In times of uncertainty, control matters more than ever. And nowhere is that more important than with the true cost of your data platform.

This is where Pentaho stands apart.

Know Your Costs. Trust Your Future.

Pentaho gives you clarity—not just in your data, but in your pricing. Unlike platforms that require custom quotes, license gymnastics, or vague “cloud transition” fees, Pentaho’s pricing is:

• Transparent – No hidden costs. No surprise hikes.
• Predictable – Buy only what you need—modular, scalable, and aligned to your roadmap.
• Efficient – Simplify your stack with one integrated platform instead of multiple point solutions.

Why Pentaho Wins on TCO

When it comes to Total Cost of Ownership, Pentaho doesn’t just compete—it leads.

• Lower Upfront Investment – Pentaho’s intuitive, no-code platform reduces the need for costly implementation resources or extensive training.
• Reduced Maintenance Overhead – With fewer moving parts and better integration across tools, your teams spend less time maintaining and more time moving forward.
• Built-in Flexibility – Hybrid-ready architecture means you deploy on your terms—on-prem, cloud, or both. No forced migrations. No rip-and-replace costs.
• Unified Licensing – Get data integration, analytics, cataloging, optimizing, and quality—all under one umbrella. One platform, one contract, one clear cost.

Designed for Simplicity. Built for Stability.

While other platforms pivot, rebrand, or realign, Pentaho stays focused. We deliver a data platform designed to make complexity manageable and value more accessible.

You don’t have to choose between power and simplicity. You don’t have to overpay for uncertainty.

With Pentaho:

• Get to insights faster
• Streamline operations with fewer tools
• Control your budget—and your future

Data chaos is expensive. Smart simplicity isn’t.

Discover how Pentaho stacks up against Informatica.

If you’re evaluating Informatica—or re-evaluating it—now is the time to compare the real cost of staying versus the value of switching.

Pentaho gives you the confidence to move forward—with clarity, control, and a lower TCO.

Schedule a demo to see what Pentaho can do for your business.

The post Cut Through Uncertainty. Cut Down Your Costs. first appeared on Pentaho.

In March, Stewart Bond of IDC published the first IDC ProductScape: Worldwide Data Intelligence Platform Software, 2025 report. The report is a feature-by-feature comparison of 13 vendors’ platforms for prospective technology buyers navigating the fast-changing data intelligence field.

The report noted the following for key differentiators for Pentaho:

• “Data Quality Profiling and Observability: Pentaho excels in data quality profiling, observability, and analytics, leveraging semantic discovery to evaluate data quality and workflows, including data integration capabilities for quality issue remediation.”
• “Patented Data Fingerprinting: The platform uses patented data fingerprinting capabilities to identify data, including duplicates, within and across repositories, and extends data discovery functionality to unstructured documents, valuable for Generative AI use cases.”
• “Open Source Heritage and Community: Originating from the open source community, Pentaho Data Integration (PDI) has a strong global presence, supported by a dedicated direct sales force and a robust partner and OEM community.”

We appreciate this inclusion, and in my view, it really showcases the evolutions and innovation we’ve been building into the product set over the past two years, and is a clear signal that Pentaho has what it takes to deliver an end-to-end data management experience.

Few insights to call out:

• As IDC notes, there is growing demand for intelligence about structured and unstructured data, being fueled by growth of GenAI applications.
• AI is transforming data strategies and focusing businesses on delivering timely, reliable, and high-quality data for activities such as inference and model training.
• Platforms with capabilities in stewardship, cataloging, quality, and data lineage, along with the capacity to build data marketplaces, offer companies the best chance of success.
• IDC noted that many of the brands included in this evaluation have “helped define the data intelligence software market.”

This is great for Pentaho, and I want to celebrate our product and engineering teams for their incredible work in delivering a platform experience that positions us so well amongst the established industry leaders.

Pentaho’s platform is built with a clear vision: to provide organizations with the power to simplify their data management burdens and become more data-fit, turning all of a company’s data into the right quality and trusted information for core operations and AI.  We’re well on our way, and we’ve got lots more to come this year, including innovations around data lineage, AI models, data products, observability, a unified UX/UI experience and much more.

To experience the latest that Pentaho has to offer and hear more about our roadmap, reach out to our team or request a demo.

The post Pentaho Included in First IDC ProductScape for Worldwide Data Intelligence Platform Software first appeared on Pentaho.

For example, the EU AI Act represents a significant legal stake in the ground, requiring the use of AI technologies to adhere to principles of justice, transparency, and accountability. This law, along with growing public and government pressure to take on more responsibility in adopting technology, will trigger industry-changing shifts in the world of finance.

It’s important for financial services IT and data leaders to take stock of their ability to effectively manage what is happening in and around the industry, from increasing data breach risks, competition pressures posed by disruptive fintech start-ups, and the demand for personalized and trustworthy AI apps. These are some of the issues we’ll discuss in a two-part series, detailing the challenges and how the Pentaho+ platform is well-positioned to support financial institutions in their efforts to manage complexity, make data-based decisions, and achieve compliance and visibility in their business.

