Arion Bank Strengthens Compliance With Volante Technologies' Payments as a Service
LONDON, May 15, 2025--(BUSINESS WIRE)--Volante Technologies, the global leader in Payments as a Service (PaaS), announced a strategic partnership with Iceland's leading financial institution, Arion Bank, to modernise and future-proof the bank's payments infrastructure, solidify its regulatory response, and prepare for an increase in transaction volume as part of its growth plan.
Arion Bank is one of Iceland's leading financial institutions and the third-largest bank in the country by assets. It offers a wide range of services in retail, corporate, and investment banking, providing smart and reliable financial solutions to individuals and businesses alike.
The bank sought to evolve its current payments hub by adopting a modern, API-driven, and scalable solution designed to support multi-rail processing and seamless integration with the emerging payments ecosystem. By partnering with Volante Technologies, Arion Bank will ensure compliance with the Digital Operational Resilience Act (DORA) and be prepared for the upcoming CBPR+ deadline of November 2025. The new platform will also enable readiness for SEPA Instant Payments (SEPA IP), expected to launch across the region in 2026/27, aligning with the bank's broader strategy for innovation and future-proofing its payments infrastructure.
"We needed a partner who could provide both the technology and guidance to help us navigate the complexities of evolving regulatory standards," said Björn Björnsson, CIO at Arion Bank. "Volante is a strong fit for our strategic objectives. As the partnership progresses, Arion Bank will explore additional ways to leverage Volante's innovative technology stack. The modular, component-based design of Volante's PaaS allows Arion Bank to implement and scale new products and services at their own pace, enabling agility to adapt to future market demands. Given Iceland's market size, this presents a significant competitive advantage."
"We are delighted to partner with Arion Bank, a leader in Iceland's banking sector," said Deepak Gupta, EVP Product, Engineering & Services at Volante Technologies. "From the beginning, it was evident that Arion Bank understood the value we deliver beyond our cloud payments technology. We will continue to serve the organisation as a trusted partner throughout its modernisation journey, ensuring the team can meet its strategic business goals, including strengthening its compliance response and preserving its ability to adapt to change quickly."
To learn more about Volante Technologies Payments as a Service, please visit [https://www.volantetech.com/payments-as-a-service/]. For more information on Volante ISO 20022 Service, please visit [https://www.volantetech.com/news/volante-technologies-launches-service-to-accelerate-iso-20022-payments-modernization/].
About Volante Technologies
Volante Technologies is the trusted cloud payments modernisation partner to financial businesses worldwide, giving them the freedom to evolve and innovate at record speed. Real-time native, API enabled, and ISO 20022 fluent, Volante's Payments as a Service and underlying low-code platform process millions of mission-critical transactions and trillions in value daily. Volante's customers include four of the top five global corporate banks, seven of the top ten U.S. banks, and two of the world's largest card networks. Learn more at www.volantetech.com and linkedin.com/company/volante-technologies.
Arion Bank
Arion Bank is a leading Icelandic bank offering universal financial services to companies, institutional investors and individuals. These services include corporate and retail banking, investment banking, capital markets services, treasury services, asset management and comprehensive wealth management for private banking clients.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250515728189/en/
Contacts
On behalf of Volante Technologies:EMEA Assyria GravesHard NumbersTel: +44 7507 870214VolanteTech@hardnumbers.co.uk Americas Julian ByrneanthonyBarnumPublic RelationsTel. +1 (512) 665-9258pr@volantetech.com
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
a day ago
- Forbes
How AI Can Transform Cybersecurity Compliance And Hardening Efforts
Sunil Kumar Puli is a System Security and Infrastructure Operations expert specializing in AI-driven compliance and hardening. Organizations face an unprecedented challenge in 2025: balancing rapid technology adoption with increasingly complex cybersecurity compliance requirements. As regulations like the EU's Digital Operational Resilience Act (DORA) and updated NIST frameworks take effect, artificial intelligence presents a transformative solution that can significantly reduce compliance burdens while strengthening security resilience. The Compliance Crisis The cybersecurity landscape has become fragmented and overwhelming. According to KPMG research, 65% of organizations report low confidence in investing in new cyber technologies due to a lack of understanding or trust. Meanwhile, Zscaler ThreatLabz found that enterprises are blocking nearly 60% of AI/ML transactions, indicating that compliance concerns are causing overly restrictive approaches that hinder innovation. Traditional compliance relies on manual processes, periodic audits and reactive remediation methods that are resource-intensive and inadequate for addressing dynamic cyber threats. According to Splunk, "While 42% of board members believe CISOs spend an extensive amount of time and effort on regulatory activities, only 29% of CISOs say that is the case." This reveals a perception gap that highlights how compliance obligations can divert security leaders from strategic initiatives, creating a cycle of reactive management that leaves organizations