How to balance security, risk and innovation in fintech
This is the third part out of four with Quiddly’s CTO Mattias. In the former two parts we have covered everything from philosophy and psychology to architectural patterns and programming languages.
In this article we center our focus on a particularly hot topic in tech, especially in finance: security and risk, and how to combine them with being a disruptive force while keeping a high innovation pace.
Security and compliance are not checkboxes you tick once
As might be expected, security and compliance are huge in fintech, and for good reasons. We ask Mattias about the most overlooked aspects that CTOs should pay attention to early on.
Security and compliance aren’t boxes you tick once, they’re continuous disciplines. For startups especially, the biggest mistake is treating them as something to add later. If you don’t have solid fundamentals from day one, you don’t really have a production ready product.
That said, you also have to be strategic, Mattias explains. His advice is to build a strong security foundation early, with a focus on things like proper key management, access control and secure by design principles. But when it comes to broader compliance, plan and budget for those initiatives like any other major project. Time box them, track them, and evolve as regulations change.
Risk vs new tech
Being a CTO is often about balancing risk. We are curious how Mattias decides when to adopt a new technology versus staying with a proven, stable stack.
If I had to put it in one line: experiment on the edges, stick to proven at the core.
By “core,” he means the critical components, the systems your business can’t afford to have fail. Those should be boring in the best possible way: stable, well understood and predictable. The edges, on the other hand, are where you can safely explore new technologies, frameworks or approaches that might give you an edge in productivity or capability.
Of course, reality is always more nuanced. The key is timing and context and to understanding when the potential upside of innovation outweighs the operational risk. The balance between curiosity and caution is what keeps a platform both innovative and resilient.
Innovation and compliance are not opposites
We ask Mattias how he thinks about fostering a culture of innovation among developers without losing sight of compliance and security. He explains that this is one of the long term challenges he thinks about a lot for Quiddly’s success.
Innovation doesn’t thrive in opposition to compliance and security. It thrives when those boundaries are clearly understood.
He elaborates that Quiddly works to make compliance and security requirements explicit and transparent, not as afterthoughts, but as part of how they build. Everyone involved in product development should understand why those requirements exist and how they shape the system. If that understanding were to be missing, it would create frustration later, especially when teams realize that core compliance or security needs were not factored in early enough.
So for me, the key is alignment and communication. When teams understand the why behind the guardrails, those constraints stop feeling like limits and start becoming part of the creative process.
Cutting through the AI fluff
In the fourth part of the article series we address the mandatory topic of AI, but through a more grounded, less fluffy lens. Where will AI make the most difference for Quiddly – in the workflows for developers or in the products we ship?