Regulatory Crackdowns on Algorithmic Bias

In 2023, a U.S. bank was fined $25.9 million for applying a credit-scoring AI model that rejected minority applicants. Post-event research indicated a lack of bias-checking in the training data and a lack of transparency in decision-making.

Challenges:

• Bias Prediction: AI models often overestimate the historical bias in data and will produce biased decisions. Also, with data models being designed by humans, there needs to be a way to check data to avoid unconscious bias that might creep in with data selection processes.
• Accountability: Regulators expect to see evidence of bias mitigation and fairness evaluations. This includes safeguards across the board, from how the model was designed to the data that the models are trained on, and the new data sources that the models are being supported by in ongoing analysis.

How Pentaho Helps:

• Automatic Bias Audit: Pentaho Plus uses machine learning algorithms to continually scan datasets for bias and report anomalies in real-time.
• Data Lineage Tracking: All data sources, transformations, and decision points are traced to enable regulators to have comprehensive reporting.
• Easily Explainable AI Dashboards: Clients and auditors can visualize decision pathways for transparency and confidence.

Potential Industry Shift: Let’s say a bank can not only conform but actively promote its AI fairness solutions. Displaying a fair lending model provides a competitive edge and appeals to more socially aware customers.

Banking’s Rising Systemic Risk

The failure of a few mid-sized banks in 2023  exposed real flaws in risk modeling and stress-testing techniques. Supervisors are pushing for more accurate, faster reporting of risk exposure to ward off failures in the system.

Challenges:

• Data Separation: Risk data is often separated into silos, which can be challenging to map holistically. There is also the issue of how to blend structured and unstructured data to gain a clearer and more accurate picture of risk.
• Rapidity and Precision: Real-time reporting and predictive capabilities are crucial to find the weakness. Many banks still rely on manual processes, introducing time lags and errors that can weaken risk analysis and create the conditions for failures.

How Pentaho Helps:

• Unified Risk Data Model: Pentaho integrates disparate data, including structured, semi-structured, and unstructured data, into one holistic understanding of institutional risk.
• Predictive Analytics: With real-time simulations, firms can simulate stress conditions and predict the effects on liquidity and solvency.
• Real-Time Reporting: Automated, real-time regulatory reports ensure teams can meet evolving requirements.

Potential Industry Shift: What if banks leveraged real-time risk dashboards with regulators and stakeholders? This level of transparency could transform the relationship with the banking industry and define the norm.

ESG Reporting and Green Finance

ESG (Environmental, Social, Governance) continues to find support across the globe, and the EU’s Sustainable Finance Disclosure Regulation (SFDR) makes it mandatory for financial institutions to report on portfolio sustainability. In 2024, one major asset manager was criticized for greenwashing and misreporting ESG data.

Challenges:

• Data Integrity: Validating ESG data and being auditable. Even larger organizations have not prioritized clear processes on how to collect and verify ESG data. There is tremendous reliance on manual data collection and Excel spreadsheets in ESG reporting that introduce errors that limit reporting accuracy and reliability.
• Standardization: Reporting is inconsistent across ESG frameworks. The EU leads in this area; however, even if an organization is headquartered in other regions, after a certain financial threshold, they are held to the same reporting standards as EU HQ organizations. Without established policies and data collection protocols, financial institutions will struggle to meet these standards.

How Pentaho Helps:

• Golden Source ESG Data: Pentaho provides a central database for ESG data that remains consistent across all reports and analyses.
• Automated Data Validation: Algorithms within Pentaho validate ESG data against external benchmarks and standards, detecting discrepancies.
• Configurable ESG Dashboards: These allow portfolio managers to track and optimize sustainability metrics in real time.

Potential Industry Shift: Suppose you could not only be ESG compliant but also launch data-based green finance products. By delivering clear ESG performance metrics, institutions might lure eco-conscious capital and redirect funds to sustainable investments.

In our next blog, we’ll explore the issues around fraud detection and prevention, data sovereignty, cross-border compliance, and safely scaling innovative uses of AI in finance.

Discover how Pentaho supports financial services.

The post Unlocking the Future: Application Case Studies on How the Financial Services Landscape Is Changing – Part I first appeared on Pentaho.

With Pentaho 10.2 EE, you can also take advantage of key Marketplace Plugins (available here on the Customer Support Portal) to take your data workflows to the next level. Let’s explore the many reasons why upgrading to EE and leveraging our wide universe of fully supported plugins is a game-changer.

Scale & Accelerate Processing of Key Enterprise Data Assets

Databricks Bulk Load – High-Volume Data Transfers, Simplified

• Speed up cloud data lake operations by seamlessly loading large datasets into Databricks tables from anywhere in your data estate. This plugin eliminates complex scripting and ensures efficient data ingestion for advanced analytics.

