe is turning sovereignty into procurement and governance criteria. These are not cosmetic differences. They shape what a credible product must be able to support.

5. Executive Realism About Reversibility

Mature buyers no longer ask only whether a platform can scale. They ask whether it can be ring-fenced, redeployed, exited, or relocated if economics, risk assumptions, or regulatory conditions change. This is one of the clearest signs of market maturity. Portability has moved from an architectural nice-to-have to a board-level expectation. The broader sovereign-cloud push from major providers reflects that shift.

What the New Architecture Order Looks Like

The new product architecture order in financial services is not a rejection of cloud, and it is certainly not nostalgia for monoliths. It is a move toward a more mature design logic organised around five principles โ€” with governance elevated as the hardest and most consequential.

Modular

Capabilities should be assembled and evolved without forcing the entire platform into lockstep change. But the bar is now higher than modular applications alone. Modularity has to extend into data services, control layers, deployment profiles, and ecosystem connectivity. The underlying lesson is clear: architecture can no longer be framed as a simplistic build-versus-buy binary. It has to support the intelligent combination of internal strengths and external capabilities.

Interoperable

Financial platforms no longer sit in isolation. They exist inside broader ecosystems of market data, custody, accounting, analytics, compliance, digital assets, and regulatory reporting. Interoperability is no longer technical hygiene. It is a commercial and institutional necessity. ASEAN’s digital agenda and related interoperability initiatives make that clear in Southeast Asia’s context.

Portable

Portability does not mean lazy ‘run anywhere’ marketing language. It means a credible path across public cloud, sovereign cloud, private environments, partner-operated environments, or client-controlled estates without losing integrity or coherence. The signal from the technology giants is unmissable: the market now wants choices that preserve modern capability while improving control, locality, and deployment optionality.

Governed by Design โ€” The Hardest Principle

Of the five principles, this is the one that financial institutions most consistently get wrong. Governance is treated as an overlay โ€” a set of controls bolted onto a platform once the architecture is already set. That approach fails.

Governance by design means that entitlements, data lineage, auditability, policy enforcement, resilience controls, and accountability structures are embedded into the architecture from the outset, not retrofitted. It means that policy must travel with data โ€” not just sit in a central control plane that loses authority the moment data crosses a jurisdiction. It means that model outputs in AI-driven decisioning carry auditable provenance, not just results. And it means that access, change, and exit rights are legible at the architectural level, not dependent on contractual provisions that are difficult to enforce in practice.

This matters more than any other principle because it is the foundation on which all the others depend. A modular, interoperable, portable platform that cannot be audited or governed is not an asset. It is a liability.

Regionally Adaptable

This may be the least glamorous and the most important design principle of all. A product architecture that works elegantly in a large integrated market can fail in the GCC if it cannot support sovereign deployment expectations. A model designed for one national cloud can prove too rigid in Southeast Asia, where cross-border integration and uneven infrastructure maturity coexist. A large-region architecture can also misread the needs of smaller non-EU European and adjacent regional markets, where legal defensibility and targeted control matter as much as scale.

The next generation of financial products must be engineered not just for scale, but for fit.

Composability Under Constraint: The Defining Concept

The architectural future of financial services will not belong to one triumphant model. Not hyperscaler-only. Not sovereign-only. Not private-cloud revivalism. And certainly not a romantic return to legacy control.

It will belong to platforms designed around what might be called composability under constraint: the capacity to combine standardised capabilities, ecosystem integrations, and AI services across multiple infrastructure environments โ€” while remaining subject to real and binding constraints around sovereignty, regulation, risk tolerance, and jurisdictional fit.

This is not the same as ‘run anywhere’ flexibility. Composability under constraint is harder and more specific. It requires that each layer of the architecture โ€” control plane, data services, application logic, AI decisioning, ecosystem connectivity โ€” can be assembled, governed, and relocated without losing coherence or compliance posture. It requires that the choices made about deployment, dependency, and exit remain legible to the institution making them. And it requires that the architecture can survive and perform across several infrastructure realities simultaneously โ€” not by diluting its capabilities, but by making its design assumptions explicit and portable.

