Inside fortune 500 financial risk strategies

Financial services companies must navigate evolving regulatory requirements, process massive amounts of complex data, and defend against increasingly sophisticated cyber attacks. It’s no surprise that even leading organizations struggle to balance innovation with rapid scaling and the high costs of compliance.

Today, financial companies can no longer focus on a single aspect of the innovation equation. Security, compliance, and customer trust are interdependent. Financial fraud exposes vulnerabilities that can lead to broader security breaches; security breaches erode customer trust and damage reputations; compliance helps prevent fraud and money laundering while reinforcing customer confidence and experience. Responsible artifical intelligence (AI) adoption, supported by a unified data platform, enables the financial services industry to build resilient systems that are compliant, secure, and trustworthy.

But as financial services companies scale and process billions of data events, they must detect security risks in real time to maintain consumer trust. Every alert and anomaly demands immediate attention.

Key security challenges include:

• Increasing compliance and operating costs and complexity: Leaders of financial organizations must balance rising compliance costs with already significant operational burdens. For example, banks report spending more than 13% of their IT budgets on compliance,¹ and nearly half of banking management time is devoted to regulatory concerns.
• Rapidly evolving regulations: Regulatory frameworks are constantly changing and evolving. Whether it’s a new law related to data privacy, AI governance, anti-money laundering (AML), or know-your-customer (KYC), financial companies have to continuously update systems and train employees to stay aligned with new mandates.
• Outdated IT systems and processes: Modernizing longstanding, complex IT environments is difficult and resource-intensive. Many financial services companies rely on legacy systems and processes, which slow down their innovation efforts and growth.
• Non-agile organizational structure: Traditional large banks and other financial services companies tend to be risk-averse, leading to slower decision-making and resistance to experimentation.
• Shortage of skilled professionals: Attracting and retaining talent capable of working with modern AI, analytics, and compliance technologies remains one of the biggest challenges.

To address these challenges, industry leaders such as Discover, Wells Fargo, Citi, and WePay have implemented Elastic. With Elastic, financial services companies can process and analyze both structured and unstructured data at scale, detect and respond to cyber threats in real time, and maintain compliance with digital experiences to earn customer trust.

At Elastic, we know that data is foundational. Today, artificial intelligence and unified data are inseparable from how modern financial services companies build resilience, ensure compliance, and maintain operational speed. By unifying data on a single, AI-ready foundation, Elastic empowers financial services companies to move faster and smarter in an environment where scale, regulation, and resilience are non-negotiable.​​

Security is essential for financial services companies. It protects data from cyber threats, maintains regulatory compliance, ensures operational stability, and preserves customer trust and the organization's reputation. That’s why security is both a data problem and a business imperative, according to Rachel Wilson, chief data officer and managing director at Morgan Stanley.

With the proliferation of AI and the democratization of advanced cyber capabilities (cybercrime-as-a-service, for example), Wilson now sees an unimaginable increase in the scope, scale, and velocity of cyber attacks.

The barrier to entry into cybercrime has significantly lowered. Attacks once reserved for nation-states are now commonplace. Cybercrime has evolved from a niche activity requiring deep technical expertise into an accessible, scalable operation for aspiring criminals with minimal expertise.

At the same time, large language models (LLMs) are fueling a new generation of targeted scams. Cybercriminals and fraudsters can generate hyper-realistic, context-aware, and grammatically flawless malicious content at an unprecedented scale. As a result, both humans and traditional defense tools often struggle to detect such attacks.

But just as AI amplifies threats, it also empowers defenders.

AI automates routine tasks, accelerates threat detection and investigation, and augments analyst capabilities by contextually triaging alerts.

What does it mean for everyday security operations in financial services? Generative AI and agentic AI can:

• Automate routine and time-consuming tasks
• Provide real-time vulnerability management
• Accelerate anomaly detection
• Assist in remediation and containment
• Streamline vendor risk assessments
• Most importantly, free defenders to focus on high-impact work

With AI and unified data, Wilson says, “we can achieve better efficiency, better effectiveness, and actually get some cost savings.”