Salesforce Bulk Operations – Optimize Your CRM Data Flow

• Perform high-speed bulk operations on Salesforce objects to sync, update, and migrate records efficiently. Whether integrating customer data or driving automated workflows, this step significantly boosts Salesforce performance in situations with heavy data workloads.

Enhanced Data Connectivity & Streaming

Kafka Plugins: Enterprise-Grade Streaming

• Leverage advanced Kafka capabilities with improved user experience, security, and scalability. This upgrade enables seamless event-driven architectures for real-time data ingestion across your enterprise.

Elasticsearch REST Bulk Insert (v8 Support)

• The latest enhancement allows direct bulk inserts into Elasticsearch 8, enabling faster indexing and more efficient search operations for real-time analytics.

Enable Advanced Analytics & Data Governance

Google Analytics 4 Integration – Better Reporting, Smarter Decisions

• Directly connect to Google Analytics 4, extract key insights, and populate your data warehouse for deeper analysis and improved decision-making.

Open Lineage – End-to-End Data Lineage for Compliance & Trust

• Gain full visibility into data movement across PDI transformations. This plugin helps ensure governance, auditability, and compliance by tracking lineage metadata. (Enterprise PDC license required)

Next-Gen Data Transformation & Hierarchical Data Handling

Hierarchical Data Types (HDT): Process JSON & Nested Data with Ease

• PDI has various transformation steps to handle hierarchical data like JSON, but these steps do not scale with the complexity of your org’s data. The new HDT plugin vastly simplifies the processing, conversion, and manipulation of hierarchical structures like JSON, letting you accomplish much more with far fewer transformation steps.

The Value of Upgrading to Pentaho Data Integration Enterprise Edition?

Pentaho Data Integration Enterprise Edition isn’t just an upgrade, it’s an investment in efficiency, scalability, and control. With exclusive enterprise-grade plugins, your teams can:

• Move and transform data faster with high-performance bulk operations.
• Enhance analytics with direct integrations for GA4, Elasticsearch, and Databricks.
• Streamline real-time data ingestion with advanced Kafka and Open Lineage tracking.
• Simplify working with modern data structures using Hierarchical Data Types.

More power. More integrations. More insights.

Ready to unlock the full potential of Pentaho Data Integration Enterprise Edition? Let’s talk!

The post Unlock New Possibilities with Pentaho Enterprise Edition: The Power of 10.2 EE Plugins first appeared on Pentaho.

The EU’s evolving AI laws, including the new AI Act, prioritize fairness, transparency, and accountability. These laws will disrupt the way AI is already implemented, requiring banks to redesign the way they manage, access, and use data. Yet, as we’ve seen with other regulations, meeting these acts can provide an opportunity.  As banks evolve to meet these laws, the resulting improvements can increase customer trust and position the banks as market leaders in regulated AI adoption.

Meeting the EU AI Act Moment

There are a few key areas where banks should invest to both adhere to the EU AI Act and reap additional benefits across other regulatory and business requirements.

Redefining Data Governance for the AI Age

Strong data governance sits at the heart of the EU’s AI legislation. Banks must ensure the data driving AI algorithms is open, auditable, and bias-free. Good data governance moves compliance from the status of being a chore to one that is proactively managed, establishing the basis for scalable, ethical AI. They can achieve this through technology that delivers:

Unified Data Integration: The ability to integrate disparate data sources into a centralized, governed environment ensures data consistency and eliminates silos. A comprehensive view of data is essential for regulatory compliance and effective AI development.

Complete Data Lineage and Traceability: Tracking data lineage from origin to final use creates full transparency throughout the data lifecycle. This directly addresses regulatory requirements for AI explainability and accountability.

Proactive Bias Detection: Robust data profiling and quality tools allow banks to identify and mitigate biases in training datasets, ensuring AI models are fair and non-discriminatory.

Building Ethical AI From the Ground Up

Moral AI is becoming both a legal imperative and a business necessity. The EU’s emphasis on ethical AI requires banks to prioritize fairness, inclusivity, and transparency in their algorithms. This demands continuous monitoring, validation, and explainability, all of which can foster stronger customer relationships and differentiate banks as pioneers in responsible AI through:

Real-Time AI Model Monitoring: Integrating with machine learning platforms enables teams to monitor AI models in real-time, flagging anomalies and ensuring adherence to ethical standards.

Explainable AI (XAI): AI explainability is supported by tools that visualize decision-making pathways, enabling stakeholders and regulators to understand and trust AI outcomes.

Collaborative AI Governance: Facilitating collaboration between data scientists, compliance officers, and business leaders ensures that ethical considerations are embedded across the AI development lifecycle.

Streamlined Regulatory Compliance

Regulatory compliance often involves extensive reporting, auditing, and data security measures. Technology that simplifies these processes helps banks navigate the complex EU AI regulatory framework while driving down costs, boosting productivity, and empowering banks to innovate while maintaining adherence to regulations.

Automated Compliance Reporting: Customizable reporting tools generate regulatory-compliant reports quickly and accurately, reducing the burden on compliance teams.

