⬡
Microservices & hexagonal
~30 banking microservices with a strict hexagonal architecture. A domain layer with zero framework imports: portable, testable, boring on purpose.
Open Bank Foundation
Open Bank Foundation
Banks became software houses. The hard patterns are microservices, multi-cloud and AI between us. They're already known and re-solved behind every closed wall. It's time to share the common core in the open, the way it makes sense for everyone.
The Open Bank Foundation doesn't exist yet. This page is a proposal, a vision I'm putting out to find people who want to help co-found it.
Every modern bank runs hundreds of engineers solving the same problems: ledgers, payments rails, SEPA, sanctions screening, idempotency, audit, outbox, multi-currency. The architecture is no longer a secret. The patterns are known.
Yet each one re-implements the undifferentiated core behind a closed wall, at full cost, with full risk. That made sense when software was the moat. In the AI era, the moat is your product and your customers, not your outbox table.
The Open Bank Foundation is the proposal: a place to share what is common to all of us: a banking-grade, opinionated, production-shaped framework that any bank can adopt, audit, and contribute back to. Open the floor that everyone keeps rebuilding, and compete where it actually matters.
A reference implementation of how a bank is actually built. Not slideware, but running services, contracts and gates.
~30 banking microservices with a strict hexagonal architecture. A domain layer with zero framework imports: portable, testable, boring on purpose.
Cloud-agnostic by design: stateful concerns run as in-cluster OSS, provisioned with OpenTofu and reconciled by GitOps. No lock-in, any region.
AI between us, not bolted on. Policy-gated agents, human-in-the-loop controls and AI-attributed audit are first-class citizens of the platform.
Outbox, idempotency, versioned backward-compatible events. The money-path primitives that every bank needs and nobody should write twice.
Versioning, releases, contracts and a service catalog derived from the code and enforced in CI. Compliance you can diff, not a binder on a shelf.
Zero-trust authz, threat models for money-path services, sanctions screening and audit trails: the regulated parts, shared and reviewed in the open.
The framework ships as a running European bank: governance mapped to the regulation, the real cost of every business process, continuity, AI governance and live cloud architecture. All observable, in real time.
Every control traced to a named article: DORA, PSD2, GDPR, PCI DSS, 5AMLD, CNB, EBA, EU AI Act.
See the coverage map →Run-cost attributed to the business flow that spends it, fully-loaded, this month.
See the cost breakdown →Recovery tiers with live health and RTO/RPO per DORA Art.11-12 and CNB §20d.
See the recovery plan →Agents under the same gates as humans: read / propose / deny tiers, deny-by-default.
See the AI posture →Target state with a live health overlay from the running EKS sandbox cluster.
See the live map →Five live surfaces, one running bank.
Open the deep dive →The Open Bank Foundation doesn't exist yet. This is the call to start it. If you build, run, audit or regulate banking software, and you believe the common core belongs in the open, I'd love to talk about co-founding it together.