The Sovereignty Tax. What Cloud-Only Vendors Won't Tell Tier 1 Banks

Cloud-only vendors gave up on top financial services providers. Ververica doesn’t.

That is not a positioning statement. It is what actually happened. A European Global Systemically Important Bank (G-SIB) switched to Ververica after their previous streaming vendor dropped on-prem support entirely, leaving a systemically important institution without a sovereign deployment path mid-program. Their response, stated plainly during a business review: "It would be a big issue if we stop on-prem Ververica Platform."

That institution now runs corporate payments at 266 transactions per second against a 5-second service level agreement, and its on-prem accounting system processes over 100 billion euros in Single Euro Payments Area (SEPA) payment orders monthly, all utilizing an on-premise OpenShift with multi-datacenter disaster recovery. A major London hedge fund operates five Ververica Platform instances on bare-metal OpenShift, processing securities restrictions in real-time where failure to act means fines measured in millions. Another important clearing organization based in the United States is in its production build-out of a three-data-center, with approximately 5,000-CPU Ververica environment for real-time profit and loss and margin workflows.

SOVEREIGNTY IS MANDATORY, NOT OPTIONAL

For top tier banks, clearing houses, and major insurers, on-prem capability is not nostalgia. It is a compliance boundary shaped by converging regulatory pressure.

DORA Article 28 (Regulation (EU) 2022/2554, applicable from January 2025) requires financial entities to maintain contractual rights of audit and access over Information and Communication Technology (ICT) third-party providers, and mandates documented exit strategies for critical ICT services, a requirement that platforms built on proprietary APIs and data formats fail structurally. The Network and Information Security Directive 2 (NIS2) increases management accountability for cybersecurity resilience. GDPR and related residency controls tighten obligations around where sensitive data is processed and accessed. The Payment Card Industry Data Security Standard (PCI DSS) scopes cardholder data environments to specific infrastructure boundaries, creating direct dependencies on where payment workloads run and who can access that infrastructure.

There is an additional exposure vendor-managed platforms rarely surface: when a vendor operates your control plane, their support personnel typically retain operational access to production infrastructure that may cross jurisdictions. Under DORA's supervisory expectations and GDPR's cross-border transfer obligations (Chapter V), this is a structural compliance concern that must be examined explicitly, and not treated as an edge case.

On-prem at scale is hard. Most vendors chose not to solve it. That is a deliberate product decision, and it disqualifies them for a specific class of regulated workload. For the financial services industry, cloud-first is not a modernization strategy; it is a sovereignty-never decision.

WHY EVALUATIONS BREAK DOWN

In the financial services and banking industry, the issue is usually not product quality. It is an operating-model fit.

AWS Managed Service for Apache Flink® is a fully-managed cloud service with no on-prem deployment path. Confluent Cloud (IBM) is cloud-only, with no meaningful on-prem Flink capability. Both are engineered for cloud-native operating models, but structurally incompatible with institutions that must own their control plane. Databricks, which is cloud-native by design with no true on-prem offering, is similarly optimized for vendor-managed infrastructure. For regulated workloads requiring institution-owned control planes, each creates a structural fit gap, not a temporary limitation, but an architectural consequence of how they were built.

How to screen data platform vendors for potential risk:

• If control plane ownership stays with the vendor, sovereignty risk rises.
• If private or isolated network patterns are constrained, security sign-off slows.
• If governance evidence depends on provider-controlled systems, audit burden shifts to exception handling.

This is the sovereignty tax: teams spend budget and political capital evaluating platforms that were never deployable for their regulatory profile and needs.

FIVE ARCHITECTURE QUESTIONS THAT DETERMINE FIT

Architecture teams in highly-regulated industries like financial services should evaluate streaming platforms using five control questions:

1. Deployment control: Can it run fully on-prem with institution-owned control planes?

2. Network posture: Can critical workloads run without public internet exposure, including air-gapped patterns?

3. Governance model: Are Role-Based Access Control (RBAC), audit trails, lineage, and tenancy controls native and customer-operated?

4. Security model: Does it support Zero Trust enforcement with enterprise identity and private connectivity that is demonstrable to a CISO without relying on vendor-controlled attestation?

5. Operational resilience: Can teams meet strict SLA boundaries with high availability, disaster recovery, predictable restart behavior, and enterprise support?

These are baseline controls, not advanced features. A platform that cannot answer all five affirmatively is NOT a sovereign streaming platform.

WHAT DEPLOYMENT REALITY LOOKS LIKE

Several top-tier enterprises in the financial industry utilize Ververica Platform today. The enterprises behind these stories asked us not to use their name explicitly. That's common in industries where infrastructure decisions are sensitive. What we can share is still important: their relatable challenges, the approach, and the very real outcomes.

EUROPEAN G-SIB: ON-PREM, MULTI-DATACENTER, AT SCALE

After a previous streaming vendor dropped on-prem support, this institution moved to Ververica. The environment runs on on-premise OpenShift with bare-metal workers and a secondary DR site. Corporate payments processes 266 transactions per second at peak against a 5-second SLA. DB2 mainframe replication covers 250 tables to Apache Kafka and MongoDB, a workload the team describes internally as “critical”. DORA compliance is managed entirely within their own infrastructure controls.

That same environment underpins the institution's accounting modernization system, which processes over 100 billion euros in SEPA payment orders monthly across 30+ banking systems, all within an infrastructure the institution itself controls. With this architecture in place, they solve a massive customer 360 use case, achieving 3x throughput improvement over their prior architecture. (600 messages per second versus 200.) The end result: core operational infrastructure, running with complete sovereignty.