Audit-Ready Data Workflows: A platform with built-in audit trail features documents every step of the data process, providing regulators with clear and actionable insights.

Privacy-Centric Data Management: Support for data anonymization and encryption ensures compliance with GDPR and safeguarding customer information.

Transparency and Accountability: The Hallmarks of Leadership

AI is transforming financial services, but customers’ confidence matters. Banks must be transparent and accountable to generate trust in AI decision-making. When banks treat transparency as a path to redefining relationships, they can transform customer interactions.

Customer-Centric Insights: Intuitive dashboards that allow banks to explain AI-driven decisions to customers, enhancing trust and satisfaction.

Stakeholder Engagement: Interactive visualizations and real-time analytics enable banks to communicate compliance metrics and AI performance to regulators and stakeholders.

Collaborative Transparency: Collaborative features ensure that transparency and accountability are integral to every AI project, from design to deployment.

Leveraging Pentaho for Compliant AI

To fully adopt a strategic approach to AI compliance, banks can capitalize on Pentaho’s capabilities to:

• Develop a Unified Governance Framework
  Use Pentaho to create a centralized data governance model, ensuring alignment with EU standards and global best practices.
• Prioritize Data Lineage and Quality
  Leverage Pentaho’s data cataloging and profiling tools to ensure that all datasets meet compliance requirements and ethical standards.
• Foster Collaboration Across Teams
  Involve compliance officers, data scientists, and business leaders in AI governance, using Pentaho to enable cross-functional workflows.
• Monitor AI Continuously
  Implementing Pentaho’s real-time monitoring and reporting features can proactively address compliance risks and optimize AI performance.
• Communicate Compliance Effectively
  Use Pentaho’s visualization and reporting tools to provide stakeholders with clear and actionable insights into AI processes.

The Path Forward to Robust AI Compliance and Performance

Imagine a world where banks don’t just tackle compliance problems but also use them as strategic growth engines. Pentaho’s full-spectrum data integration, governance, and analytics products empower financial institutions not only to adapt to change but to drive the way in ethical AI practice. This openness helps them not only meet regulatory standards in the present but to set the direction of AI use with due care in the future.

Pentaho is well positioned to help transform finance industry systems into intelligent and compliant AI engines, especially ahead of the new AI regulations coming from the European Union. This is a time of significant change for banks where the right combination of modern technology and enabling regulation can re-energize client trust – an approach Pentaho is looking to lead.

Ready to make compliance your competitive advantage? See how Pentaho powers ethical AI for the financial services industry.

The post What Banks Need to Know About EU AI Act Compliance and Ethical AI Governance first appeared on Pentaho.

What’s driving new privacy and data protection efforts? Several factors.

Global data flows: Trade data increasingly migrates across borders and will demand more international cooperation and coordination with data-protection laws. If I buy a sweater from a vendor in Ireland and live in California, there are two different regulations at work in just that one transaction.

Growing awareness of and expectations of data privacy and demands for greater transparency and accountability will push organizations to improve their data operating practices.

Technological evolution: Developments in computer science, including artificial intelligence, the Internet of Things, and biometrics, have changed attitudes around what needs to be protected. This poses new privacy challenges to the old ways of organizing dataflows, which simply do not work in today’s interconnected world, especially with personally identifiable data sitting in massive global data clouds.

Regulatory evolutions: As new attitudes and technologies like GenAI emerge, governments and regulation authorities will be constantly evolving legislation to address new privacy problems and safeguard individuals. This requires constant monitoring and adjustments by organizations to stay ahead of fines and reputational damage.

Foundational Regulations Every Organization Must Understand

Multiple core legislations already significantly influence the global privacy landscape, including:

GDPR (General Data Protection Regulation) (EU): GDPR is a harmonized data privacy law and an enormous piece of human rights-based change. As of 2018, all data controllers are required to comply when using the personal data of all EU citizens. This pushes organizations to adhere to strict privacy by consent, data minimization, and data deletion requirements.

Data Protection Act 2018 (UK): The UK Data Protection Act implements GDPR and provides further detail on the information rights of individuals and the responsibilities of organizations when handling personal data that must be considered.

California Consumer Privacy Act (US): This California law, effective as of 2020, grants certain rights to consumers for their personal information (e.g., right to know, right to delete, and right to opt-out)​

Here, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) by references such as a name, an identification number, location data, and online identifiers or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

There are also ‘special categories of personal data’ related to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data processed to uniquely identify a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

LGPD (General Data Protection Law): This is the Brazilian law equivalent to GDPR that protects Brazilian citizens’ personal data. It defines the rights and obligations of organizations collecting personal data from citizens, on and offline.

Personal Data Protection Act 2010 (India): This law, while perhaps a much less developed version of GDPR, does provide a regulatory framework on which a better-articulated regime can be built.

