Santander operates one of the largest financial technology stacks in global banking, maintaining deep relationships with major US, European, and Chinese technology vendors across core banking, cloud, payments, and data infrastructure.
Core Banking & Payments Infrastructure
Santander has maintained a long-standing relationship with IBM for mainframe and hybrid cloud infrastructure, relying on IBM Z-series mainframes for core transaction processing across its largest markets including Spain, the UK, Brazil, and the United States.1 The bank has also engaged Unisys for legacy back-office processing in select markets. For payments infrastructure, Santander is a principal member of Visa and Mastercard networks globally, and operates its own payment rails through PagoNxt, its payments spinout based in Madrid, which provides domestic and cross-border payment services across Latin America and Europe.2
Microsoft & Cloud Partnerships
Santander has publicly committed to Microsoft as a strategic cloud and productivity partner, deploying Microsoft Azure across retail and corporate banking operations and rolling out Microsoft 365 across its global workforce.3 In 2023–2024, the bank expanded its Azure footprint to support AI and data analytics workloads, in alignment with Santander’s internal “One Data” transformation programme.
SAP & Enterprise Applications
Santander uses SAP for enterprise resource planning and finance operations globally, including in its Group Finance and risk reporting functions. SAP S/4HANA migrations have been underway in several subsidiaries as part of enterprise modernisation.
Telecoms & Connectivity
Santander has vendor relationships with Telefónica for enterprise connectivity and managed network services across its Iberian and Latin American operations, reflecting the two companies’ shared roots in the Spanish corporate ecosystem.4
Fintech & Embedded Finance Partners
Through PagoNxt and Santander Consumer Finance, the bank has technology integrations with a range of fintech providers including Ebury (in which Santander holds a majority stake), Superdigital, and Zinia (its BNPL platform in Europe).5 These relationships extend Santander’s vendor ecosystem into non-bank payment and credit technology providers.
Biometric Authentication
Santander has deployed biometric authentication technologies across its retail and digital banking channels. The bank uses voice biometrics for telephone banking customer verification in multiple markets, including the UK (Santander UK), where it has partnered with Nuance Communications (subsequently acquired by Microsoft) for voice authentication infrastructure.6 Facial recognition-based identity verification is used in onboarding flows in Brazil and Mexico, integrated into Santander’s mobile banking applications.
Branch & ATM Technology
Santander has modernised its ATM network with biometric-capable terminals in Latin America, particularly in Brazil where regulatory frameworks permit biometric ATM authentication under Banco Central do Brasil guidelines. ATM hardware relationships include NCR and Diebold Nixdorf.
Retail Analytics
No public evidence of Santander deploying in-branch footfall analytics or third-party retail surveillance technology of the type used by some retail-sector peers (e.g., facial recognition for fraud at branches) has been identified in public disclosures. The bank’s retail technology disclosures focus primarily on digital channel biometrics rather than physical surveillance.
Customer Data & Profiling
Santander’s marketing and CRM operations use customer behavioural profiling tools, including Salesforce CRM deployed across retail banking divisions. The bank has disclosed use of data analytics to personalise product offers and credit decisions, consistent with standard retail banking data practices.
Hyperscaler Relationships
Santander has publicly confirmed a strategic multi-cloud strategy, with Microsoft Azure as its primary hyperscaler partner.3 The bank also uses Amazon Web Services (AWS) for specific workloads in Latin America and has disclosed Google Cloud Platform usage for data analytics and machine learning pipelines in select markets.7
Data Residency & Localisation
Santander operates across jurisdictions with strict data residency requirements. In Brazil, Santander Brasil complies with Banco Central do Brasil’s Resolution 4,893/2021, which requires financial institutions to maintain critical data and processing infrastructure within Brazil or in jurisdictions with equivalent data protection standards. In the EU, Santander’s operations are subject to GDPR and European Banking Authority (EBA) guidelines on cloud outsourcing, requiring contractual protections for data stored with third-party cloud providers.8
In the UK, Santander UK is subject to Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) supervisory expectations on operational resilience and cloud outsourcing, including SS2/21 (PRA Supervisory Statement on Outsourcing and Third-Party Risk Management).9
Sovereign Cloud
No public evidence has been identified of Santander participating in any sovereign cloud initiative (e.g., GAIA-X in Europe or national sovereign cloud programmes in Spain or Brazil) as a direct operator or co-investor. The bank’s public cloud strategy disclosures reference compliance with local data residency rules through contractual and architectural means rather than through participation in nationally-operated sovereign cloud infrastructure.