For successful AI adoption, financial services companies have to keep their AI tools accountable and responsible.

Responsible AI is a comprehensive approach to developing, deploying, and governing AI systems. It takes into account regulatory, operational, and legal risks — including data privacy compliance, data management, adherence to emerging AI regulations, ownership of training data and IP, vendor risk, and potential ethical breaches.

Wilson points out that above all, AI must be transparent, auditable, and governed. “You have to be leveraging AI in a way that it’s well governed, effectively managed, where your workforce is trained, and where you've provisioned the right capabilities,” she says.

This is where the human-in-the-loop (HITL) becomes essential. HITL processes combine human oversight and artificial intelligence, ensuring people remain involved to monitor, audit, provide feedback, and make decisions that improve accuracy and reliability. This helps reassure compliance and legal teams that AI isn’t operating autonomously and remains within a company’s frameworks and guardrails.

AI has also drastically changed the job of chief information security officers (CISOs), according to Wilson. Today’s CISOs are not only responsible for cybersecurity but also for translating security into business value. They now have a seat at the C-suite table, where they are expected to contribute to value-driven conversations and decisions.

CISOs must be prepared to answer questions such as:

• What does a breach mean for business? Why did it happen? Was it missed because the right metrics weren’t monitored? What’s the data story?
• Why is this security tool necessary? What will the business gain from it? What are the trade-offs? What data-backed insights support this investment?
• Month over month, quarter over quarter, where is the progress? Is there progress? Is the vulnerability management system detecting new threats? If not, why?

Ultimately, security must be embedded across every layer of the financial services organization, with data unification at the core. When fragmented defenses are transformed into a unified, operational fabric built for speed, scale, and adaptability, massive datasets turn into real-time intelligence. Done right, AI-powered security transforms from a reactive shield into a competitive advantage.

Discover Financial Services, a division of Capital One, provides millions of people in the US with banking and credit products and operates a global payment network. A Fortune 500 company with ambitions to lead in digital banking and payments, Discover continually explores emerging technologies to balance scalability and cost optimization.

As a primarily direct-to-consumer online bank, Discover must deliver seamless digital experiences while continuously introducing new products. But each new service generates a massive volume of logs, creating mounting pressure on its IT infrastructure.

Discover was facing a challenge: How could it increase data storage capacity while maintaining efficient data retrieval?

To balance platform scalability with cost optimization, Discover turned to Elastic Observability, running on Elastic Cloud Hosted with a centralized logging platform. As more data is collected, Elastic’s architecture can handle petabytes of logs with efficient indexing, compression, and data storage, with AI-driven analysis.

Discover’s logging pipeline uses agents to collect and forward log data to its Kafka platform. Then, it’s categorized into topics, where Logstash pulls data and performs additional processing. The data is pushed to one of two endpoints for log data storage and retrieval, each with its own retention period.

• Primary endpoint (Elasticsearch): Ten dedicated clusters ensure Discover users only have access to logs relevant to their business area. Kibana, Elastic’s visualization and analysis tool, lets teams quickly create dashboards and view logs.
• Secondary endpoint (Amazon S3): Data is held in long-term log storage for 13 months, although some data can be as old as seven years.

Elasticsearch searchable snapshots transformed Discover’s storage and search model. Instead of an all-hot node architecture, Discover now divides data into hot, cold, and frozen tiers. This means a lower total cost of ownership, the ability to store and search more data, and better system availability.

Before adopting Elastic’s tiered architecture, Discover could only store up to 30 days of live data. Historical data retrieval involved manual reindexing, often taking up to 24 hours or more to fulfill user requests. The new hot-cold-frozen architecture allows users to access data directly from all three tiers, eliminating the need for reindexing. With significantly reduced retrieval times, even historical data is searchable.