The Balancing Act Around Critical Use Cases

Data is everywhere and informs so much of our lives. This has put a larger burden on organizations at every level of society to understand their potential exposure to compliance risks and consistently apply policies and technology to safeguard data

Medicine: Patients’ health data (e.g., medical records, genetic data) must be kept private to ensure physical well-being and avoid misuse related to areas like insurance, employment and receiving benefits.

Finance: The number of rules and regulations in this industry match the level of collection and management of customer data that takes place every second of every day. Fraud protection, anti-money laundering and ethical practices are all regulated and support the consumer trust and confidence that is the lifeblood of financial institutions.

E-commerce: A retailer necessarily collects great amounts of personal data to match buyers and sellers, and even facilitate transactions without friction.

Marketing and Advertising: Ideally, advertisers will gain the ability to target messages very sharply. Striking a balance between the ability to curate experiences and the protection of consumers’ privacy is crucial, especially when crossing international borders into the EU and needing to consider where data is stored and how it is used.

Social Media: Social media companies collect and process immense volumes of data related to user behaviors. Unethical use of data is a high risk in these platforms given their ubiquity and how many users cross different age groups and geographies.

Looking Ahead  

For each part of the global privacy matrix – flagship legislation, use-case categories, and local, regional, and global differences – attention to the whole is required. Only then can organizations deploy strategies that stake out a defensible position where privacy interests are balanced against service and commerce goals while also building and sustaining stakeholder trust.

To explore how Pentaho can help enable your organization to become data-fit and manage regulatory compliance data challenges, request a demo.

The post The Key Legislations That Define the “New” Global Privacy Landscape first appeared on Pentaho.

Pentaho’s Platform Extensions are widely recognized for their value in embedded analytics, providing a robust framework for integrating Pentaho into larger solutions. However, their impact extends far beyond embedding.  These powerful extensions help enterprises simplify reporting, enforce access control, and manage multi-tenant environments with greater efficiency.

What Are Platform Extensions?

Pentaho’s Data Integration Enterprise Edition Platform Extensions provide advanced security, multi-tenancy, and data access control capabilities, helping enterprises reduce administrative overhead while strengthening governance. Whether you’re simplifying role-based reporting or streamlining departmental data access, these extensions offer a clear path forward for Enterprise Edition customers. Together, these six core components automate access, enforce data security, and simplify user management:

1. Automated Access Control (EXT-ContentAccess) – Enforces role-based access control across complex folder hierarchies, ensuring users only see relevant content.
2. Dynamic Data Connectivity (EXT-DynamicDataSources) – Dynamically directs users to the appropriate database based on their context at runtime, ensuring secure, role-aware data access.
3. Row-Level Security (EXT-DynamicDataFiltering) – Applies dynamic SQL logic at runtime, restricting data access based on session variables and predefined rules to ensure users see only relevant data without duplicating reports or manually editing SQL.
4. Smart Folder Management (EXT-HomeFolders) – Automatically creates home directories for applicable user roles, reducing manual setup and preventing unnecessary folders for read-only users.
5. Session-Based Security (EXT-SessionStartup) – Initializes the user session with essential security parameters, ensuring seamless integration with the other extensions and supporting single sign-on (SSO).
6. Flexible Authentication (EXT-SSO) – Provides enterprise-grade single sign-on (SSO) alongside standard authentication solutions (LDAP, SAML, CAS) while also accommodating custom authentication

 How Different Customers Leverage Platform Extensions

 For Embedded Analytics & Software Vendors

Organizations embedding rely on these enterprise extensions to:

• Provide a seamless user experience inside their software
• Automate role-based access and multi-tenant security
• Customize the look and feel to match the host application
• Reduce development effort by handling security and access dynamically

For Enterprises & Internal IT Teams

Enterprise customers can benefit from these extensions by:

• Integrating SSO to unify authentication across platforms
• Ensuring secure multi-tenant access without duplicating reports
• Automating role-based access and content filtering
• Dynamically enforcing security without manual SQL logic

Real-World Use Cases: How Platform Extensions Simplify Security and Access

• Departmental Data Access: Adjusts queries dynamically to reflect user roles and departments,  only authorized users see relevant data – without manual query modifications.
• Dynamic Role-Based Reporting: Enforces real-time access control and data filtering based on user attributes without duplicating reports or embedding static SQL logic.
• Simplified Content Access: Streamlines role-based folder and content management, reducing administrative workload while maintaining strict security.

Tying It All Together

Pentaho’s flexible architecture allows these extensions to seamlessly integrate into both embedded applications and enterprise environments. Whether you need to embed dashboards, dynamically filter data, or automate multi-tenant security, these extensions provide a scalable, secure solution.

For software vendors, this means embedding analytics that inherits host application security. For enterprises, it means enforcing access control without added complexity. The result? A fully integrated experience that preserves security and governance without disrupting the user workflow.

Licensing and Support

These extensions are supported by Pentaho Customer Success, ensuring seamless implementation and integration to meet your organization’s needs. To maximize value, we recommend a workshop to assess the best integration strategy for your organization.