This concept should sit at the centre of how product leaders evaluate and build the next generation of financial platforms. The question is not whether a platform is cloud-native or AI-powered. The question is whether it is composable under the specific constraints of the markets it is designed to serve.

What the Major Firms and Technology Providers Are Really Signalling

Behind the branding from the major consulting and technology firms, the message is converging on a single point: the market is no longer rewarding architecture that is merely modern. It is beginning to reward architecture that is governable, portable, and jurisdictionally credible.

McKinsey argues that sovereignty is no longer just a public-sector or hosting issue โ€” it is becoming a full-stack strategic question tied to AI, compute, data, and national capability. Deloitte signals that technology sovereignty will accelerate in 2026 and beyond, requiring stronger control across cloud, software, connectivity, and supply chains. PwC’s GCC view highlights resilience and strategic control as organising priorities for the region, not secondary concerns. KPMG’s financial-services research returns repeatedly to the same foundation: firms cannot unlock durable value from AI and emerging technologies unless cloud, data, cybersecurity, and governance are already sound.

The technology giants are following the same signal. They are no longer selling only scale, speed, and innovation. They are increasingly selling control, locality, governance, and deployment choice. That shift in positioning confirms that sovereignty and deployability are no longer fringe demands. They are becoming mainstream buying criteria.

Taken together, these signals point to one conclusion: architecture maturity โ€” not technology adoption โ€” is becoming the defining competitive differentiator.

Why This Matters So Much in the GCC

The GCC is one of the clearest laboratories for the new architectural order. It is not simply adopting the cloud. It is shaping its own architecture expectations around resilience, sovereign capacity, AI deployment, and trusted digital infrastructure. PwC’s 2026 GCC outlook frames resilience as the organising priority and identifies AI deployment and critical-capability building as central themes.

That matters directly to financial services. In the GCC, architecture is not merely a technology preference. It is tied to sovereign confidence, operational trust, data defensibility, and the strategic ability to build institutions that do not outsource critical control by default.

The region’s posture is not anti-cloud and not anti-partnership. It is selective. It wants modern capability โ€” but on terms that increasingly respect local control, national priorities, and regulatory comfort. Products that cannot adapt to that posture will continue to sound modern while feeling misaligned.

The architecture failure mode here is instructive. A platform designed for EU-scale deployment โ€” with governance logic centralised in a single control plane, data residency assumptions built for homogeneous regulatory environments, and exit provisions that assume stable geopolitical conditions โ€” does not simply underperform in the GCC. It creates institutional friction: a persistent mismatch between what the platform can do and what the institution needs to demonstrate to regulators, boards, and sovereign stakeholders. That friction compounds over time. It is not resolved by adding a local data centre. It requires rethinking the design assumptions at their root.

Why Southeast Asia Points to the Same Conclusion โ€” Differently

Southeast Asia reaches the new architectural order from a different starting point, but the destination is the same. ASEAN guidance highlights rapid digital-infrastructure expansion and a regional digital economy expected to exceed $1 trillion by 2030. That scale is real, and the growth trajectory is well-supported. But it comes with a structural complexity that the raw numbers obscure.

Southeast Asia’s digital agenda is built around cross-border integration, interoperable systems, and increasingly harmonised rules โ€” not around the kind of unified regulatory and infrastructure environment that characterised cloud adoption in Western markets. This means product architecture for Southeast Asia cannot be designed around isolation or self-contained national stacks. It must support federated growth across multiple jurisdictions with varying infrastructure maturity, evolving digital-economy obligations, and regulatory frameworks that are still being shaped in real time.

The practical implication is demanding. A financial platform that excels within one national environment but cannot interoperate cleanly with adjacent markets, participate in cross-border payment or settlement infrastructure, or adapt its governance posture to different regulatory requirements will find its addressable market structurally limited. Interoperability, in this context, is not a technical feature. It is a commercial precondition. The architecture failure mode in Southeast Asia is thus the mirror image of the GCC failure mode. In the GCC, the risk is over-centralisation: a platform that cannot adapt to sovereign and local control requirements. In Southeast Asia, the risk is over-isolation: a platform that cannot connect and interoperate across the federated ecosystem that defines the region’s growth logic

Smaller European and Adjacent Regional Markets: The Precision Problem

Smaller non-EU European and adjacent regional markets โ€” including the Balkans โ€” reinforce the argument from yet another angle. These markets often do not justify giant bespoke national stacks, but they still require legal defensibility, local trust, and smarter management of dependency. They are not simply scaled-down versions of larger European markets. They have distinct regulatory profiles, sovereignty concerns, and institutional expectations that large-region architectures frequently fail to accommodate.

