SUSTAINABLE EVOLUTION OF DIGITAL ARCHITECTURE IN REGULATED FINTECHS: A CRITICAL ANALYSIS OF THE YAPE PLATFORM IN LIGHT OF 2026 GOVERNANCE FRAMEWORKS
Abstract
This paper analyzes the digital architecture evolution of the Yape platform (Banco de Crédito del Perú — BCP) from the perspective of a hyper-scale organization balancing accelerated growth with regulatory compliance. By 2025, the platform exceeded 15 million monthly active users, S/ 38 billion in annual transaction volume (Peruvian soles, approximately US$ 10 billion), and an average of 58 transactions per user per month (BOLD Awards, 2026), consolidating itself as a financial super-app. The analysis was conducted through a comparative framework approach, applying qualitative analytical methods grounded in NIST AI RMF 1.0, CSA CCM v4, EU AI Act (2024), DORA (2025), and the Data Mesh paradigm (Dehghani, 2023). The findings indicate that operational resilience requires an integrated approach to microservices, observability, and federated data governance. It is argued that the transition to a Data Mesh structure and the adoption of agentic AI controls — including audit trails and human-in-the-loop mechanisms — constitute strategic requirements for auditable and compliant algorithmic decision-making. The study concludes that Yape's sustainability depends on the convergence of platform engineering, responsible AI governance, and digital sovereignty, a dimension reinforced by the BCRP's CBDC program (BCRP, 2025) as a complementary national financial infrastructure.
Author Biography
Information Technology Specialist with over 15 years of experience in Information Security, IT Governance, and SAP environments. Master’s degree candidate in Artificial Intelligence at the AGTU – Florida, USA, with an emphasis on practical applications and predictive analysis. His interests focus on the integration of AI, security, and data governance to generate organizational value.
References
BOLD Awards. (2026, janeiro). Banco de Crédito del Perú (BCP) / Yape. https://bold-awards.com/project/banco-de-credito-yape/
Banco Central de Reserva del Perú — BCRP. (2025). DT N° 003-2025: Adoption and welfare effects of payment innovations: The case of digital wallets in Peru. https://www.bcrp.gob.pe/en/publications/working-papers.html
Cloud Security Alliance. (2021). Cloud Controls Matrix (CCM) v4.0. https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
Credicorp Ltd. (2025, outubro). Credicorp Investor Day 2025: Vision for a Future-Ready Financial Ecosystem. https://credicorp.gcs-web.com/news-releases/news-release-details/credicorp-ltd-credicorp-held-investor-day-marking-30-years-nyse
Dehghani, Z. (2023). Data Mesh: Delivering data-driven value at scale. O'Reilly Media.
European Union. (2024). Regulation (EU) 2024/1689 — Artificial Intelligence Act. Official Journal of the European Union. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
European Union. (2025). Regulation (EU) 2022/2554 — Digital Operational Resilience Act (DORA). Official Journal of the European Union. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022R2554
Finastra. (2026, fevereiro). AI in banking and financial services: Trends for 2026. https://www.finastra.com/viewpoints/articles/future-of-ai-in-financial-services-2026
Innowise. (2026). Top Fintech Trends 2026: AI & Embedded Finance. https://innowise.com/blog/fintech-trends/
International Organization for Standardization. (2017). ISO/IEC 38505-1:2017: Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data. https://www.iso.org/standard/66374.html
McKinsey & Company. (2022, outubro). Cloud-cost optimization: A new discipline for the cloud age. https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/cloud-cost-optimization-a-new-discipline-for-the-cloud-age
National Institute of Standards and Technology. (2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0) (NIST AI 100-1). U.S. Department of Commerce. https://doi.org/10.6028/NIST.AI.100-1 DOI: https://doi.org/10.6028/NIST.AI.100-1
OWASP Foundation. (2024). OWASP AI Security and Privacy Guide v1.1. https://owasp.org/www-project-ai-security-and-privacy-guide/
Payments and Commerce Market Intelligence — PCMI. (2025). Peru: 2024 analysis of payments and ecommerce trends. https://paymentscmi.com/insights/payments-ecommerce-trends-peru-2024/
Raji, I. D., Bender, E. M., Paullada, A., Denton, E., & Alroumi, A. (2024). AI and the everything-at-once: Challenges in monitoring and evaluating high-scale algorithmic systems. Journal of Artificial Intelligence Research.
VoPay. (2026, dezembro). 2026 Fintech Predictions & Trends for North America. https://blog.vopay.com/fintech-predictions-trends-2026/
Wezom. (2026). Fintech Trends in 2026: AI, Regulation, and Future of Industry. https://wezom.com/blog/fintech-development-trends-2026
Zuboff, S. (2019). The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs.
License
Copyright (c) 2026 RECIMA21 - Revista Científica Multidisciplinar - ISSN 2675-6218
This work is licensed under a Creative Commons Attribution 4.0 International License.
Os direitos autorais dos artigos/resenhas/TCCs publicados pertecem à revista RECIMA21, e seguem o padrão Creative Commons (CC BY 4.0), permitindo a cópia ou reprodução, desde que cite a fonte e respeite os direitos dos autores e contenham menção aos mesmos nos créditos. Toda e qualquer obra publicada na revista, seu conteúdo é de responsabilidade dos autores, cabendo a RECIMA21 apenas ser o veículo de divulgação, seguindo os padrões nacionais e internacionais de publicação.