vulnerable. AI As A Compliance Force Multiplier AI offers a path toward efficient, proactive compliance management. Rather than replacing human oversight, AI serves as a force multiplier that automates routine tasks, identifies vulnerabilities before they become critical and provides real-time compliance insights across complex organizational structures. Traditional audits occur quarterly or annually, leaving vulnerability gaps between assessments. AI-powered solutions monitor systems continuously, analyzing configurations, access patterns and data flows to identify compliance deviations in real time. Machine learning algorithms process vast amounts of log data and security metrics to detect patterns indicating potential violations, which is particularly valuable for organizations managing legacy systems alongside modern infrastructure. Organizations struggle with patch management due to IT environment complexity. AI revolutionizes this by analyzing vulnerability data, threat intelligence and system criticality to prioritize patches automatically. Instead of relying solely on vendor severity ratings, AI considers specific organizational context, for instance, prioritizing a medium-severity patch for a public-facing service over a high-severity patch for an isolated internal system based on active threat intelligence. The regulatory landscape evolves rapidly. Recent policy updates require organizations to adapt security practices frequently. AI helps organizations stay current by automatically analyzing new requirements and mapping them to existing security controls. Natural language processing algorithms parse regulatory documents, identify specific requirements and compare them to current compliance postures, enabling proactive gap remediation. Implementation Strategies Organizations should begin with high-impact, low-risk applications. Configuration management represents an ideal starting point because AI can verify system compliance with security baselines without accessing sensitive data or making autonomous changes. Security information and event management (SIEM) enhancement offers another entry point, improving threat detection accuracy while reducing false positives. Rather than implementing comprehensive solutions immediately, build capabilities gradually through pilot projects that demonstrate value and develop internal expertise. Focus on areas where manual processes are most time-consuming and error-prone for the clearest ROI. Invest in training programs to develop both technical AI management skills and analytical capabilities for interpreting AI outputs. Organizations must maintain transparency in AI implementations to satisfy oversight requirements. AI systems used for compliance should provide clear explanations for recommendations and maintain detailed decision logs. This transparency is essential for regulatory compliance and stakeholder trust. Addressing Key Challenges AI effectiveness depends heavily on data quality and integration. Organizations often struggle with siloed systems and inconsistent data formats. Before implementing AI solutions, invest in data governance and integration capabilities to ensure AI systems have access to comprehensive, accurate information. Implement data quality standards and automated validation processes. Successfully implementing AI for compliance requires developing new skills within IT and security teams, both technical AI management skills and analytical capabilities for interpreting outputs. Address resistance through education, value demonstration and gradual implementation that builds confidence over time. Balance AI security benefits with deployment risks. CISA guidance emphasizes applying zero-trust principles to AI systems and implementing robust governance frameworks. Conduct thorough risk assessments and implement appropriate safeguards before production deployment. For third-party AI solutions, develop comprehensive vendor management processes addressing AI-specific risks and transparency requirements. Measuring Success Establish clear metrics for evaluating AI implementation success: • Efficiency Metrics: Time required for compliance assessments, automated versus manual checks ratio and administrative burden reduction • Effectiveness Metrics: Proactive versus reactive violation detection percentage, remediation time and security posture improvement • Cost Metrics: Personnel cost reduction, decreased audit preparation time and avoided violation costs The Path Forward AI integration into cybersecurity compliance represents a fundamental shift toward proactive, efficient security management. As organizations face mounting pressure to protect data while managing complex regulatory requirements, AI offers a practical solution for achieving more with less. Success requires thoughtful implementation, prioritizing transparency, maintaining human oversight and gradually building confidence in AI capabilities. Organizations beginning this journey now will be better positioned for the evolving threat landscape and increasingly complex regulatory environment. The question isn't whether organizations can afford to implement AI for compliance; it's whether they can afford not to. In an environment where cyber threats evolve rapidly and regulatory requirements become more stringent, AI represents the most promising path toward sustainable cybersecurity resilience. Leaders should view AI as a powerful amplifier of human cybersecurity capabilities rather than a replacement. By automating routine tasks, providing intelligent insights and enabling proactive risk management, AI helps organizations protect resources while serving stakeholders effectively. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
4 days ago
- Yahoo
Instant payments are the new standard: Can banks keep up?
