How Poland’s Post Bank accelerated digital transformation while maintaining regulatory compliance on AWS

In Poland’s competitive financial services market, Post Bank faced a critical challenge: how to accelerate innovation and improve customer experience while navigating strict regulatory requirements. The answer came through a strategic cloud migration that transformed not just their technology infrastructure, but their entire approach to digital banking. By migrating their electronic banking system to Amazon Web Services (AWS), Post Bank reduced application deployment time from 2 hours to only 10 minutes, decreased CPU utilization by 40 percent, and dramatically improved system reliability—all while maintaining full compliance with Poland’s stringent financial regulations.

This transformation story demonstrates how financial institutions can use AWS Cloud technology to become more agile and efficient without compromising security or regulatory compliance. For Post Bank, the results extend beyond technical metrics: employee turnover dropped from 30 percent to 5 percent, and the bank can now provision new development environments in 30 minutes instead of 30 days.

Building confidence through incremental adoption

Post Bank’s cloud journey began cautiously in 2019 with the migration of a single noncritical system. “We needed to learn cloud technologies and build confidence across the organization,” explained Waldemar Szczepański, cloud center of excellence (CCoE) lead at Post Bank. This measured approach allowed the IT team to develop cloud skills while demonstrating value to stakeholders.

The COVID-19 pandemic accelerated the bank’s digital transformation timeline. Suddenly, the ability to scale quickly and deliver new features rapidly became critical to the success of the business. The conflict in Ukraine added another dimension to their strategy, with corporate-level executives recognizing the importance of geographic redundancy and systems hosted outside Poland.

These converging factors created the perfect conditions for organizational change. Post Bank established a CCOE team following the AWS Cloud Adoption Framework (AWS CAF), laying the groundwork for a comprehensive migration strategy.

Navigating organizational transformation

Migrating an important business system requires more than technical expertise—it demands organizational alignment. Post Bank’s transformation touched every aspect of IT operations: adopting new technology stacks, implementing different working models, establishing cloud cost management practices, and creating new operational procedures.

The CCoE team faced the challenge of aligning multiple internal stakeholders, including architecture, security, audit, and operations teams. Each group had specific requirements and concerns that needed addressing. “We couldn’t do this alone,” admitted Szczepański. “AWS architects and an AWS Partner helped us build our proof of concept, and the AWS Migration Acceleration Program (MAP) provided both methodology and partial funding for the migration.”

This collaborative approach proved essential. AWS architects and specialists from the AWS Partner worked alongside Post Bank’s teams, providing expertise while transferring knowledge to internal staff.

Architecting for hybrid reality

After careful evaluation of team capabilities, application complexity, and user impact, the CCoE team selected the electronic and mobile banking application as their flagship migration project. This critical system would test their ability to maintain performance and reliability in a hybrid environment.

Infrastructure as code (IaC) using Terraform became the foundation of their deployment strategy, enabling rapid, consistent provisioning. However, the hybrid architecture presented unique challenges. With 750 kilometers between their data center and the Europe (Frankfurt) AWS Region, managing latency became paramount. Post Bank implemented redundant AWS Direct Connect connections on different geographical paths, achieving predictable 30-millisecond latency that met application requirements. This is illustrated in the following diagram.

Figure 1: AWS Direct Connect connections geographical layout

The team thoughtfully applied the AWS 6 Rs migration strategies (rehost, replatform, repurchase, re-architect, retire, and retain). When their on-premises network access control approach didn’t translate directly to cloud, they chose the repurchase strategy, selecting a third-party solution from AWS Marketplace. For database high availability, they replatformed to Amazon Relational Database Service (Amazon RDS) Multi-AZ deployments. Their in-memory cache solution was rehosted with an update and addition of a community plugin to support AWS Auto Scaling.

Proving value through measurable success

Post Bank’s proof of concept wasn’t just a technical exercise—it was a data-driven approach to stakeholder buy-in. The team identified 10 key performance indicators (KPIs) that directly addressed stakeholder concerns about cost, security, and performance.

“The choice of KPIs was critical,” noted Bartłomiej Rafał, CCoE technical lead. “We needed metrics that would counter objections with hard numbers.” The results exceeded expectations on most metrics, with only one falling short of target but still outperforming on-premises baselines.

This evidence-based approach transformed skeptics into champions. System availability improved with automatic healing capabilities that resolve issues within 10 seconds—previously requiring manual intervention. Development velocity increased dramatically, with new environment provisioning dropping from 30 days to 30 minutes.

Maintaining security and compliance in the cloud

For a financial institution in Poland, security and regulatory compliance are nonnegotiable. Post Bank built their cloud foundation on AWS best practices, following the guidelines from the AWS Well-Architected Framework Security Pillar and AWS Security Reference Architecture.

Using AWS Organizations with AWS IAM Identity Center and service control policies, the bank enforced critical compliance controls including environment isolation, separation of duties, least privilege access, and mandatory encryption. AWS Control Tower simplified security governance, enabling controls such as restricting usage to Regions in European Economic Area (EEA).

The team used Account Factory for Terraform to provision all new accounts with proper configurations and security settings. For identity management, they federated IAM Identity Center with their existing identity provider, simplifying regulatory certification by modifying existing processes rather than creating new ones. The following diagram shows this architecture.

Figure 2: Permissions assignment flow – hybrid approach

It was important for the bank to make only minimal changes to its existing processes as it simplified compliance. The hub-and-spoke network security architecture, shown in the following diagram, made it possible to extend existing security processes to the AWS Cloud by firewall management synchronization.

Figure 3: Network high-level architecture and management

Lessons for financial institutions

Post Bank’s successful migration offers valuable insights for other financial institutions considering cloud adoption:

• Start small but think big – Beginning with a noncritical system allowed Post Bank to build skills and confidence while minimizing risk.
• Establish strong governance early – The CCoE team provided essential leadership and coordination across diverse stakeholder groups.
• Invest in architecture – Time spent on proper system design, considering the 6 Rs migration strategies, pays dividends during implementation.
• Use proofs of concept strategically – Include KPIs that directly address stakeholder concerns and demonstrate clear benefits such as improved availability and operational efficiency.
• Leverage expertise – Engage AWS architects and use programs such as MAP to accelerate migration while building internal capabilities.

Looking ahead: Continuous innovation

“AWS Cloud made our administrators and testers happy and increased satisfaction of our business stakeholders because we deliver changes and upgrades faster,” reflected Szczepański. The transformation has fundamentally changed Post Bank’s approach to technology.

Director of the IT Systems Department at Post Bank, Artur Szatkowski, stated confidently, “We will not go back to on-premises solutions.” The bank plans to migrate additional systems and is already exploring new cloud-based capabilities. They recently implemented an internal AI chat assistant using Amazon Bedrock and Anthropic’s Claude 3.5. Employees can now quickly find information across the bank’s extensive repository of internal documents, offers, terms of service, and promotional materials.

Post Bank’s journey demonstrates that with careful planning, strong partnerships, and commitment to best practices, financial institutions can achieve the agility and innovation of cloud computing while maintaining the security and compliance their customers and regulators demand.

About Post Bank

Post Bank is a Polish consumer bank with approximately 700,000 customers that has been present in the market for 35 years. Its strategic partner and main shareholder is national Polish Post. Through this partnership, the bank’s services and products are offered at every post office in the country. This creates a network of approximately 4,700 branches—5 times larger than competitors—and makes it possible for the bank to serve even digitally excluded citizens.