If you want to explore how these extensions can simplify your reporting strategy or implement multi-tenant security, contact us at Pentaho Services to learn more.

The post Why Enterprises Use Pentaho Business Analytics EE first appeared on Pentaho.

These banks will need to make huge investments. Those will come in the human resources and IT infrastructure required to implement DORA and detailed technical plans to identify, measure, and mitigate ICT risks. These will involve everything related to cybersecurity, using robust incident response plans and 24/7 monitoring.

Traditionally, mid-sized banks have struggled to adapt to changes across a range of asset sizes. While larger banks have more resources, mid-sized banks have smaller budgets and teams that prevent them from fully complying with many regulations.

The technicalities of these standards add an additional layer of complexity. In many cases, confusion can arise as the regulations are unclear and difficult to read and implement for many banks.

In this blog, we’ll dive into unique issues across asset classes, providing an outline of how mid-market banks can tactically optimize their ICT risk management programs to meet regulatory requirements and create resilience to attack in a ever-changing digital age.

Asset Class: $10–$50 billion

Regulatory Adherence Requirements:

• ICT Risk Management: Create a governance process with clearly defined ICT risk oversight roles and functions.
• Exceedance: DORA issues general guidelines, but not precise recommendations to smaller institutions for the exact risk levels and criteria that must be applied for ICT risk.
• Banks’ Incident Reporting: Banks must notify the authorities of large ICT incidents in specific time periods (e.g., 72 hours in EU regulations).

Key Limitations:

• Resources Shortages: Smaller banks lack ICT resilience teams which causes them to take longer to respond and rectify. They also usually lack powerful monitoring and are unable to deliver incident detection and notification times.
• Uncertainty About Testing Requirements: DORA calls for resilience testing but hasn’t articulated what the minimum acceptable conditions should be for mid-sized banks, leaving room for interpretation that could result in audit collapses.
• Regulatory Ambiguities: DORA’s small institution ICT governance guide does not define the right amount of manual versus automated processes, which causes inconsistencies in the compliance methodologies. It is also not fully explored on a technical level for incident reporting best practices (form, content, detail) making it difficult for regulatory tests.

Asset Class: $50–$150 billion

Regulatory Adherence Requirements:

• Third-Party Risk Control: Banks need to control risks from important third-party providers. DORA emphasizes third-party risk monitoring, but it provides no common evaluation methods for vendors.
• Operational Resilience testing: DORA requires annual resilience testing of ICT infrastructures to prevent disruption. Hybrid ICT environments (legacy + cloud) make testing more difficult since DORA doesn’t provide any guidance on how to connect legacy systems to the new frameworks.

Key Limitations:

• Oversight of Vendor Risk: Mid-sized banks are dependent on 3rd party service providers, but DORA lacks explicit responsibility requirements for failures in such relationships.
• Resources Availability: Mid-tier banks don’t have the economies of scale to shop for specific services from vendors in compliance with DORA.
• Regulatory Ambiguities: DORA’s requirements for ICT resilience scenario testing are general and do not contain detailed scenarios for mid-sized banks’ operational risk, so their testing frameworks are not aligned. The act does not explicitly define what constitutes “critical” third-party services, so under-preparing for compliance reviews might be an issue.

Asset Class: $150–$250 billion

Regulatory Adherence Requirements:

• Data sharing: Financial organizations will need to participate in shared resilience measures such as sharing of information about cyber threats and events. Small banks are left out of mature information-sharing systems run by large banks, which is a zero-sum game.
• Disaster Recovery: DORA establishes pre-established disaster recovery objectives (RPO/RTO). Legacy systems are difficult to align with today’s RPO/RTO due to technical debt and inflexible regulatory benchmarks on banks.

Key Limitations:

• Higher scrutiny: Banks of this asset type are subject to more regulatory scrutiny than large banks, but not the same resources.
• Complex ICT Infrastructure: There is a big challenge with resilience in multi-cloud and hybrid environments because DORA doesn’t specify integration frameworks.
• Regulatory Ambiguities: DORA’s definition of “significant operational impact” is fuzzy, leading to reports of incidents being under- or over-reported during regulatory exams. Minimum compliance requirements for cybersecurity resilience standards (e.g., sophisticated threat management, machine learning analytics) are too general to apply consistently.

Regulatory Uncertainty and Cross-Asset Challenges / Regulatory Inaccuracy:

1. Incident Reporting:

• Ambiguity: DORA sets dates but not details about the level of detail that an incident report should contain. Banks can fail the compliance tests if the incident reports are not complete.

2. ICT Risk Assessment:

• Ambiguity: The act in principle establishes a risk management process but leaves blanks for the minimum acceptable risk levels. Banks can build systems that don’t meet regulatory standards in examinations.

3. Testing Frameworks:

• Ambiguity: Annual resilience testing is required but no one clearly specifies what tests are allowed (i.e., penetration vs. red team exercise). Banks run the risk of missing the compliance exams due to unintended testing requirements.

