From Fintech Foundation to Future-Proof Compliance: Aera’s Operational Resilience and Agility with Ardoq's Digital Twin
- Cost-effective compliance processes and always-on security
- Clear vendor accountability to meet regulatory needs
- Faster, more reliable access to critical organizational information
What Drove Aera’s Early Adoption?
In the dynamic and heavily regulated world of fintech, building resilient and compliant payment solutions from the ground up is paramount. Aera, a Nordic innovator born from the vision of leading retailers, didn't just meet these challenges – they preempted them by embedding Ardoq at the very core of their operations across 2 territories.
Their vision was to offer a reliable alternative to traditional payment giants that would empower merchants to create great customer journeys.
Their early and comprehensive adoption of Ardoq meant that even as a relatively young and lean organization, they could achieve much more, much faster than if they relied on manual methods. It has become a critical part of their competitiveness and operational efficiency.
Aera's early adoption of Ardoq to build a digital twin was driven by several key factors:
- Early Encounters: Aera’s Head of Legal, Walter Salicath, first encountered Ardoq in a customer showcase in the mid-2010s. Like many legal and compliance professionals at the time, one of his key focus areas was preparing for GDPR compliance. As he worked through different attempts and approaches to mapping everything in a previous company, the Ardoq showcase left a lasting impression, promising to connect anything and everything.
- Clear Value in Compliance and Buy-In From Leadership: As a relatively young and small organization, Aera was open to experimentation with different tools and approaches. When Aera’s former chief architect introduced Ardoq, he expected skepticism but was instead greeted with enthusiasm. From his previous knowledge of what the platform could do, Walter saw immediately the value of Ardoq in managing their data tracking, GDPR, and vendors. The results impressed internal stakeholders.
How Ardoq Gave Them A Faster, More Reliable Way to Meet Regulatory Hurdles
Aera is unique in being one of the few organizations that started so early on the platform that they were “born with Ardoq”. This led to Ardoq being embedded into their organizational fabric from the beginning, easing efficiency and transparency.
Not Just For Architects, Close Collaboration with Legal and Security for More Comprensive Overviews
Engaging Aera’s CISO Vegard Fremstad and Head of Compliance Walter early on, made them strong users and advocates for Ardoq, particularly for ISO 27001 preparation.
Aera has mapped their entire business, business services, applications, requirements, the entire ISO27001 Control catalogue, management system, and capabilities in Ardoq. They use Ardoq to efficiently monitor and manage GDPR compliance reports, prepare for ISO audits, and are now working on developing the processes needed for assessing DORA compliance.
"As CISO for a licensed payment institution, both for the ability to perform my job effectively and to demonstrate this to externals, Ardoq is a key asset."
- Vegard Fremstad, CISO at Aera
Using Ardoq means a higher level of data quality and reliability than manual methods. With Ardoq’s flexibility and automation capabilities, they can structure and confidently report on critical information related to third-party vendors, a key requirement in their regulated industry.
Where DORA has come as an urgent, challenging priority for many organizations, Aera is confident and equipped to address it, thanks to their investment in Ardoq, knowing they can build on the infrastructure and information they already have in place.
"When preparing for DORA reporting, which requires a specific format for submission to the government, Ardoq is proving invaluable. While we're exploring the best way to extract the necessary data, Ardoq's ability to link our services to relevant vendors and their controls is making a tremendous difference. Without Ardoq, managing the complexity of vendor relationships and demonstrating compliance across our services would be very challenging and resource-intensive."
- Walter M. Salicath, Head of Legal at Aera
Low Barrier to New Use Cases
One of Aera’s goals is wider organizational adoption of Ardoq. They see Ardoq as an “enormous treasure of intelligence” that the business side could leverage. To this end, they are quick to try and test new use cases for the platform.
One recent example is their recent expansion to Belgium. With Ardoq, they are able to present usage and associated costs for IT services for their Belgian operations, which aids accounting under the different tax and VAT regulations there.