Data Centres
Santander operates its own data centre assets in Spain (Boadilla del Monte campus, Group headquarters) and across major market subsidiaries, supplemented by co-location facilities. The Boadilla campus houses significant on-premises infrastructure for Group-level systems.
No Direct Defence Sector Relationships Identified
No public evidence has been identified of Santander holding direct contracts, partnerships, or material technology relationships with defence ministries, intelligence agencies, or defence-industrial companies in any of its operating markets.
Financial Services to Defence-Adjacent Sectors
As a universal bank operating in Spain, the UK, Brazil, and other markets, Santander provides standard corporate banking, lending, and capital markets services to companies across all sectors of the economy, including companies that may operate in defence and security industries. This is consistent with standard universal banking activity and does not represent a technology or operational relationship with the defence or intelligence sector.
Export Finance
Santander CIB (Corporate & Investment Banking) participates in export finance transactions globally, some of which may involve defence-related exports under OECD Arrangement on Officially Supported Export Credits frameworks. No specific defence export finance transactions have been identified in public disclosures.
Cybersecurity
Santander’s cybersecurity operations are conducted through internal Group Cyber functions, with disclosed vendor relationships including CrowdStrike for endpoint detection and response and Palo Alto Networks for network security infrastructure.10 These are standard enterprise cybersecurity vendors with no specific defence or intelligence sector classification.
AI Strategy & Investment
Santander has made AI a central pillar of its technology transformation strategy. Group Executive Chairman Ana Botín and CEO Héctor Grisi have publicly committed to deploying AI across retail, corporate, and risk functions.11 Santander disclosed in 2024 that it had over 400 AI use cases in production or development across the Group, spanning credit scoring, fraud detection, customer service, and operational automation.12
Generative AI
Santander has been an early mover among European banks in deploying generative AI tools. The bank rolled out a Microsoft Copilot-based generative AI assistant to employees across multiple markets in 2023–2024, building on its Azure and Microsoft 365 partnership.3 Santander also disclosed internal development of proprietary large language model (LLM) applications for document processing and compliance automation.
Credit & Risk Algorithms
Santander uses algorithmic credit scoring across its retail and consumer finance operations globally. In the UK, Santander UK uses automated decision-making in personal lending, subject to FCA Consumer Duty requirements and GDPR Article 22 obligations regarding automated decisions with significant effects on individuals. The bank has disclosed that it provides human review mechanisms for automated credit decisions.8
Fraud Detection
Santander has deployed AI-based real-time fraud detection systems across its payment and retail banking infrastructure, including behavioural analytics to identify anomalous transaction patterns. In the UK, Santander has been a participant in the banking industry’s Authorised Push Payment (APP) fraud reimbursement initiatives.13
AI Ethics & Governance
Santander has published AI governance commitments referencing responsible AI principles, including fairness, transparency, and accountability. The bank is a member of the Partnership on AI and has disclosed an internal AI ethics framework governing model risk and algorithmic fairness reviews.14
Autonomous Systems
No public evidence has been identified of Santander deploying autonomous physical systems (robotics, drones, or similar) in operational contexts beyond standard robotic process automation (RPA) for back-office workflows.
InnoVentures & Venture Investment
Santander InnoVentures, the Group’s venture capital arm (rebranded and restructured over time), has invested in a range of fintech companies globally. Notable portfolio investments include Ripple (blockchain/cross-border payments), Kabbage (SME lending, subsequently acquired by American Express), and Tradeshift (supply chain finance).15 These investments embed Santander in the global fintech innovation ecosystem and provide early access to emerging financial technology.
Research & Academic Partnerships
Santander has significant university partnership activity through its Santander Universidades programme, which provides funding to over 1,200 universities across 26 countries.16 While primarily a philanthropic and educational engagement programme, Santander Universidades also supports applied research in financial technology, data science, and entrepreneurship at partner institutions.
Spain Technology Ecosystem
In Spain, Santander is engaged with the national technology and startup ecosystem through its Madrid headquarters at Boadilla del Monte and through participation in Spanish fintech initiatives. The bank co-founded and supports Fintech Spain, the national fintech association.
PagoNxt
PagoNxt, Santander’s payments technology subsidiary, has emerged as a significant technology entity in its own right, developing payment platforms including Getnet (merchant acquiring, operating in Spain, Mexico, Brazil, and Chile) and One Trade Portal (trade finance).2 PagoNxt represents Santander’s most significant internal R&D and product development operation in technology.