Europe’s broader sovereignty push shows how quickly abstract concerns become operational criteria and procurement discipline. For smaller markets in and around Europe, the lesson is particularly sharp: architecture that is designed for scale without precision becomes a poor fit for markets where precision is the primary requirement.

In all three regions โ€” GCC, Southeast Asia, and smaller European markets โ€” the conclusion is the same. A credible financial product can no longer assume that one deployment pattern, one control model, or one geopolitical comfort zone will be enough.

What This Means for Financial Institutions and Product Leaders

Financial institutions need to stop evaluating products through the old scorecard of functionality, user experience, and cloud posture alone. Those still matter, but they are no longer sufficient.

The harder questions now are architectural. Can the platform be deployed in more than one credible model? Can governance and control travel with it โ€” not just reside in a distant control plane? Can data, policy, and entitlements be managed with jurisdictional precision? Can the product interoperate without becoming brittle? Can it adapt to different regulatory and operational realities without fragmenting into disconnected versions?

For product leaders and vendors, the implication is sharper still. The next generation of winning financial platforms will not be those that merely claim to be SaaS, AI-powered, or cloud-native. They will be those that are architected for composability under constraint: standardised enough to scale, flexible enough to fit, governed enough to earn trust, and modular enough to evolve. That is the new bar.

The Shape of the Future

Some institutions will continue to run significant workloads in hyperscaler environments because scale, ecosystem access, and speed still matter. Others will ring-fence sensitive workloads into sovereign or client-controlled environments because data defensibility, regulatory comfort, and national policy matter just as much. Many will operate across both realities at once.

That means the future architecture of financial services will not be defined by purity. It will be defined by composability under constraint. Core control disciplines โ€” policy, entitlements, auditability, lineage, orchestration, and deployment governance โ€” will matter as much as application features. Data and AI services will need to operate across more than one infrastructure logic. Interoperability will become a precondition for growth. And portability will become one of the clearest tests of architectural seriousness.

This will reshape buying behaviour. Institutions will ask tougher questions of vendors โ€” not only what the product does, but how it can be deployed, how dependency is managed, how control travels, how exit is handled, and how the architecture adapts across jurisdictions without splintering. Architecture will move out of the basement. It will become a boardroom issue.

The strongest platforms will be neither the most centralised nor the most localised in any ideological sense. They will be those that can combine standardisation with optionality, scale with fit, and innovation with defensibility.

Cloud changed the game.

AI is changing the stakes.

But the next winners in financial services will be decided by something harder than technology adoption alone.

They will be decided by architectural maturity.

Appendix: Reference Sources

The following sources informed the analysis in this article. Readers are encouraged to consult original materials for full context.

  1. McKinsey & Company โ€” “Sovereign AI: Building ecosystems for strategic resilience and impact” (2024). Available at mckinsey.com.
  2. McKinsey & Company โ€” “What is sovereign AI?” (2024). Available at mckinsey.com.
  3. Deloitte โ€” “A new era of self-reliance: Navigating technology sovereignty” (2025/2026). Available at deloitte.com.
  4. PwC Middle East โ€” “Five GCC economic themes to watch in 2026” (2025). Available at pwc.com/m1.
  5. KPMG โ€” “Global Tech Report 2026: Financial Services” (2025). Available at kpmg.com.
  6. ASEAN โ€” Digital infrastructure and digital economy materials relevant to interoperability and cross-border digital integration. Available at asean.org.

Raghunath Seshadri

One response to “The New Product Architecture Order in Financial Services”

  1. Raghunath Seshadri Avatar
    Raghunath Seshadri

    A large part of this shift is becoming visible in the GCC and adjacent markets, where control, deployment flexibility, and jurisdictional fit are no longer side considerations. They are becoming core design requirements.

    Reply

Leave a Reply to Raghunath Seshadri Cancel reply

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by