Ten seconds. That's all it now takes to move money across the eurozone under the SEPA Instant Payments (SEPA IP) initiative. Around the clock, every day of the year, batch processing has become a thing of the past. SEPA Instant Payments has been around for eight years, and with compliance deadlines looming, transformation is accelerating across EU institutions. October's requirement for outbound instant eurozone payments is a major catalyst. Yet there's still a gap between regulatory requirements and operational reality as many European banks are struggling with legacy infrastructure limitations, inconsistent user experiences, and incomplete 24/7 processing capabilities. Meanwhile, non-EU banks are under mounting pressure to keep pace with rising expectations, and modernise their outdated systems. While non-EU banks may have more time on paper, with the EU giving non-eurozone banks until 2027 to comply with SEPA IP for both sending and receiving payments, that breathing space could be a false comfort. Regulatory lag shouldn't be mistaken for strategic leeway – customer expectations are already shifting, and the clock is ticking. Engineering the leap to instant Legacy systems were never designed for instant payments. Historically, banking systems operated comfortably on batch processing schedules - downtimes were predictable and maintenance windows were scheduled. Then SEPA IP came along and eliminated such luxuries, mandating a constant readiness that legacy systems cannot sustain. Unfit technology isn't the only problem non-EU banks face. Their infrastructure often sits in distant time zones, designed for settlement during their own domestic business hours. Banks now have two gaps they must bridge: the tech chasm between current legacy abilities and where they need to be, and the geographical divide between business and customer. They must work out how to bridge them without sacrificing day-to-day service. Minor tweaks to legacy systems are inadequate. Ripping out old infrastructure and replacing it with a modern core is largely unworkable, despite any long-term benefits. So, it's an incremental approach that will help banks bridge these gaps. Incrementally aligning legacy systems with SEPA IP's 24/7/365 model should be an immediate priority for non-EU banks, allowing them to swiftly meet regulatory deadlines and increased customer expectations without major disruption. Liquidity at the speed of now Another consideration for non-EU banks is how real-time transactions fundamentally alter liquidity management. Traditional liquidity frameworks, established around batch processes and fixed settlement windows, now face obsolescence. Yet many banks are still managing liquidity with manual processes and spreadsheets. This won't work with SEPA IP. Under this new system, liquidity needs are immediate and continuous - demanding dynamic management that legacy systems were never designed to accommodate. Banks need to be able to predict and manage liquidity in real-time. Accurate, instant forecasting is crucial in minimising operational risks and avoiding costly liquidity shortages. Automation and analytics tools can be of huge assistance here: a sophisticated analytics platform can provide real-time visibility into liquidity positions and automation technology can instantly reposition funds in response to transactional demands. A further step financial institutions should take is restructuring their treasury operations. They need to ensure these operations are aligned more closely with instantaneous payment flows so they don't slow things down. Such changes, combined with the steps above, allow banks to move from sluggish legacy processes to active, real-time liquidity management that enables banks to boost operational efficiency, significantly reduce system risk exposure, and respond swiftly to changing market dynamics. Rebuilding for real time To deliver true instant payments, banks must do more than patch legacy systems – they need to re-architect for speed. That starts with moving away from monolithic infrastructures in favour of agile, modular platforms built to natively handle ISO 20022 – the global standard underpinning SEPA IP. ISO 20022 doesn't just improve compatibility; it unlocks rich, structured data that powers better fraud detection, customer insights, and cross-border automation. Banks that are able to harness this data will be well-positioned to launch value-added services and enhance the customer experience across every transaction touchpoint. Cloud computing is another critical enabler. Data indicates 25% of banks are still exploring cloud options in 2025, remaining mainly on-premises. Cloud adoption brings the flexibility and resilience needed to scale in real-time, handle unpredictable payment volumes, and reduce latency. Combined with APIs that streamline communication between internal systems and external channels, cloud deployment lays the foundation for more dynamic, responsive banking. 25% of banks are still exploring cloud options in 2025, remaining mainly on-premises. Cloud adoption brings the flexibility and resilience needed to scale in real-time, handle unpredictable payment volumes, and reduce latency. Combined with APIs that streamline communication between internal systems and external channels, cloud deployment lays the foundation for more dynamic, responsive banking. Some non-EU banks have tried starting with a "thin layer" approach, building ISO 20022-compliant gateways to mediate between legacy core systems and the SEPA IP network. This has had limited success, because SEPA IP is about more than just ISO messaging, it requires instant 24x7 clearing and settlement capability, which legacy systems do not have. Competitive leaders have gone further, taking the SEPA mandate as a challenge to introduce native real-time 24x7 components into their payments infrastructure, accelerating both innovation and compliance. Instant isn't optional SEPA IP is more than a compliance deadline – it's a signal that the rules of banking have changed. Speed, data, and seamless infrastructure are now the baseline. Banks that cling to legacy systems risk falling behind, regardless of their location or timeline. The 2027 deadline for non-EU institutions may seem distant, but in a world where customers expect immediacy, the time to act is now. Nadish Lad is Managing Director and Global Head of Strategic Business at Volante Technologies "Instant payments are the new standard: Can banks keep up?" was originally created and published by Electronic Payments International, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