Frozen tier searches, for example, now only take a few minutes, while storage requirements have been reduced by 50%.

In addition to centralized logging, Elastic Observability is helping Discover improve log data management.

Depending on the time of day, day of the week, application activity, and other factors, log data volumes can surge from 5 million to over 50 million events within hours. Through automatic scaling of instances based on real-time data flow, Discover ensures optimal resource utilization.

Discover also addresses misbehaving applications and their excessive logging. By restricting the number of log messages received per second per file, a single application can no longer overwhelm the system with unnecessary log data.

Furthermore, Discover migrated to a new paradigm for observability: Streams. From ingest to investigation, Streams simplifies and automates the work of building custom pipelines and manually extracting fields, providing clean, structured, and high-fidelity data.

With all the improvements, Elastic Observability plays a key role in helping deliver uninterrupted services to customers.

As Discover accelerates the development of new financial products and services for customers, it continues to leverage Elastic Observability for its scalability and integration capabilities.

For personalized financial experiences, Discover can use logs and other telemetry data to focus on user behavior, optimize for better experiences, identify bottlenecks, and improve self-service options. Contextual insights also play a role: Elastic provides full-stack visibility and context-aware insights into user interactions, enabling better decision-making.

Behind the scenes, Elastic now uses agentic AI to search, analyze, and empower decision-making from logs.

Out of the box, Elastic offers hundreds of integrations to ingest logs and metrics from cloud services, CI/CD pipelines, databases, Kubernetes, and more. No matter the number of logs, Elastic can ingest them from anywhere and automatically group them into patterns, highlight anomalies, and pinpoint spikes — enabling growth, scale, and cost optimization for financial services companies like Discover.

Banks like Discover run on vast amounts of data that are growing by the second. To scale successfully, financial service companies must begin assessing their data infrastructure and then focus on observability — specifically, log analytics.

Managing logs in a centralized platform ensures scalability, simplifies ingestion, and enables teams to analyze patterns, highlight anomalies, and pinpoint spikes. With automation, real alerts are prioritized over false positives, speeding resolution.

A centralized log platform also improves cost optimization. Financial organizations can decide which data should be hot (the most expensive data tier), cold, or frozen (mostly historical data). With the right architecture, companies can retrieve and search this data without reindexing, ensuring easy access to more data for informed decision-making.

Ultimately, IT leaders gain confidence and trust, as their data infrastructure is capable of growing with their organizations.

Wells Fargo, one of the "Big Four Banks" in the US, is a leading financial services company with approximately $2 trillion in assets. The bank's original motto — "helping customers build businesses and manage money in a rapidly changing world"² — still stands today. Innovation remains at the core of all Wells Fargo operations.

Wells Fargo's customer-facing applications take that innovative spirit to the next level — for example, a personalized digital assistant that aligns customer goals with their money, or a platform for commercial banking clients that delivers personalized financial experiences.

To transform the bank's complex IT infrastructure, Wells Fargo wanted to channel the same digital innovation that drives its products and customer service. The challenge?

1. Accelerating the adoption of microservices architecture while rapidly scaling
2. Quickly identifying issues in a distributed microservices environment through end-to-end visibility of all financial transactions and reporting on risk in real time

Wells Fargo zeroed in on three pillars of its IT infrastructure: availability, performance, and compliance.

To follow a user request at every stage of its journey across complex, distributed services, the IT team chose Elastic Observability’s distributed tracing application and its dependent subsystems.

Tracing transactions from any source in near real time across a complex IT infrastructure allows Wells Fargo to accelerate building and deploying innovative solutions.

With full-stack observability, Wells Fargo can monitor and address events across systems in near real time. It can now focus on the areas with the greatest impact on the bank’s operating costs. IT teams can quickly determine which line of business or frontend application is affected, measure the incident’s extent, and debug accordingly.

Faster debugging minimizes downtime, reduces operational costs, and improves customer satisfaction — in other words, business impact analysis in near real time.