4. Third-Party Management:

• Ambiguity: DORA sets no standard of what is considered “critical” vendors. Banks may focus on the wrong vendors and miss real risks.

5. Cybersecurity Standards:

• Ambiguity: DORA will require strong security, but doesn’t meet certain international (e.g., ISO 27001) requirements for smaller banks. This can lead to gaps in cybersecurity controls that are implemented adequately.

Recommendations for Addressing Limitations

1. Collaborate with Regulators:

• Get involved with regulators, proactively, and clear confusion about compliance metrics, testing requirements, and reporting.

2. Leverage Industry Standards:

• Implement ICT infrastructures based on existing, widely understood frameworks like NIST CSF, ISO 27001 and COBIT to plug the holes in DORA’s recommendations.

3. Invest in Automation:

• AI-powered incident detection, third party risk management and reporting to optimize compliance and reduce resource consumption.

4. Strengthen Vendor Relationships:

• Add explicit resilience criteria into vendor SLAs and audit regularly to ensure you are compliant with DORA requirements.

5. Scenario-Based Testing:

• Design and run specific test scenarios based on bank size, process and systemic impact.

Final Thoughts

The Digital Operational Resilience Act (DORA) offers mid-tier banks more business stability and provides a way to mitigate cyber risk and disruption. But mistakes and vagueness in the act can be compliance headaches.

One of the best ways for mid-tier banks to overcome these challenges is to be proactive with regulators. That means finding regulators, knowing what they expect, and executing accordingly. Standards and best practices will be a legal requirement and drive efficiency.

Operational risk is better managed with preparation. Modern technology investments like cybersecurity and data backups aren’t just a suggestion, it’s necessary. Smart integration will automate processes, mitigate impact, and enable compliance, giving your bank an operational rock-solid foundation.

By engaging with regulators, executing on international best practices, and taking the lead in technology, mid-size banks will not only have better chances of DORA compliance but also set themselves apart from their competitors in a rapidly changing financial landscape. It’s the future-forward thinking that can make your bank strong and competitive.

Learn more about Pentaho for Financial Service.

The post DORA Compliance Strategies for Mid-Tier Banks by Asset Category first appeared on Pentaho.

After years of running Pentaho Data Integration Community Edition (CE) on a single machine, a leading organization found itself at a critical juncture. Its financial data operations were straining under the weight of growing regulatory requirements, expanding data sources, and cloud adoption strategies. The move to Pentaho Data Integration Enterprise Edition (EE) on AWS would be more than just an upgrade – it would be a complete re-architecture of their data integration framework.

The Challenge: Securing and Scaling Financial Data Pipelines

The organization had been using CE for financial data extraction, transformation, and reporting, but as workloads increased, several challenges surfaced:

• Lack of governance and security controls over sensitive financial data.
• Inefficient execution of ETL workloads, leading to performance bottlenecks.
• No native cloud scalability, restricting data movement between on-prem systems and AWS.
• Manual encryption and decryption workflows, making vendor file ingestion cumbersome.

In short, the existing architecture had reached its limits, and a once manageable system had become a high-risk, high-maintenance bottleneck.

The Migration: From CE to Enterprise-Grade ETL on AWS

The move from CE to Pentaho Data Integration Enterprise Edition was not just about software – it was about enabling the organization’s cloud-first financial data strategy. The project focused on three key areas: deployment, security, and workload efficiency.

1. Architecting a Secure, Cloud-Native Deployment

The first step was lifting CE off a single machine and deploying it as a scalable, enterprise-ready solution. The new architecture introduced:

• Pentaho Data Integration EE deployed across DEV and PROD environments on AWS EC2, ensuring redundancy and failover protection.
• A centralized repository using AWS RDS (PostgreSQL) to replace the file-based artifact storage of CE.
• SSL encryption enforced across all Pentaho instances, securing financial data at rest and in transit.

This transformation eliminated single points of failure and set the foundation for a scalable, governed ETL framework. 

2. Automating Secure File Ingestion & Data Encryption

A critical aspect of the migration was handling encrypted vendor files – a common requirement in financial data processing. The existing process required manual decryption before loading data, creating compliance risks and operational delays. With Pentaho Data Integration EE, encryption and decryption were fully automated using GPG-based secure key management.

• Keys were centrally managed, ensuring controlled access and compliance with financial data security policies.
• PDI transformations were designed to decrypt vendor files automatically, removing manual intervention.
• End-to-end encryption was enforced, securing the data from extraction to reporting.

This shift not only streamlined file ingestion but also reduced human error and compliance risks.

3. Optimizing ETL Performance in AWS

 With the deployment stabilized, focus shifted to optimizing financial data processing workloads. Key improvements included:

• Parallelized job execution, eliminating bottlenecks in ETL workflows.
• Direct integration with AWS services, including Redshift and S3, enabling faster data movement and transformation.
• Implementation of Pentaho Operations Mart, allowing real-time ETL performance monitoring and logging.

