BondEvalue: Disrupting Regulated Bond Markets with Cloud Strategy
Guest post by Raj Kannan, CTO, BondEvalue
Bond Markets Today
Bond markets are huge, far larger than stock markets, with over eight million securities in contrast with only six hundred thousand stocks. They are also far more complex than equities. Minimum investment of $200,000 for most popular bonds means most non-institutional investors cannot invest in bond markets!
Issues with today’s bond markets:
– Trading happens over phone calls, still. This is 2020!
– Price is a concern as it is not publicly available, particularly for non-institutional investors.
– Large minimum ticket sizes* (US$200k) makes it inaccessible for millions of investors.
Introducing the BondEvalue solution – BondbloX
Fintech startup BondEvalue has launched a fully regulated bond trading exchange “BondbloX,” that:
– Leverages blockchain technology to fractionalize bond sizes to allow trading in minimum sizes of $1,000 (versus the $200,000 in today’s markets)
– Creates an electronic market with all to all trading access and electronic order matching, that allows investors to trade bonds just like equities, eliminating the current phone based trading.
– Provides an increased depth of price transparency for all investors
More information on the BondbloX exchange is available here.
The Technical Challenge
We leveraged the Hyperledger Sawtooth blockchain in order to fractionalize bonds and provide a common ledger that is distributed amongst our members and custodians. For investors and members, we wanted to provide the same experience that they are accustomed to when trading other exchange based securities.
We needed to go from here…
We decided to go 100% cloud based on AWS to be able to meet the following requirements:
– Fast and iterative development cycles
– High degree of scalability built in
– Highest degree of security
– Realtime updates while managing the asynchronous nature of blockchain transactions
The Build Out
While a large part of the execution happens in the blockchain, we only store anonymized information and it also isn’t particularly suited for rich data querying. We needed to have a mechanism to synchronize the transaction data to an Amazon Relational Database Service (Amazon RDS) in realtime.
The blockchain nodes themselves are deployed in Amazon EC2s. We integrated AWS Simple Notification Service (SNS) to the event adapters in the blockchain to publish realtime updates on executions to AWS Simple Queue Service (SQS). AWS SQS was integrated with AWS Lambda Functions to transform and update Amazon RDS. The combination of AWS SNS, SQS and AWS Lambda allowed us to build a highly event-driven architecture that helped drive towards an end to end realtime system.
For the front end we wanted:
– To be able to build applications that could be easily deployed.
– Have authentication capabilities with Multi-Factor authentication.
– Be able to securely interact with our backend via APIs.
Our front end applications are built on reactjs and deployed via AWS Amplify. AWS Amplify simplifies the entire deployment process and also takes care of domain management with its neat integrations with AWS Certificate Management and providing caching/CDN via cloudfront automatically. More details on AWS Amplify can be found here.
All user authentication is provided by AWS Cognito User Pools. This allows us to meet strict guidelines on password management as well as multi-factor authentication. We were also able to leverage the User Pool triggers to perform additional password management such as password reuse and expiry. More information on AWS Cognito is available here.
All access to the backend information or to post transactions to the blockchain for execution were handled via AWS API Gateway. This was particularly useful with its seamless integrations with Cognito for authentication, AWS WAF with its managed rulesets for security and AWS Lambda Functions for execution of the requests. The AWS Lambda’s provided access to data from Amazon RDS and to submit transactions to the blockchain.
Finally, In order to provide realtime updates to the front end applications we made use of the AWS IOT Core solution. While GraphQL (using amplify AppSync) was an alternate, we wanted to leverage the backend APIs for other integrations that had to be purely REST API based. The front end applications connects via websockets on the MQTT protocol. Whenever, events are generated from blockchain executions and updated in the Amazon RDS, messages are published to connected users for real time updates to the front end applications.
Finally, no application is complete without reporting. In our case, we needed reporting for multiple purposes including exchange operations, compliance, regulatory reporting and monitoring.
One of the key challenges here was to find a way to be able to securely access our completely private RDS setup via VPC. In AWS Quicksight we found the perfect match for our needs. Quicksight provides secure access via VPC to RDS private instances and has an ever evolving rich interface for users to access, view and download reports as needed. All access to quicksight is controlled via BondEvalue’s identity provider integrated with the AWS IAM module.
We have been able to build a functionally rich, highly scalable, secure and resilient system that meets our business, technical, security and regulatory needs. Some of our key learnings and experiences during this process are as follows:
• Scalability: Most often these service automatically scale. For example: AWS API Gateway with AWS Lambda Functions or AWS SQS with AWS Lambda Functions.
• Security: Integration to AWS Key Management Service (KMS) or Certificate Manager (ACM) for encryption is seamless. For example: Api Gateway with ACM to provide SSL for your domain.
• Resilience: Most managed services either seamlessly (eg. API Gateway) or with the right configuration (RDS Multi AZ) cutover to another Availability Zone within a Region.
• Functionality: Many services offer functionality that you do not need to build. (eg. AWS Cognito)
• Get under the hood of the services you use!
• Managed/serverless services takes away a lot of time you would spend in development, infrastructure management etc. Spend some of the time saved in understanding them in depth in return.
• Explore AWS blogs, forums, stackoverflow. However, do experiment and develop your own deep understanding of these services. For example, experimenting to find the right memory for each AWS Lambda function can help provide a better balance of costs and execution time.
• Always keep iterating and be ready to adopt new methods or new services. For example, we built the below, challenging ourselves to iterate.
• A front-end client app. We originally started by deploying on AWS S3 with CloudFront. However, we moved to AWS Amplify due to the simplicity of deployment as well as the its ability to take care of all underlying infrastructure from hosting to CDN to build.
• Realtime notification for the front end applications: We initially started with polling; Lots of web based trading apps still do this! We then did a proof of concept with AWS API Gateway web sockets before moving over to utilize the IOT Core for its simplicity in broadcasting messages.
Without AWS cloud services, this would have required a much larger timeframe with a much bigger team!