“Aera’s goal is to make resilient IT and payment services with high uptime. This means we can’t have many manual processes because they slow everything down. We had to find ways of automating things. Ardoq is the digital twin in the middle that makes it all make sense, our single source of truth on how the company is built.”
- Walter M. Salicath, Head of Legal at Aera
Key Outcomes With Ardoq: Enhanced Data Quality, Streamlined Compliance, and Cross-Organizational Transparency
The early and comprehensive adoption of Ardoq yielded significant benefits for Aera beyond just the IT organization.
Benefits for the IT, Legal, and Security Organization:
- Single Source of Truth: Ardoq is the central repository for all organizational relationships, providing a unified and reliable foundation for architectural insights.
- Faster Data Access and Increased Data Quality: Ardoq eliminates the need for manual data consolidation and costly manpower, significantly speeding up access to critical information.
- Streamlined Compliance Efforts: The ability to map requirements to services and capabilities simplifies their audit preparation and demonstrates a proactive approach to governance, especially critical to building trust with their customers as a financial services company.
“For ISO audits, we can present auditors with a clear 'map' in Ardoq showing how we've addressed their control requirements. This not only saves significant time during the audit but also earns us considerable trust by demonstrating our commitment to security frameworks.”
- Walter M. Salicath, Head of Legal at Aera
Benefits for the Rest of the Organization:
- Cost-Effective, Reliable Compliance Processes and Always-On Security: As a relatively small company of 70 employees without dedicated Enterprise Architects, full-time manpower dedicated to manual work that doesn’t bring greater value to the organization would be costly and inefficient. Without Ardoq, they would be beholden to manual data management methods and more rigid platforms that don’t provide the full organizational context necessary. This would inevitably lead to more dedicated manpower devoted to manual data updates, slowing their ability to execute and bringing the additional risk of errors and lower data quality.
- Demonstrated Commitment to Compliance: The CISO's positive experience presenting information from Ardoq to auditors, who can quickly navigate the Ardoq-based maps, builds trust and showcases the organization's seriousness about regulatory adherence.
- Clear Vendor Accountability: Service-specific vendor information within Ardoq provides transparency and facilitates better control over outsourced services, crucial for regulatory scrutiny.
- Potential for Self-Service Insights: The future goal of AI-powered querying aims to empower business users, including CEOs, to directly access strategic information without requiring deep platform knowledge.
Next Steps
As a regulated financial services company, Aera is keenly exploring the potential of AI to streamline the management of increasingly complex systems. They envision leveraging AI with Ardoq's existing capabilities to accelerate the mapping of related requirements across different compliance frameworks. For example, AI could identify commonalities between access management processes mandated by ISO, DORA, and financial licensing regulations, allowing Aera to develop unified solutions that satisfy multiple requirements simultaneously. This approach promises to significantly reduce reliance on costly legal expertise, accelerate development cycles, and enable Aera to handle large volumes of information with greater speed and efficiency.
They are also considering using ChatGPT in conjunction with Ardoq to help shape queries that would make it easier for key stakeholders, such as their CEO, to “ask” the Ardoq platform for the information needed, without any architectural or platform knowledge.
They also hope to grow their base of Ardoq users to get the full benefit of their data. Aera plans to trial Ardoq Discover to build viewpoints that cater to management and empower decision-makers within the organization.
About Aera
Aera Payment & Identification is a Nordic Fintech company that empowers leading businesses with robust payment and ID building blocks. Originally conceived as a joint venture between two of Norway’s largest grocery retail chains in 2016, they have grown to become a standalone organization that provides solutions that grant merchants greater control over their transactions and data across various channels – in-store, online, and digital wallets.
Aera works with each merchants’ own ecosystem, not claiming brand, customer nor data ownership. Aera aims to give businesses greater ownership and autonomy over payment processes and valuable data assets.
- Customer Stories Strategic Initiatives in the Recycling and Waste Industry Empowering Insights From SBB and ABB’s EA Journey with Ardoq
- On-Demand Webinars Cabinetworks From Vision to Reality: Stanley Black & Decker’s EA Revolution
- eBooks How to Make Enterprise Architecture Work for Your Business An EA's Guide To Building Business Relationships