By optimizing how jobs were distributed and executed, processing times dropped by up to 40%, ensuring faster financial reporting cycles.

The Result: A Cloud-Ready Financial Data Platform

The migration to Pentaho Data Integration Enterprise Edition on AWS delivered tangible improvements across security, efficiency, and scalability.

• Significant reduction in ETL processing time, with parallelized execution and optimized job scheduling.
• Automated file encryption and decryption, removing security gaps in vendor data ingestion.
• Cloud-native architecture, enabling seamless data movement between on-prem and AWS.
• Stronger governance and auditability, ensuring compliance with financial reporting regulations.

Pentaho Data Integration Enterprise Edition for Financial Data

For organizations dealing with sensitive financial data, the transition from Pentaho Data Integration CE to EE is not just an upgrade – it’s an operational necessity. By leveraging AWS for scalability, automating encryption, and optimizing ETL performance, this organization built a future-proof financial data pipeline that ensures governance, security, and speed.

As financial data landscapes continue to evolve, Pentaho Data Integration Enterprise Edition provides the scalability and compliance enterprises need to stay ahead. This robust integration offers both stronger governance and auditability while aligning with financial reporting regulations, making it an invaluable upgrade for any business. If you’re interested in exploring how, contact Pentaho Services to learn more.

The post Scaling Financial Data Operations with Cloud-Ready ETL first appeared on Pentaho.

As data volumes and channels grow, telecommunications firms feel tremendous pressure to deliver tailored experiences to their corporate and consumer audiences. This pressure is only increasing as new service bundles emerge and 5G brings faster speeds, connectivity, and higher delivery expectations, all while price sensitivity and competition expand.  

In this fast-paced world, market leaders like Swisscom, Switzerland’s largest telecommunications provider, recognize the value of truly understanding customer needs. Swisscom has been on a transformative journey to enhance customer service through a comprehensive overview of its operations driven by data.  

Satisfying Multiple Masters  

Swisscom serves a diverse and large clientele of residential consumers and corporate businesses, delivering 59% of the mobile services and 53% of broadband across Switzerland. Each client base has distinct needs, requiring different data types and strategies to effectively meet evolving expectations. 

Residential customers prioritize affordability and broadband speeds. Businesses need dedicated customer service and technical support, often backed by stringent service-level agreements (SLAs). Swisscom operates various business units to meet these various and complex requirements, each using a range of systems from enterprise resource planning (ERP) to customer relationship management (CRM) applications. This created multiple data silos, limiting Swisscom’s ability to achieve a unified view of customer interactions, contracts, service statuses, and billing information.

Swisscom required a centralized hub for real-time operational and customer data visibility, which could help teams streamline service support requests and enhance response times.

Centralizing Customer Intelligence with Pentaho

Swisscom’s Business Customers division searched for a unified platform for data integration and validation to achieve a 360-degree view of its operations. Pentaho Data Integration (PDI) was chosen for its comprehensive feature set, ease of use, and cost-effectiveness.

“Pentaho Data Integration met all our requirements at a very attractive price point,” said Emanuel Zehnder, Head of Information Architecture, Swisscom Business Customers. “We were pleased by the comprehensive feature set and the simplicity of the workflows – particularly the streamlined integration process with Apache Kafka. Pentaho has a centralized integration process, which makes connecting business systems quicker and easier, using Dynamic SQL capabilities.”

Swisscom uses PDI to securely extract valuable information on customers, service operations, products, contracts, assets, and more from disparate systems. With all data stored in a single, easily accessible platform, users are benefiting from a unified view of operations. Over 30 business units now use the central hub to access data managed and processed by Pentaho (over 100 million data records processed daily!), including marketing, sales, quality assurance,e and service operations management. 

“Previously, if a member of staff wanted to check details about customer contracts across products and services, the data would be compiled and harmonized from up to six different inventory systems,” says Zehnder. “This was a time-consuming process that could slow us down in providing status updates and resolving issues.” 

Real-Time Data Drives Real-World Impact

Swisscom can now give stakeholders direct access to consolidated information that provides a clearer, 360-degree view of customer status and needs. “Thanks to the Pentaho solution component, we have been able to create a holistic view of all contracts, service status details, and SLAs in a single, harmonized data model,” says Zehnder. “We also let stakeholders access these details online, so they can check on their accounts and service status at their own convenience, 24 hours a day.” 

The Swisscom Business Customers unit sees significant platform usage on the horizon as new cloud environments and services create additional data integration requirements. The company already plans to integrate 20 more systems and expects Pentaho Data Integration to handle even more data records.

With a clearer operational view and teams tapping into much more of its data, Pentaho has Swisscom well-positioned to meet the evolving demands of its diverse customer base and achieve higher operational efficiency.  

Learn more about the power of Pentaho here or request a demo.  

The post Swisscom, Switzerland’s Largest Telecom Provider, Achieves 360-Degree Customer View with Pentaho first appeared on Pentaho.