Business Wire
24-07-2025
- Business Wire
Continuous Protection for the Cloud Era: Veracode Spotlights Latest Innovations for Advanced Software Security
BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a global leader in application risk management, today unveiled a suite of innovations that transform how enterprises approach security. The enhanced platform cuts vulnerability remediation time by up to 92 percent, while using proactive defense to prevent 60 percent of critical supply chain risk from ever entering organizations. These latest enhancements to Veracode's Package Firewall and Risk Manager provide assurance, context, and continuity across the software development lifecycle. Security teams are drowning in vulnerability alerts while missing the risks that actually matter. With our latest innovations, instead of endless firefighting, teams can now prevent threats proactively and focus remediation efforts on maximum impact. Share 'Security teams tell us they're drowning in vulnerability alerts while missing the risks that actually matter. Our latest innovations flip the script—instead of endless firefighting, teams can now prevent threats proactively and focus remediation efforts where they'll have maximum business impact,' said Derek Maki, Head of Product at Veracode. Redefining Application Risk Management with End-to-End Risk Visibility The latest enhancements to Veracode's Application Risk Management platform enable security teams to identify and remediate vulnerabilities with greater speed and precision than ever before. Veracode Risk Manager sets a new standard for application security posture management (ASPM), featuring six new integrations with industry leaders, including Wiz. By aggregating and prioritizing issues across all sources, Risk Manager reduces vulnerability remediation time by up to 92 percent. This holistic view empowers security teams to act on the Best Next Action™—the actions that reduce the most risk—with precision. Securing the Software Supply Chain With 70 percent of critical security debt stemming from third-party code, enterprises are under unprecedented pressure to safeguard their software supply chains. Regulations like the European Union's Digital Operational Resilience Act (DORA) highlight the vital role of open-source security in maintaining software supply chain integrity. Veracode Package Firewall redefines supply chain security with an automated solution that blocks untrusted packages, before they can infiltrate development pipelines. Powered by advanced AI analysis, Package Firewall identifies and blocks 60 percent more malicious packages than competing solutions, effectively preventing vulnerabilities, malware, and policy violations from entering organizational systems. Paired with Software Composition Analysis (SCA) and Malicious Package Detection, Veracode Package Firewall significantly reduces the risk of supply chain attacks by finding and neutralizing libraries harboring malicious code. 'Veracode Package Firewall represents a fundamental shift in how we think about supply chain security. While others are still alerting malicious packages after they're in your codebase, we're blocking them at the gate. This means security teams can finally get ahead of supply chain threats instead of scrambling to respond when legitimate packages get compromised or malicious packages slip through,' said Maki. Built on proprietary threat intelligence, the product automates real-time risk management to ensure nefarious files and programs never make it into an organization's codebase. Empowering Developer Productivity with Frictionless Security According to Gartner, Inc., organizations with a high-quality developer experience are 33 percent more likely to attain their business goals and 31 percent more likely to improve delivery flow. Veracode continues to champion developer productivity through an enhanced platform experience, featuring improved Integrated Developer Environment (IDE) plugins and new Git integrations that embed enterprise-level security directly into workflows. 'Developer productivity isn't just a nice-to-have; it directly impacts your ability to ship secure software at market speed. Our IDE integrations deliver enterprise-grade security insights without the context switching that kills developer flow. This is why we're seeing 35 percent faster remediation times with our IDE plugins and integrations, including Visual Studio, IntelliJ IDEA, and Eclipse, as well as GitHub, GitLab, and Azure DevOps,' said Maki. Veracode's latest developer-focused innovations eliminate operational inefficiencies and simplify workflows, removing unnecessary complexity from day-to-day DevSecOps processes. Additional innovations include: AI-Assisted Login for Dynamic Application Security Testing (DAST): Automates complex authentication flows, reducing script setup time by 50 percent and expanding dynamic testing coverage. Automates complex authentication flows, reducing script setup time by 50 percent and expanding dynamic testing coverage. Container and Infrastructure-as-Code (IaC) Results: Centralizes container and IaC findings in the Veracode Platform, streamlining vulnerability management. Centralizes container and IaC findings in the Veracode Platform, streamlining vulnerability management. Veracode Fix Usage Analytics: Provides a dashboard that tracks usage and Common Weakness Enumerations (CWEs) addressed, offering insights by IDE, project, and source file to optimize remediation. Availability Veracode's latest product innovations are available to customers today. To find out more about the company's application risk management platform and solutions, visit the website. About Veracode Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-assisted remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world's leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, Malicious Package Detection, and Penetration Testing. Learn more at on the Veracode blog, and on LinkedIn and X. Copyright © 2025 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands, or logos belong to their respective holders. All other trademarks cited herein are property of their respective owners.