Watch Fulvio Pascotto, Data Architect Lead and Raffaele Saggino, Senior IT Infrastructure Architect from Intesa SanPaolo present: Intesa Sanpaolo’s Journey to Cloud: Is Batch Processing Still Relevant? from the Flink Forward stage.

MAJOR LONDON HEDGE FUND: BARE-METAL ON-PREM

This Financial Conduct Authority (FCA) regulated quantitative fund runs five separate Ververica Platform instances across bare-metal OpenShift, with 99.9% of production workloads on-prem and no cloud dependency. Their security model goes beyond standard RBAC: a custom Kerberos proxy sits in front of Ververica Platform to integrate with internal authentication infrastructure. The primary use case is real-time securities restrictions processing. When the system identifies a security the firm cannot trade, it must act immediately. Failure means fines measured in millions. Their most demanding workloads specifically use Ververica Platform, powered by the VERA engine, precisely where the performance gains matter most.

For relevant information, at the Flink Forward Berlin 2024 conference, Marshall Wace software engineers Mohsin Niazi and Robin Stephenson presented on the firm's transition to real-time streaming architectures. Their session covered the company's journey of migrating their data infrastructure to leverage Apache Flink. Watch the recording here.

UNITED STATES-BASED SYSTEMICALLY IMPORTANT CLEARING ORGANIZATION: PRODUCTION BUILD-OUT

A systemically important clearing organization in the United States is in production build-out of a three-data-center environment running approximately 5,000 CPUs for real-time P&L and margin workflows. The institution runs self-managed Kubernetes, and retains full ownership of the control plane, a mandatory requirement for infrastructure sovereignty at clearing-house scale, and one only Ververica offers.

WHAT VERVERICA DELIVERS

Ververica Platform is built for institutions that cannot compromise on control. It delivers the full capability of a production-grade streaming platform, including governance, deployment flexibility, operational depth, AI/ML support, and VERA-powered performance, entirely within institution-controlled infrastructure. No cloud dependency. No vendor access to the control plane. Just the capabilities regulated institutions need, deployed on their terms. The specifics:

• Streaming-native governance: RBAC, multi-tenant controls, audit logs retained for 180 days with direct streaming to SIEM via Kafka, enterprise SSO via SAML 2.0 and OIDC, and column-level data lineage across catalogs, tables, and jobs for SQL deployments. Enterprise tooling, including job management UI, CI/CD pipeline integration, and catalog connectors that operate entirely within institution-controlled infrastructure.
• Deployment freedom: Full on-prem and air-gapped patterns based on institutional risk policy, not vendor infrastructure constraints.
• Zero Trust alignment: Zero Trust requires continuous verification at every access point rather than trusting anything inside the network perimeter. That distinction matters when auditors ask whether the security posture holds inside the control plane, not just at the edge. Ververica integrates with enterprise identity, private networking, and policy enforcement models to support that verification.
• Operational depth: Kubernetes-oriented operations, full lifecycle controls, and 24/7 expert support. For institutions requiring hands-on deployment support, Ververica Professional Services covers Security and Compliance Implementation, Platform High Availability and Disaster Recovery, Apache Flink® migration from legacy tools, Architecture Design, and embedded Resident Engineer engagements, all scoped for sovereign environments.
• AI/ML on-prem: On-premise deployment does not require sacrificing AI capabilities. Ververica supports real-time inference, streaming feature stores, and vector database integrations deployable entirely within institution-controlled infrastructure, enabling fraud detection AI models at scale without cloud dependency.
• VERA performance: The VERA engine runs up to 2x faster than open-source Flink while maintaining 100% API compatibility. On-prem deployments benefit from the optimized SQL engine with 50%+ faster processing, 30%+ lower resource consumption, and 90% faster job recovery.

WHERE FINANCIAL SERVICES INDUSTRY LEADERS GO FROM HERE

If you lead architecture, risk, or data engineering in Tier 1 or Tier 2 Financial or Banking Industry enterprise, evaluate control fit first and convenience features second.

Start with the Sovereignty Assessment Checklist to identify governance and deployment gaps in your current stack. Then use the Technical Guide to BYOC + On-Prem for FSI to map a deployable architecture for your institution's risk model. If you are ready to walk through your specific environment, Ververica's architecture team is available to do that with you directly.

For organizations that have reached the architecture review stage, Ververica's SOC 2 Type II certification (achieved on the first audit attempt) covers a sustained review period rather than a point-in-time assessment and provides the vendor assurance documentation that procurement and security teams require as part of any regulated workload evaluation.

If your current data pipeline cannot meet the required control boundaries without recurring exceptions, the issue is not a matter of roadmap timing. It is an architectural mismatch.

Ververica is the only streaming platform combining full on-prem deployment, streaming-native governance, and Zero Trust security. No other vendor offers all three without giving up institutional control. Cloud-only platforms made a deliberate choice: optimize for vendor-managed infrastructure. Ververica made the opposite choice. For regulated financial institutions, that difference is not a roadmap consideration. It is the decision.

MORE RESOURCES

• Ververica Banking Hub: https://www.ververica.com/banking
• Data Sovereignty Playbook: https://www.ververica.com/data-sovereignty/fsi-sovereignty-playbook
• Streaming Platform Evaluation Framework: https://www.ververica.com/data-sovereignty/fsi-streaming-platform-evaluation-framework
• How Ververica Delivers Sovereignty for Financial Services Industry: https://www.ververica.com/data-sovereignty/how-ververica-delivers-sovereignty-for-financial-services-industry
• Streaming Sovereignty Checklist For Financial Services: https://www.ververica.com/data-sovereignty/streaming-sovereignty-checklist-for-financial-services-industry