Daniele Tonella (ING): ‘Innovation is also about behavior and governance’

What is the biggest technological challenge for ING?
‘Moving to cloud-native architectures. Without a doubt. You can buy any technology you want, but if your organization, your processes, and your people do not change with it, it is useless. Over the past ten years, we have modularized our architecture step by step. Where we used to run one large core banking system, we now have hundreds of microservices in operation. That makes us more agile, but the work is far from done. We are in a long-term transition phase in which we are not only replacing systems, but above all changing our way of thinking.
The challenge is not in the technology – that is readily available – but in developing our people. Software engineers do not focus on operations, so they do not prioritize stability. They want to roll out features. Infrastructure engineers and systems engineers, in turn, are not programmers. And even if they do write code, they are less attuned to the needs of modern developers. Cloud native design sits squarely between these two worlds. You have to understand both sides. You have to be able to think in terms of features like a software engineer does and strive for stability like a systems engineer is used to. That requires a different type of professional: someone who understands how the business, the application, and the infrastructure are interconnected. In the past, the back-end and the front-end team – run and change – were separate. Now everything is mixed, it is the same platform. Everyone must be able to work together, including with people from other disciplines.’

How is ING tackling this modernization without getting bogged down in complexity?
‘We have deliberately opted for a modular approach. ING's core banking systems now only manage accounts and bookkeeping. Everything around that, from payments to customer interaction, runs in microservices. That makes things much faster. But modernization is more than just migrating from one system to another. Over the past ten years, we have revised the architecture of our systems to make them modular and reusable. This allows teams to develop, test, and deploy independently of each other.
We have about thirty-five squads, around 2,500 people in total, working in this complex area alone. At the same time, we have learned that autonomy does not equate to freedom. We have had periods where teams were allowed to work completely agile, and that led to fragmentation. Teams decided for themselves what they were going to do. Everyone built great things, but the overview disappeared. Complete autonomy sounds attractive, but at scale, it can lead to chaos.
We have therefore returned to a more programmatic approach, in which we manage the most important changes as a cohesive portfolio. About forty percent of our transformation is now centralized. This provides direction and ensures that we focus our capacity on what truly matters. The goal is not to control everything centrally, but to find a common rhythm in which teams know why they are doing what they do.
We have also introduced clear standards. Some are even almost dictatorial: if you do not respect the standards, you might as well go home. Not because we want to be centralist, but because safety, quality, and consistency are non-negotiable. For infrastructure, the general rule is that you can use what is already there, but you cannot change the design. Autonomy only works within certain boundaries. And the trick is to find that exact balance, enough room to innovate, but not so much that cohesion is lost.’

What then about innovation? How does ING stimulate innovation without losing control?
‘We have innovation labs where you can experiment freely, but outside of the production environment. The aim of the labs is not to create the next big invention, but to demonstrate what is possible. Their role is inspiration, not production. At the same time, you must be clear about when something is mature enough to be introduced into the organization. As soon as an idea works, we move it to a controlled environment and bring it into real operation. This keeps innovation alive, but manageable.’

To what extent does ING run the risk of vendor lock-in in the digital transformation, whereby you become dependent on a particular supplier or technology?
‘Certain technological lock-ins are inevitable. We used to have IBM mainframes, now we have SaaS solutions. The dependency is different, but it remains. The risk profile has changed, however. If a SaaS supplier fails, your process comes to a standstill. In the past, with software in your own data center, you did not run that risk. This is also one of the reasons why ING consciously chose to build its own private cloud even before my time. It is complex, but it removes some of your dependence on external suppliers. Especially in these times of geopolitical uncertainty, that is not such a bad thing.
At the same time, complete independence is an illusion. As you move up the IT structure, you get core components that are SaaS anyway, think of Active Directory for identity management. Many components, such as identity management or compliance tools, simply come from global suppliers. You can have your own data center, but if Active Directory fails, you still have a problem.
The challenge, therefore, is not to avoid lock-ins, but to be able to deal with them without taking unacceptable risks. We therefore ensure that we build in portability where possible and that activities are independent of time and place. We are succeeding in this on a smaller scale; it is possible to move workloads. But on a systemic scale, it remains difficult.’