OpenBanking & API Ecosystem
Santander was an early adopter of open banking in the UK under the Competition and Markets Authority (CMA) Open Banking mandate and has published APIs for third-party provider (TPP) access consistent with PSD2 requirements across the EU.17 Santander’s developer portal supports a growing ecosystem of fintech integrations.
Data Breach — UK (2024)
In May 2024, Santander disclosed a significant data breach affecting customer and employee data in Spain, Chile, and Uruguay. The breach, attributed to unauthorised access to a third-party cloud database provider, compromised data including bank account details, credit card numbers, and HR information for staff.18 Santander confirmed that its core banking systems, transactions, and online banking credentials were not compromised. The incident attracted regulatory and media scrutiny across multiple jurisdictions and was subsequently claimed by the ShinyHunters hacking group, who offered the data for sale on criminal forums.19
UK FCA & PRA Regulatory Engagement
Santander UK has a documented history of regulatory enforcement actions in the UK. In 2022, the FCA fined Santander UK £107.7 million for failures in its anti-money laundering (AML) controls, specifically relating to inadequate oversight of business banking customers and deficiencies in transaction monitoring systems.20 This represented one of the largest AML fines imposed on a UK retail bank at the time.
Spain — GDPR Enforcement
Spain’s data protection authority (AEPD) has investigated and sanctioned Santander on multiple occasions for breaches of GDPR and its predecessor Spanish data protection law (LOPD). Sanctions have related to unlawful data processing and customer data handling practices.21
Brazilian Regulatory Scrutiny
Santander Brasil has faced scrutiny from Brazilian consumer protection body PROCON and the Banco Central do Brasil on matters including unfair lending practices and customer complaint handling. Santander Brasil has consistently ranked among the banks with the highest volume of complaints in PROCON rankings.22
Civil Society — Financial Inclusion
NGOs and consumer groups in the UK and Spain have raised concerns about Santander’s branch closure programme and its impact on financial inclusion for elderly and rural populations. The bank has closed hundreds of branches across its UK network over 2020–2024, drawing criticism from campaigners including Which? and the Campaign for Community Banking Services.
Environmental & Social Campaigning
Environmental NGOs including Rainforest Action Network and BankTrack have included Santander in reports on bank financing of fossil fuel expansion and deforestation-linked agriculture in Latin America, particularly relating to lending in Brazil.23 Santander has responded with commitments under its Responsible Banking and ESG strategy, including net-zero financing targets and sector-specific exclusion policies for coal and other high-carbon activities.
https://www.ibm.com/case-studies/banco-santander ↩
https://news.microsoft.com/2023/01/24/santander-and-microsoft-expand-partnership-to-accelerate-cloud-and-ai-transformation/ ↩↩↩
https://www.telefonica.com/en/communication-room/press-room/telefonica-and-santander-renew-strategic-partnership/ ↩
https://www.santander.com/en/press-room/press-releases/2021/10/santander-acquires-majority-stake-in-ebury ↩
https://www.nuance.com/omni-channel-customer-engagement/cases/santander-uk.html ↩
https://cloud.google.com/customers/santander ↩
https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-022021-article-22-gdpr_en ↩↩
https://www.bankofengland.co.uk/prudential-regulation/publication/2021/march/outsourcing-and-third-party-risk-management-ss ↩
https://www.crowdstrike.com/en-us/customers/santander/ ↩
https://www.santander.com/en/press-room/press-releases/2024/02/santander-strategy-update-2024 ↩
https://www.ft.com/content/santander-ai-deployment-2024 ↩
https://www.psr.org.uk/app-fraud/authorised-push-payment-fraud-reimbursement/ ↩
https://www.santander.com/en/sustainability/responsible-banking/responsible-use-of-ai ↩
https://www.santanderinnoventures.com/portfolio/ ↩
https://www.santander.com/en/sustainability/santander-universities ↩
https://developer.santander.co.uk/open-banking ↩
https://www.santander.com/en/press-room/press-releases/2024/05/santander-data-incident-update ↩
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-santander-hack-selling-data-of-30-million-customers/ ↩
https://www.fca.org.uk/news/press-releases/fca-fines-santander-uk-107.7-million-aml-failures ↩
https://www.aepd.es/resoluciones/PS-00169-2020_ORI.pdf ↩
https://www.procon.sp.gov.br/ranking-de-reclamacoes-2023/ ↩
https://www.ran.org/bankrolling-destruction/ ↩
