A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13. Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.

1. Public
Getting better at Risk Management
through Event Driven Mesh Architecture
Raghavan Sadagopan & Lakshmi Narayana

2. We recognized early on that the
winners in banking will be great
technology companies
Shifted to 100% agile model
for delivering software
Began externalizing
solutions developed
internally
Completed our move to the
public cloud
Modernized our data
ecosystem on the cloud
Began to modernize our architecture
with RESTful APIs
Became Open Source first
Declared we are all in on
the public cloud
2013
2014
2015
2016
2017
2020
2021

3. We Are
● Tech is central to everything we do at Capital One: for
nearly a decade, we have invested and invented like
the very best technology companies
● Our world-class, in-house technology team now
numbers 12,000+ people, most of which are
engineers
● We're all in on the cloud like no other bank out there,
which enables us to create exceptional, innovative
experiences for our customers
● Advanced, automated DevOps and CI/CD approaches
mean engineers spend more time at the top of the tech
stack building new and unique digital banking
experiences

4. Cloud Computing
In 2020, we left our data centers to
create exceptional banking experiences
for our customers, becoming the first
bank to go all-in on the public cloud
○ Going all in on the cloud—and embracing cloud-
native services like serverless computing—
has enabled instant provisioning of
infrastructure and rapid innovation
○ Today, we're using real-time, streaming data at scale,
machine learning, and the power of the cloud to solve
unique, challenging technology problems and deliver
intelligent, personalized solutions that benefit
millions of customers
○ Capital One Shopping,
built in the cloud with
microservices
architecture and
streaming data, helps
customers save money
shopping online by
automatically finding
lower prices, coupons
and online credits

5. Open Source Software
Capital One made an “open source first”
declaration in 2014 and that’s when we made our
first contributions to the open source community.
○ We sponsor FINOS, Python, Continuous Delivery and the Cloud
Native Computing Foundations to help keep open source
sustainable
○ Capital One’s contributions to the open source community
have been significant and we've released more than 40 of
our own software projects
○ We’ve invested for years to build the culture and governance
required to be open source-first in a highly regulated industry
Featured Open
Source Projects:
Data Profiler,
Rubicon-ML and
Hygieia

6. Want to learn more?
● Want to learn more about our Tech? Check out Capital One
Tech to find out more about enterprise software solutions,
ideas and stories.
● At Capital One, we celebrate and honor the differences that
makes us all unique- inside and outside of work. Help us
create a more equitable future for all! Join us! Visit Capital
One Careers to view our open roles.
● Follow us on Twitter at CapitalOneTech

7. • Basics of Risk Management
• Event Mesh
• Risk Management use cases
• Point of view Architecture
Agenda

8. Public
What is a Risk Management?
Risk management is the process of identifying, assessing and controlling threats to an
organization's capital, earnings and operations. These risks stem from a variety of sources,
including financial uncertainties, legal liabilities, technology issues, strategic management errors,
accidents and natural disasters.
A successful risk management program helps an organization consider the full range of risks it
faces. Risk management also examines the relationship between different types of business risks
and the cascading impact they could have on an organization's strategic goals.
Source: Blog from TechTarget.com

9. Public
Some basics of Risk Management as defined by the International
Organization for Standardization (ISO)
Objective
result to be achieved
Organization
person or group of people that has its
own functions with responsibilities,
authorities and relationships to
achieve its objectives
Risk
effect of uncertainty on objectives
Risk Management
coordinated activities to direct and
control an organization with regard to
risk
Source: Risk management - Vocabulary (ISO 31073:2022)

10. Public
The first step to get better at Risk Management is to get better at
identifying the risks
Identify sources of the risk, areas of impact, events (including changes in circumstances) and their
causes and potential consequences.
In identifying the risk, consider these kinds of questions:
• What could happen?
• How could it happen?
• Where could it happen?
• Why might it happen?
• What might be the impact?

11. Public
What is an Event-Driven Mesh Architecture(EDMA)?
An event mesh is a communication layer
that enables the seamless exchange of
events (data/messages) between
various applications, services, and
systems in a distributed and decoupled
manner. The primary purpose of an
event mesh is to simplify and optimize
event-driven communication within a
complex ecosystem of applications.

12. Public
Using an event mesh for risk management can enhance the real-time
monitoring, analysis, and response to potential risks within an
organization
Event Sources
Identify various sources of events within your
organization that may be related to risks.
These sources can include financial data,
security logs, market data, IoT devices,
customer interactions, and more.
Event Routing and Processing
Implement an event mesh to efficiently route
events from different sources to the
appropriate risk management applications and
services. The event mesh can handle the
complex routing logic based on predefined
rules.
Real-time Monitoring
Use the event mesh to provide real-time
monitoring capabilities. Events related to
potential risks can be continuously streamed
to risk monitoring dashboards and analytics
systems.
Risk Detection
Implement risk detection algorithms and
models that analyze incoming events in real-
time. These algorithms can identify patterns,
anomalies, and indicators of potential risks.
The event mesh ensures that relevant events
are delivered promptly to the detection
systems.
Alerting and Notification
Set up alerting mechanisms within your event
mesh to notify risk managers or relevant
stakeholders when a potential risk is detected.
Alerts can be sent via various channels, such
as email, SMS, or integration with
collaboration tools.
Compliance and Reporting
Use the event mesh to facilitate compliance
monitoring and reporting. It can capture and
log events relevant to compliance
requirements, making it easier to demonstrate
adherence to regulations.

13. Public
Point of view Architecture

14. Public
Key Components of Event Driven Architecture
Event
Routers
Event
Consumer
Event
Consumers
Events
Event
Consumer

15. Public
Implementing EDMA using modern AWS Serverless Technologies

16. Public
Building Scalable & High Resiliency Architecture
Serverless
Technologies
Multi
Availability
Zone (AZ)
deployment
Multi Region
Active /
Active mode
Enhanced
Monitoring

17. Public
Benefits of Event Driven Architecture
Scalability
Fault Tolerance
Loose Coupling Modularity
Responsiveness Reduced Cost

18. Public
Best Practices of Event Driven Architecture
Security Measures
Event Contracts Event Sourcing Observability
Documentation
Governance Process

19. Public
Q & A