What is the role of artificial intelligence in all this?
‘AI is a catalyst, but not a panacea. The hype is over; we now know where it works and where it does not. We use Generative AI primarily in customer processes like chatbots and hyper-personalized marketing, but also for our Know Your Customer processes and software development. That is where it delivers real benefits. We also want to advance in Agentic AI, where AI can make autonomous decisions in certain processes.
But I am concerned about knowledge development. Our senior engineers can assess AI output because they learned the trade by hand. They distinguish good code from bad because they once made all the mistakes themselves. The younger generation has less and less opportunity to do so. They use AI to generate code but lack the understanding of what is happening under the hood. How can they become experts? Layers of abstraction have emerged. Take Python – a phenomenal programming language. It is very efficient for writing software. But it does not teach you how to program well or how to determine whether the code could perhaps be written better or more compactly. It is a problem the entire sector is struggling with: AI is taking over all kinds of routine tasks, but people learn precisely by doing routine work. So, we need to think of new ways for people to learn and develop, otherwise there will not be a next generation of professionals.
Another concern is the cost of AI. AI is in the same phase as the public cloud was fifteen years ago. Everyone is experimenting, everyone wants to try it, but the bills are now starting to come in. The models are powerful, but also expensive. There are calculations that say that for every dollar a major AI player generates, three dollars are spent on hardware, energy, and infrastructure. That is not sustainable. We will have to become more efficient, just as we had to learn to do with the cloud. Sustainability and efficiency are therefore becoming just as important as innovation.’

What is your view on the rise of neobanks like Revolut and N26?
‘We were a neobank ourselves before the term even existed! In 1997, we launched ING Direct, an online bank without branches, offering products that were far ahead of their time. So, the phenomenon is not that new. But to answer the question: new players such as Revolut and N26 got off to a flying start. They offered a fantastic user experience: they were international, had a phenomenal user interface, and offered the convenience of an app you just needed to download, without the hassle of opening a bank account the traditional way. But over time, they have become less user-friendly. They have had to deal with the same rules, compliance requirements, and operational restrictions as we have and are starting to encounter problems that we have already solved. For example, with KYC rules and with licenses that are valid in one country but not in another.
In a sense, the two worlds are converging. We learn from their simplicity and speed; they learn from our scale and stability. Ultimately, we have the same goal: to make banking easier for customers without compromising security.’

Can traditional banks and neobanks collaborate?
‘The competition rules are clear; we cannot collaborate on matters that would disrupt market dynamics. But the European Banking Federation has forums where banks’ CTOs and CIOs discuss topics such as sustainability, cybersecurity, and risk management. Some competition authorities are also increasingly comfortable with financial institutions discussing topics such as resilience, sustainability, and cybersecurity together. Rightly so, of course: these topics are systemic, and countering systemic risks is not a threat to competition within the sector. Cyber ​​threats, AI security, sustainability – these are topics where collaboration is the only sensible approach.’

What do you see as the next major technological wave after AI?
‘I find that difficult. I am rather skeptical of things that are hyped, such as quantum computing and hyperautomation. I remain cautious about these. Most technologies that are currently of great interest – VR, holography, 6G – are still far from ready for large-scale application. Moreover, it can take a long time before a technology that is market-ready is actually widely deployed. Innovation is not a sprint; it is a marathon. Every technological wave begins with euphoria, overinvestment, and failures, followed by a mature phase in which real value is created, and sustainable growth becomes possible. Look at the dot-com bubble: the vision of the high-profile companies of the time – a digitally connected world – is now our reality. But thousands of those companies went bankrupt. The winners are generally not those who shout loudest at the beginning of the hype cycle, but those who persevere, learn, and improve.
My experience shows that real innovation often starts invisibly: in infrastructure, in standards, in collaboration. Innovation is not just about technology, but also about behavior and governance. Perhaps the next wave of innovations will be driven by social pressure. DORA, NIS2, and other European laws and regulations will increasingly assign responsibility to companies for issues such as fraud, privacy, and reliability. This certainly applies to systemically important banks such as ING. It also applies to infrastructure companies such as KPN and social media, by the way.’

What is the most important lesson you have learned after years in technology and management?
‘That technology is only valuable if it benefits people collectively. A new tool is worthless without a culture that understands, nurtures, and uses it responsibly. I am an engineer by training, so I believe in building. But building without thinking leads to chaos. Real progress lies in the connection between people, technology, and values.’

Interview by Hakim Annaciri, vp products at KPN. Published in Management Scope 10 2025.