As Wells Fargo expands its distributed tracing footprint, it will be able to quickly correlate infrastructure or network events with the actual customers impacted. In case of a cyber threat, it will even help with security. Wells Fargo security teams will have immediate insight into any suspicious activity and customers impacted by the event.

Elastic's flexible deployment model, data lifecycle management capabilities, and distributed search across clusters in the data center or cloud provide a solid long-term solution given the bank’s plans to migrate to a multi-cloud environment over the next decade.

Accelerating digital innovation and putting customers front and center is a goal for many enterprises, but with Elastic Observability, Wells Fargo is making it a reality.

Here's how:

1. The Wells Fargo IT team is tracking business-to-business and business-to-consumer financial transactions in near real time. With full-stack observability, the bank monitors applications and backend services to effectively track key performance indicators (KPIs), application availability, customer responsiveness, and mean time to recovery.
2. The IT team is accelerating time to market with distributed tracing. As the company adopts microservices and the cloud, distributed tracing is helping to identify issues faster, simplify debugging, improve collaboration, and speed up development of new applications.

For financial services companies planning a similar route, start by aligning the solution to business needs and goals. Observability can help identify performance issues, improve customer experience, and surface valuable operational insights.

The next critical step is having the right team in place. Any financial institution's technology stack is complex, and transforming it into a digital powerhouse with microservices architecture and cloud infrastructure requires the right vendors and the right people who can shepherd the process. Wells Fargo worked alongside Elastic Consulting to accelerate the complex project, from deployment to successful production.

Even with help, it takes time to gain insights into all lines of business, especially for a Fortune 500 company. But with a structured approach, it’s possible to build a holistic view and an understanding of the organization's full operational landscape.

Citigroup, or Citi, is the third-largest banking institution in the US with a global network of financial services that covers more than 180 countries.

For a global enterprise like Citi, size is both an asset and a challenge. The sheer magnitude of its operations introduces amplified costs, an overwhelming volume of complex data, and difficulty scaling tools and teams.

This reality set the stage for IT leaders to look for answers to three key issues:

• Maintaining a global observability infrastructure on a large scale
• Creating one common interface, so that regardless of where the data resides, it can be traced through the entire business flow
• Keeping costs low while ensuring the engineering team has all telemetry data in one platform

Citi turned to Elastic Observability for improved visibility into the organization’s telemetry and cross-cluster search for greater scalability levels.

Elastic Observability is powered by Search AI and an OpenTelemetry (OTel)-first approach, helping Citi accelerate issue detection and remediation and empowering site reliability engineers (SREs).

Before adopting Elastic Observability, Citi collected large amounts of telemetry data (logs, metrics, and traces), but a key advantage was the introduction of common correlating metadata. Citi also relied on many different tools, providers, and technology stacks, but Elastic Observability streamlined the process to leverage all data from all tools.

Through this process, Citi learned that APM correlation is a key tenet of the future of observability. Without it, debugging issues is a high-friction process, requiring a manual data correlation across disparate systems.

Here’s how it works: OTel facilitates the consistent application of common metadata across observability signals. At the same time, Elastic brings logs, traces, and metrics together into a single backend capable of correlation. As a result, SREs can seamlessly jump between signals, no matter the source.

For a global enterprise with signals coming from multiple vendors, regions, and instances, cross-cluster search is transformational. Not only does it help easily scale, but it also helps locate an issue regardless of where the data is, tracing it through the entire environment. With cross-cluster search, Citi can distribute clusters by geographic region, environment, or business unit — making sizing and scaling more predictable, improving performance, and managing multiple observability use cases.

Future-proofing a global enterprise is a challenging undertaking. It starts with modernization. In the age of AI, this means transforming from digital into an intelligent financial services institution. The first step: detecting bottlenecks and security threats faster, strengthening operational resilience without adding cost or complexity. Only then can the business scale without compromising its foundation.

How can you get started with intelligent banking?

According to the IDC’s Spotlight report, The Rise of Intelligent Banking, financial organizations must move beyond siloed risk functions and toward cohesive, AI-powered platforms that span fraud prevention, cybersecurity, and regulatory compliance. Intelligent banking demands real-time, unified analytics.

Transformation into intelligent banking doesn’t have to be a massive overhaul. In fact, it’s best to start with a single use case and expand. For Citi, it was focusing on observability challenges.

Elastic supports financial services companies’ transformation of fragmented defenses into a unified, operational fabric built for speed, scale, and adaptability. The Elasticsearch Platform combines powerful search, observability, and security capabilities to turn massive, disjointed datasets into real-time intelligence.

With time, as the organization starts to transform, it can extend Elastic capabilities to unify other aspects such as security, fraud, and compliance. And that’s turning data into a strategic advantage.

WePay, a JPMorgan Chase company, is at the forefront of the fintech industry with its integrated payment solutions for businesses of any size.

WePay operates on an IT infrastructure comprising hundreds of services running in thousands of containers and virtual machines. Built on Google Cloud, this modern architecture enables WePay to develop, deliver, and scale innovative services in a highly competitive market.

To maintain the availability and efficiency of its environment, WePay collects logs from across its infrastructure, applications, and external vendors. Over time, as the environment expanded, the existing logging solution could no longer keep up.

Instead of focusing on adding value to the business, WePay engineers spent their time fixing and maintaining logs. Combined with stringent financial services industry regulations and rising data volumes, retaining logs became increasingly expensive.

Searching for an observability solution that would align with its business goals, WePay turned to Elastic Observability.

After improving its customer experience with Elastic Observability, WePay turned to Elastic Security to help protect its data.

Elastic Security is now the backbone of the fintech company’s security operations against external threats. From alerts of suspicious activity to endpoint and cloud security, Elastic not only protects WePay from threats but also ensures adherence to all compliance regulations.

WePay has also improved the efficiency of its fintech compliance protocols, particularly the retention of critical logging data. For the first 90 days, data is stored in Elastic so WePay can quickly address short-term audit inquiries. Older data is transferred to Google Cloud for longer-term auditing requirements.

Looking ahead, WePay is planning to combine Elastic with Google Cloud Storage for long-term data storage and retrieval. This includes Elastic frozen tier storage and comprehensive search and data analytics capabilities that can further reduce storage and operating costs.

Reducing storage and operational costs allows the team to reinvest in innovation: developing new products and services. Similarly, by monitoring logs for errors in development applications, engineers can identify errors earlier, accelerate release cycles, and deliver new capabilities faster.

WePay is not planning to stop innovating any time soon and is looking to incorporate the Elastic application performance monitoring (APM) solution. As an OpenTelemetry-native APM, it will help identify code issues and debug faster, capturing and correlating logs, metrics, traces, and spans with full visibility across every service.

As the online commerce industry continues to grow, WePay will be well-positioned to scale, deliver a great customer experience, and comply with the evolving regulations.

Outdated, manual processes and legacy tools no longer meet the demands of today’s financial services industry — especially for observability and security.

Consider how WePay optimized customer experience, reduced costs, and strengthened compliance just by modernizing its logging platform with Elastic.

Historically, migrating traditional logs to a modern solution has been a complex undertaking involving onboarding all of the data sources and transferring semantics and queries.

Migrating to Elastic Observability now is significantly easier with over 400 out-of-the-box integrations, OTel semantics, piped query language ES|QL, and the ability to query data quickly across low-cost storage at scale.

These are the key steps to take when making the jump:

• Evaluate and back up your existing log pipeline.
• Auto-convert existing rules, semantics, and queries using Elastic AI Assistant.
• Use Elastic’s Automatic Import to migrate to Elastic’s AI-powered log analytics.

Once logging is modernized, organizations can progress toward unified observability with full-stack visibility, lower total cost of ownership, and faster resolution times.